package com.atlassian.crowd.manager.permission;

import com.atlassian.crowd.dao.permission.InternalUserPermissionDAO;
import com.atlassian.crowd.embedded.api.Directories;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.exception.ApplicationNotFoundException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.runtime.CrowdRuntimeException;
import com.atlassian.crowd.manager.application.InternalApplicationHelper;
import com.atlassian.crowd.manager.authentication.AuthenticatedUserProvider;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.DirectoryMapping;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.page.Page;
import com.atlassian.crowd.model.page.PageImpl;
import com.atlassian.crowd.model.permission.InternalGrantedPermission;
import com.atlassian.crowd.model.permission.UserPermission;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:com/atlassian/crowd/manager/permission/UserPermissionAdminServiceImpl.class */
public class UserPermissionAdminServiceImpl implements UserPermissionAdminService {
    private static final Logger logger = LoggerFactory.getLogger(UserPermissionAdminServiceImpl.class);
    private final InternalUserPermissionDAO permissionDAO;
    private final UserPermissionService permissionService;
    private final AuthenticatedUserProvider userProvider;
    private final DirectoryManager directoryManager;
    private final InternalApplicationHelper applicationHelper;

    public UserPermissionAdminServiceImpl(InternalUserPermissionDAO internalUserPermissionDAO, UserPermissionService userPermissionService, AuthenticatedUserProvider authenticatedUserProvider, DirectoryManager directoryManager, InternalApplicationHelper internalApplicationHelper) {
        this.permissionDAO = (InternalUserPermissionDAO) Preconditions.checkNotNull(internalUserPermissionDAO);
        this.permissionService = (UserPermissionService) Preconditions.checkNotNull(userPermissionService);
        this.userProvider = (AuthenticatedUserProvider) Preconditions.checkNotNull(authenticatedUserProvider);
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
        this.applicationHelper = (InternalApplicationHelper) Preconditions.checkNotNull(internalApplicationHelper);
    }

    public Page<DirectoryGroup> findGroups(int i, int i2) {
        return findGroupsByPrefix("", i, i2);
    }

    public Page<DirectoryGroup> findGroupsByPrefix(@Nonnull String str, int i, int i2) {
        Preconditions.checkNotNull(str);
        QueryBuilder.PartialEntityQuery queryFor = QueryBuilder.queryFor(Group.class, EntityDescriptor.group());
        int i3 = i2 == 0 ? -1 : i2;
        return directoryGroupPage(i, i2, StringUtils.isNotEmpty(str) ? queryFor.with(Restriction.on(GroupTermKeys.NAME).startingWith(str)).startingAt(i).returningAtMost(i3) : queryFor.startingAt(i).returningAtMost(i3));
    }

    private Page<DirectoryGroup> directoryGroupPage(int i, int i2, EntityQuery<Group> entityQuery) {
        ImmutableList.Builder builder = ImmutableList.builder();
        int i3 = i;
        int i4 = i2;
        boolean z = false;
        for (Directory directory : Iterables.filter(Iterables.transform(this.applicationHelper.findCrowdConsoleApplication().getDirectoryMappings(), (v0) -> {
            return v0.getDirectory();
        }), Directories.ACTIVE_FILTER)) {
            if (i4 > 0) {
                try {
                    List searchGroups = this.directoryManager.searchGroups(directory.getId().longValue(), QueryBuilder.queryFor(entityQuery.getReturnType(), entityQuery.getEntityDescriptor(), entityQuery.getSearchRestriction(), 0, i3 + i4 + 1));
                    List constrainResults = SearchResultsUtil.constrainResults(searchGroups, i3, i3 + i4);
                    z = searchGroups.size() != constrainResults.size();
                    builder.addAll(constrainResults);
                    i3 = Math.max(i3 - searchGroups.size(), 0);
                    i4 -= constrainResults.size();
                } catch (OperationFailedException e) {
                    logger.error("Could not get groups from directory '{}'", directory.getName(), e);
                } catch (DirectoryNotFoundException e2) {
                }
            }
        }
        return buildPage(Lists.transform(builder.build(), getGroupToDirectoryGroupFunction()), i, i2, !z);
    }

    private Function<Group, DirectoryGroup> getGroupToDirectoryGroupFunction() {
        return new Function<Group, DirectoryGroup>() { // from class: com.atlassian.crowd.manager.permission.UserPermissionAdminServiceImpl.1
            final Map<Long, Directory> directories = new HashMap();

            public DirectoryGroup apply(Group group) {
                try {
                    Directory directory = this.directories.get(Long.valueOf(group.getDirectoryId()));
                    if (directory == null) {
                        directory = UserPermissionAdminServiceImpl.this.directoryManager.findDirectoryById(group.getDirectoryId());
                        this.directories.put(Long.valueOf(group.getDirectoryId()), directory);
                    }
                    return new DirectoryGroupImpl(directory.getId(), directory.getName(), group.getName());
                } catch (DirectoryNotFoundException e) {
                    throw new CrowdRuntimeException("Directory not found when finding groups", e);
                }
            }
        };
    }

