package org.sonar.server.permission.ws;

import com.google.common.collect.Ordering;
import com.google.common.collect.TreeMultimap;
import com.google.common.io.Resources;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.Paging;
import org.sonar.core.util.Protobuf;
import org.sonar.core.util.stream.MoreCollectors;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.user.GroupDto;
import org.sonar.server.permission.PermissionPrivilegeChecker;
import org.sonar.server.permission.ProjectId;
import org.sonar.server.user.UserSession;
import org.sonar.server.ws.WsUtils;
import org.sonarqube.ws.Permissions;

/* loaded from: input_file:org/sonar/server/permission/ws/GroupsAction.class */
public class GroupsAction implements PermissionsWsAction {
    private final DbClient dbClient;
    private final UserSession userSession;
    private final PermissionWsSupport support;

    public GroupsAction(DbClient dbClient, UserSession userSession, PermissionWsSupport permissionWsSupport) {
        this.dbClient = dbClient;
        this.userSession = userSession;
        this.support = permissionWsSupport;
    }

    public void define(WebService.NewController newController) {
        WebService.NewAction handler = newController.createAction("groups").setSince("5.2").setInternal(true).setDescription("Lists the groups with their permissions.<br>This service defaults to global permissions, but can be limited to project permissions by providing project id or project key.<br> This service defaults to all groups, but can be limited to groups with a specific permission by providing the desired permission.<br>Requires one of the following permissions:<ul><li>'Administer System'</li><li>'Administer' rights on the specified project</li></ul>").addPagingParams(20, 100).setResponseExample(Resources.getResource(getClass(), "groups-example.json")).setHandler(this);
        handler.createSearchQuery("sonar", new String[]{"names"}).setDescription("Limit search to group names that contain the supplied string. When this parameter is not set, only groups having at least one permission are returned.").setMinimumLength(3);
        PermissionsWsParametersBuilder.createOrganizationParameter(handler).setSince("6.2");
        PermissionsWsParametersBuilder.createPermissionParameter(handler).setRequired(false);
        PermissionsWsParametersBuilder.createProjectParameters(handler);
    }

    public void handle(Request request, Response response) throws Exception {
        DbSession openSession = this.dbClient.openSession(false);
        Throwable th = null;
        try {
            OrganizationDto findOrganization = this.support.findOrganization(openSession, request.param("organization"));
            Optional<ProjectId> findProjectId = this.support.findProjectId(openSession, request);
            PermissionPrivilegeChecker.checkProjectAdmin(this.userSession, findOrganization.getUuid(), findProjectId);
            PermissionQuery buildPermissionQuery = buildPermissionQuery(request, findOrganization, findProjectId);
            List<GroupDto> findGroups = findGroups(openSession, findOrganization, buildPermissionQuery);
            WsUtils.writeProtobuf(buildResponse(findGroups, findGroupPermissions(openSession, findOrganization, findGroups, findProjectId), Paging.forPageIndex(request.mandatoryParamAsInt("p")).withPageSize(buildPermissionQuery.getPageSize()).andTotal(this.dbClient.groupPermissionDao().countGroupsByQuery(openSession, buildPermissionQuery))), request, response);
            if (openSession != null) {
                if (0 == 0) {
                    openSession.close();
                    return;
                }
                try {
                    openSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (openSession != null) {
                if (0 != 0) {
                    try {
                        openSession.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openSession.close();
                }
            }
            throw th3;
        }
    }

    private static PermissionQuery buildPermissionQuery(Request request, OrganizationDto organizationDto, Optional<ProjectId> optional) {
        String param = request.param("q");
        PermissionQuery.Builder searchQuery = PermissionQuery.builder().setOrganizationUuid(organizationDto.getUuid()).setPermission(request.param("permission")).setPageIndex(Integer.valueOf(request.mandatoryParamAsInt("p"))).setPageSize(Integer.valueOf(request.mandatoryParamAsInt("ps"))).setSearchQuery(param);
        if (optional.isPresent()) {
            searchQuery.setComponentUuid(optional.get().getUuid());
        }
        if (param == null) {
            searchQuery.withAtLeastOnePermission();
        }
        return searchQuery.build();
    }

    private static Permissions.WsGroupsResponse buildResponse(List<GroupDto> list, List<GroupPermissionDto> list2, Paging paging) {
        TreeMultimap create = TreeMultimap.create();
        list2.forEach(groupPermissionDto -> {
            create.put(groupPermissionDto.getGroupId(), groupPermissionDto.getRole());
        });
        Permissions.WsGroupsResponse.Builder newBuilder = Permissions.WsGroupsResponse.newBuilder();
        list.forEach(groupDto -> {
            Permissions.Group.Builder name = newBuilder.addGroupsBuilder().setName(groupDto.getName());
            if (groupDto.getId().intValue() != 0) {
                name.setId(String.valueOf(groupDto.getId()));
            }
            String description = groupDto.getDescription();
            name.getClass();
            Protobuf.setNullable(description, name::setDescription);
            name.addAllPermissions(create.get(groupDto.getId()));
        });
        newBuilder.getPagingBuilder().setPageIndex(paging.pageIndex()).setPageSize(paging.pageSize()).setTotal(paging.total());
        return newBuilder.build();
    }

    private List<GroupDto> findGroups(DbSession dbSession, OrganizationDto organizationDto, PermissionQuery permissionQuery) {
        List selectGroupNamesByQuery = this.dbClient.groupPermissionDao().selectGroupNamesByQuery(dbSession, permissionQuery);
        List selectByNames = this.dbClient.groupDao().selectByNames(dbSession, organizationDto.getUuid(), selectGroupNamesByQuery);
        if (selectGroupNamesByQuery.contains("Anyone")) {
            selectByNames.add(0, new GroupDto().setId(0).setName("Anyone").setOrganizationUuid(organizationDto.getUuid()));
        }
        return Ordering.explicit(selectGroupNamesByQuery).onResultOf((v0) -> {
            return v0.getName();
        }).immutableSortedCopy(selectByNames);
    }

    private List<GroupPermissionDto> findGroupPermissions(DbSession dbSession, OrganizationDto organizationDto, List<GroupDto> list, Optional<ProjectId> optional) {
        if (list.isEmpty()) {
            return Collections.emptyList();
        }
        return this.dbClient.groupPermissionDao().selectByGroupIds(dbSession, organizationDto.getUuid(), (List) list.stream().map((v0) -> {
            return v0.getId();
        }).collect(MoreCollectors.toList(list.size())), optional.isPresent() ? Long.valueOf(optional.get().getId()) : null);
    }
}
