package com.atlassian.crowd.manager.permission;

import com.atlassian.crowd.console.embedded.api.CrowdApplicationFactory;
import com.atlassian.crowd.dao.permission.InternalUserPermissionDAO;
import com.atlassian.crowd.directory.DirectoryProperties;
import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.integration.springsecurity.CrowdApplicationGrantedAuthority;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetails;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.authentication.AuthenticatedUserProvider;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.permission.UserPermission;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/manager/permission/UserPermissionServiceImpl.class */
public class UserPermissionServiceImpl implements UserPermissionService {
    private static final Logger log = LoggerFactory.getLogger(UserPermissionServiceImpl.class);
    private final InternalUserPermissionDAO userPermissionDAO;
    private final DirectoryManager directoryManager;
    private final AuthenticatedUserProvider userProvider;
    private final ApplicationService applicationService;
    private final CrowdApplicationFactory crowdApplicationFactory;
    private final GroupAdministrationPermissionService groupAdministrationPermissionService;
    private static final String PERMISSION_CHECK_FAILED_MESSAGE = "Failed to check permission for user '%s'";

    public UserPermissionServiceImpl(InternalUserPermissionDAO internalUserPermissionDAO, DirectoryManager directoryManager, AuthenticatedUserProvider authenticatedUserProvider, ApplicationService applicationService, CrowdApplicationFactory crowdApplicationFactory, GroupAdministrationPermissionService groupAdministrationPermissionService) {
        this.userPermissionDAO = (InternalUserPermissionDAO) Preconditions.checkNotNull(internalUserPermissionDAO);
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
        this.userProvider = (AuthenticatedUserProvider) Preconditions.checkNotNull(authenticatedUserProvider);
        this.applicationService = applicationService;
        this.crowdApplicationFactory = crowdApplicationFactory;
        this.groupAdministrationPermissionService = groupAdministrationPermissionService;
    }

    public boolean currentUserHasPermission(UserPermission userPermission) {
        CrowdUserDetails crowdUserDetails = this.userProvider.getCrowdUserDetails();
        if (crowdUserDetails == null || !crowdUserDetails.getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority instanceof CrowdApplicationGrantedAuthority;
        })) {
            return false;
        }
        return crowdUserDetails.hasAuthority(grantedAuthority2 -> {
            return ("ROLE_" + userPermission.name()).equals(grantedAuthority2.getAuthority());
        });
    }

    public boolean hasPermission(@Nullable String str, UserPermission userPermission) {
        return hasPermissionOutsideOfGroups(str, userPermission, Collections.emptyList());
    }

    public boolean hasPermissionOutsideOfGroups(@Nullable String str, UserPermission userPermission, Collection<DirectoryGroup> collection) {
        Preconditions.checkArgument(collection != null, "ExcludedGroups must not be null. You can provide an empty list.");
        Preconditions.checkArgument(userPermission != null, "Permission must not be null");
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        Map<Long, Set<String>> groupNamesByDirectoryIdMap = toGroupNamesByDirectoryIdMap(Stream.of(userPermission).flatMap(userPermission2 -> {
            return this.userPermissionDAO.getGrantedPermissions(userPermission2).stream();
        }));
        remove(groupNamesByDirectoryIdMap, collection);
        Application application = this.crowdApplicationFactory.getApplication();
        if (application.isMembershipAggregationEnabled()) {
            return groupNamesByDirectoryIdMap.entrySet().stream().anyMatch(entry -> {
                return isMember(((Long) entry.getKey()).longValue(), str, (Set) entry.getValue());
            });
        }
        try {
            User findUserByName = this.applicationService.findUserByName(application, str);
            Set<String> set = groupNamesByDirectoryIdMap.get(Long.valueOf(findUserByName.getDirectoryId()));
            if (set != null) {
                if (isMember(findUserByName.getDirectoryId(), str, set)) {
                    return true;
                }
            }
            return false;
        } catch (UserNotFoundException e) {
            throw new UserPermissionException(String.format(PERMISSION_CHECK_FAILED_MESSAGE, str), e);
        }
    }

    private void remove(Map<Long, Set<String>> map, Collection<DirectoryGroup> collection) {
        for (Map.Entry<Long, Set<String>> entry : toGroupNamesByDirectoryIdMap(collection.stream()).entrySet()) {
            map.computeIfPresent(entry.getKey(), (l, set) -> {
                set.removeIf(IdentifierUtils.containsIdentifierPredicate((Collection) entry.getValue()));
                if (set.isEmpty()) {
                    return null;
                }
                return set;
            });
        }
    }

    private Map<Long, Set<String>> toGroupNamesByDirectoryIdMap(Stream<? extends DirectoryGroup> stream) {
        return (Map) stream.collect(Collectors.groupingBy((v0) -> {
            return v0.getDirectoryId();
        }, Collectors.mapping((v0) -> {
            return v0.getGroupName();
        }, Collectors.toSet())));
    }

    private boolean isMember(long j, String str, Set<String> set) {
        try {
            return this.directoryManager.isUserNestedGroupMember(j, str, set);
        } catch (DirectoryNotFoundException | OperationFailedException e) {
            throw new UserPermissionException(String.format(PERMISSION_CHECK_FAILED_MESSAGE, str), e);
        }
    }

    public boolean isGroupLevelAdmin(@Nullable String str) {
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        try {
            return this.groupAdministrationPermissionService.isUserGroupLevelAdmin(this.applicationService.findUserByName(this.crowdApplicationFactory.getApplication(), str));
        } catch (OperationFailedException e) {
            String format = String.format("Error occured when checking group level admin permissions for user %s", str);
            log.error(format, e);
            throw new UserPermissionException(format, e);
        } catch (UserNotFoundException e2) {
            log.info("User '{}' not found when checking group level admin permissions", str, e2);
            return false;
        }
    }

    private Set<User> getNestedUsers(Map<Long, Set<String>> map, boolean z) throws DirectoryNotFoundException, OperationFailedException {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        for (Map.Entry<Long, Set<String>> entry : map.entrySet()) {
            if (!z || DirectoryProperties.cachesAnyUsers(this.directoryManager.findDirectoryById(entry.getKey().longValue()))) {
                builder.addAll(this.directoryManager.searchNestedGroupRelationships(entry.getKey().longValue(), QueryBuilder.queryFor(User.class, EntityDescriptor.user()).childrenOf(EntityDescriptor.group(GroupType.GROUP)).withNames(entry.getValue()).returningAtMost(-1)));
            }
        }
        return builder.build();
    }

    public Set<User> getUsersWithPermission(Application application, UserPermission userPermission, boolean z) throws DirectoryNotFoundException, OperationFailedException {
        return getNestedUsers(toGroupNamesByDirectoryIdMap(Stream.of(userPermission).flatMap(userPermission2 -> {
            return this.userPermissionDAO.getGrantedPermissions(userPermission2, application).stream();
        })), z);
    }

    public Set<User> getGroupLevelAdmins(boolean z) throws DirectoryNotFoundException, OperationFailedException {
        return ImmutableSet.builder().addAll(this.groupAdministrationPermissionService.getDirectGroupLevelAdminUsers(z)).addAll(getNestedUsers((Map) this.groupAdministrationPermissionService.getDirectGroupLevelAdminGroups(z).stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getDirectoryId();
        }, Collectors.mapping((v0) -> {
            return v0.getName();
        }, Collectors.toSet()))), true)).build();
    }
}
