package com.atlassian.jira.application;

import com.atlassian.application.api.ApplicationKey;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.jira.bc.ServiceOutcome;
import com.atlassian.jira.bc.ServiceOutcomeImpl;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.jira.util.dbc.Assertions;
import io.atlassian.fugue.Option;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/atlassian/jira/application/DefaultApplicationRoleAdminService.class */
public class DefaultApplicationRoleAdminService implements ApplicationRoleAdminService {
    private final GroupManager groupManager;
    private final ApplicationRoleManager applicationRoleManager;
    private final JiraAuthenticationContext ctx;
    private final GlobalPermissionManager permissionManager;

    public DefaultApplicationRoleAdminService(@Nonnull GroupManager groupManager, @Nonnull ApplicationRoleManager applicationRoleManager, @Nonnull JiraAuthenticationContext jiraAuthenticationContext, @Nonnull GlobalPermissionManager globalPermissionManager) {
        this.ctx = (JiraAuthenticationContext) Assertions.notNull("ctx", jiraAuthenticationContext);
        this.permissionManager = (GlobalPermissionManager) Assertions.notNull("permissionManager", globalPermissionManager);
        this.groupManager = (GroupManager) Assertions.notNull("groupManager", groupManager);
        this.applicationRoleManager = (ApplicationRoleManager) Assertions.notNull("applicationRoleManager", applicationRoleManager);
    }

    @Nonnull
    public ServiceOutcome<Set<ApplicationRole>> getRoles() {
        ServiceOutcome<Set<ApplicationRole>> validatePermission = validatePermission();
        return !validatePermission.isValid() ? validatePermission : ServiceOutcomeImpl.ok(this.applicationRoleManager.getRoles());
    }

    @Nonnull
    public ServiceOutcome<ApplicationRole> getRole(@Nonnull ApplicationKey applicationKey) {
        Assertions.notNull("key", applicationKey);
        ServiceOutcome<ApplicationRole> validatePermission = validatePermission();
        if (!validatePermission.isValid()) {
            return validatePermission;
        }
        Option role = this.applicationRoleManager.getRole(applicationKey);
        return role.isDefined() ? ServiceOutcomeImpl.ok((ApplicationRole) role.get()) : generateNotFoundOutcomeFor(applicationKey);
    }

    @Nonnull
    public ServiceOutcome<ApplicationRole> setRole(@Nonnull ApplicationRole applicationRole) {
        Assertions.notNull("role", applicationRole);
        ServiceOutcome<ApplicationRole> validatePermission = validatePermission();
        if (!validatePermission.isValid()) {
            return validatePermission;
        }
        if (!this.applicationRoleManager.getRole(applicationRole.getKey()).isDefined()) {
            return generateNotFoundOutcomeFor(applicationRole.getKey());
        }
        ServiceOutcome<ApplicationRole> validateGroups = validateGroups(applicationRole);
        return !validateGroups.isValid() ? validateGroups : ServiceOutcomeImpl.ok(this.applicationRoleManager.setRole(applicationRole));
    }

    @Nonnull
    public ServiceOutcome<Set<ApplicationRole>> setRoles(@Nonnull Collection<ApplicationRole> collection) {
        Assertions.notNull("roles", collection);
        ServiceOutcome<Set<ApplicationRole>> validatePermission = validatePermission();
        if (!validatePermission.isValid()) {
            return validatePermission;
        }
        HashSet hashSet = new HashSet();
        for (ApplicationRole applicationRole : collection) {
            if (!this.applicationRoleManager.getRole(applicationRole.getKey()).isDefined()) {
                return generateNotFoundOutcomeFor(applicationRole.getKey());
            }
            ServiceOutcome<Set<ApplicationRole>> validateGroups = validateGroups(applicationRole);
            if (!validateGroups.isValid()) {
                return validateGroups;
            }
            hashSet.add(this.applicationRoleManager.setRole(applicationRole));
        }
        return ServiceOutcomeImpl.ok(hashSet);
    }

    private <T> ServiceOutcome<T> validatePermission() {
        return !this.permissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, this.ctx.getLoggedInUser()) ? ServiceOutcomeImpl.error(this.ctx.getI18nHelper().getText("application.role.service.permission.denied"), ErrorCollection.Reason.FORBIDDEN) : ServiceOutcomeImpl.ok(null);
    }

    private <T> ServiceOutcome<T> validateGroups(ApplicationRole applicationRole) {
        for (Group group : applicationRole.getGroups()) {
            if (!this.groupManager.groupExists(group)) {
                return generateErrorOutcomeFor("groups", this.ctx.getI18nHelper().getText("application.role.service.group.does.not.exist", group.getName()));
            }
        }
        return ServiceOutcomeImpl.ok(null);
    }

    private <T> ServiceOutcome<T> generateErrorOutcomeFor(String str, String str2) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        simpleErrorCollection.addReason(ErrorCollection.Reason.VALIDATION_FAILED);
        simpleErrorCollection.addError(str, str2);
        return new ServiceOutcomeImpl(simpleErrorCollection);
    }

    private <T> ServiceOutcome<T> generateNotFoundOutcomeFor(ApplicationKey applicationKey) {
        return ServiceOutcomeImpl.error(this.ctx.getI18nHelper().getText("application.role.service.role.does.not.exist", applicationKey.value()), ErrorCollection.Reason.NOT_FOUND);
    }
}
