package com.atlassian.bamboo.security;

import com.atlassian.bamboo.deployments.environments.Environment;
import com.atlassian.bamboo.deployments.projects.DeploymentProject;
import com.atlassian.bamboo.repository.RepositoryDataEntity;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSetMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.Ordering;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/security/PermissionsServiceUtils.class */
public class PermissionsServiceUtils {

    @VisibleForTesting
    static final List<BambooPermission> PERMISSIONS_LIST_IN_ORDER = ImmutableList.of(BambooPermission.READ, BambooPermission.VIEW_CONFIGURATION, BambooPermission.WRITE, BambooPermission.SOX_COMPLIANCE, BambooPermission.BUILD, BambooPermission.CLONE, BambooPermission.CREATE, BambooPermission.CREATE_REPOSITORY, BambooPermission.DELETE, BambooPermission.SIGN_UP, BambooPermission.RESTRICTEDADMINISTRATION, BambooPermission.ADMINISTRATION, new BambooPermission[0]);
    public static final Ordering<BambooPermission> PERMISSIONS_ORDERING = Ordering.explicit(PERMISSIONS_LIST_IN_ORDER);

    public static User validateUser(String str, BambooUserManager bambooUserManager) {
        User user = bambooUserManager.getUser(str);
        Preconditions.checkArgument(user != null, String.format("User: %s does not exist", str));
        return user;
    }

    public static Group validateGroup(String str, BambooUserManager bambooUserManager) {
        Group group = bambooUserManager.getGroup(str);
        Preconditions.checkArgument(group != null, String.format("Group: %s does not exist", str));
        return group;
    }

    public static void assertCanManagePermissionsForDeploymentProject(DeploymentProject deploymentProject, BambooPermissionManager bambooPermissionManager) throws AccessDeniedException {
        hasPermissionFor(deploymentProject, "deployment project", bambooPermissionManager, BambooPermission.WRITE);
    }

    public static void assertCanManagePermissionsForEnvironment(Environment environment, BambooPermissionManager bambooPermissionManager) throws AccessDeniedException {
        hasPermissionFor(environment, "environment", bambooPermissionManager, BambooPermission.WRITE);
    }

    public static void assertCanManagePermissionsForRepository(RepositoryDataEntity repositoryDataEntity, BambooPermissionManager bambooPermissionManager) throws AccessDeniedException {
        hasPermissionFor(repositoryDataEntity, "repository", bambooPermissionManager, BambooPermission.ADMINISTRATION);
    }

    private static void hasPermissionFor(Object obj, String str, BambooPermissionManager bambooPermissionManager, BambooPermission bambooPermission) throws AccessDeniedException {
        if (!bambooPermissionManager.hasPermission(bambooPermission, obj, (Authentication) null)) {
            throw new AccessDeniedException(String.format("Not allowed to access %s: %s permissions", str, obj.toString()));
        }
    }

    public static void validatePermissions(List<BambooPermission> list, Collection<BambooPermission> collection, String str) throws IllegalArgumentException {
        List list2 = (List) list.stream().filter(bambooPermission -> {
            return !collection.contains(bambooPermission);
        }).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
        if (!list2.isEmpty()) {
            throw new IllegalArgumentException(String.format("Following permissions can not be a %s permission: %s", str, list2));
        }
    }

    @NotNull
    public static Set<BambooPermission> extractDependencies(Multimap<BambooPermission, BambooPermission> multimap, Collection<BambooPermission> collection, BambooPermission bambooPermission) {
        Stream flatMap = ((Collection) multimap.asMap().getOrDefault(bambooPermission, Collections.emptyList())).stream().flatMap(bambooPermission2 -> {
            return Stream.concat(Stream.of(bambooPermission2), extractDependencies(multimap, collection, bambooPermission2).stream());
        });
        collection.getClass();
        return (Set) flatMap.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toSet());
    }

