package com.atlassian.bamboo.security.acegi.afterinvocation;

import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.security.acegi.BambooAcegiSecurityUtils;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.util.Narrow;
import org.acegisecurity.Authentication;
import org.acegisecurity.acls.AclService;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy;
import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl;
import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.acls.sid.SidRetrievalStrategy;
import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
import org.acegisecurity.afterinvocation.AclEntryAfterInvocationProvider;

/* loaded from: input_file:com/atlassian/bamboo/security/acegi/afterinvocation/GenericAclEntryAfterInvocationProvider.class */
public class GenericAclEntryAfterInvocationProvider extends AclEntryAfterInvocationProvider {
    private final Permission[] requirePermission;
    private final AclService aclService;
    private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy;
    private SidRetrievalStrategy sidRetrievalStrategy;

    public GenericAclEntryAfterInvocationProvider(AclService aclService, String str, Permission[] permissionArr) {
        super(aclService, permissionArr);
        this.objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
        this.sidRetrievalStrategy = new SidRetrievalStrategyImpl();
        this.aclService = aclService;
        this.requirePermission = permissionArr;
        setProcessConfigAttribute(str);
    }

    protected boolean hasPermission(Authentication authentication, Object obj) {
        if (BambooAcegiSecurityUtils.hasAuthority(authentication, Authority.RESTRICTED_ADMIN) && !(obj instanceof GlobalApplicationSecureObject)) {
            return true;
        }
        ObjectIdentity objectIdentity = this.objectIdentityRetrievalStrategy.getObjectIdentity(obj);
        HibernateObjectIdentityImpl hibernateObjectIdentityImpl = (HibernateObjectIdentityImpl) Narrow.to(objectIdentity, HibernateObjectIdentityImpl.class);
        return hibernateObjectIdentityImpl != null ? hasPermission(authentication, hibernateObjectIdentityImpl) : hasPermission(authentication, objectIdentity);
    }

    private boolean hasPermission(Authentication authentication, HibernateObjectIdentityImpl hibernateObjectIdentityImpl) {
        boolean hasPermission = hasPermission(authentication, (ObjectIdentity) hibernateObjectIdentityImpl);
        HibernateObjectIdentityImpl ancestorIdentity = hibernateObjectIdentityImpl.getAncestorIdentity();
        if (ancestorIdentity != null) {
            switch (hibernateObjectIdentityImpl.getHighestRankPermissionCheckPolicy(this.requirePermission)) {
                case AND:
                    hasPermission = hasPermission && hasPermission(authentication, ancestorIdentity);
                    break;
                case OR:
                    hasPermission = hasPermission || hasPermission(authentication, ancestorIdentity);
                    break;
            }
        }
        return hasPermission;
    }

    private boolean hasPermission(Authentication authentication, ObjectIdentity objectIdentity) {
        Sid[] sids = this.sidRetrievalStrategy.getSids(authentication);
        try {
            return this.aclService.readAclById(objectIdentity, sids).isGranted(this.requirePermission, sids, false);
        } catch (NotFoundException e) {
            return false;
        }
    }

    public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
        super.setObjectIdentityRetrievalStrategy(objectIdentityRetrievalStrategy);
        this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
    }

    public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
        super.setSidRetrievalStrategy(sidRetrievalStrategy);
        this.sidRetrievalStrategy = sidRetrievalStrategy;
    }
}
