package com.atlassian.jira.rest.v2.issue.project;

import com.atlassian.jira.avatar.AvatarService;
import com.atlassian.jira.bc.project.ProjectAction;
import com.atlassian.jira.bc.project.ProjectService;
import com.atlassian.jira.bc.projectroles.ProjectRoleService;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.rest.api.project.ProjectRoleBean;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.exception.NotAuthorisedWebException;
import com.atlassian.jira.rest.exception.NotFoundWebException;
import com.atlassian.jira.rest.util.ProjectFinder;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.roles.ProjectRole;
import com.atlassian.jira.security.roles.ProjectRoleActors;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.plugins.rest.api.security.annotation.AnonymousSiteAccess;
import com.google.common.collect.Maps;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

@Path("project/{projectIdOrKey}/role")
@Consumes({"application/json"})
@Produces({"application/json"})
@AnonymousSiteAccess
/* loaded from: input_file:com/atlassian/jira/rest/v2/issue/project/ProjectRoleResource.class */
public class ProjectRoleResource {
    ProjectRoleService projectRoleService;
    AvatarService avatarService;
    ProjectFinder projectFinder;
    JiraAuthenticationContext authContext;
    UriInfo uriInfo;
    UserManager userManager;
    ProjectRoleBeanFactory projectRoleBeanFactory;
    GroupManager groupManager;

    /* loaded from: input_file:com/atlassian/jira/rest/v2/issue/project/ProjectRoleResource$ActorsMap.class */
    public static class ActorsMap extends HashMap<String, String[]> {
    }

    private ProjectRoleResource() {
    }

    @Inject
    public ProjectRoleResource(ProjectRoleService projectRoleService, AvatarService avatarService, ProjectFinder projectFinder, JiraAuthenticationContext jiraAuthenticationContext, UriInfo uriInfo, UserManager userManager, ProjectRoleBeanFactory projectRoleBeanFactory, GroupManager groupManager) {
        this.projectRoleService = projectRoleService;
        this.avatarService = avatarService;
        this.projectFinder = projectFinder;
        this.authContext = jiraAuthenticationContext;
        this.uriInfo = uriInfo;
        this.userManager = userManager;
        this.projectRoleBeanFactory = projectRoleBeanFactory;
        this.groupManager = groupManager;
    }

    @GET
    @Operation(summary = "Get all roles in project", description = "Returns all roles in the given project Id or key, with links to full details on each role.", security = {@SecurityRequirement(name = "basic")})
    @Parameter(name = "projectIdOrKey", description = "The project id or project key", required = true)
    @ApiResponses({@ApiResponse(description = "List of roles and URIs to full details", responseCode = "200"), @ApiResponse(description = "Returned if the project is not found, or the calling user does not have permission to view it.", responseCode = "404")})
    public Response getProjectRoles(@PathParam("projectIdOrKey") String str) {
        Project projectByIdOrKey = getProjectByIdOrKey(str);
        HashMap hashMap = new HashMap();
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        Collection<ProjectRole> projectRoles = this.projectRoleService.getProjectRoles(simpleErrorCollection);
        if (!simpleErrorCollection.hasAnyErrors()) {
            for (ProjectRole projectRole : projectRoles) {
                hashMap.put(projectRole.getName(), this.projectRoleBeanFactory.projectRole(projectByIdOrKey, projectRole).self);
            }
        }
        return Response.ok(hashMap).build();
    }

    @GET
    @Path("{id}")
    @Operation(summary = "Get details for a project role", description = "Returns the details for a given project role in a project.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "projectIdOrKey", description = "The project id or project key", required = true), @Parameter(name = "id", description = "The project role id", required = true)})
    @ApiResponses({@ApiResponse(description = "Role details and its actors", responseCode = "200", content = {@Content(schema = @Schema(implementation = ProjectRoleBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if the project or role is not found, or the calling user does not have permission to view it.", responseCode = "404")})
    public Response getProjectRole(@PathParam("projectIdOrKey") String str, @PathParam("id") Long l) {
        Project projectByIdOrKey = getProjectByIdOrKey(str);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        ProjectRole projectRole = this.projectRoleService.getProjectRole(l, simpleErrorCollection);
        checkForErrors(simpleErrorCollection);
        SimpleErrorCollection simpleErrorCollection2 = new SimpleErrorCollection();
        ProjectRoleActors projectRoleActors = this.projectRoleService.getProjectRoleActors(projectRole, projectByIdOrKey, simpleErrorCollection2);
        checkForErrors(simpleErrorCollection2);
        return Response.ok(this.projectRoleBeanFactory.projectRole(projectByIdOrKey, projectRole, projectRoleActors, this.authContext.getUser())).build();
    }

