package com.almworks.jira.structure.services;

import com.almworks.integers.LongArray;
import com.almworks.jira.structure.api.PermissionLevel;
import com.almworks.jira.structure.api.PermissionRule;
import com.almworks.jira.structure.api.PermissionSubject;
import com.almworks.jira.structure.api.StructureConfiguration;
import com.almworks.jira.structure.api.view.StructureViewBean;
import com.almworks.jira.structure.services.statistics.StructureStatisticsManager;
import com.almworks.jira.structure.services2g.ImmutableStructureBean;
import com.almworks.jira.structure.services2g.PermissionsStructureAccessor;
import com.almworks.jira.structure.util.JiraUsers;
import com.almworks.jira.structure.util.StructureUtil;
import com.almworks.jira.structure.util.Util;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.roles.ProjectRole;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.atlassian.jira.user.ApplicationUser;
import java.util.Iterator;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/almworks/jira/structure/services/PermissionCalculator.class */
public class PermissionCalculator {
    private static final Logger logger = LoggerFactory.getLogger(PermissionCalculator.class);
    private final GroupManager myGroupManager;
    private final ProjectManager myProjectManager;
    private final ProjectRoleManager myProjectRoleManager;
    private final PermissionManager myPermissionManager;
    private final GlobalPermissionManager myGlobalPermissionManager;
    private final StructureConfiguration myConfiguration;
    private StructureStatisticsManager myStatisticsManager;

    public PermissionCalculator(GroupManager groupManager, ProjectManager projectManager, ProjectRoleManager projectRoleManager, PermissionManager permissionManager, GlobalPermissionManager globalPermissionManager, StructureConfiguration structureConfiguration) {
        this.myGroupManager = groupManager;
        this.myProjectManager = projectManager;
        this.myProjectRoleManager = projectRoleManager;
        this.myPermissionManager = permissionManager;
        this.myGlobalPermissionManager = globalPermissionManager;
        this.myConfiguration = structureConfiguration;
    }

    @NotNull
    public PermissionLevel getViewPermission(StructureViewBean structureViewBean, ApplicationUser applicationUser) {
        if (structureViewBean == null) {
            return PermissionLevel.NONE;
        }
        if (isAdmin(applicationUser)) {
            return PermissionLevel.ADMIN;
        }
        if (!isStructureAvailable(applicationUser)) {
            return PermissionLevel.NONE;
        }
        PermissionSubject owner = structureViewBean.getOwner();
        if (owner != null && applicationUser != null && userMatches(applicationUser, owner)) {
            return PermissionLevel.ADMIN;
        }
        PermissionLevel applyPermissions = applyPermissions(structureViewBean.getPermissions(), applicationUser, null, null, null, PermissionLevel.NONE, false);
        return applyPermissions == null ? PermissionLevel.NONE : applyPermissions;
    }

    public PermissionLevel getPermission(ImmutableStructureBean immutableStructureBean, ApplicationUser applicationUser, @NotNull PermissionsStructureAccessor permissionsStructureAccessor) {
        if (immutableStructureBean == null) {
            return PermissionLevel.NONE;
        }
        if (isAdmin(applicationUser)) {
            return PermissionLevel.ADMIN;
        }
        if (!isStructureAvailable(applicationUser)) {
            return PermissionLevel.NONE;
        }
        PermissionLevel permission0 = getPermission0(immutableStructureBean, applicationUser, permissionsStructureAccessor, false);
        recordApplyRuleStats(immutableStructureBean, applicationUser, permissionsStructureAccessor, permission0);
        return permission0;
    }

