package com.atlassian.bamboo.project;

import com.atlassian.bamboo.cluster.state.Stateful;
import com.atlassian.bamboo.persistence.TransactionAndHibernateTemplate;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.security.PermissionsServiceUtils;
import com.atlassian.bamboo.security.acegi.acls.BambooAclHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import io.atlassian.util.concurrent.ManagedLock;
import io.atlassian.util.concurrent.ManagedLocks;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.acls.MutableAcl;
import org.jetbrains.annotations.NotNull;

@Stateful(description = "Because of the lockFactory")
/* loaded from: input_file:com/atlassian/bamboo/project/AbstractProjectPermissionsService.class */
abstract class AbstractProjectPermissionsService {
    private final Function<String, ManagedLock> lockFactory = ManagedLocks.weakManagedLockFactory();
    private final TransactionAndHibernateTemplate hibernateTemplate;
    private final BambooAclHelper aclHelper;
    private final ProjectManager projectManager;
    private final BambooPermissionManager bambooPermissionManager;
    private final BambooUserManager bambooUserManager;
    private final Collection<BambooPermission> supportedPermissions;
    private final Multimap<BambooPermission, BambooPermission> permissionDependencies;

    public AbstractProjectPermissionsService(TransactionAndHibernateTemplate transactionAndHibernateTemplate, BambooAclHelper bambooAclHelper, ProjectManager projectManager, BambooPermissionManager bambooPermissionManager, BambooUserManager bambooUserManager, Collection<BambooPermission> collection, Multimap<BambooPermission, BambooPermission> multimap) {
        this.hibernateTemplate = transactionAndHibernateTemplate;
        this.aclHelper = bambooAclHelper;
        this.projectManager = projectManager;
        this.bambooPermissionManager = bambooPermissionManager;
        this.bambooUserManager = bambooUserManager;
        this.supportedPermissions = ImmutableSet.copyOf(collection);
        this.permissionDependencies = ImmutableMultimap.copyOf(multimap);
    }

    abstract MutableAcl getAcl(Project project);

    /* JADX INFO: Access modifiers changed from: package-private */
    public Iterable<String> listUsersWithPermissionsForProject(@NotNull String str) {
        Project validateProject = validateProject(str);
        hasPermissionForProject(validateProject);
        return this.aclHelper.listUsersWithPermissions(getAcl(validateProject), supportedPermissions());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<BambooPermission> getUserPermissionsForProject(@NotNull String str, @NotNull String str2) {
        Project validateProject = validateProject(str);
        hasPermissionForProject(validateProject);
        User validateUser = validateUser(str2);
        return this.aclHelper.getUserPermissions(getAcl(validateProject), validateUser.getName(), supportedPermissions());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addUserPermissionsToProject(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            User validateUser = validateUser(str2);
            validatePermissionsForProject(list);
            validateDependenciesAfterGranting(getUserPermissionsForProject(str, validateUser.getName()), list);
            return Boolean.valueOf(addPermissionKeysToProject(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createUserPermissionKey(validateUser.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean removeUserPermissionsFromProject(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            User validateUser = validateUser(str2);
            validateDependenciesAfterRevoking(getUserPermissionsForProject(str, validateUser.getName()), list);
            return Boolean.valueOf(removePermissionKeysFromProject(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createUserPermissionKey(validateUser.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Iterable<String> listGroupsWithPermissionsForProject(@NotNull String str) {
        Project validateProject = validateProject(str);
        hasPermissionForProject(validateProject);
        return this.aclHelper.listGroupsWithPermissions(getAcl(validateProject), supportedPermissions());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<BambooPermission> getGroupPermissionsForProject(@NotNull String str, @NotNull String str2) {
        Project validateProject = validateProject(str);
        hasPermissionForProject(validateProject);
        Group validateGroup = validateGroup(str2);
        return this.aclHelper.getGroupPermissions(getAcl(validateProject), validateGroup.getName(), supportedPermissions());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addGroupPermissionsToProject(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            Group validateGroup = validateGroup(str2);
            validatePermissionsForProject(list);
            validateDependenciesAfterGranting(getGroupPermissionsForProject(str, validateGroup.getName()), list);
            return Boolean.valueOf(addPermissionKeysToProject(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createGroupPermissionKey(validateGroup.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean removeGroupPermissionsFromProject(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            Group validateGroup = validateGroup(str2);
            validateDependenciesAfterRevoking(getGroupPermissionsForProject(str, validateGroup.getName()), list);
            return Boolean.valueOf(removePermissionKeysFromProject(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createGroupPermissionKey(validateGroup.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<BambooPermission> getLoggedInPermissionsForProject(@NotNull String str) {
        Project validateProject = validateProject(str);
        hasPermissionForProject(validateProject);
        return this.aclHelper.getLoggedInPermissions(getAcl(validateProject), supportedPermissions());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addLoggedInPermissionsToProject(@NotNull String str, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            validatePermissionsForProject(list);
            validateDependenciesAfterGranting(getLoggedInPermissionsForProject(str), list);
            return Boolean.valueOf(addPermissionKeysToProject(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createRolePermissionKey(Authority.USER.getAuthority(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean removeLoggedInPermissionsFromProject(@NotNull String str, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            validateDependenciesAfterRevoking(getLoggedInPermissionsForProject(str), list);
            return Boolean.valueOf(removePermissionKeysFromProject(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createRolePermissionKey(Authority.USER.getAuthority(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<BambooPermission> getAnonymousPermissionsForProject(@NotNull String str) {
        Project validateProject = validateProject(str);
        hasPermissionForProject(validateProject);
        return this.aclHelper.getAnonymousPermissions(getAcl(validateProject), supportedPermissions());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addAnonymousPermissionsToProject(@NotNull String str) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            return Boolean.valueOf(addPermissionKeysToProject(str, Collections.singletonList(BambooAclUpdateHelper.createRolePermissionKey(Authority.ANONYMOUS.getAuthority(), BambooPermission.READ.getName()))));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean removeAnonymousPermissionsFromProject(@NotNull String str) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForProject(validateProject(str));
            return Boolean.valueOf(removePermissionKeysFromProject(str, Collections.singletonList(BambooAclUpdateHelper.createRolePermissionKey(Authority.ANONYMOUS.getAuthority(), BambooPermission.READ.getName()))));
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Collection<BambooPermission> supportedPermissions() {
        return this.supportedPermissions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public Collection<BambooPermission> permissionDependencies(@NotNull BambooPermission bambooPermission) {
        return PermissionsServiceUtils.extractDependencies(this.permissionDependencies, this.supportedPermissions, bambooPermission);
    }

