package org.sonar.server.permission;

import java.util.List;
import java.util.Optional;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.UserPermissionDto;
import org.sonar.server.es.DefaultIndexSettings;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.ws.WsUtils;

/* loaded from: input_file:org/sonar/server/permission/UserPermissionChanger.class */
public class UserPermissionChanger {
    private final DbClient dbClient;

    /* renamed from: org.sonar.server.permission.UserPermissionChanger$1, reason: invalid class name */
    /* loaded from: input_file:org/sonar/server/permission/UserPermissionChanger$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$sonar$server$permission$PermissionChange$Operation = new int[PermissionChange.Operation.values().length];

        static {
            try {
                $SwitchMap$org$sonar$server$permission$PermissionChange$Operation[PermissionChange.Operation.ADD.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$sonar$server$permission$PermissionChange$Operation[PermissionChange.Operation.REMOVE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public UserPermissionChanger(DbClient dbClient) {
        this.dbClient = dbClient;
    }

    public boolean apply(DbSession dbSession, UserPermissionChange userPermissionChange) {
        ensureConsistencyWithVisibility(userPermissionChange);
        if (isImplicitlyAlreadyDone(userPermissionChange)) {
            return false;
        }
        switch (AnonymousClass1.$SwitchMap$org$sonar$server$permission$PermissionChange$Operation[userPermissionChange.getOperation().ordinal()]) {
            case 1:
                return addPermission(dbSession, userPermissionChange);
            case DefaultIndexSettings.MINIMUM_NGRAM_LENGTH /* 2 */:
                return removePermission(dbSession, userPermissionChange);
            default:
                throw new UnsupportedOperationException("Unsupported permission change: " + userPermissionChange.getOperation());
        }
    }

    private static boolean isImplicitlyAlreadyDone(UserPermissionChange userPermissionChange) {
        return ((Boolean) userPermissionChange.getProjectId().map(projectId -> {
            return Boolean.valueOf(isImplicitlyAlreadyDone(projectId, userPermissionChange));
        }).orElse(false)).booleanValue();
    }

    private static boolean isImplicitlyAlreadyDone(ProjectId projectId, UserPermissionChange userPermissionChange) {
        return isAttemptToAddPublicPermissionToPublicComponent(userPermissionChange, projectId);
    }

    private static boolean isAttemptToAddPublicPermissionToPublicComponent(UserPermissionChange userPermissionChange, ProjectId projectId) {
        return !projectId.isPrivate() && userPermissionChange.getOperation() == PermissionChange.Operation.ADD && ProjectPermissions.PUBLIC_PERMISSIONS.contains(userPermissionChange.getPermission());
    }

    private static void ensureConsistencyWithVisibility(UserPermissionChange userPermissionChange) {
        userPermissionChange.getProjectId().ifPresent(projectId -> {
            WsUtils.checkRequest(!isAttemptToRemovePublicPermissionFromPublicComponent(userPermissionChange, projectId), "Permission %s can't be removed from a public component", userPermissionChange.getPermission());
        });
    }

    private static boolean isAttemptToRemovePublicPermissionFromPublicComponent(UserPermissionChange userPermissionChange, ProjectId projectId) {
        return !projectId.isPrivate() && userPermissionChange.getOperation() == PermissionChange.Operation.REMOVE && ProjectPermissions.PUBLIC_PERMISSIONS.contains(userPermissionChange.getPermission());
    }

    private boolean addPermission(DbSession dbSession, UserPermissionChange userPermissionChange) {
        if (loadExistingPermissions(dbSession, userPermissionChange).contains(userPermissionChange.getPermission())) {
            return false;
        }
        this.dbClient.userPermissionDao().insert(dbSession, new UserPermissionDto(userPermissionChange.getOrganizationUuid(), userPermissionChange.getPermission(), userPermissionChange.getUserId().getId(), userPermissionChange.getNullableProjectId()));
        return true;
    }

    private boolean removePermission(DbSession dbSession, UserPermissionChange userPermissionChange) {
        if (!loadExistingPermissions(dbSession, userPermissionChange).contains(userPermissionChange.getPermission())) {
            return false;
        }
        checkOtherAdminsExist(dbSession, userPermissionChange);
        Optional<ProjectId> projectId = userPermissionChange.getProjectId();
        if (projectId.isPresent()) {
            this.dbClient.userPermissionDao().deleteProjectPermission(dbSession, userPermissionChange.getUserId().getId(), userPermissionChange.getPermission(), projectId.get().getId());
            return true;
        }
        this.dbClient.userPermissionDao().deleteGlobalPermission(dbSession, userPermissionChange.getUserId().getId(), userPermissionChange.getPermission(), userPermissionChange.getOrganizationUuid());
        return true;
    }

    private List<String> loadExistingPermissions(DbSession dbSession, UserPermissionChange userPermissionChange) {
        Optional<ProjectId> projectId = userPermissionChange.getProjectId();
        return projectId.isPresent() ? this.dbClient.userPermissionDao().selectProjectPermissionsOfUser(dbSession, userPermissionChange.getUserId().getId(), projectId.get().getId()) : this.dbClient.userPermissionDao().selectGlobalPermissionsOfUser(dbSession, userPermissionChange.getUserId().getId(), userPermissionChange.getOrganizationUuid());
    }

    private void checkOtherAdminsExist(DbSession dbSession, UserPermissionChange userPermissionChange) {
        if (!"admin".equals(userPermissionChange.getPermission()) || userPermissionChange.getProjectId().isPresent()) {
            return;
        }
        WsUtils.checkRequest(this.dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingUserPermission(dbSession, userPermissionChange.getOrganizationUuid(), userPermissionChange.getPermission(), userPermissionChange.getUserId().getId()) > 0, "Last user with permission '%s'. Permission cannot be removed.", "admin");
    }
}