    private void recordApplyRuleStats(ImmutableStructureBean immutableStructureBean, ApplicationUser applicationUser, @NotNull PermissionsStructureAccessor permissionsStructureAccessor, PermissionLevel permissionLevel) {
        StructureStatisticsManager statisticsManager = getStatisticsManager();
        if (statisticsManager != null) {
            if (!PermissionUtil.hasApplyRule(immutableStructureBean.getPermissions())) {
                statisticsManager.addTotalCountAsync("calcPermissionWithoutApplyRule");
                return;
            }
            statisticsManager.addTotalCountAsync("calcPermissionWithApplyRule");
            PermissionLevel permission0 = getPermission0(immutableStructureBean, applicationUser, permissionsStructureAccessor, true);
            if (permission0 != permissionLevel) {
                statisticsManager.addTotalCountAsync("calcPermissionWithApplyRuleThatMatters");
                statisticsManager.addTotalCountAsync("calcPermissionWithApplyRuleThatMatters." + permissionLevel + "." + permission0);
                statisticsManager.recordAsync(System.currentTimeMillis(), "usersAffectedByApplyRule", applicationUser, null);
            }
        }
    }

    private StructureStatisticsManager getStatisticsManager() {
        StructureStatisticsManager structureStatisticsManager = this.myStatisticsManager;
        if (structureStatisticsManager != null) {
            return structureStatisticsManager;
        }
        List enabledModulesByClass = ComponentAccessor.getPluginAccessor().getEnabledModulesByClass(StructureStatisticsManager.class);
        if (enabledModulesByClass != null && enabledModulesByClass.size() == 1) {
            structureStatisticsManager = (StructureStatisticsManager) enabledModulesByClass.get(0);
            this.myStatisticsManager = structureStatisticsManager;
        }
        return structureStatisticsManager;
    }

    @NotNull
    private PermissionLevel getPermission0(ImmutableStructureBean immutableStructureBean, ApplicationUser applicationUser, PermissionsStructureAccessor permissionsStructureAccessor, boolean z) {
        PermissionSubject owner = immutableStructureBean.getOwner();
        if (owner != null && userMatches(applicationUser, owner)) {
            return PermissionLevel.ADMIN;
        }
        PermissionLevel applyStructurePermissions = applyStructurePermissions(immutableStructureBean, applicationUser, null, permissionsStructureAccessor, PermissionLevel.NONE, z);
        return applyStructurePermissions == null ? PermissionLevel.NONE : applyStructurePermissions;
    }

    public boolean isStructureAvailable(ApplicationUser applicationUser) {
        return this.myConfiguration.isStructureAvailable(applicationUser);
    }

    public boolean isStructureCreationAllowed(ApplicationUser applicationUser) {
        return this.myConfiguration.isStructureCreationAllowed(applicationUser);
    }

    public boolean isSynchronizersConfigureAllowed(ApplicationUser applicationUser) {
        return this.myConfiguration.isSynchronizationAllowed(applicationUser);
    }

    public boolean isAutomationAccessAllowed(ApplicationUser applicationUser) {
        return this.myConfiguration.isAutomationAccessAllowed(applicationUser);
    }

    private boolean isAdmin(ApplicationUser applicationUser) {
        return applicationUser != null && this.myGlobalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser);
    }

    private PermissionLevel applyStructurePermissions(@NotNull ImmutableStructureBean immutableStructureBean, ApplicationUser applicationUser, @Nullable LongArray longArray, @NotNull PermissionsStructureAccessor permissionsStructureAccessor, PermissionLevel permissionLevel, boolean z) {
        return applyPermissions(immutableStructureBean.getPermissions(), applicationUser, immutableStructureBean, longArray, permissionsStructureAccessor, permissionLevel, z);
    }

    private PermissionLevel applyPermissions(@Nullable List<PermissionRule> list, @Nullable ApplicationUser applicationUser, @Nullable ImmutableStructureBean immutableStructureBean, @Nullable LongArray longArray, @Nullable PermissionsStructureAccessor permissionsStructureAccessor, @NotNull PermissionLevel permissionLevel, boolean z) {
        if (list != null) {
            for (PermissionRule permissionRule : list) {
                if (!z || !(permissionRule instanceof PermissionRule.ApplyStructure)) {
                    permissionLevel = applyPermission(permissionRule, applicationUser, permissionLevel, immutableStructureBean, permissionsStructureAccessor, longArray);
                }
            }
        }
        return permissionLevel;
    }

