package org.sonar.db.permission;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.config.Settings;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.server.ServerSide;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.GroupRoleDto;
import org.sonar.db.user.UserRoleDto;

@ServerSide
/* loaded from: input_file:org/sonar/db/permission/PermissionRepository.class */
public class PermissionRepository {
    private final DbClient dbClient;
    private final Settings settings;

    public PermissionRepository(DbClient dbClient, Settings settings) {
        this.dbClient = dbClient;
        this.settings = settings;
    }

    private void insertUserPermission(@Nullable Long l, Long l2, String str, boolean z, DbSession dbSession) {
        UserRoleDto resourceId = new UserRoleDto().setRole(str).setUserId(l2).setResourceId(l);
        if (z) {
            updateProjectAuthorizationDate(dbSession, l);
        }
        this.dbClient.roleDao().insertUserRole(dbSession, resourceId);
    }

    public void insertUserPermission(@Nullable Long l, Long l2, String str, DbSession dbSession) {
        insertUserPermission(l, l2, str, true, dbSession);
    }

    public void deleteUserPermission(@Nullable Long l, Long l2, String str, DbSession dbSession) {
        UserRoleDto resourceId = new UserRoleDto().setRole(str).setUserId(l2).setResourceId(l);
        updateProjectAuthorizationDate(dbSession, l);
        this.dbClient.roleDao().deleteUserRole(resourceId, dbSession);
    }

    private void insertGroupPermission(@Nullable Long l, @Nullable Long l2, String str, boolean z, DbSession dbSession) {
        GroupRoleDto resourceId = new GroupRoleDto().setRole(str).setGroupId(l2).setResourceId(l);
        if (z) {
            updateProjectAuthorizationDate(dbSession, l);
        }
        this.dbClient.roleDao().insertGroupRole(dbSession, resourceId);
    }

    public void insertGroupPermission(@Nullable Long l, @Nullable Long l2, String str, DbSession dbSession) {
        insertGroupPermission(l, l2, str, true, dbSession);
    }

    public void insertGroupPermission(@Nullable Long l, String str, String str2, DbSession dbSession) {
        if (DefaultGroups.isAnyone(str)) {
            insertGroupPermission(l, (Long) null, str2, dbSession);
            return;
        }
        GroupDto selectByName = this.dbClient.groupDao().selectByName(dbSession, str);
        if (selectByName != null) {
            insertGroupPermission(l, selectByName.getId(), str2, dbSession);
        }
    }

    public void deleteGroupPermission(@Nullable Long l, @Nullable Long l2, String str, DbSession dbSession) {
        GroupRoleDto resourceId = new GroupRoleDto().setRole(str).setGroupId(l2).setResourceId(l);
        updateProjectAuthorizationDate(dbSession, l);
        this.dbClient.roleDao().deleteGroupRole(resourceId, dbSession);
    }

    public void deleteGroupPermission(@Nullable Long l, String str, String str2, DbSession dbSession) {
        if (DefaultGroups.isAnyone(str)) {
            deleteGroupPermission(l, (Long) null, str2, dbSession);
            return;
        }
        GroupDto selectByName = this.dbClient.groupDao().selectByName(dbSession, str);
        if (selectByName != null) {
            deleteGroupPermission(l, selectByName.getId(), str2, dbSession);
        }
    }

    private void updateProjectAuthorizationDate(DbSession dbSession, @Nullable Long l) {
        if (l != null) {
            this.dbClient.resourceDao().updateAuthorizationDate(l, dbSession);
        }
    }

    public void applyPermissionTemplate(DbSession dbSession, String str, long j) {
        PermissionTemplateDto selectPermissionTemplateWithPermissions = this.dbClient.permissionTemplateDao().selectPermissionTemplateWithPermissions(dbSession, str);
        updateProjectAuthorizationDate(dbSession, Long.valueOf(j));
        this.dbClient.roleDao().removeAllPermissions(dbSession, Long.valueOf(j));
        List<PermissionTemplateUserDto> usersPermissions = selectPermissionTemplateWithPermissions.getUsersPermissions();
        if (usersPermissions != null) {
            for (PermissionTemplateUserDto permissionTemplateUserDto : usersPermissions) {
                insertUserPermission(Long.valueOf(j), permissionTemplateUserDto.getUserId(), permissionTemplateUserDto.getPermission(), false, dbSession);
            }
        }
        List<PermissionTemplateGroupDto> groupsPermissions = selectPermissionTemplateWithPermissions.getGroupsPermissions();
        if (groupsPermissions != null) {
            for (PermissionTemplateGroupDto permissionTemplateGroupDto : groupsPermissions) {
                insertGroupPermission(Long.valueOf(j), permissionTemplateGroupDto.getGroupId() == null ? null : permissionTemplateGroupDto.getGroupId(), permissionTemplateGroupDto.getPermission(), false, dbSession);
            }
        }
    }

    public void applyDefaultPermissionTemplate(DbSession dbSession, long j) {
        applyDefaultPermissionTemplate(dbSession, this.dbClient.componentDao().selectOrFailById(dbSession, j));
    }

    public void applyDefaultPermissionTemplate(DbSession dbSession, ComponentDto componentDto) {
        applyPermissionTemplate(dbSession, getApplicablePermissionTemplateKey(dbSession, componentDto.getKey(), componentDto.qualifier()), componentDto.getId().longValue());
    }

    private String getApplicablePermissionTemplateKey(DbSession dbSession, String str, String str2) {
        List<PermissionTemplateDto> selectAll = this.dbClient.permissionTemplateDao().selectAll(dbSession);
        ArrayList arrayList = new ArrayList();
        for (PermissionTemplateDto permissionTemplateDto : selectAll) {
            String keyPattern = permissionTemplateDto.getKeyPattern();
            if (StringUtils.isNotBlank(keyPattern) && str.matches(keyPattern)) {
                arrayList.add(permissionTemplateDto);
            }
        }
        checkAtMostOneMatchForComponentKey(str, arrayList);
        if (arrayList.size() == 1) {
            return arrayList.get(0).getUuid();
        }
        String string = this.settings.getString("sonar.permission.template." + str2 + ".default");
        if (!StringUtils.isBlank(string)) {
            return string;
        }
        String string2 = this.settings.getString("sonar.permission.template.default");
        if (StringUtils.isBlank(string2)) {
            throw new IllegalStateException("At least one default permission template should be defined");
        }
        return string2;
    }

    private void checkAtMostOneMatchForComponentKey(String str, List<PermissionTemplateDto> list) {
        if (list.size() > 1) {
            StringBuilder sb = new StringBuilder();
            Iterator<PermissionTemplateDto> it = list.iterator();
            while (it.hasNext()) {
                sb.append("\"").append(it.next().getName()).append("\"");
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
            throw new IllegalStateException(MessageFormat.format("The \"{0}\" key matches multiple permission templates: {1}. A system administrator must update these templates so that only one of them matches the key.", str, sb.toString()));
        }
    }
}