    private void hasPermissionForProject(Project project) {
        if (!this.bambooPermissionManager.hasProjectPermission(BambooPermission.ADMINISTRATION, project.getKey())) {
            throw new AccessDeniedException(String.format("Not allowed to access project: %s permissions", project.getKey()));
        }
    }

    private Project validateProject(String str) {
        Project projectByKey = this.projectManager.getProjectByKey(str);
        Preconditions.checkArgument(projectByKey != null, String.format("Project: %s does not exist", str));
        return projectByKey;
    }

    private User validateUser(String str) {
        return PermissionsServiceUtils.validateUser(str, this.bambooUserManager);
    }

    private Group validateGroup(String str) {
        return PermissionsServiceUtils.validateGroup(str, this.bambooUserManager);
    }

    private void validatePermissionsForProject(List<BambooPermission> list) throws AccessDeniedException {
        PermissionsServiceUtils.validatePermissions(list, supportedPermissions(), "project");
    }

    private void validateDependenciesAfterGranting(List<BambooPermission> list, List<BambooPermission> list2) {
        PermissionsServiceUtils.validateDependenciesAfterGranting(Sets.union(new HashSet(list), new HashSet(list2)), this::permissionDependencies);
    }

    private void validateDependenciesAfterRevoking(List<BambooPermission> list, List<BambooPermission> list2) {
        PermissionsServiceUtils.validateDependenciesAfterRevoking(Sets.difference(new HashSet(list), new HashSet(list2)), this::permissionDependencies);
    }

    private boolean addPermissionKeysToProject(@NotNull String str, @NotNull List<String> list) {
        return this.aclHelper.addPermissionKeys(getAcl(validateProject(str)), list);
    }

    private boolean removePermissionKeysFromProject(@NotNull String str, @NotNull List<String> list) {
        return this.aclHelper.removePermissionKeys(getAcl(validateProject(str)), list);
    }

    private <T> T withExclusiveLock(String str, Supplier<T> supplier) {
        return (T) this.lockFactory.apply(str).withLock(() -> {
            return this.hibernateTemplate.execute(transactionStatus -> {
                return supplier.get();
            });
        });
    }
}