    public void revokePermissionsForGroup(DirectoryGroup directoryGroup) throws DirectoryNotFoundException, OperationFailedException, ApplicationNotFoundException, UserPermissionDowngradeException {
        Application findCrowdConsoleApplication = this.applicationHelper.findCrowdConsoleApplication();
        Long directoryId = directoryGroup.getDirectoryId();
        String groupName = directoryGroup.getGroupName();
        DirectoryMapping directoryMapping = findCrowdConsoleApplication.getDirectoryMapping(directoryId.longValue());
        if (directoryMapping == null) {
            throw new DirectoryNotFoundException(directoryId);
        }
        revokeAllPermissions(directoryMapping, groupName);
    }

    public void setPermissionForGroups(List<? extends DirectoryGroup> list, UserPermission userPermission) throws DirectoryNotFoundException, OperationFailedException, ApplicationNotFoundException, UserPermissionException, UserPermissionDowngradeException {
        Preconditions.checkNotNull(userPermission);
        if (userPermission == UserPermission.SYS_ADMIN && !this.permissionService.currentUserHasPermission(UserPermission.SYS_ADMIN)) {
            throw new UserPermissionException("You have insufficient permissions to grant " + userPermission);
        }
        Application findCrowdConsoleApplication = this.applicationHelper.findCrowdConsoleApplication();
        for (DirectoryGroup directoryGroup : list) {
            DirectoryMapping directoryMapping = findCrowdConsoleApplication.getDirectoryMapping(directoryGroup.getDirectoryId().longValue());
            if (directoryMapping == null) {
                throw new IllegalArgumentException("You can not set permissions for a group which belongs to an unmapped directory: " + directoryGroup);
            }
            String groupName = directoryGroup.getGroupName();
            revokeAllPermissions(directoryMapping, groupName);
            grantPermission(userPermission, directoryMapping, groupName);
        }
    }

    public Page<PermittedGroup> findGroupsWithPermission(int i, int i2) throws UserPermissionException {
        return buildPage(this.permissionDAO.findHighestPermissionPerGroup(i, i2 == 0 ? 0 : i2 + 1), i, i2);
    }

    public Page<PermittedGroup> findGroupsWithPermissionByPrefix(@Nonnull String str, int i, int i2) throws UserPermissionException {
        Preconditions.checkNotNull(str);
        return buildPage(this.permissionDAO.findHighestPermissionPerGroupByPrefix(str, i, i2 == 0 ? 0 : i2 + 1), i, i2);
    }

    private <T> Page<T> buildPage(List<T> list, int i, int i2) {
        return buildPage(list, i, i2, i2 == 0 || list.size() < i2 + 1);
    }

    private <T> Page<T> buildPage(List<T> list, int i, int i2, boolean z) {
        return new PageImpl(i2 == 0 ? list : Iterables.limit(list, i2), (i2 == 0 || list.size() <= i2) ? list.size() : i2, i, i2, z);
    }

    private void grantPermission(UserPermission userPermission, DirectoryMapping directoryMapping, String str) {
        InternalGrantedPermission internalGrantedPermission = new InternalGrantedPermission(userPermission, directoryMapping, str);
        if (this.permissionDAO.exists(internalGrantedPermission)) {
            return;
        }
        this.permissionDAO.grant(internalGrantedPermission);
    }

    private void revokeAllPermissions(DirectoryMapping directoryMapping, String str) throws DirectoryNotFoundException, OperationFailedException, UserPermissionDowngradeException {
        if (this.permissionDAO.exists(new InternalGrantedPermission(UserPermission.SYS_ADMIN, directoryMapping, str)) && !this.permissionService.currentUserHasPermission(UserPermission.SYS_ADMIN)) {
            throw new UserPermissionException("You have insufficient permissions to change " + str + "'s permissions");
        }
        Iterator it = UserPermission.allPermissions().iterator();
        while (it.hasNext()) {
            InternalGrantedPermission internalGrantedPermission = new InternalGrantedPermission((UserPermission) it.next(), directoryMapping, str);
            if (this.permissionDAO.exists(internalGrantedPermission)) {
                revokePermission(internalGrantedPermission);
            }
        }
    }

    private void revokePermission(InternalGrantedPermission internalGrantedPermission) throws DirectoryNotFoundException, OperationFailedException, UserPermissionDowngradeException {
        if (!isRevokeAllowed(internalGrantedPermission, this.userProvider.getAuthenticatedUsername())) {
            throw new UserPermissionDowngradeException(internalGrantedPermission.getGroupName(), "insufficient permissions");
        }
        this.permissionDAO.revoke(internalGrantedPermission);
    }

    private boolean isRevokeAllowed(InternalGrantedPermission internalGrantedPermission, @Nullable String str) throws DirectoryNotFoundException, OperationFailedException {
        if (str == null) {
            return false;
        }
        Directory directory = internalGrantedPermission.getDirectoryMapping().getDirectory();
        UserPermission permission = internalGrantedPermission.getPermission();
        String groupName = internalGrantedPermission.getGroupName();
        if (this.directoryManager.isUserNestedGroupMember(directory.getId().longValue(), str, groupName)) {
            return (permission == UserPermission.ADMIN && this.permissionService.currentUserHasPermission(UserPermission.SYS_ADMIN)) || this.permissionService.hasPermissionOutsideOfGroups(str, permission, Collections.singleton(new DirectoryGroupImpl(directory.getId(), directory.getName(), groupName)));
        }
        return true;
    }
}
