package com.atlassian.jira.security;

import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.event.api.EventListener;
import com.atlassian.jira.EventComponent;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.entity.EntityUtils;
import com.atlassian.jira.event.ClearCacheEvent;
import com.atlassian.jira.exception.CreateException;
import com.atlassian.jira.exception.DataAccessException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.jelly.tag.admin.GetAssociatedSchemes;
import com.atlassian.jira.ofbiz.FieldMap;
import com.atlassian.jira.security.type.GroupDropdown;
import com.atlassian.jira.user.util.UserUtil;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import org.ofbiz.core.entity.GenericEntityException;
import org.ofbiz.core.entity.GenericValue;

@EventComponent
/* loaded from: input_file:com/atlassian/jira/security/DefaultGlobalPermissionManager.class */
public class DefaultGlobalPermissionManager implements GlobalPermissionManager {
    private final GlobalPermissionsCache cache = new GlobalPermissionsCache();
    private final CrowdService crowdService;

    public DefaultGlobalPermissionManager(CrowdService crowdService) {
        this.crowdService = crowdService;
    }

    @EventListener
    public void onClearCache(ClearCacheEvent clearCacheEvent) {
        this.cache.refresh();
    }

    public boolean addPermission(int i, String str) throws CreateException {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed must be a global permissions " + i + " is not");
        }
        if (i == 1 && str == null) {
            throw new IllegalArgumentException("The group Anyone cannot be added to the global permission JIRA Users");
        }
        try {
            EntityUtils.createValue("SchemePermissions", FieldMap.build(GetAssociatedSchemes.SCHEME_TYPE_PERMISSION, new Long(i)).add("type", GroupDropdown.DESC).add("parameter", str));
            this.cache.refresh();
            clearActiveUserCountIfNecessary(i);
            return true;
        } catch (DataAccessException e) {
            throw new CreateException(e);
        }
    }

    public Collection<JiraPermission> getPermissions(int i) {
        return this.cache.getPermissions(i);
    }

    public boolean removePermission(int i, String str) throws RemoveException {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must be a global permission, " + i + " is not");
        }
        JiraPermissionImpl jiraPermissionImpl = new JiraPermissionImpl(i, str, GroupDropdown.DESC);
        if (!hasPermission(jiraPermissionImpl)) {
            return false;
        }
        try {
            ComponentAccessor.getOfBizDelegator().removeAll(Lists.newArrayList(new GenericValue[]{this.cache.getPermission(jiraPermissionImpl)}));
            this.cache.refresh();
            clearActiveUserCountIfNecessary(i);
            return true;
        } catch (DataAccessException e) {
            throw new RemoveException(e);
        }
    }

    public boolean removePermissions(String str) throws RemoveException {
        if (str == null) {
            throw new IllegalArgumentException("Group passed must NOT be null");
        }
        if (this.crowdService.getGroup(str) == null) {
            throw new IllegalArgumentException("Group passed must exist");
        }
        for (JiraPermission jiraPermission : this.cache.getPermissions()) {
            if (str.equals(jiraPermission.getGroup())) {
                try {
                    this.cache.getPermission(jiraPermission).remove();
                    clearActiveUserCountIfNecessary(jiraPermission.getType());
                } catch (GenericEntityException e) {
                    throw new RemoveException(e);
                }
            }
        }
        this.cache.refresh();
        return true;
    }

    public boolean hasPermission(int i) {
        if (Permissions.isGlobalPermission(i)) {
            return hasPermission(new JiraPermissionImpl(i));
        }
        throw new IllegalArgumentException("PermissionType passed to this function must a global permission, " + i + " is not");
    }

    public boolean hasPermission(int i, User user) {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must a global permission, " + i + " is not");
        }
        if (user == null) {
            throw new IllegalArgumentException("User passed to this function cannot be null");
        }
        if (hasPermission(i)) {
            return true;
        }
        Iterator it = this.crowdService.search(QueryBuilder.queryFor(String.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.user()).withName(user.getName()).returningAtMost(-1)).iterator();
        while (it.hasNext()) {
            if (hasPermission(new JiraPermissionImpl(i, (String) it.next(), GroupDropdown.DESC))) {
                return true;
            }
        }
        return false;
    }

    public Collection<Group> getGroupsWithPermission(int i) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = getGroupNames(i).iterator();
        while (it.hasNext()) {
            Group group = this.crowdService.getGroup(it.next());
            if (group != null) {
                arrayList.add(group);
            }
        }
        return Collections.unmodifiableCollection(arrayList);
    }

    public Collection<String> getGroupNames(int i) {
        if (!Permissions.isGlobalPermission(i)) {
            throw new IllegalArgumentException("PermissionType passed to this function must a global permission, " + i + " is not");
        }
        HashSet hashSet = new HashSet();
        Iterator<JiraPermission> it = this.cache.getPermissions(i).iterator();
        while (it.hasNext()) {
            String group = it.next().getGroup();
            if (group != null) {
                hashSet.add(group);
            }
        }
        return Collections.unmodifiableCollection(hashSet);
    }

    protected boolean hasPermission(JiraPermission jiraPermission) {
        return 0 == jiraPermission.getType() ? this.cache.hasPermission(jiraPermission) || this.cache.hasPermission(new JiraPermissionImpl(44, jiraPermission.getGroup(), jiraPermission.getPermType())) : this.cache.hasPermission(jiraPermission);
    }

    private void clearActiveUserCountIfNecessary(int i) {
        if (Permissions.getUsePermissions().contains(Integer.valueOf(i))) {
            getUserUtil().clearActiveUserCount();
        }
    }

    UserUtil getUserUtil() {
        return ComponentAccessor.getUserUtil();
    }
}
