package com.atlassian.jira.bc.workflow;

import com.atlassian.beehive.ClusterLockService;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.bc.JiraServiceContext;
import com.atlassian.jira.bc.JiraServiceContextImpl;
import com.atlassian.jira.bc.ServiceOutcome;
import com.atlassian.jira.bc.ServiceOutcomeImpl;
import com.atlassian.jira.bc.ServiceResult;
import com.atlassian.jira.bc.project.ProjectAction;
import com.atlassian.jira.bc.workflow.WorkflowService;
import com.atlassian.jira.bc.workflow.events.WorkflowPublished;
import com.atlassian.jira.extension.Startable;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.ProjectPermissionHelper;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.workflow.AssignableWorkflowScheme;
import com.atlassian.jira.workflow.JiraWorkflow;
import com.atlassian.jira.workflow.ProjectWorkflowSchemeHelper;
import com.atlassian.jira.workflow.WorkflowException;
import com.atlassian.jira.workflow.WorkflowManager;
import com.atlassian.jira.workflow.WorkflowScheme;
import com.atlassian.jira.workflow.WorkflowSchemeManager;
import com.atlassian.jira.workflow.WorkflowUtil;
import com.atlassian.jira.workflow.edit.WorkflowStatusesValidator;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Iterables;
import com.opensymphony.workflow.loader.StepDescriptor;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.locks.Lock;
import java.util.stream.StreamSupport;
import org.apache.commons.lang3.StringUtils;
import org.ofbiz.core.entity.GenericValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/bc/workflow/DefaultWorkflowService.class */
public class DefaultWorkflowService implements WorkflowService, Startable {

    @VisibleForTesting
    static final String OVERWRITE_WORKFLOW_LOCK_NAME = DefaultWorkflowService.class.getName() + ".overwriteWorkflow";
    private static final Logger log = LoggerFactory.getLogger(DefaultWorkflowService.class);
    private final ClusterLockService clusterLockService;
    private final WorkflowManager workflowManager;
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final PermissionManager permissionManager;
    private final WorkflowSchemeManager workflowSchemeManager;
    private final GlobalPermissionManager globalPermissionManager;
    private final EventPublisher eventPublisher;
    private final WorkflowStatusesValidator workflowStatusesValidator;
    private final ProjectWorkflowSchemeHelper projectWorkflowSchemeHelper;
    private final ProjectPermissionHelper projectPermissionHelper;
    private Lock overwriteWorkflowLock;

    public DefaultWorkflowService(WorkflowManager workflowManager, JiraAuthenticationContext jiraAuthenticationContext, PermissionManager permissionManager, WorkflowSchemeManager workflowSchemeManager, ClusterLockService clusterLockService, GlobalPermissionManager globalPermissionManager, EventPublisher eventPublisher, WorkflowStatusesValidator workflowStatusesValidator, ProjectWorkflowSchemeHelper projectWorkflowSchemeHelper, ProjectPermissionHelper projectPermissionHelper) {
        this.clusterLockService = clusterLockService;
        this.workflowManager = workflowManager;
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.permissionManager = permissionManager;
        this.workflowSchemeManager = workflowSchemeManager;
        this.globalPermissionManager = globalPermissionManager;
        this.eventPublisher = eventPublisher;
        this.workflowStatusesValidator = workflowStatusesValidator;
        this.projectWorkflowSchemeHelper = projectWorkflowSchemeHelper;
        this.projectPermissionHelper = projectPermissionHelper;
    }

    public void start() {
        this.overwriteWorkflowLock = this.clusterLockService.getLockForName(OVERWRITE_WORKFLOW_LOCK_NAME);
    }

    public JiraWorkflow getDraftWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (StringUtils.isEmpty(str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.parent"));
            return null;
        }
        if (this.workflowManager.getWorkflow(str) == null) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.retrieve.no.parent"));
            return null;
        }
        if (hasEditWorkflowPermission(jiraServiceContext, str)) {
            return this.workflowManager.getDraftWorkflow(str);
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
        return null;
    }

