package com.atlassian.bamboo.configuration.external.helpers;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.security.PermissionsServiceUtils;
import com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.GroupPrincipalSid;
import com.atlassian.bamboo.specs.api.builders.permission.PermissionType;
import com.atlassian.bamboo.specs.api.builders.permission.Permissions;
import com.atlassian.bamboo.specs.api.model.permission.AnonymousUserPermissionsProperties;
import com.atlassian.bamboo.specs.api.model.permission.GroupPermissionProperties;
import com.atlassian.bamboo.specs.api.model.permission.LoggedInUserPermissionsProperties;
import com.atlassian.bamboo.specs.api.model.permission.PermissionsProperties;
import com.atlassian.bamboo.specs.api.model.permission.UserPermissionProperties;
import com.atlassian.bamboo.user.Authority;
import com.google.common.base.Preconditions;
import com.google.common.collect.BiMap;
import com.google.common.collect.ImmutableBiMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.acegisecurity.acls.AccessControlEntry;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.sid.GrantedAuthoritySid;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/configuration/external/helpers/PermissionHelper.class */
public class PermissionHelper {
    private static final BiMap<BambooPermission, PermissionType> BAMBOO_PERMISSION_TO_PERMISSION_TYPE = ImmutableBiMap.builder().put(BambooPermission.READ, PermissionType.VIEW).put(BambooPermission.WRITE, PermissionType.EDIT).put(BambooPermission.CREATE, PermissionType.CREATE).put(BambooPermission.DELETE, PermissionType.DELETE).put(BambooPermission.BUILD, PermissionType.BUILD).put(BambooPermission.CLONE, PermissionType.CLONE).put(BambooPermission.ADMINISTRATION, PermissionType.ADMIN).put(BambooPermission.VIEW_CONFIGURATION, PermissionType.VIEW_CONFIGURATION).put(BambooPermission.CREATE_REPOSITORY, PermissionType.CREATE_REPOSITORY).put(BambooPermission.APPROVE_RELEASE, PermissionType.APPROVE_RELEASE).put(BambooPermission.CREATE_PLAN_BRANCH, PermissionType.CREATE_PLAN_BRANCH).build();

    public static void addPermissionsToList(@NotNull List<String> list, @NotNull Function<BambooPermission, Collection<BambooPermission>> function, @NotNull PermissionsProperties permissionsProperties, boolean z) {
        addPermissionsToList(list, function, permissionsProperties.getUserPermissions(), permissionsProperties.getGroupPermissions(), permissionsProperties.getLoggedInUserPermissions(), permissionsProperties.getAnonymousUserPermissions(), z);
    }

    public static void addPermissionsToList(@NotNull List<String> list, @NotNull Function<BambooPermission, Collection<BambooPermission>> function, @NotNull List<UserPermissionProperties> list2, @NotNull List<GroupPermissionProperties> list3, @NotNull LoggedInUserPermissionsProperties loggedInUserPermissionsProperties, @NotNull AnonymousUserPermissionsProperties anonymousUserPermissionsProperties, boolean z) {
        list.addAll(createPermissionsForUsers(function, list2, z));
        list.addAll(createPermissionsForGroups(function, list3, z));
        list.addAll(createPermissionsForLoggedInUser(function, loggedInUserPermissionsProperties, z));
        list.addAll(createPermissionsForAnonymousUser(function, anonymousUserPermissionsProperties));
    }

    public static List<String> createPermissionsForUsers(Function<BambooPermission, Collection<BambooPermission>> function, List<UserPermissionProperties> list, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (UserPermissionProperties userPermissionProperties : list) {
            Stream map = toEffectiveBambooPermissions(function, userPermissionProperties.getPermissionTypes(), true, z).stream().map((v0) -> {
                return v0.getName();
            }).map(str -> {
                return BambooAclUpdateHelper.createUserPermissionKey(userPermissionProperties.getUsername(), str);
            });
            Objects.requireNonNull(arrayList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }

    public static List<String> createPermissionsForGroups(Function<BambooPermission, Collection<BambooPermission>> function, List<GroupPermissionProperties> list, boolean z) {
        ArrayList arrayList = new ArrayList();
        for (GroupPermissionProperties groupPermissionProperties : list) {
            Stream map = toEffectiveBambooPermissions(function, groupPermissionProperties.getPermissionTypes(), true, z).stream().map((v0) -> {
                return v0.getName();
            }).map(str -> {
                return BambooAclUpdateHelper.createGroupPermissionKey(groupPermissionProperties.getGroup(), str);
            });
            Objects.requireNonNull(arrayList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }

