package hudson.plugins.collabnet.auth;

import com.collabnet.ce.webservices.CTFList;
import com.collabnet.ce.webservices.CTFProject;
import com.collabnet.ce.webservices.CTFRole;
import com.collabnet.ce.webservices.CTFUser;
import com.collabnet.ce.webservices.CollabNetApp;
import hudson.Extension;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.JobProperty;
import hudson.model.JobPropertyDescriptor;
import hudson.plugins.collabnet.auth.CNProjectACL;
import hudson.plugins.collabnet.util.ComboBoxUpdater;
import hudson.plugins.collabnet.util.CommonUtil;
import hudson.security.Permission;
import hudson.util.ComboBoxModel;
import hudson.util.FormValidation;
import java.io.IOException;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/CollabNet-2.0.2.jar:hudson/plugins/collabnet/auth/CNAuthProjectProperty.class */
public class CNAuthProjectProperty extends JobProperty<Job<?, ?>> {
    private transient boolean mIsNotLoadedFromDisk;
    private transient String project;
    private String projectId = null;
    private boolean createRoles;
    private boolean grantDefaultRoles;
    public static Permission CONFIGURE_PROPERTY = Item.CONFIGURE;
    private static Logger log = Logger.getLogger("CNAuthProjectProperty");
    private static Collection<String> defaultAdminRoles = Collections.emptyList();
    private static Collection<String> defaultUserRoles = Collections.emptyList();

    @Extension
    /* loaded from: input_file:WEB-INF/lib/CollabNet-2.0.2.jar:hudson/plugins/collabnet/auth/CNAuthProjectProperty$DescriptorImpl.class */
    public static class DescriptorImpl extends JobPropertyDescriptor {
        public String getDisplayName() {
            return "Associated CollabNet Project";
        }

        public boolean isApplicable(Class<? extends Job> cls) {
            return Hudson.getInstance().getAuthorizationStrategy() instanceof CNAuthorizationStrategy;
        }

        public FormValidation doCheckProject(@QueryParameter String str) throws RemoteException {
            if (CommonUtil.isEmpty(str)) {
                return FormValidation.warning("If left empty, all users will be able to configure and access this build");
            }
            CNAuthentication cNAuthentication = CNAuthentication.get();
            if (cNAuthentication == null) {
                return FormValidation.warning("Cannot check project name, improper authentication type.");
            }
            CTFProject projectByTitle = cNAuthentication.m599getCredentials().getProjectByTitle(str);
            boolean isSuperUser = cNAuthentication.isSuperUser();
            boolean hasPermission = Hudson.getInstance().getACL().hasPermission(Hudson.ADMINISTER);
            if (projectByTitle == null) {
                return isSuperUser ? FormValidation.error("This project does not exist.") : FormValidation.error("The current user does not have access to this project.  This setting change will not be saved.");
            }
            FormValidation ok = FormValidation.ok("Currently selected project: " + projectByTitle.getId() + ":" + str);
            if (isSuperUser) {
                return ok;
            }
            if (!cNAuthentication.isProjectAdmin(projectByTitle)) {
                return FormValidation.warning("The current user is not a project admin in the project, so he/she cannot create or grant roles.");
            }
            if (!hasPermission && !new CNProjectACL(projectByTitle.getId()).hasPermission(CNAuthProjectProperty.CONFIGURE_PROPERTY)) {
                return FormValidation.warning("The current user does not have the '" + CNProjectACL.CollabNetRoles.getGrantingRole(CNAuthProjectProperty.CONFIGURE_PROPERTY).getName() + "' role in the project, which is required to configure this Jenkins job.  If this project is chosen, the current user will not have the power to change the project later, unless he/she is given this role.");
            }
            return ok;
        }

        public ComboBoxModel doFillProjectItems() throws RemoteException {
            return ComboBoxUpdater.getProjectList(CNConnection.getInstance());
        }

        public String getCollabNetUrl() {
            return CNConnection.getInstance().getServerUrl();
        }
    }