    public JiraWorkflow createDraftWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (StringUtils.isEmpty(str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.parent"));
            return null;
        }
        JiraWorkflow workflow = this.workflowManager.getWorkflow(str);
        if (workflow == null) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.parent"));
            return null;
        }
        if (!hasEditWorkflowPermission(jiraServiceContext, str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
            return null;
        }
        if (!this.workflowManager.isActive(workflow)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.parent.not.active"));
            return null;
        }
        if (workflow.isSystemWorkflow()) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.not.editable"));
            return null;
        }
        try {
            return this.workflowManager.createDraftWorkflow(jiraServiceContext.getLoggedInApplicationUser(), str);
        } catch (IllegalStateException e) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.draft.exists.or.workflow.not.active"));
            return null;
        }
    }

    public boolean deleteDraftWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (StringUtils.isEmpty(str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.delete.no.parent"));
            return false;
        }
        if (hasEditWorkflowPermission(jiraServiceContext, str)) {
            return this.workflowManager.deleteDraftWorkflow(str);
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
        return false;
    }

    public ServiceOutcome<Void> deleteWorkflow(ApplicationUser applicationUser, String str) {
        JiraServiceContextImpl jiraServiceContextImpl = new JiraServiceContextImpl(applicationUser);
        JiraWorkflow workflow = getWorkflow(jiraServiceContextImpl, str);
        if (jiraServiceContextImpl.getErrorCollection().hasAnyErrors()) {
            return ServiceOutcomeImpl.from(jiraServiceContextImpl.getErrorCollection(), null);
        }
        if (workflow == null) {
            return ServiceOutcomeImpl.error(getI18nBean().getText("admin.errors.workflow.with.name.does.not.exist", "'" + str + "'"));
        }
        if (!workflow.isEditable()) {
            return ServiceOutcomeImpl.error(getI18nBean().getText("admin.errors.workflow.cannot.be.deleted.as.it.is.not.editable"));
        }
        Iterable<WorkflowScheme> schemesForWorkflowIncludingDrafts = this.workflowSchemeManager.getSchemesForWorkflowIncludingDrafts(workflow);
        if (Iterables.isEmpty(schemesForWorkflowIncludingDrafts)) {
            this.workflowManager.deleteWorkflow(workflow);
            return ServiceOutcomeImpl.ok(null);
        }
        StringBuilder sb = new StringBuilder();
        for (WorkflowScheme workflowScheme : schemesForWorkflowIncludingDrafts) {
            if (workflowScheme.isDraft()) {
                sb.append(getI18nBean().getText("admin.workflows.service.workflow.draft.of", workflowScheme.getName()));
            } else {
                sb.append('\'').append(workflowScheme.getName()).append('\'');
            }
            sb.append(", ");
        }
        sb.delete(sb.length() - 2, sb.length() - 1);
        return ServiceOutcomeImpl.error(getI18nBean().getText("admin.errors.cannot.delete.this.workflow") + " " + sb);
    }

    public void overwriteActiveWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (!hasEditWorkflowPermission(jiraServiceContext, str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
            return;
        }
        this.overwriteWorkflowLock.lock();
        try {
            validateOverwriteWorkflow(jiraServiceContext, str);
            if (jiraServiceContext.getErrorCollection().hasAnyErrors()) {
                return;
            }
            boolean isWorkflowIsolated = this.projectWorkflowSchemeHelper.isWorkflowIsolated(str);
            this.workflowManager.overwriteActiveWorkflow(jiraServiceContext.getLoggedInApplicationUser(), str);
            this.eventPublisher.publish(getWorkflowPublishedEvent(jiraServiceContext, str, isWorkflowIsolated));
            this.overwriteWorkflowLock.unlock();
        } finally {
            this.overwriteWorkflowLock.unlock();
        }
    }

