package org.sonar.server.permission;

import com.google.common.base.Preconditions;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.server.ServerSide;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.DefaultTemplates;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.permission.UserPermissionDto;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.server.es.ProjectIndexer;
import org.sonar.server.es.ProjectIndexers;
import org.sonar.server.es.SearchOptions;
import org.sonar.server.permission.ws.template.DefaultTemplatesResolver;
import org.sonar.server.user.UserSession;

@ServerSide
/* loaded from: input_file:org/sonar/server/permission/PermissionTemplateService.class */
public class PermissionTemplateService {
    private final DbClient dbClient;
    private final ProjectIndexers projectIndexers;
    private final UserSession userSession;
    private final DefaultTemplatesResolver defaultTemplatesResolver;

    public PermissionTemplateService(DbClient dbClient, ProjectIndexers projectIndexers, UserSession userSession, DefaultTemplatesResolver defaultTemplatesResolver) {
        this.dbClient = dbClient;
        this.projectIndexers = projectIndexers;
        this.userSession = userSession;
        this.defaultTemplatesResolver = defaultTemplatesResolver;
    }

    public boolean wouldUserHaveScanPermissionWithDefaultTemplate(DbSession dbSession, String str, @Nullable Integer num, String str2, String str3) {
        if (this.userSession.hasPermission(OrganizationPermission.SCAN, str)) {
            return true;
        }
        PermissionTemplateDto findTemplate = findTemplate(dbSession, str, new ComponentDto().setOrganizationUuid(str).setDbKey(str2).setQualifier(str3));
        if (findTemplate == null) {
            return false;
        }
        return this.dbClient.permissionTemplateDao().selectPotentialPermissionsByUserIdAndTemplateId(dbSession, num, findTemplate.getId().longValue()).contains(OrganizationPermission.SCAN.getKey());
    }

    public void applyAndCommit(DbSession dbSession, PermissionTemplateDto permissionTemplateDto, Collection<ComponentDto> collection) {
        if (collection.isEmpty()) {
            return;
        }
        Iterator<ComponentDto> it = collection.iterator();
        while (it.hasNext()) {
            copyPermissions(dbSession, permissionTemplateDto, it.next(), null);
        }
        this.projectIndexers.commitAndIndex(dbSession, collection, ProjectIndexer.Cause.PERMISSION_CHANGE);
    }

    public void applyDefault(DbSession dbSession, String str, ComponentDto componentDto, @Nullable Integer num) {
        PermissionTemplateDto findTemplate = findTemplate(dbSession, str, componentDto);
        Preconditions.checkArgument(findTemplate != null, "Cannot retrieve default permission template");
        copyPermissions(dbSession, findTemplate, componentDto, num);
    }

    public boolean hasDefaultTemplateWithPermissionOnProjectCreator(DbSession dbSession, String str, ComponentDto componentDto) {
        return hasProjectCreatorPermission(dbSession, findTemplate(dbSession, str, componentDto));
    }

    private boolean hasProjectCreatorPermission(DbSession dbSession, @Nullable PermissionTemplateDto permissionTemplateDto) {
        return permissionTemplateDto != null && this.dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, Collections.singletonList(permissionTemplateDto.getId())).stream().anyMatch((v0) -> {
            return v0.getWithProjectCreator();
        });
    }

