package com.atlassian.bamboo.plan;

import com.atlassian.bamboo.cluster.state.Stateful;
import com.atlassian.bamboo.core.BambooIdProvider;
import com.atlassian.bamboo.persistence.TransactionAndHibernateTemplate;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.security.PermissionsServiceUtils;
import com.atlassian.bamboo.security.acegi.acls.BambooAclHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.HibernateMutableAclService;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import io.atlassian.util.concurrent.ManagedLock;
import io.atlassian.util.concurrent.ManagedLocks;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.acls.MutableAcl;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;

@Stateful(description = "Because of the lockFactory")
/* loaded from: input_file:com/atlassian/bamboo/plan/DefaultPlanPermissionsService.class */
public class DefaultPlanPermissionsService implements PlanPermissionsService {
    private static final Collection<BambooPermission> SUPPORTED_PERMISSIONS = ImmutableSet.of(BambooPermission.READ, BambooPermission.VIEW_CONFIGURATION, BambooPermission.WRITE, BambooPermission.BUILD, BambooPermission.CLONE, BambooPermission.ADMINISTRATION, new BambooPermission[0]);
    private static final Multimap<BambooPermission, BambooPermission> PERMISSION_DEPENDENCIES = ImmutableMultimap.builder().put(BambooPermission.VIEW_CONFIGURATION, BambooPermission.READ).put(BambooPermission.WRITE, BambooPermission.READ).put(BambooPermission.WRITE, BambooPermission.VIEW_CONFIGURATION).put(BambooPermission.BUILD, BambooPermission.READ).put(BambooPermission.CLONE, BambooPermission.READ).put(BambooPermission.CLONE, BambooPermission.VIEW_CONFIGURATION).put(BambooPermission.ADMINISTRATION, BambooPermission.WRITE).put(BambooPermission.ADMINISTRATION, BambooPermission.BUILD).put(BambooPermission.ADMINISTRATION, BambooPermission.CLONE).put(BambooPermission.ADMINISTRATION, BambooPermission.VIEW_CONFIGURATION).build();
    private final Function<String, ManagedLock> lockFactory = ManagedLocks.weakManagedLockFactory();
    private final TransactionAndHibernateTemplate hibernateTemplate;
    private final HibernateMutableAclService aclService;
    private final BambooAclHelper aclHelper;
    private final PlanManager planManager;
    private final BambooPermissionManager bambooPermissionManager;
    private final BambooUserManager bambooUserManager;

    @Autowired
    public DefaultPlanPermissionsService(TransactionAndHibernateTemplate transactionAndHibernateTemplate, HibernateMutableAclService hibernateMutableAclService, BambooAclHelper bambooAclHelper, PlanManager planManager, BambooPermissionManager bambooPermissionManager, BambooUserManager bambooUserManager) {
        this.hibernateTemplate = transactionAndHibernateTemplate;
        this.aclService = hibernateMutableAclService;
        this.aclHelper = bambooAclHelper;
        this.planManager = planManager;
        this.bambooPermissionManager = bambooPermissionManager;
        this.bambooUserManager = bambooUserManager;
    }

    @NotNull
    private MutableAcl getAclForPlan(@NotNull Plan plan) {
        return this.aclService.readMutableAclById(new HibernateObjectIdentityImpl((BambooIdProvider) plan));
    }

    @NotNull
    public Iterable<String> listUsersWithPermissionsForPlan(@NotNull String str) {
        Plan validatePlan = validatePlan(str);
        hasPermissionForPlan(validatePlan);
        return this.aclHelper.listUsersWithPermissions(getAclForPlan(validatePlan), supportedPermissions());
    }

    @NotNull
    public List<BambooPermission> getUserPermissionsForPlan(@NotNull String str, @NotNull String str2) {
        Plan validatePlan = validatePlan(str);
        hasPermissionForPlan(validatePlan);
        User validateUser = validateUser(str2);
        return this.aclHelper.getUserPermissions(getAclForPlan(validatePlan), validateUser.getName(), supportedPermissions());
    }

    public boolean addUserPermissionsToPlan(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            User validateUser = validateUser(str2);
            validatePermissionsForPlan(list);
            validateDependenciesAfterGranting(getUserPermissionsForPlan(str, validateUser.getName()), list);
            return Boolean.valueOf(addPermissionKeysToPlan(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createUserPermissionKey(validateUser.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    public boolean removeUserPermissionsFromPlan(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            User validateUser = validateUser(str2);
            validateDependenciesAfterRevoking(getUserPermissionsForPlan(str, validateUser.getName()), list);
            return Boolean.valueOf(removePermissionKeysFromPlan(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createUserPermissionKey(validateUser.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    @NotNull
    public Iterable<String> listGroupsWithPermissionsForPlan(@NotNull String str) {
        Plan validatePlan = validatePlan(str);
        hasPermissionForPlan(validatePlan);
        return this.aclHelper.listGroupsWithPermissions(getAclForPlan(validatePlan), supportedPermissions());
    }