    private PermissionLevel applyPermission(PermissionRule permissionRule, ApplicationUser applicationUser, PermissionLevel permissionLevel, @Nullable ImmutableStructureBean immutableStructureBean, @Nullable PermissionsStructureAccessor permissionsStructureAccessor, LongArray longArray) {
        if (permissionRule == null) {
            return permissionLevel;
        }
        if (permissionRule instanceof PermissionRule.SetLevel) {
            PermissionRule.SetLevel setLevel = (PermissionRule.SetLevel) permissionRule;
            return userMatches(applicationUser, setLevel.getSubject()) ? setLevel.getLevel() : permissionLevel;
        }
        if (!(permissionRule instanceof PermissionRule.ApplyStructure)) {
            logger.warn("unknown permission of type " + permissionRule.getClass());
            return permissionLevel;
        }
        if (immutableStructureBean == null || permissionsStructureAccessor == null) {
            return permissionLevel;
        }
        Long structureId = ((PermissionRule.ApplyStructure) permissionRule).getStructureId();
        if (structureId == null) {
            return permissionLevel;
        }
        if (longArray == null) {
            longArray = new LongArray();
        }
        long id = immutableStructureBean.getId();
        if (structureId.longValue() == id || longArray.contains(structureId.longValue())) {
            logger.error("permissions dependency cycle " + longArray + " -> " + structureId);
            return permissionLevel;
        }
        longArray.add(id);
        ImmutableStructureBean structureBeanOrNull = permissionsStructureAccessor.getStructureBeanOrNull(structureId);
        return structureBeanOrNull == null ? permissionLevel : applyStructurePermissions(structureBeanOrNull, applicationUser, longArray, permissionsStructureAccessor, permissionLevel, false);
    }

    private boolean userMatches(ApplicationUser applicationUser, PermissionSubject permissionSubject) {
        Project projectObj;
        ProjectRole projectRole;
        if (permissionSubject == null) {
            return false;
        }
        if (permissionSubject instanceof PermissionSubject.Anyone) {
            return true;
        }
        if (permissionSubject instanceof PermissionSubject.JiraUser) {
            return Util.equals(((PermissionSubject.JiraUser) permissionSubject).getUserKey(), JiraUsers.getKeyFor(applicationUser));
        }
        if (permissionSubject instanceof PermissionSubject.JiraGroup) {
            return this.myGroupManager.isUserInGroup(applicationUser == null ? null : applicationUser.getName(), ((PermissionSubject.JiraGroup) permissionSubject).getGroupName());
        }
        if (!(permissionSubject instanceof PermissionSubject.ProjectRole)) {
            logger.warn("unknown permission subject of type " + permissionSubject.getClass());
            return false;
        }
        PermissionSubject.ProjectRole projectRole2 = (PermissionSubject.ProjectRole) permissionSubject;
        if (projectRole2.getProjectId() == 0 || projectRole2.getRoleId() == 0 || (projectObj = this.myProjectManager.getProjectObj(Long.valueOf(projectRole2.getProjectId()))) == null || (projectRole = this.myProjectRoleManager.getProjectRole(Long.valueOf(projectRole2.getRoleId()))) == null) {
            return false;
        }
        return this.myProjectRoleManager.isUserInProjectRole(applicationUser, projectRole, projectObj);
    }

    public boolean isCreateIssueAllowedInEnabledProject(ApplicationUser applicationUser) {
        Iterator<Project> it = this.myConfiguration.getCurrentlyEnabledProjects().iterator();
        while (it.hasNext()) {
            if (this.myPermissionManager.hasPermission(ProjectPermissions.CREATE_ISSUES, it.next(), applicationUser)) {
                return true;
            }
        }
        return false;
    }

    public long getSingleViewableStructureId(@Nullable ApplicationUser applicationUser, @NotNull PermissionsStructureAccessor permissionsStructureAccessor) {
        if (isStructureAvailable(applicationUser)) {
            return StructureUtil.nnl(permissionsStructureAccessor.calculateSingleViewableStructureId());
        }
        return 0L;
    }
}