    public static void validateDependenciesAfterGranting(@NotNull Collection<BambooPermission> collection, @NotNull Function<BambooPermission, Collection<BambooPermission>> function) throws IllegalArgumentException {
        validateDependenciesAfterGranting(collection, function, (v0) -> {
            return v0.getName();
        }, IllegalArgumentException::new);
    }

    public static <E extends Exception> void validateDependenciesAfterGranting(@NotNull Collection<BambooPermission> collection, @NotNull Function<BambooPermission, Collection<BambooPermission>> function, @NotNull Function<BambooPermission, String> function2, @NotNull Function<String, E> function3) throws Exception {
        ImmutableMultimap<BambooPermission, BambooPermission> findMissingDependencies = findMissingDependencies(collection, function);
        Optional max = findMissingDependencies.keys().stream().max(PERMISSIONS_ORDERING);
        if (max.isPresent()) {
            BambooPermission bambooPermission = (BambooPermission) max.get();
            throw function3.apply(String.format("When granting %s permission the following permissions must also be granted: %s", String.format("\"%s\"", function2.apply(bambooPermission)), (String) ((List) findMissingDependencies.get(bambooPermission).stream().sorted(PERMISSIONS_ORDERING).collect(Collectors.toList())).stream().map(function2).map(str -> {
                return String.format("\"%s\"", str);
            }).collect(Collectors.joining(", "))));
        }
    }

    public static void validateDependenciesAfterRevoking(@NotNull Collection<BambooPermission> collection, @NotNull Function<BambooPermission, Collection<BambooPermission>> function) {
        validateDependenciesAfterRevoking(collection, function, (v0) -> {
            return v0.getName();
        }, IllegalArgumentException::new);
    }

    public static <E extends Exception> void validateDependenciesAfterRevoking(@NotNull Collection<BambooPermission> collection, @NotNull Function<BambooPermission, Collection<BambooPermission>> function, @NotNull Function<BambooPermission, String> function2, @NotNull Function<String, E> function3) throws Exception {
        ImmutableMultimap inverse = findMissingDependencies(collection, function).inverse();
        Optional max = inverse.keys().stream().max(PERMISSIONS_ORDERING);
        if (max.isPresent()) {
            BambooPermission bambooPermission = (BambooPermission) max.get();
            throw function3.apply(String.format("When revoking %s permission the following permissions must also be revoked: %s", String.format("\"%s\"", function2.apply(bambooPermission)), (String) ((List) inverse.get(bambooPermission).stream().sorted(PERMISSIONS_ORDERING).collect(Collectors.toList())).stream().map(function2).map(str -> {
                return String.format("\"%s\"", str);
            }).collect(Collectors.joining(", "))));
        }
    }

    @NotNull
    public static ImmutableMultimap<BambooPermission, BambooPermission> findMissingDependencies(@NotNull Collection<BambooPermission> collection, @NotNull Function<BambooPermission, Collection<BambooPermission>> function) {
        ImmutableSetMultimap.Builder builder = ImmutableSetMultimap.builder();
        for (BambooPermission bambooPermission : collection) {
            for (BambooPermission bambooPermission2 : function.apply(bambooPermission)) {
                if (!collection.contains(bambooPermission2)) {
                    builder.put(bambooPermission, bambooPermission2);
                }
            }
        }
        return builder.build();
    }

    @NotNull
    public static Collection<BambooPermission> getPermissionsAndDependencies(@NotNull Collection<BambooPermission> collection, @NotNull Function<BambooPermission, Collection<BambooPermission>> function) {
        LinkedList linkedList = new LinkedList(collection);
        HashSet hashSet = new HashSet(collection);
        while (!linkedList.isEmpty()) {
            for (BambooPermission bambooPermission : function.apply((BambooPermission) linkedList.poll())) {
                if (!hashSet.contains(bambooPermission)) {
                    linkedList.add(bambooPermission);
                    hashSet.add(bambooPermission);
                }
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }
}