    @NotNull
    public List<BambooPermission> getGroupPermissionsForPlan(@NotNull String str, @NotNull String str2) {
        Plan validatePlan = validatePlan(str);
        hasPermissionForPlan(validatePlan);
        Group validateGroup = validateGroup(str2);
        return this.aclHelper.getGroupPermissions(getAclForPlan(validatePlan), validateGroup.getName(), supportedPermissions());
    }

    public boolean addGroupPermissionsToPlan(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            Group validateGroup = validateGroup(str2);
            validatePermissionsForPlan(list);
            validateDependenciesAfterGranting(getGroupPermissionsForPlan(str, validateGroup.getName()), list);
            return Boolean.valueOf(addPermissionKeysToPlan(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createGroupPermissionKey(validateGroup.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    public boolean removeGroupPermissionsFromPlan(@NotNull String str, @NotNull String str2, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            Group validateGroup = validateGroup(str2);
            validateDependenciesAfterRevoking(getGroupPermissionsForPlan(str, validateGroup.getName()), list);
            return Boolean.valueOf(removePermissionKeysFromPlan(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createGroupPermissionKey(validateGroup.getName(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    @NotNull
    public List<BambooPermission> getLoggedInPermissionsForPlan(@NotNull String str) {
        Plan validatePlan = validatePlan(str);
        hasPermissionForPlan(validatePlan);
        return this.aclHelper.getLoggedInPermissions(getAclForPlan(validatePlan), supportedPermissions());
    }

    public boolean addLoggedInPermissionsToPlan(@NotNull String str, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            validatePermissionsForPlan(list);
            validateDependenciesAfterGranting(getLoggedInPermissionsForPlan(str), list);
            return Boolean.valueOf(addPermissionKeysToPlan(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createRolePermissionKey(Authority.USER.getAuthority(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    public boolean removeLoggedInPermissionsFromPlan(@NotNull String str, @NotNull List<BambooPermission> list) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            validateDependenciesAfterRevoking(getLoggedInPermissionsForPlan(str), list);
            return Boolean.valueOf(removePermissionKeysFromPlan(str, (List) list.stream().map(bambooPermission -> {
                return BambooAclUpdateHelper.createRolePermissionKey(Authority.USER.getAuthority(), bambooPermission.getName());
            }).collect(Collectors.toList())));
        })).booleanValue();
    }

    @NotNull
    public List<BambooPermission> getAnonymousPermissionsForPlan(@NotNull String str) {
        Plan validatePlan = validatePlan(str);
        hasPermissionForPlan(validatePlan);
        return this.aclHelper.getAnonymousPermissions(getAclForPlan(validatePlan), supportedPermissions());
    }

    public boolean addAnonymousPermissionsToPlan(@NotNull String str) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            return Boolean.valueOf(addPermissionKeysToPlan(str, Collections.singletonList(BambooAclUpdateHelper.createRolePermissionKey(Authority.ANONYMOUS.getAuthority(), BambooPermission.READ.getName()))));
        })).booleanValue();
    }

    public boolean removeAnonymousPermissionsFromPlan(@NotNull String str) {
        return ((Boolean) withExclusiveLock(str, () -> {
            hasPermissionForPlan(validatePlan(str));
            return Boolean.valueOf(removePermissionKeysFromPlan(str, Collections.singletonList(BambooAclUpdateHelper.createRolePermissionKey(Authority.ANONYMOUS.getAuthority(), BambooPermission.READ.getName()))));
        })).booleanValue();
    }

    @NotNull
    public Collection<BambooPermission> supportedPermissions() {
        return SUPPORTED_PERMISSIONS;
    }

    @NotNull
    public Collection<BambooPermission> permissionDependencies(@NotNull BambooPermission bambooPermission) {
        return PermissionsServiceUtils.extractDependencies(PERMISSION_DEPENDENCIES, supportedPermissions(), bambooPermission);
    }

    private Plan validatePlan(String str) {
        Plan planByKey = this.planManager.getPlanByKey(PlanKeys.getPlanKey(str));
        Preconditions.checkArgument(planByKey != null, String.format("Plan: %s does not exist", str));
        return planByKey;
    }

    private void hasPermissionForPlan(Plan plan) {
        if (!this.bambooPermissionManager.hasPlanPermission(BambooPermission.ADMINISTRATION, plan.getPlanKey())) {
            throw new AccessDeniedException(String.format("Not allowed to access plan: %s permissions", plan.getPlanKey()));
        }
    }

    private User validateUser(String str) {
        return PermissionsServiceUtils.validateUser(str, this.bambooUserManager);
    }

    private Group validateGroup(String str) {
        return PermissionsServiceUtils.validateGroup(str, this.bambooUserManager);
    }

    private void validatePermissionsForPlan(List<BambooPermission> list) throws IllegalArgumentException {
        PermissionsServiceUtils.validatePermissions(list, supportedPermissions(), "plan");
    }

    private void validateDependenciesAfterGranting(List<BambooPermission> list, List<BambooPermission> list2) {
        PermissionsServiceUtils.validateDependenciesAfterGranting(Sets.union(new HashSet(list), new HashSet(list2)), this::permissionDependencies);
    }

    private void validateDependenciesAfterRevoking(List<BambooPermission> list, List<BambooPermission> list2) {
        PermissionsServiceUtils.validateDependenciesAfterRevoking(Sets.difference(new HashSet(list), new HashSet(list2)), this::permissionDependencies);
    }

    private boolean addPermissionKeysToPlan(String str, List<String> list) {
        return this.aclHelper.addPermissionKeys(getAclForPlan(validatePlan(str)), list);
    }

    private boolean removePermissionKeysFromPlan(String str, List<String> list) {
        return this.aclHelper.removePermissionKeys(getAclForPlan(validatePlan(str)), list);
    }

    private <T> T withExclusiveLock(String str, Supplier<T> supplier) {
        return (T) this.lockFactory.apply(str).withLock(() -> {
            return this.hibernateTemplate.execute(transactionStatus -> {
                return supplier.get();
            });
        });
    }
}
