package com.atlassian.jira.jql.query;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.issue.search.constants.SystemSearchConstants;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserUtil;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.BooleanClause;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.search.MatchAllDocsQuery;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TermQuery;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/jql/query/QueryProjectRoleAndGroupPermissionsDecorator.class */
public class QueryProjectRoleAndGroupPermissionsDecorator {
    private static final Logger log = LoggerFactory.getLogger(CommentClauseQueryFactory.class);
    public static final BooleanQuery matchNoDocsQuery = new BooleanQuery.Builder().build();
    private final PermissionManager permissionManager;
    private final ProjectRoleManager projectRoleManager;

    public QueryProjectRoleAndGroupPermissionsDecorator(PermissionManager permissionManager, ProjectRoleManager projectRoleManager) {
        this.permissionManager = permissionManager;
        this.projectRoleManager = projectRoleManager;
    }

    public Query appendPermissionFilterQuery(Query query, QueryCreationContext queryCreationContext, String str, String str2) {
        BooleanQuery createPermissionQuery = createPermissionQuery(queryCreationContext, str, str2);
        if (createPermissionQuery == matchNoDocsQuery) {
            return new BooleanQuery.Builder().build();
        }
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        builder.add(query, BooleanClause.Occur.MUST);
        builder.add(createPermissionQuery, BooleanClause.Occur.FILTER);
        return builder.build();
    }

    public Query decorateWorklogQueryWithPermissionChecks(Query query, QueryCreationContext queryCreationContext) {
        return appendPermissionFilterQuery(query, queryCreationContext, "worklog_level", "worklog_role_level");
    }

    public Query createPermissionQuery(QueryCreationContext queryCreationContext, String str, String str2) {
        if (queryCreationContext.isSecurityOverriden()) {
            return new MatchAllDocsQuery();
        }
        List<Long> visibleProjectIds = getVisibleProjectIds(queryCreationContext.getApplicationUser());
        if (visibleProjectIds.isEmpty()) {
            return matchNoDocsQuery;
        }
        BooleanQuery createLevelRestrictionQuery = createLevelRestrictionQuery(visibleProjectIds, queryCreationContext.getApplicationUser(), str, str2);
        BooleanQuery createProjectVisibilityQuery = createProjectVisibilityQuery(visibleProjectIds);
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        builder.add(createLevelRestrictionQuery, BooleanClause.Occur.MUST);
        builder.add(createProjectVisibilityQuery, BooleanClause.Occur.FILTER);
        return builder.build();
    }

    TermQuery getTermQuery(String str, String str2) {
        return new TermQuery(new Term(str, str2));
    }

    BooleanQuery createProjectVisibilityQuery(List<Long> list) {
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        String indexField = SystemSearchConstants.forProject().getIndexField();
        Iterator<Long> it = list.iterator();
        while (it.hasNext()) {
            builder.add(getTermQuery(indexField, it.next().toString()), BooleanClause.Occur.SHOULD);
        }
        return builder.build();
    }

    BooleanQuery createLevelRestrictionQuery(List<Long> list, ApplicationUser applicationUser, String str, String str2) {
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        builder.add(createNoGroupOrProjectRoleLevelQuery(str, str2), BooleanClause.Occur.SHOULD);
        if (applicationUser != null) {
            Set<String> groups = getGroups(applicationUser);
            if (!groups.isEmpty()) {
                builder.add(createGroupLevelQuery(groups, str), BooleanClause.Occur.SHOULD);
            }
            ProjectRoleManager.ProjectIdToProjectRoleIdsMap createProjectIdToProjectRolesMap = this.projectRoleManager.createProjectIdToProjectRolesMap(applicationUser, list);
            if (!createProjectIdToProjectRolesMap.isEmpty()) {
                builder.add(createProjectRoleLevelQuery(createProjectIdToProjectRolesMap, str2), BooleanClause.Occur.SHOULD);
            }
        }
        return builder.build();
    }

    Set<String> getGroups(ApplicationUser applicationUser) {
        return ((UserUtil) ComponentAccessor.getComponent(UserUtil.class)).getGroupNamesForUser(applicationUser.getName());
    }

    Query createNoGroupOrProjectRoleLevelQuery(String str, String str2) {
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        builder.add(getTermQuery(str, "-1"), BooleanClause.Occur.MUST);
        builder.add(getTermQuery(str2, "-1"), BooleanClause.Occur.MUST);
        return builder.build();
    }

    Query createProjectRoleLevelQuery(ProjectRoleManager.ProjectIdToProjectRoleIdsMap projectIdToProjectRoleIdsMap, String str) {
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        if (projectIdToProjectRoleIdsMap == null || projectIdToProjectRoleIdsMap.isEmpty()) {
            log.debug("Groups must be specified!");
            return builder.build();
        }
        Iterator it = projectIdToProjectRoleIdsMap.iterator();
        while (it.hasNext()) {
            ProjectRoleManager.ProjectIdToProjectRoleIdsMap.Entry entry = (ProjectRoleManager.ProjectIdToProjectRoleIdsMap.Entry) it.next();
            Long projectId = entry.getProjectId();
            Iterator it2 = entry.getProjectRoleIds().iterator();
            while (it2.hasNext()) {
                builder.add(createFieldInProjectAndUserInRoleQuery(projectId, (Long) it2.next(), str), BooleanClause.Occur.SHOULD);
            }
        }
        return builder.build();
    }

    Query createFieldInProjectAndUserInRoleQuery(Long l, Long l2, String str) {
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        if (l == null) {
            log.debug("projectId must be specified!");
            return builder.build();
        }
        if (l2 == null) {
            log.debug("projectRoleId must be specified!");
            return builder.build();
        }
        builder.add(getTermQuery(SystemSearchConstants.forProject().getIndexField(), l.toString()), BooleanClause.Occur.MUST);
        builder.add(getTermQuery(str, l2.toString()), BooleanClause.Occur.MUST);
        return builder.build();
    }

    Query createGroupLevelQuery(Set<String> set, String str) {
        BooleanQuery.Builder builder = new BooleanQuery.Builder();
        if (set == null || set.isEmpty()) {
            log.debug("Groups must be specified!");
            return builder.build();
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            builder.add(getTermQuery(str, it.next()), BooleanClause.Occur.SHOULD);
        }
        return builder.build();
    }

    List<Long> getVisibleProjectIds(ApplicationUser applicationUser) {
        Collection<Project> projects = this.permissionManager.getProjects(ProjectPermissions.BROWSE_PROJECTS, applicationUser);
        ArrayList arrayList = new ArrayList();
        for (Project project : projects) {
            if (project != null) {
                arrayList.add(project.getId());
            }
        }
        return arrayList;
    }
}
