package com.atlassian.crowd.manager.permission;

import com.atlassian.crowd.dao.permission.InternalUserPermissionDAO;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.model.permission.UserPermission;
import com.google.common.base.Preconditions;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;

/* loaded from: input_file:com/atlassian/crowd/manager/permission/UserPermissionServiceImpl.class */
public class UserPermissionServiceImpl implements UserPermissionService {
    private final InternalUserPermissionDAO userPermissionDAO;
    private final DirectoryManager directoryManager;

    public UserPermissionServiceImpl(InternalUserPermissionDAO internalUserPermissionDAO, DirectoryManager directoryManager) {
        this.userPermissionDAO = (InternalUserPermissionDAO) Preconditions.checkNotNull(internalUserPermissionDAO);
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
    }

    public boolean hasPermission(@Nullable String str, UserPermission userPermission) {
        return hasPermissionOutsideOfGroups(str, userPermission, Collections.emptyList());
    }

    public boolean hasPermissionOutsideOfGroups(@Nullable String str, UserPermission userPermission, Collection<DirectoryGroup> collection) {
        Preconditions.checkArgument(collection != null, "ExcludedGroups must not be null. You can provide an empty list.");
        Preconditions.checkArgument(userPermission != null, "Permission must not be null");
        if (str == null) {
            return false;
        }
        try {
            Iterator<UserPermission> it = getInheritingPermissions(userPermission).iterator();
            while (it.hasNext()) {
                for (DirectoryGroup directoryGroup : getGroupMappingsWithGrantedPermission(it.next(), collection)) {
                    if (this.directoryManager.isUserNestedGroupMember(directoryGroup.getDirectoryId().longValue(), str, directoryGroup.getGroupName())) {
                        return true;
                    }
                }
            }
            return false;
        } catch (OperationFailedException e) {
            throw new UserPermissionException("Failed to check permission for user '" + str + "'", e);
        } catch (DirectoryNotFoundException e2) {
            throw new UserPermissionException("Failed to check permission for user '" + str + "'", e2);
        }
    }

    private List<UserPermission> getInheritingPermissions(UserPermission userPermission) {
        return userPermission == UserPermission.ADMIN ? ImmutableList.of(UserPermission.ADMIN, UserPermission.SYS_ADMIN) : ImmutableList.of(userPermission);
    }

    private Set<DirectoryGroup> getGroupMappingsWithGrantedPermission(UserPermission userPermission, Collection<DirectoryGroup> collection) {
        HashSet newHashSet = Sets.newHashSet(Collections2.transform(this.userPermissionDAO.getGroupMappingsWithGrantedPermission(userPermission), UserPermissionAdminServiceImpl.GROUP_MAPPING_TO_DIRECTORY_GROUP_FUNCTION));
        newHashSet.removeAll(collection);
        return newHashSet;
    }
}