    private WorkflowPublished getWorkflowPublishedEvent(JiraServiceContext jiraServiceContext, String str, boolean z) {
        List<Project> allProjectsForWorkflow = this.projectWorkflowSchemeHelper.getAllProjectsForWorkflow(str);
        return new WorkflowPublished(z, hasAdminPermission(jiraServiceContext), this.projectPermissionHelper.hasExtPermission(allProjectsForWorkflow), str, allProjectsForWorkflow.size() == 1 ? allProjectsForWorkflow.iterator().next().getId() : null);
    }

    public void validateOverwriteWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (StringUtils.isEmpty(str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.overwrite.no.parent", str));
            return;
        }
        JiraWorkflow workflow = this.workflowManager.getWorkflow(str);
        if (workflow == null) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.overwrite.no.parent", str));
            return;
        }
        if (!workflow.isActive()) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.overwrite.inactive.parent", str));
            return;
        }
        if (!hasEditWorkflowPermission(jiraServiceContext, str)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
            return;
        }
        JiraWorkflow draftWorkflow = this.workflowManager.getDraftWorkflow(str);
        if (draftWorkflow == null) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.overwrite.no.draft", str));
        } else {
            validateOverwriteWorkflow(workflow, draftWorkflow, jiraServiceContext);
        }
    }

    public void updateWorkflow(JiraServiceContext jiraServiceContext, JiraWorkflow jiraWorkflow) {
        if (jiraWorkflow == null || jiraWorkflow.getDescriptor() == null) {
            addError(jiraServiceContext, "admin.workflows.service.error.update.no.workflow", ErrorCollection.Reason.VALIDATION_FAILED);
            return;
        }
        if (!jiraWorkflow.isEditable()) {
            addError(jiraServiceContext, "admin.workflows.service.error.not.editable", ErrorCollection.Reason.VALIDATION_FAILED);
            return;
        }
        if (!isWorkflowEditable(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow)) {
            addError(jiraServiceContext, "admin.workflows.service.error.no.admin.permission", ErrorCollection.Reason.FORBIDDEN);
            return;
        }
        this.overwriteWorkflowLock.lock();
        try {
            this.workflowManager.updateWorkflow(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow);
        } finally {
            this.overwriteWorkflowLock.unlock();
        }
    }

    public void validateUpdateWorkflowNameAndDescription(JiraServiceContext jiraServiceContext, JiraWorkflow jiraWorkflow, String str) {
        if (jiraWorkflow == null || jiraWorkflow.getDescriptor() == null) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.update.no.workflow"));
            return;
        }
        if (!jiraWorkflow.isEditable()) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.errors.workflow.cannot.be.edited.as.it.is.not.editable"));
            return;
        }
        if (!isWorkflowEditable(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
            return;
        }
        if (jiraWorkflow.isDraftWorkflow() && !str.equals(jiraWorkflow.getName())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.edit.name.draft.workflow"));
        } else if (WorkflowUtil.isAcceptableName(str, "newWorkflowName", jiraServiceContext.getErrorCollection()) && !str.equals(jiraWorkflow.getName()) && this.workflowManager.workflowExists(str)) {
            jiraServiceContext.getErrorCollection().addError("newWorkflowName", getI18nBean().getText("admin.errors.a.workflow.with.this.name.already.exists"));
        }
    }

    public void updateWorkflowNameAndDescription(JiraServiceContext jiraServiceContext, JiraWorkflow jiraWorkflow, String str, String str2) {
        if (isWorkflowEditable(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow)) {
            this.workflowManager.updateWorkflowNameAndDescription(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow, str, str2);
        } else {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
        }
    }

    public JiraWorkflow getWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (!StringUtils.isEmpty(str)) {
            return this.workflowManager.getWorkflow(str);
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.null.name"));
        return null;
    }