    @DataBoundConstructor
    public CNAuthProjectProperty(String str, boolean z, String str2, boolean z2) {
        this.mIsNotLoadedFromDisk = false;
        this.project = null;
        this.createRoles = false;
        this.grantDefaultRoles = false;
        this.project = str;
        this.createRoles = z;
        this.grantDefaultRoles = z2;
        if (this.createRoles || this.grantDefaultRoles) {
            loadRoles();
        }
        this.mIsNotLoadedFromDisk = true;
        loadProjectIdIfNecessary();
        if (CommonUtil.isEmpty(getProject()) || !CommonUtil.isEmpty(getProjectId())) {
            return;
        }
        setProjectId(str2);
    }

    private void loadProjectIdIfNecessary() {
        CollabNetApp cNConnection;
        if (!CommonUtil.isEmpty(this.projectId) || CommonUtil.isEmpty(this.project) || (cNConnection = CNConnection.getInstance()) == null) {
            return;
        }
        try {
            CTFProject projectByTitle = cNConnection.getProjectByTitle(this.project);
            this.projectId = projectByTitle != null ? projectByTitle.getId() : null;
        } catch (RemoteException e) {
            this.projectId = null;
            log.log(Level.WARNING, "Failed to load project ID of " + this.project, e);
        }
        if (this.mIsNotLoadedFromDisk || this.owner == null) {
            return;
        }
        try {
            this.mIsNotLoadedFromDisk = true;
            this.owner.save();
        } catch (IOException e2) {
            log.info("Failed to modify config file for migration of project name to project id");
        }
    }

    public String getProject() {
        CollabNetApp cNConnection;
        loadProjectIdIfNecessary();
        if (!CommonUtil.isEmpty(this.projectId) && (cNConnection = CNConnection.getInstance()) != null) {
            try {
                CTFProject projectById = cNConnection.getProjectById(this.projectId);
                if (projectById != null) {
                    return projectById.getTitle();
                }
            } catch (RemoteException e) {
            }
        }
        return this.project;
    }

    public String getProjectId() {
        loadProjectIdIfNecessary();
        return this.projectId;
    }

    public void setProjectId(String str) {
        this.projectId = str;
    }

    public boolean getCreateRoles() {
        return this.createRoles;
    }

    public boolean getGrantDefaultRoles() {
        return this.grantDefaultRoles;
    }

    public Collection<String> getDefaultUserRoles() {
        if (defaultUserRoles.isEmpty()) {
            defaultUserRoles = new ArrayList();
            defaultUserRoles.add("Hudson Read");
        }
        return defaultUserRoles;
    }

    public Collection<String> getDefaultAdminRoles() {
        if (defaultAdminRoles.isEmpty()) {
            defaultAdminRoles = CNProjectACL.CollabNetRoles.getNames();
        }
        return defaultAdminRoles;
    }

    private void loadRoles() {
        if (CommonUtil.isEmpty(getProjectId())) {
            return;
        }
        try {
            CollabNetApp cNConnection = CNConnection.getInstance();
            if (cNConnection == null) {
                log.warning("Cannot loadRoles, incorrect authentication type.");
                return;
            }
            CTFProject projectById = cNConnection.getProjectById(getProjectId());
            if (getCreateRoles()) {
                CTFList<CTFRole> roles = projectById.getRoles();
                for (CollabNetRole collabNetRole : CNProjectACL.CollabNetRoles.getAllRoles()) {
                    if (roles.byTitle(collabNetRole.getName()) == null) {
                        projectById.createRole(collabNetRole.getName(), collabNetRole.getDescription());
                    }
                }
            }
            if (getGrantDefaultRoles()) {
                grantRoles(projectById, getDefaultUserRoles(), projectById.getMembers());
                grantRoles(projectById, getDefaultAdminRoles(), projectById.getAdmins());
            }
        } catch (RemoteException e) {
            log.log(Level.WARNING, "Cannot loadRoles, incorrect authentication type.", e);
        }
    }

    private void grantRoles(CTFProject cTFProject, Collection<String> collection, List<CTFUser> list) throws RemoteException {
        CTFList<CTFRole> roles = cTFProject.getRoles();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            CTFRole byTitle = roles.byTitle(it.next());
            if (byTitle != null) {
                CTFList<CTFUser> members = byTitle.getMembers();
                for (CTFUser cTFUser : list) {
                    if (!members.contains(cTFUser)) {
                        try {
                            byTitle.grant(cTFUser);
                        } catch (RemoteException e) {
                            log.severe("grantRoles: failed with RemoteException: " + e.getMessage());
                        }
                    }
                }
            }
        }
    }
}
