package org.jenkinsci.plugins;

import hudson.security.ACL;
import hudson.security.Permission;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Logger;
import org.acegisecurity.Authentication;
import org.kohsuke.stapler.Stapler;

/* loaded from: input_file:org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.class */
public class GithubRequireOrganizationMembershipACL extends ACL {
    private static final Logger log = Logger.getLogger(GithubRequireOrganizationMembershipACL.class.getName());
    private final List<String> organizationNameList;
    private final List<String> adminUserNameList = new LinkedList();
    private final boolean authenticatedUserReadPermission;
    private final boolean allowGithubWebHookPermission;
    private final boolean allowAnonymousReadPermission;

    public boolean hasPermission(Authentication authentication, Permission permission) {
        if (authentication == null || !(authentication instanceof GithubAuthenticationToken)) {
            String name = authentication.getName();
            if (name.equals(SYSTEM.getPrincipal())) {
                log.finest("Granting Full rights to SYSTEM user.");
                return true;
            }
            if (!name.equals("anonymous")) {
                if (!this.adminUserNameList.contains(name)) {
                    return false;
                }
                log.finest("Granting Admin rights to user " + authentication.getName());
                return true;
            }
            if (this.allowAnonymousReadPermission && checkReadPermission(permission)) {
                return true;
            }
            String originalRequestURI = Stapler.getCurrentRequest().getOriginalRequestURI();
            if (originalRequestURI.matches(".*github-webhook.*") && this.allowGithubWebHookPermission && checkReadPermission(permission)) {
                log.info("Granting READ access for github-webhook url: " + originalRequestURI);
                return true;
            }
            log.finer("Denying anonymous READ permission to url: " + originalRequestURI);
            return false;
        }
        if (!authentication.isAuthenticated()) {
            return false;
        }
        GithubAuthenticationToken githubAuthenticationToken = (GithubAuthenticationToken) authentication;
        String name2 = authentication.getName();
        if (this.adminUserNameList.contains(name2)) {
            log.finest("Granting Admin rights to user " + name2);
            return true;
        }
        if (this.authenticatedUserReadPermission && checkReadPermission(permission)) {
            log.finest("Granting Authenticated User read permission to user " + name2);
            return true;
        }
        for (String str : this.organizationNameList) {
            if (githubAuthenticationToken.hasOrganizationPermission(name2, str)) {
                String[] split = permission.getId().split("\\.");
                split[split.length - 1].toLowerCase();
                if (checkReadPermission(permission) || testBuildPermission(permission)) {
                    log.finest("Granting READ and BUILD rights to user " + name2 + " a member of " + str);
                    return true;
                }
            }
        }
        return false;
    }

    private boolean testBuildPermission(Permission permission) {
        return permission.getId().equals("hudson.model.Hudson.Build") || permission.getId().equals("hudson.model.Item.Build");
    }

    private boolean checkReadPermission(Permission permission) {
        return permission.getId().equals("hudson.model.Hudson.Read") || permission.getId().equals("hudson.model.Item.Read");
    }

    public GithubRequireOrganizationMembershipACL(String str, String str2, boolean z, boolean z2, boolean z3) {
        this.authenticatedUserReadPermission = z;
        this.allowGithubWebHookPermission = z2;
        this.allowAnonymousReadPermission = z3;
        for (String str3 : str.split(",")) {
            this.adminUserNameList.add(str3.trim());
        }
        this.organizationNameList = new LinkedList();
        for (String str4 : str2.split(",")) {
            this.organizationNameList.add(str4.trim());
        }
    }

    public List<String> getOrganizationNameList() {
        return this.organizationNameList;
    }

    public List<String> getAdminUserNameList() {
        return this.adminUserNameList;
    }

    public boolean isAuthenticatedUserReadPermission() {
        return this.authenticatedUserReadPermission;
    }

    public boolean isAllowGithubWebHookPermission() {
        return this.allowGithubWebHookPermission;
    }

    public boolean isAllowAnonymousReadPermission() {
        return this.allowAnonymousReadPermission;
    }
}
