package hudson.plugins.collabnet.auth;

import hudson.model.Hudson;
import hudson.security.ACL;
import hudson.security.Permission;
import java.util.Collection;
import java.util.logging.Logger;
import org.acegisecurity.Authentication;
import org.springframework.security.config.Elements;

/* loaded from: input_file:WEB-INF/lib/CollabNet-2.0.7.jar:hudson/plugins/collabnet/auth/CNRootACL.class */
public class CNRootACL extends ACL {
    private Collection<String> adminUsers;
    private Collection<String> adminGroups;
    private Collection<String> readUsers;
    private Collection<String> readGroups;
    private ACL innerACL;
    private static Logger log = Logger.getLogger("CNRootACL");

    public CNRootACL(Collection<String> collection, Collection<String> collection2, Collection<String> collection3, Collection<String> collection4) {
        this(collection, collection2, collection3, collection4, null);
    }

    public CNRootACL(Collection<String> collection, Collection<String> collection2, Collection<String> collection3, Collection<String> collection4, ACL acl) {
        this.adminUsers = collection;
        this.adminGroups = collection2;
        this.readUsers = collection3;
        this.readGroups = collection4;
        this.innerACL = acl;
    }

    public boolean hasPermission(Authentication authentication, Permission permission) {
        if (authentication.equals(ACL.SYSTEM)) {
            return true;
        }
        String str = (String) authentication.getPrincipal();
        if (!str.equals(Elements.ANONYMOUS)) {
            if (permission.equals(Hudson.READ)) {
                return true;
            }
            CNAuthentication cast = CNAuthentication.cast(authentication);
            if (cast == null) {
                if (this.innerACL != null) {
                    return this.innerACL.hasPermission(authentication, permission);
                }
                log.severe("Improper Authentication type used with CNAuthorizationStrategy!  CNAuthorization strategy cannot be used without CNAuthentication.  Please re-configure your Jenkins instance.");
                return false;
            }
            if (cast.isSuperUser() || this.adminUsers.contains(str) || cast.isMemberOfAny(this.adminGroups)) {
                return true;
            }
            if (this.readUsers.contains(str) || cast.isMemberOfAny(this.readGroups)) {
                Permission permission2 = permission;
                while (true) {
                    Permission permission3 = permission2;
                    if (permission3 == null) {
                        break;
                    }
                    if (permission3.equals(Permission.READ)) {
                        return true;
                    }
                    permission2 = permission3.impliedBy;
                }
            }
        }
        if (this.innerACL != null) {
            return this.innerACL.hasPermission(authentication, permission);
        }
        return false;
    }
}