    @Path("{id}")
    @Operation(summary = "Update project role with actors", description = "Updates a project role to include the specified actors (users or groups). Can be also used to clear roles to not include any users or groups. For user actors, their usernames should be used.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "projectIdOrKey", description = "The project id or project key", required = true), @Parameter(name = "id", description = "The project role id", required = true)})
    @RequestBody(description = "The actors to set for the role", required = true, content = {@Content(schema = @Schema(implementation = ProjectRoleActorsUpdateBean.class), mediaType = "application/json")})
    @PUT
    @ApiResponses({@ApiResponse(description = "Role details and its actors after modification", responseCode = "200", content = {@Content(schema = @Schema(implementation = ProjectRoleBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if the actor could not be added to the project role", responseCode = "404")})
    public Response setActors(@PathParam("projectIdOrKey") String str, @PathParam("id") Long l, ProjectRoleActorsUpdateBean projectRoleActorsUpdateBean) {
        Project projectByIdOrKey = getProjectByIdOrKey(str);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        ProjectRole projectRole = this.projectRoleService.getProjectRole(l, simpleErrorCollection);
        checkForErrors(simpleErrorCollection);
        Map<String, String[]> categorisedActors = projectRoleActorsUpdateBean.getCategorisedActors();
        String[] strArr = categorisedActors.get("atlassian-user-role-actor");
        String[] strArr2 = categorisedActors.get("atlassian-group-role-actor");
        if (strArr == null && strArr2 == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Set<String> userkeysFromUsernames = userkeysFromUsernames(strArr);
        Set<String> existingGroupNames = existingGroupNames(strArr2);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("atlassian-user-role-actor", userkeysFromUsernames);
        newHashMap.put("atlassian-group-role-actor", existingGroupNames);
        SimpleErrorCollection simpleErrorCollection2 = new SimpleErrorCollection();
        this.projectRoleService.setActorsForProjectRole(newHashMap, projectRole, projectByIdOrKey, simpleErrorCollection2);
        checkForErrors(simpleErrorCollection2);
        return getProjectRole(str, l);
    }

    @Path("{id}")
    @Operation(summary = "Add actor to project role", description = "Adds an actor (user or group) to a project role. For user actors, their usernames should be used.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "projectIdOrKey", description = "The project id or project key", required = true), @Parameter(name = "id", description = "The project role id", required = true)})
    @POST
    @RequestBody(description = "The actors to add to the role", required = true, content = {@Content(schema = @Schema(implementation = ActorsMap.class), mediaType = "application/json")})
    @ApiResponses({@ApiResponse(description = "Role details and its actors after modification", responseCode = "200", content = {@Content(schema = @Schema(implementation = ProjectRoleBean.class), mediaType = "application/json")}), @ApiResponse(description = "Returned if the project or role is not found, the calling user does not have permission to view it or does not have permission to modify the actors in the project role.", responseCode = "404"), @ApiResponse(description = "Returned if none of the specified groups and users exist.", responseCode = "410")})
    public Response addActorUsers(@PathParam("projectIdOrKey") String str, @PathParam("id") Long l, ActorsMap actorsMap) {
        Project projectByIdOrKey = getProjectByIdOrKey(str);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        ProjectRole projectRole = this.projectRoleService.getProjectRole(l, simpleErrorCollection);
        checkForErrors(simpleErrorCollection);
        String[] strArr = actorsMap.get("user");
        String[] strArr2 = actorsMap.get("group");
        if (strArr == null && strArr2 == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Set<String> userkeysFromUsernames = userkeysFromUsernames(strArr);
        Set<String> existingGroupNames = existingGroupNames(strArr2);
        if (userkeysFromUsernames.isEmpty() && existingGroupNames.isEmpty()) {
            return Response.status(Response.Status.GONE).build();
        }
        if (!userkeysFromUsernames.isEmpty()) {
            SimpleErrorCollection simpleErrorCollection2 = new SimpleErrorCollection();
            this.projectRoleService.addActorsToProjectRole(userkeysFromUsernames, projectRole, projectByIdOrKey, "atlassian-user-role-actor", simpleErrorCollection2);
            checkForErrors(simpleErrorCollection2);
        }
        if (!existingGroupNames.isEmpty()) {
            SimpleErrorCollection simpleErrorCollection3 = new SimpleErrorCollection();
            this.projectRoleService.addActorsToProjectRole(existingGroupNames, projectRole, projectByIdOrKey, "atlassian-group-role-actor", simpleErrorCollection3);
            checkForErrors(simpleErrorCollection3);
        }
        return getProjectRole(str, l);
    }