    public void validateCopyWorkflow(JiraServiceContext jiraServiceContext, String str) {
        if (!hasAdminPermission(jiraServiceContext)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
            return;
        }
        if (WorkflowUtil.isAcceptableName(str, "newWorkflowName", jiraServiceContext.getErrorCollection())) {
            try {
                if (this.workflowManager.workflowExists(str)) {
                    jiraServiceContext.getErrorCollection().addError("newWorkflowName", getI18nBean().getText("admin.errors.a.workflow.with.this.name.already.exists"));
                }
            } catch (WorkflowException e) {
                log.error("Error occurred while accessing workflow information.", e);
                jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.errors.workflows.error.occurred.accessing.information"));
            }
        }
    }

    public JiraWorkflow copyWorkflow(JiraServiceContext jiraServiceContext, String str, String str2, JiraWorkflow jiraWorkflow) {
        WorkflowService.WorkflowPermission workflowPermission = getWorkflowPermission(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow);
        boolean hasAdminPermission = hasAdminPermission(jiraServiceContext.getLoggedInApplicationUser());
        boolean equals = workflowPermission.equals(WorkflowService.WorkflowPermission.EDITABLE);
        boolean equals2 = workflowPermission.equals(WorkflowService.WorkflowPermission.SYSTEM_WORKFLOW);
        if (equals || (hasAdminPermission && equals2)) {
            return this.workflowManager.copyWorkflow(jiraServiceContext.getLoggedInApplicationUser(), str, str2, jiraWorkflow);
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
        return null;
    }

    public boolean isStepOnDraftWithNoTransitionsOnParentWorkflow(JiraServiceContext jiraServiceContext, JiraWorkflow jiraWorkflow, int i) {
        return false;
    }

    public void validateAddWorkflowTransitionToDraft(JiraServiceContext jiraServiceContext, JiraWorkflow jiraWorkflow, int i) {
        if (isWorkflowEditable(jiraServiceContext.getLoggedInApplicationUser(), jiraWorkflow)) {
            return;
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.no.admin.permission"));
    }

    private void validateOverwriteWorkflow(JiraWorkflow jiraWorkflow, JiraWorkflow jiraWorkflow2, JiraServiceContext jiraServiceContext) {
        List linkedStatuses = jiraWorkflow.getLinkedStatuses();
        ArrayList arrayList = new ArrayList();
        Iterator it = linkedStatuses.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            GenericValue genericValue = (GenericValue) it.next();
            StepDescriptor linkedStep = jiraWorkflow.getLinkedStep(genericValue);
            StepDescriptor linkedStep2 = jiraWorkflow2.getLinkedStep(genericValue);
            if (linkedStep2 == null) {
                arrayList.add(linkedStep);
            } else if (linkedStep.getId() != linkedStep2.getId()) {
                jiraServiceContext.getErrorCollection().addErrorMessage(getI18nBean().getText("admin.workflows.service.error.overwrite.step.associated.with.wrong.status", String.valueOf(linkedStep.getId()), genericValue.getString("name")));
                break;
            } else {
                validateAddWorkflowTransitionToDraft(jiraServiceContext, jiraWorkflow2, linkedStep.getId());
                if (jiraServiceContext.getErrorCollection().hasAnyErrors()) {
                    break;
                }
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            ServiceResult validateStatusDeleteWhenOverwriteWorkflow = this.workflowStatusesValidator.validateStatusDeleteWhenOverwriteWorkflow(this.jiraAuthenticationContext.getLoggedInUser(), jiraWorkflow, (String) ((StepDescriptor) it2.next()).getMetaAttributes().get("jira.status.id"));
            if (!validateStatusDeleteWhenOverwriteWorkflow.isValid()) {
                jiraServiceContext.getErrorCollection().addErrorCollection(validateStatusDeleteWhenOverwriteWorkflow.getErrorCollection());
                return;
            }
        }
    }