    private void copyPermissions(DbSession dbSession, PermissionTemplateDto permissionTemplateDto, ComponentDto componentDto, @Nullable Integer num) {
        this.dbClient.groupPermissionDao().deleteByRootComponentId(dbSession, componentDto.getId().longValue());
        this.dbClient.userPermissionDao().deleteProjectPermissions(dbSession, componentDto.getId().longValue());
        List selectUserPermissionsByTemplateId = this.dbClient.permissionTemplateDao().selectUserPermissionsByTemplateId(dbSession, permissionTemplateDto.getId().longValue());
        String organizationUuid = permissionTemplateDto.getOrganizationUuid();
        selectUserPermissionsByTemplateId.stream().filter(permissionTemplateUserDto -> {
            return permissionValidForProject(componentDto, permissionTemplateUserDto.getPermission());
        }).forEach(permissionTemplateUserDto2 -> {
            this.dbClient.userPermissionDao().insert(dbSession, new UserPermissionDto(organizationUuid, permissionTemplateUserDto2.getPermission(), permissionTemplateUserDto2.getUserId().intValue(), componentDto.getId()));
        });
        this.dbClient.permissionTemplateDao().selectGroupPermissionsByTemplateId(dbSession, permissionTemplateDto.getId().longValue()).stream().filter(permissionTemplateGroupDto -> {
            return groupNameValidForProject(componentDto, permissionTemplateGroupDto.getGroupName());
        }).filter(permissionTemplateGroupDto2 -> {
            return permissionValidForProject(componentDto, permissionTemplateGroupDto2.getPermission());
        }).forEach(permissionTemplateGroupDto3 -> {
            this.dbClient.groupPermissionDao().insert(dbSession, new GroupPermissionDto().setOrganizationUuid(organizationUuid).setGroupId(DefaultGroups.isAnyone(permissionTemplateGroupDto3.getGroupName()) ? null : permissionTemplateGroupDto3.getGroupId()).setRole(permissionTemplateGroupDto3.getPermission()).setResourceId(componentDto.getId()));
        });
        List selectByTemplateIds = this.dbClient.permissionTemplateCharacteristicDao().selectByTemplateIds(dbSession, Arrays.asList(permissionTemplateDto.getId()));
        if (num != null) {
            Set set = (Set) selectUserPermissionsByTemplateId.stream().filter(permissionTemplateUserDto3 -> {
                return num.equals(permissionTemplateUserDto3.getUserId());
            }).map((v0) -> {
                return v0.getPermission();
            }).collect(Collectors.toSet());
            selectByTemplateIds.stream().filter((v0) -> {
                return v0.getWithProjectCreator();
            }).filter(permissionTemplateCharacteristicDto -> {
                return permissionValidForProject(componentDto, permissionTemplateCharacteristicDto.getPermission());
            }).filter(permissionTemplateCharacteristicDto2 -> {
                return !set.contains(permissionTemplateCharacteristicDto2.getPermission());
            }).forEach(permissionTemplateCharacteristicDto3 -> {
                this.dbClient.userPermissionDao().insert(dbSession, new UserPermissionDto(organizationUuid, permissionTemplateCharacteristicDto3.getPermission(), num.intValue(), componentDto.getId()));
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean permissionValidForProject(ComponentDto componentDto, String str) {
        return componentDto.isPrivate() || !ProjectPermissions.PUBLIC_PERMISSIONS.contains(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean groupNameValidForProject(ComponentDto componentDto, String str) {
        return (componentDto.isPrivate() && DefaultGroups.isAnyone(str)) ? false : true;
    }

    @CheckForNull
    private PermissionTemplateDto findTemplate(DbSession dbSession, String str, ComponentDto componentDto) {
        List<PermissionTemplateDto> selectAll = this.dbClient.permissionTemplateDao().selectAll(dbSession, str, (String) null);
        ArrayList arrayList = new ArrayList();
        for (PermissionTemplateDto permissionTemplateDto : selectAll) {
            String keyPattern = permissionTemplateDto.getKeyPattern();
            if (StringUtils.isNotBlank(keyPattern) && componentDto.getDbKey().matches(keyPattern)) {
                arrayList.add(permissionTemplateDto);
            }
        }
        checkAtMostOneMatchForComponentKey(componentDto.getDbKey(), arrayList);
        if (arrayList.size() == 1) {
            return (PermissionTemplateDto) arrayList.get(0);
        }
        DefaultTemplates defaultTemplates = (DefaultTemplates) this.dbClient.organizationDao().getDefaultTemplates(dbSession, str).orElseThrow(() -> {
            return new IllegalStateException(String.format("No Default templates defined for organization with uuid '%s'", str));
        });
        String qualifier = componentDto.qualifier();
        DefaultTemplatesResolver.ResolvedDefaultTemplates resolve = this.defaultTemplatesResolver.resolve(defaultTemplates);
        boolean z = -1;
        switch (qualifier.hashCode()) {
            case 2753:
                if (qualifier.equals("VW")) {
                    z = true;
                    break;
                }
                break;
            case 65025:
                if (qualifier.equals("APP")) {
                    z = 2;
                    break;
                }
                break;
            case 83341:
                if (qualifier.equals("TRK")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case SearchOptions.DEFAULT_OFFSET /* 0 */:
                return this.dbClient.permissionTemplateDao().selectByUuid(dbSession, resolve.getProject());
            case true:
            case true:
                return this.dbClient.permissionTemplateDao().selectByUuid(dbSession, resolve.getView().orElseThrow(() -> {
                    return new IllegalStateException("Attempt to create a view when Governance plugin is not installed");
                }));
            default:
                throw new IllegalArgumentException(String.format("Qualifier '%s' is not supported", qualifier));
        }
    }

    private static void checkAtMostOneMatchForComponentKey(String str, List<PermissionTemplateDto> list) {
        if (list.size() > 1) {
            StringBuilder sb = new StringBuilder();
            Iterator<PermissionTemplateDto> it = list.iterator();
            while (it.hasNext()) {
                sb.append("\"").append(it.next().getName()).append("\"");
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
            throw new IllegalStateException(MessageFormat.format("The \"{0}\" key matches multiple permission templates: {1}. A system administrator must update these templates so that only one of them matches the key.", str, sb.toString()));
        }
    }
}