    @Path("{id}")
    @DELETE
    @Operation(summary = "Delete actors from project role", description = "Deletes actors (users or groups) from a project role.", security = {@SecurityRequirement(name = "basic")})
    @Parameters({@Parameter(name = "projectIdOrKey", description = "The project id or project key", required = true), @Parameter(name = "id", description = "The project role id", required = true), @Parameter(name = "user", description = "The user name of the user to remove from the project role. Use either user or group, but not both"), @Parameter(name = "group", description = "The group name to remove from the project role. Use either user or group, but not both")})
    @ApiResponses({@ApiResponse(description = "No content on success", responseCode = "204"), @ApiResponse(description = "Returned if the project or role is not found, the calling user does not have permission to view it or does not have permission to modify the actors in the project role.", responseCode = "404"), @ApiResponse(description = "Returned if none of the specified groups and users exist.", responseCode = "410")})
    public Response deleteActor(@PathParam("projectIdOrKey") String str, @PathParam("id") Long l, @QueryParam("user") String str2, @QueryParam("group") String str3) {
        Project projectByIdOrKey = getProjectByIdOrKey(str);
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        ProjectRole projectRole = this.projectRoleService.getProjectRole(l, simpleErrorCollection);
        checkForErrors(simpleErrorCollection);
        if (str2 == null && str3 == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Set<String> userkeysFromUsernames = userkeysFromUsernames(str2);
        Set<String> existingGroupNames = existingGroupNames(str3);
        if (userkeysFromUsernames.isEmpty() && existingGroupNames.isEmpty()) {
            return Response.status(Response.Status.GONE).build();
        }
        if (!userkeysFromUsernames.isEmpty()) {
            SimpleErrorCollection simpleErrorCollection2 = new SimpleErrorCollection();
            this.projectRoleService.removeActorsFromProjectRole(userkeysFromUsernames, projectRole, projectByIdOrKey, "atlassian-user-role-actor", simpleErrorCollection2);
            checkForErrors(simpleErrorCollection2);
        }
        if (!existingGroupNames.isEmpty()) {
            SimpleErrorCollection simpleErrorCollection3 = new SimpleErrorCollection();
            this.projectRoleService.removeActorsFromProjectRole(existingGroupNames, projectRole, projectByIdOrKey, "atlassian-group-role-actor", simpleErrorCollection3);
            checkForErrors(simpleErrorCollection3);
        }
        return Response.noContent().build();
    }

    private Set<String> userkeysFromUsernames(String... strArr) {
        if (strArr == null) {
            return Collections.emptySet();
        }
        Stream stream = Arrays.stream(strArr);
        UserManager userManager = this.userManager;
        Objects.requireNonNull(userManager);
        return (Set) stream.map(userManager::getUserByName).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toSet());
    }

    private Set<String> existingGroupNames(String... strArr) {
        return strArr != null ? (Set) Arrays.stream(strArr).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(str -> {
            return this.groupManager.groupExists(str);
        }).collect(Collectors.toSet()) : Collections.emptySet();
    }

    private Project getProjectByIdOrKey(String str) {
        ProjectService.GetProjectResult getProjectForActionByIdOrKey = this.projectFinder.getGetProjectForActionByIdOrKey(this.authContext.getUser(), str, ProjectAction.EDIT_PROJECT_CONFIG);
        if (!getProjectForActionByIdOrKey.getErrorCollection().hasAnyErrors()) {
            return getProjectForActionByIdOrKey.getProject();
        }
        ErrorCollection of = ErrorCollection.of(getProjectForActionByIdOrKey.getErrorCollection());
        if (getProjectForActionByIdOrKey.getErrorCollection().getReasons().contains(ErrorCollection.Reason.FORBIDDEN)) {
            throw new NotAuthorisedWebException(of);
        }
        throw new NotFoundWebException(of);
    }

    private void checkForErrors(SimpleErrorCollection simpleErrorCollection) {
        if (simpleErrorCollection.hasAnyErrors()) {
            throw new NotFoundWebException(com.atlassian.jira.rest.api.util.ErrorCollection.of((com.atlassian.jira.util.ErrorCollection) simpleErrorCollection));
        }
    }
}