    @VisibleForTesting
    I18nHelper getI18nBean() {
        return this.jiraAuthenticationContext.getI18nHelper();
    }

    @VisibleForTesting
    boolean hasAdminPermission(JiraServiceContext jiraServiceContext) {
        return hasAdminPermission((ApplicationUser) Optional.ofNullable(jiraServiceContext).map((v0) -> {
            return v0.getLoggedInApplicationUser();
        }).orElse(null));
    }

    boolean hasAdminPermission(ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser);
    }

    private void addError(JiraServiceContext jiraServiceContext, String str, ErrorCollection.Reason reason) {
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        errorCollection.addErrorMessage(getI18nBean().getText(str));
        errorCollection.addReason(reason);
    }

    private boolean hasEditWorkflowPermission(JiraServiceContext jiraServiceContext, String str) {
        return isWorkflowEditable((ApplicationUser) Optional.ofNullable(jiraServiceContext).map((v0) -> {
            return v0.getLoggedInApplicationUser();
        }).orElse(null), this.workflowManager.getWorkflow(str));
    }

    public WorkflowService.WorkflowPermission getWorkflowPermission(ApplicationUser applicationUser, JiraWorkflow jiraWorkflow) {
        if (jiraWorkflow == null) {
            log.debug("project level admin cannot edit null workflow");
            return WorkflowService.WorkflowPermission.NOT_EDITABLE;
        }
        if (jiraWorkflow.isSystemWorkflow()) {
            log.debug("noone can edit system workflow {}", jiraWorkflow.getName());
            return WorkflowService.WorkflowPermission.SYSTEM_WORKFLOW;
        }
        if (hasAdminPermission(applicationUser)) {
            return WorkflowService.WorkflowPermission.EDITABLE;
        }
        Iterable schemesForWorkflowIncludingDrafts = this.workflowSchemeManager.getSchemesForWorkflowIncludingDrafts(jiraWorkflow);
        if (Iterables.isEmpty(schemesForWorkflowIncludingDrafts)) {
            log.debug("project level admin cannot edit workflow that is not used by any project {}", jiraWorkflow.getName());
            return WorkflowService.WorkflowPermission.NOT_EDITABLE;
        }
        int size = this.projectWorkflowSchemeHelper.getAllProjectsForWorkflow(jiraWorkflow.getName()).size();
        if (size > 1) {
            log.debug("project level admin cannot edit workflow shared by other projects {}", jiraWorkflow.getName());
            return WorkflowService.WorkflowPermission.SHARED;
        }
        if (size != 0) {
            return StreamSupport.stream(schemesForWorkflowIncludingDrafts.spliterator(), false).filter(workflowScheme -> {
                return workflowScheme instanceof AssignableWorkflowScheme;
            }).map(workflowScheme2 -> {
                return this.workflowSchemeManager.getProjectsUsing((AssignableWorkflowScheme) workflowScheme2);
            }).flatMap((v0) -> {
                return v0.stream();
            }).allMatch(project -> {
                return hasExtendedProjectAdminPermission(applicationUser, project);
            }) ? WorkflowService.WorkflowPermission.EDITABLE : WorkflowService.WorkflowPermission.NO_PERMISSION;
        }
        log.debug("project level admin cannot edit workflow not used by any project {}", jiraWorkflow.getName());
        return WorkflowService.WorkflowPermission.NOT_EDITABLE;
    }

    public boolean isWorkflowEditable(ApplicationUser applicationUser, JiraWorkflow jiraWorkflow) {
        return getWorkflowPermission(applicationUser, jiraWorkflow) == WorkflowService.WorkflowPermission.EDITABLE;
    }

    @VisibleForTesting
    boolean hasExtendedProjectAdminPermission(ApplicationUser applicationUser, Project project) {
        return ProjectAction.EDIT_PROJECT_CONFIG_EXTENDED.hasPermission(this.permissionManager, applicationUser, project);
    }
}
