package io.jenkins.blueocean.scm.api;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.Item;
import hudson.model.Items;
import hudson.model.TopLevelItem;
import hudson.model.TopLevelItemDescriptor;
import hudson.model.User;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.rest.factory.organization.OrganizationFactory;
import io.jenkins.blueocean.rest.model.BlueOrganization;
import io.jenkins.blueocean.rest.model.BluePipelineCreateRequest;
import io.jenkins.blueocean.rest.model.BlueScmConfig;
import java.io.IOException;
import jenkins.model.Jenkins;
import jenkins.model.ModifiableTopLevelItemGroup;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/blueocean-pipeline-scm-api.jar:io/jenkins/blueocean/scm/api/AbstractPipelineCreateRequest.class */
public abstract class AbstractPipelineCreateRequest extends BluePipelineCreateRequest {
    protected final BlueScmConfig scmConfig;

    public AbstractPipelineCreateRequest(String str, BlueScmConfig blueScmConfig) {
        setName(str);
        this.scmConfig = blueScmConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonNull
    public TopLevelItem createProject(String str, String str2, Class<? extends TopLevelItemDescriptor> cls, BlueOrganization blueOrganization) throws IOException {
        AccessControlled parent = getParent(blueOrganization);
        ACL acl = parent instanceof AccessControlled ? parent.getACL() : Jenkins.get().getACL();
        Authentication authentication2 = Jenkins.getAuthentication2();
        if (!acl.hasPermission2(authentication2, Item.CREATE)) {
            throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. User %s doesn't have Job create permission", str, authentication2.getName()));
        }
        TopLevelItemDescriptor findByName = Items.all().findByName(str2);
        if (findByName == null || !cls.isAssignableFrom(findByName.getClass())) {
            throw new ServiceException.BadRequestException(String.format("Failed to create pipeline: %s, descriptor %s is not found", str, str2));
        }
        if (!findByName.isApplicableIn(parent)) {
            throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. Pipeline can't be created in Jenkins root folder", str));
        }
        if (acl.hasCreatePermission2(authentication2, parent, findByName)) {
            return parent.createProject(findByName, str, true);
        }
        throw new ServiceException.ForbiddenException("Missing permission: " + Item.CREATE.group.title + "/" + Item.CREATE.name + " " + Item.CREATE + "/" + findByName.getDisplayName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User checkUserIsAuthenticatedAndHasItemCreatePermission(BlueOrganization blueOrganization) {
        AccessControlled parent = getParent(blueOrganization);
        User current = User.current();
        if (current == null) {
            throw new ServiceException.UnauthorizedException("Must be logged in to create a pipeline");
        }
        if ((parent instanceof AccessControlled ? parent.getACL() : Jenkins.get().getACL()).hasPermission2(Jenkins.getAuthentication2(), Item.CREATE)) {
            return current;
        }
        throw new ServiceException.ForbiddenException(String.format("User %s doesn't have Job create permission", current.getId()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String computeCredentialId(BlueScmConfig blueScmConfig);

    /* JADX INFO: Access modifiers changed from: protected */
    public ModifiableTopLevelItemGroup getParent(BlueOrganization blueOrganization) {
        ModifiableTopLevelItemGroup itemGroup = OrganizationFactory.getItemGroup(blueOrganization);
        return itemGroup != null ? itemGroup : Jenkins.get();
    }
}
