package com.atlassian.bamboo.upgrade.tasks.v10_2;

import com.atlassian.bamboo.deployments.environments.InternalEnvironment;
import com.atlassian.bamboo.deployments.projects.InternalDeploymentProject;
import com.atlassian.bamboo.persistence.BambooTransactionHibernateTemplate;
import com.atlassian.bamboo.security.acegi.BambooAcegiSecurityUtils;
import com.atlassian.bamboo.security.acegi.acls.AclDao;
import com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.upgrade.AbstractUpgradeTaskWithConcurrentExecution;
import com.atlassian.bamboo.utils.SystemProperty;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.MultimapBuilder;
import com.google.common.collect.SetMultimap;
import com.google.common.collect.Streams;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;
import javax.inject.Inject;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.sid.Sid;
import org.apache.commons.collections4.ListUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v10_2/UpgradeTask100205AddCreateReleaseToProjectBasedOnEnvironments.class */
public class UpgradeTask100205AddCreateReleaseToProjectBasedOnEnvironments extends AbstractUpgradeTaskWithConcurrentExecution {
    private static final String SELECT_ALL_IDS = "select PACKAGE_DEFINITION_ID, ENVIRONMENT_ID from DEPLOYMENT_ENVIRONMENT";

    @Inject
    private AclDao aclDao;

    @Inject
    private BambooAclUpdateHelper aclUpdateHelper;

    @Inject
    private BambooTransactionHibernateTemplate transactionTemplate;
    private static final String DEPLOYMENTS_CONST = "deployments";
    private static final Logger log = LogManager.getLogger(UpgradeTask100205AddCreateReleaseToProjectBasedOnEnvironments.class);
    private static final SystemProperty.BooleanSystemProperty SKIP_THIS_TASK = new SystemProperty.BooleanSystemProperty(false, false, new String[]{"bamboo.skip.upgrade.task.100205"});

    public UpgradeTask100205AddCreateReleaseToProjectBasedOnEnvironments() {
        super("Grant CREATE_RELEASE on deployment project to entities that have BUILD (a.k.a deploy) on any environment", 1000);
    }

    public void doUpgrade() throws Exception {
        if (SKIP_THIS_TASK.getTypedValue()) {
            log.info("Upgrade task skipped on user request");
            return;
        }
        HashMultimap create = HashMultimap.create();
        log.info("Collect all deployment projects and their environments");
        this.transactionTemplate.doWork(connection -> {
            Statement createStatement = connection.createStatement();
            try {
                ResultSet executeQuery = createStatement.executeQuery(SELECT_ALL_IDS);
                while (executeQuery.next()) {
                    try {
                        create.put(Long.valueOf(executeQuery.getLong(1)), Long.valueOf(executeQuery.getLong(2)));
                    } catch (Throwable th) {
                        if (executeQuery != null) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                if (executeQuery != null) {
                    executeQuery.close();
                }
                if (createStatement != null) {
                    createStatement.close();
                }
            } catch (Throwable th3) {
                if (createStatement != null) {
                    try {
                        createStatement.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        });
        doUpgradeWithExecutorContext(() -> {
            log.info("Collect all acls");
            Map findAllAcls = this.aclDao.findAllAcls();
            int size = create.keySet().size();
            log.info("Upgrading {} deployment projects", Integer.valueOf(size));
            startTrackingProgress(DEPLOYMENTS_CONST, size);
            for (List list : ListUtils.partition(new ArrayList(create.keySet()), this.pageSize)) {
                schedule(() -> {
                    this.transactionTemplate.doWork(connection2 -> {
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            long longValue = ((Long) it.next()).longValue();
                            Set<Sid> findSidsWithBuildPermissionOnAnyEnvironment = findSidsWithBuildPermissionOnAnyEnvironment(findAllAcls, create.get(Long.valueOf(longValue)));
                            if (findSidsWithBuildPermissionOnAnyEnvironment.isEmpty()) {
                                log.warn("SIDs for deployment project {} not found", Long.valueOf(longValue));
                                notifyProgress(DEPLOYMENTS_CONST);
                            } else {
                                HibernateObjectIdentityImpl identityForProject = identityForProject(longValue);
                                Map findAcls = this.aclDao.findAcls(identityForProject);
                                if (findAcls.isEmpty()) {
                                    log.warn("ACL for entity not found: {}", identityForProject);
                                    notifyProgress(DEPLOYMENTS_CONST);
                                } else {
                                    MutableAcl mutableAcl = (MutableAcl) findAcls.get(new AclDao.ObjectIdentityDto(identityForProject));
                                    ArrayList arrayList = new ArrayList();
                                    SetMultimap build = MultimapBuilder.treeKeys(BambooAcegiSecurityUtils.sidComparator()).hashSetValues().build();
                                    Arrays.stream(mutableAcl.getEntries()).forEach(accessControlEntry -> {
                                        build.put(accessControlEntry.getSid(), accessControlEntry.getPermission());
                                    });
                                    build.asMap().forEach((sid, collection) -> {
                                        (findSidsWithBuildPermissionOnAnyEnvironment.remove(sid) && !collection.contains(BambooPermission.CREATE_RELEASE) ? Streams.concat(new Stream[]{collection.stream(), Stream.of(BambooPermission.CREATE_RELEASE)}) : collection.stream()).forEach(bambooPermission -> {
                                            arrayList.add(BambooAclUpdateHelper.createPermissionKey(sid, bambooPermission.getName()));
                                        });
                                    });
                                    findSidsWithBuildPermissionOnAnyEnvironment.forEach(sid2 -> {
                                        arrayList.add(BambooAclUpdateHelper.createPermissionKey(sid2, BambooPermission.CREATE_RELEASE.getName()));
                                    });
                                    if (arrayList.size() > build.size()) {
                                        this.aclUpdateHelper.modifyAclAces(mutableAcl, arrayList);
                                        this.aclDao.save(mutableAcl);
                                    }
                                    notifyProgress(DEPLOYMENTS_CONST);
                                }
                            }
                        }
                    });
                });
            }
        });
    }

    private Set<Sid> findSidsWithBuildPermissionOnAnyEnvironment(Map<ObjectIdentity, MutableAcl> map, Collection<Long> collection) {
        HashSet hashSet = new HashSet();
        Iterator<Long> it = collection.iterator();
        while (it.hasNext()) {
            Arrays.stream(map.get(identityForEnvironment(it.next().longValue())).getEntries()).filter(accessControlEntry -> {
                return accessControlEntry.getPermission().equals(BambooPermission.BUILD);
            }).forEach(accessControlEntry2 -> {
                hashSet.add(accessControlEntry2.getSid());
            });
        }
        return hashSet;
    }

    private HibernateObjectIdentityImpl identityForProject(long j) {
        return new HibernateObjectIdentityImpl(InternalDeploymentProject.class, Long.valueOf(j));
    }

    private HibernateObjectIdentityImpl identityForEnvironment(long j) {
        return new HibernateObjectIdentityImpl(InternalEnvironment.class, Long.valueOf(j));
    }
}
