package com.almworks.jira.structure.services;

import com.almworks.integers.LongArray;
import com.almworks.jira.structure.api.PermissionLevel;
import com.almworks.jira.structure.api.PermissionRule;
import com.almworks.jira.structure.api.PermissionSubject;
import com.almworks.jira.structure.api.StructureConfiguration;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.roles.ProjectRole;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.opensymphony.user.Group;
import com.opensymphony.user.User;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/almworks/jira/structure/services/PermissionCalculator.class */
public class PermissionCalculator {
    private static final Logger logger = LoggerFactory.getLogger(PermissionCalculator.class);
    private final GroupManager myGroupManager;
    private final ProjectManager myProjectManager;
    private final ProjectRoleManager myProjectRoleManager;
    private final PermissionManager myPermissionManager;
    private final StructureConfiguration myConfiguration;

    public PermissionCalculator(GroupManager groupManager, ProjectManager projectManager, ProjectRoleManager projectRoleManager, PermissionManager permissionManager, StructureConfiguration structureConfiguration) {
        this.myGroupManager = groupManager;
        this.myProjectManager = projectManager;
        this.myProjectRoleManager = projectRoleManager;
        this.myPermissionManager = permissionManager;
        this.myConfiguration = structureConfiguration;
    }

    public PermissionLevel getPermission(ImmutableStructureBean immutableStructureBean, User user, @Nullable Map<Long, ImmutableStructureBean> map) {
        if (immutableStructureBean == null) {
            return PermissionLevel.NONE;
        }
        if (isAdmin(user)) {
            return PermissionLevel.ADMIN;
        }
        if (!isStructureAvailable(user)) {
            return PermissionLevel.NONE;
        }
        PermissionSubject owner = immutableStructureBean.getOwner();
        return (owner == null || !userMatches(user, owner)) ? applyStructurePermissions(immutableStructureBean, user, null, map, PermissionLevel.NONE) : PermissionLevel.ADMIN;
    }

    public boolean isStructureAvailable(User user) {
        return this.myConfiguration.isStructureAvailable(user);
    }

    public boolean isStructureCreationAllowed(User user) {
        return this.myConfiguration.isStructureCreationAllowed(user);
    }

    private boolean isAdmin(User user) {
        return user != null && this.myPermissionManager.hasPermission(0, user);
    }

    private PermissionLevel applyStructurePermissions(ImmutableStructureBean immutableStructureBean, User user, @Nullable LongArray longArray, @Nullable Map<Long, ImmutableStructureBean> map, PermissionLevel permissionLevel) {
        PermissionLevel permissionLevel2 = permissionLevel;
        List<PermissionRule> permissions = immutableStructureBean.getPermissions();
        if (permissions != null) {
            Iterator<PermissionRule> it = permissions.iterator();
            while (it.hasNext()) {
                permissionLevel2 = applyPermission(it.next(), user, permissionLevel2, immutableStructureBean, map, longArray);
            }
        }
        return permissionLevel2;
    }

    private PermissionLevel applyPermission(PermissionRule permissionRule, User user, PermissionLevel permissionLevel, ImmutableStructureBean immutableStructureBean, Map<Long, ImmutableStructureBean> map, LongArray longArray) {
        Long structureId;
        if (permissionRule == null) {
            return permissionLevel;
        }
        if (permissionRule instanceof PermissionRule.SetLevel) {
            PermissionRule.SetLevel setLevel = (PermissionRule.SetLevel) permissionRule;
            return userMatches(user, setLevel.getSubject()) ? setLevel.getLevel() : permissionLevel;
        }
        if (!(permissionRule instanceof PermissionRule.ApplyStructure)) {
            logger.warn("unknown permission of type " + permissionRule.getClass());
            return permissionLevel;
        }
        if (map != null && (structureId = ((PermissionRule.ApplyStructure) permissionRule).getStructureId()) != null) {
            if (longArray == null) {
                longArray = new LongArray();
            }
            long id = immutableStructureBean.getId();
            if (structureId.longValue() == id || longArray.contains(structureId.longValue())) {
                logger.error("permissions dependency cycle " + longArray + " -> " + structureId);
                return permissionLevel;
            }
            longArray.add(id);
            ImmutableStructureBean immutableStructureBean2 = map.get(structureId);
            return immutableStructureBean2 == null ? permissionLevel : applyStructurePermissions(immutableStructureBean2, user, longArray, map, permissionLevel);
        }
        return permissionLevel;
    }

    private boolean userMatches(User user, PermissionSubject permissionSubject) {
        Project projectObj;
        ProjectRole projectRole;
        if (permissionSubject == null) {
            return false;
        }
        if (permissionSubject instanceof PermissionSubject.Anyone) {
            return true;
        }
        if (permissionSubject instanceof PermissionSubject.JiraUser) {
            String userName = ((PermissionSubject.JiraUser) permissionSubject).getUserName();
            return userName == null ? user == null : user != null && userName.equals(user.getName());
        }
        if (permissionSubject instanceof PermissionSubject.JiraGroup) {
            Group group = this.myGroupManager.getGroup(((PermissionSubject.JiraGroup) permissionSubject).getGroupName());
            return group != null && group.containsUser(user);
        }
        if (!(permissionSubject instanceof PermissionSubject.ProjectRole)) {
            logger.warn("unknown permission subject of type " + permissionSubject.getClass());
            return false;
        }
        PermissionSubject.ProjectRole projectRole2 = (PermissionSubject.ProjectRole) permissionSubject;
        if (projectRole2.getProjectId() == 0 || projectRole2.getRoleId() == 0 || (projectObj = this.myProjectManager.getProjectObj(Long.valueOf(projectRole2.getProjectId()))) == null || (projectRole = this.myProjectRoleManager.getProjectRole(Long.valueOf(projectRole2.getRoleId()))) == null) {
            return false;
        }
        return this.myProjectRoleManager.isUserInProjectRole(user, projectRole, projectObj);
    }
}
