package org.sonar.server.permission;

import java.util.List;
import java.util.Optional;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.server.component.ComponentQuery;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.permission.ws.PermissionRequestValidator;

/* loaded from: input_file:org/sonar/server/permission/GroupPermissionChanger.class */
public class GroupPermissionChanger {
    private final DbClient dbClient;
    private final DefaultOrganizationProvider defaultOrganizationProvider;

    /* renamed from: org.sonar.server.permission.GroupPermissionChanger$1, reason: invalid class name */
    /* loaded from: input_file:org/sonar/server/permission/GroupPermissionChanger$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$sonar$server$permission$PermissionChange$Operation = new int[PermissionChange.Operation.values().length];

        static {
            try {
                $SwitchMap$org$sonar$server$permission$PermissionChange$Operation[PermissionChange.Operation.ADD.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$sonar$server$permission$PermissionChange$Operation[PermissionChange.Operation.REMOVE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public GroupPermissionChanger(DbClient dbClient, DefaultOrganizationProvider defaultOrganizationProvider) {
        this.dbClient = dbClient;
        this.defaultOrganizationProvider = defaultOrganizationProvider;
    }

    public boolean apply(DbSession dbSession, GroupPermissionChange groupPermissionChange) {
        switch (AnonymousClass1.$SwitchMap$org$sonar$server$permission$PermissionChange$Operation[groupPermissionChange.getOperation().ordinal()]) {
            case ComponentQuery.DEFAULT_PAGE_INDEX /* 1 */:
                return addPermission(dbSession, groupPermissionChange);
            case 2:
                return removePermission(dbSession, groupPermissionChange);
            default:
                throw new UnsupportedOperationException("Unsupported permission change: " + groupPermissionChange.getOperation());
        }
    }

    private boolean addPermission(DbSession dbSession, GroupPermissionChange groupPermissionChange) {
        if (loadExistingPermissions(dbSession, groupPermissionChange).contains(groupPermissionChange.getPermission())) {
            return false;
        }
        PermissionRequestValidator.validateNotAnyoneAndAdminPermission(groupPermissionChange.getPermission(), groupPermissionChange.getGroupIdOrAnyone());
        this.dbClient.groupPermissionDao().insert(dbSession, new GroupPermissionDto().setRole(groupPermissionChange.getPermission()).setOrganizationUuid(groupPermissionChange.getOrganizationUuid()).setGroupId(groupPermissionChange.getGroupIdOrAnyone().getId()).setResourceId(groupPermissionChange.getNullableProjectId()));
        updateRootFlag(dbSession, groupPermissionChange);
        return true;
    }

    private boolean removePermission(DbSession dbSession, GroupPermissionChange groupPermissionChange) {
        if (!loadExistingPermissions(dbSession, groupPermissionChange).contains(groupPermissionChange.getPermission())) {
            return false;
        }
        checkIfRemainingGlobalAdministrators(dbSession, groupPermissionChange);
        this.dbClient.groupPermissionDao().delete(dbSession, groupPermissionChange.getPermission(), groupPermissionChange.getOrganizationUuid(), groupPermissionChange.getGroupIdOrAnyone().getId(), groupPermissionChange.getNullableProjectId());
        updateRootFlag(dbSession, groupPermissionChange);
        return true;
    }

    private void updateRootFlag(DbSession dbSession, GroupPermissionChange groupPermissionChange) {
        if (!"admin".equals(groupPermissionChange.getPermission()) || groupPermissionChange.getGroupIdOrAnyone().isAnyone() || groupPermissionChange.getProjectId().isPresent()) {
            return;
        }
        this.dbClient.groupDao().updateRootFlagOfUsersInGroupFromPermissions(dbSession, groupPermissionChange.getGroupIdOrAnyone().getId().longValue(), this.defaultOrganizationProvider.get().getUuid());
    }

    private List<String> loadExistingPermissions(DbSession dbSession, GroupPermissionChange groupPermissionChange) {
        Optional<ProjectId> projectId = groupPermissionChange.getProjectId();
        return projectId.isPresent() ? this.dbClient.groupPermissionDao().selectProjectPermissionsOfGroup(dbSession, groupPermissionChange.getOrganizationUuid(), groupPermissionChange.getGroupIdOrAnyone().getId(), projectId.get().getId()) : this.dbClient.groupPermissionDao().selectGlobalPermissionsOfGroup(dbSession, groupPermissionChange.getOrganizationUuid(), groupPermissionChange.getGroupIdOrAnyone().getId());
    }

    private void checkIfRemainingGlobalAdministrators(DbSession dbSession, GroupPermissionChange groupPermissionChange) {
        if ("admin".equals(groupPermissionChange.getPermission()) && !groupPermissionChange.getGroupIdOrAnyone().isAnyone() && !groupPermissionChange.getProjectId().isPresent() && this.dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroup(dbSession, groupPermissionChange.getOrganizationUuid(), "admin", groupPermissionChange.getGroupIdOrAnyone().getId().longValue()) == 0) {
            throw new BadRequestException(String.format("Last group with permission '%s'. Permission cannot be removed.", "admin"), new Object[0]);
        }
    }
}