    public static List<String> createPermissionsForLoggedInUser(Function<BambooPermission, Collection<BambooPermission>> function, LoggedInUserPermissionsProperties loggedInUserPermissionsProperties, boolean z) {
        return (List) toEffectiveBambooPermissions(function, loggedInUserPermissionsProperties.getPermissionTypes(), true, z).stream().map((v0) -> {
            return v0.getName();
        }).map(str -> {
            return BambooAclUpdateHelper.createRolePermissionKey(Authority.USER.getAuthority(), str);
        }).collect(Collectors.toList());
    }

    public static List<String> createPermissionsForAnonymousUser(Function<BambooPermission, Collection<BambooPermission>> function, AnonymousUserPermissionsProperties anonymousUserPermissionsProperties) {
        return (List) toEffectiveBambooPermissions(function, anonymousUserPermissionsProperties.getPermissionTypes(), false, false).stream().map((v0) -> {
            return v0.getName();
        }).map(str -> {
            return BambooAclUpdateHelper.createRolePermissionKey(Authority.ANONYMOUS.getAuthority(), str);
        }).collect(Collectors.toList());
    }

    @VisibleForTesting
    protected static Collection<BambooPermission> toEffectiveBambooPermissions(@NotNull Function<BambooPermission, Collection<BambooPermission>> function, @NotNull Collection<PermissionType> collection, boolean z, boolean z2) {
        return PermissionsServiceUtils.getPermissionsAndDependencies((Collection) collection.stream().map(PermissionHelper::toBambooPermission).map(bambooPermission -> {
            return ((z2 || !bambooPermission.equals(BambooPermission.CREATE_REPOSITORY)) && (z || !bambooPermission.equals(BambooPermission.VIEW_CONFIGURATION))) ? bambooPermission : BambooPermission.READ;
        }).collect(Collectors.toList()), function);
    }

    public static BambooPermission toBambooPermission(PermissionType permissionType) {
        BiMap inverse = BAMBOO_PERMISSION_TO_PERMISSION_TYPE.inverse();
        Preconditions.checkState(inverse.containsKey(permissionType), "Unknown permission type value: %s", permissionType);
        return (BambooPermission) inverse.get(permissionType);
    }

    public static PermissionType fromBambooPermission(BambooPermission bambooPermission) {
        Preconditions.checkState(BAMBOO_PERMISSION_TO_PERMISSION_TYPE.containsKey(bambooPermission), "Unknown permission type value: %s", bambooPermission);
        return (PermissionType) BAMBOO_PERMISSION_TO_PERMISSION_TYPE.get(bambooPermission);
    }

    public static Permissions createFromAcl(Acl acl) {
        Permissions permissions = new Permissions();
        for (AccessControlEntry accessControlEntry : acl.getEntries()) {
            PrincipalSid sid = accessControlEntry.getSid();
            BambooPermission permission = accessControlEntry.getPermission();
            if ((sid instanceof PrincipalSid) && !sid.getPrincipal().equals(BambooPermissionManager.SYSTEM_AUTHORITY.getName())) {
                updateUserPermissions(permissions, permission, sid);
            }
            if (sid instanceof GroupPrincipalSid) {
                updateGroupPermissions(permissions, permission, (GroupPrincipalSid) sid);
            }
            if (sid instanceof GrantedAuthoritySid) {
                updateRolePermissions(permissions, permission, (GrantedAuthoritySid) sid);
            }
        }
        return permissions;
    }

    private static void updateUserPermissions(Permissions permissions, BambooPermission bambooPermission, PrincipalSid principalSid) {
        permissions.userPermissions(principalSid.getPrincipal(), new PermissionType[]{fromBambooPermission(bambooPermission)});
    }

    private static void updateGroupPermissions(Permissions permissions, BambooPermission bambooPermission, GroupPrincipalSid groupPrincipalSid) {
        permissions.groupPermissions(groupPrincipalSid.getPrincipal(), new PermissionType[]{fromBambooPermission(bambooPermission)});
    }

    private static void updateRolePermissions(Permissions permissions, BambooPermission bambooPermission, GrantedAuthoritySid grantedAuthoritySid) {
        if (grantedAuthoritySid.getGrantedAuthority().equals(Authority.ANONYMOUS.getAuthority())) {
            PermissionType fromBambooPermission = fromBambooPermission(bambooPermission);
            if (fromBambooPermission != PermissionType.VIEW) {
                throw new IllegalArgumentException(String.format("Anonymous permission can only be set to %s. Currently set to: %s", PermissionType.VIEW, fromBambooPermission));
            }
            permissions.anonymousUserPermissionView();
        }
        if (grantedAuthoritySid.getGrantedAuthority().equals(Authority.USER.getAuthority())) {
            permissions.loggedInUserPermissions(new PermissionType[]{fromBambooPermission(bambooPermission)});
        }
    }
}
