package com.atlassian.bamboo.configuration.external;

import com.atlassian.bamboo.FeatureManager;
import com.atlassian.bamboo.configuration.external.helpers.PermissionHelper;
import com.atlassian.bamboo.configuration.external.helpers.PlanImportHelper;
import com.atlassian.bamboo.configuration.external.helpers.YamlHelper;
import com.atlassian.bamboo.configuration.external.util.PropertiesValidator;
import com.atlassian.bamboo.exception.UnauthorisedException;
import com.atlassian.bamboo.exception.YamlValidationException;
import com.atlassian.bamboo.persistence.TransactionAndHibernateTemplate;
import com.atlassian.bamboo.plan.PlanManager;
import com.atlassian.bamboo.plan.PlanPermissionsService;
import com.atlassian.bamboo.plan.TopLevelPlan;
import com.atlassian.bamboo.plan.cache.ImmutablePlan;
import com.atlassian.bamboo.security.BambooPermissionManager;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.HibernateMutableAclService;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.specs.api.builders.permission.PlanPermissions;
import com.atlassian.bamboo.specs.api.builders.plan.PlanIdentifier;
import com.atlassian.bamboo.specs.api.exceptions.PropertiesValidationException;
import com.atlassian.bamboo.specs.api.model.EntityProperties;
import com.atlassian.bamboo.specs.api.model.permission.GroupPermissionProperties;
import com.atlassian.bamboo.specs.api.model.permission.PermissionsProperties;
import com.atlassian.bamboo.specs.api.model.permission.PlanPermissionsProperties;
import com.atlassian.bamboo.specs.api.model.permission.UserPermissionProperties;
import com.atlassian.bamboo.specs.api.model.plan.PlanIdentifierProperties;
import com.atlassian.bamboo.specs.api.util.EntityPropertiesBuilders;
import com.atlassian.bamboo.specs.api.validators.common.ImporterUtils;
import com.atlassian.bamboo.specs.api.validators.common.ValidationContext;
import com.atlassian.bamboo.user.BambooUserManager;
import com.google.common.annotations.VisibleForTesting;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.acegisecurity.acls.MutableAcl;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/configuration/external/PlanPermissionServiceImpl.class */
public class PlanPermissionServiceImpl implements PlanPermissionService {

    @VisibleForTesting
    static final ValidationContext ROOT_VALIDATION_CONTEXT = ValidationContext.of("Plan permissions");

    @Inject
    private TransactionAndHibernateTemplate bambooTransactionHibernateTemplate;

    @Inject
    private PlanManager planManager;

    @Inject
    private HibernateMutableAclService aclService;

    @Inject
    private BambooPermissionManager bambooPermissionManager;

    @Inject
    private PlanPermissionsService planPermissionsService;

    @Inject
    private BambooUserManager userManager;

    @Inject
    private FeatureManager featureManager;

    @Override // com.atlassian.bamboo.configuration.external.PlanPermissionService
    @NotNull
    public PlanPermissionsProperties convertYamlToPlanPermission(@NotNull String str) throws PropertiesValidationException, YamlValidationException {
        PlanPermissionsProperties parse = YamlHelper.parse(str, PlanPermissionsProperties.class);
        PropertiesValidator.validate((EntityProperties) parse);
        return parse;
    }

    @Override // com.atlassian.bamboo.configuration.external.PlanPermissionService
    public void importPlanPermission(PlanPermissionsProperties planPermissionsProperties, RssPermissions rssPermissions) throws PropertiesValidationException, UnauthorisedException {
        Optional findExistingPlanByOidOrKey = PlanImportHelper.findExistingPlanByOidOrKey(planPermissionsProperties.getPlanIdentifier(), this.planManager, TopLevelPlan.class);
        if (!findExistingPlanByOidOrKey.isPresent()) {
            throw new PropertiesValidationException(String.format("Trying to import plan permission with plan permission for non-existing plan: %s", planPermissionsProperties.getPlanIdentifier()));
        }
        importPlanPermission((ImmutablePlan) findExistingPlanByOidOrKey.get(), planPermissionsProperties.getPermissions(), rssPermissions);
    }

    @Override // com.atlassian.bamboo.configuration.external.PlanPermissionService
    public PlanPermissionsProperties exportPlanPermission(PlanIdentifierProperties planIdentifierProperties) {
        Optional findExistingPlanByOidOrKey = PlanImportHelper.findExistingPlanByOidOrKey(planIdentifierProperties, this.planManager, TopLevelPlan.class);
        if (findExistingPlanByOidOrKey.isPresent()) {
            return exportPlanPermission((ImmutablePlan) findExistingPlanByOidOrKey.get());
        }
        throw new PropertiesValidationException(String.format("Trying to export plan permission with plan permission for non-existing plan: %s", planIdentifierProperties));
    }

    private void importPlanPermission(ImmutablePlan immutablePlan, PermissionsProperties permissionsProperties, RssPermissions rssPermissions) {
        this.bambooTransactionHibernateTemplate.execute(transactionStatus -> {
            if (!this.bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION) && !this.bambooPermissionManager.hasPlanPermission(BambooPermission.ADMINISTRATION, immutablePlan)) {
                throw new UnauthorisedException(String.format("You don't have ADMIN permission to import plan permission for plan: %s", immutablePlan.getKey()));
            }
            if (!rssPermissions.isProjectAllowed(immutablePlan.getProject().getKey())) {
                throw new UnauthorisedException(String.format("The specs stored in the repository '%s' don't have permission to import plan permissions for plan '%s'", rssPermissions.getSpecsRepositoryName(), immutablePlan.getKey()));
            }
            ValidationContext with = ROOT_VALIDATION_CONTEXT.with("Users");
            ValidationContext with2 = ROOT_VALIDATION_CONTEXT.with("Groups");
            validateUsers(with, permissionsProperties.getUserPermissions());
            validateGroups(with2, permissionsProperties.getGroupPermissions());
            MutableAcl readMutableAclById = this.aclService.readMutableAclById(new HibernateObjectIdentityImpl(immutablePlan));
            ArrayList arrayList = new ArrayList();
            PlanPermissionsService planPermissionsService = this.planPermissionsService;
            planPermissionsService.getClass();
            PermissionHelper.addPermissionsToList(arrayList, planPermissionsService::permissionDependencies, permissionsProperties, this.featureManager.isViewConfigurationPermissionEnabled());
            this.aclService.updateAclAces(readMutableAclById, arrayList);
            return null;
        });
    }

    private PlanPermissionsProperties exportPlanPermission(ImmutablePlan immutablePlan) {
        return (PlanPermissionsProperties) this.bambooTransactionHibernateTemplate.execute(transactionStatus -> {
            if (this.bambooPermissionManager.hasGlobalPermission(BambooPermission.RESTRICTEDADMINISTRATION) || this.bambooPermissionManager.hasPlanPermission(BambooPermission.ADMINISTRATION, immutablePlan)) {
                return EntityPropertiesBuilders.build(new PlanPermissions(new PlanIdentifier(immutablePlan.getProject().getKey(), immutablePlan.getBuildKey())).permissions(PermissionHelper.createFromAcl(this.aclService.readAclById(new HibernateObjectIdentityImpl(immutablePlan)), this.featureManager.isViewConfigurationPermissionEnabled())));
            }
            throw new UnauthorisedException("You don't have ADMIN permission to export plan permission for plan: " + immutablePlan.getKey());
        });
    }

    private void validateUsers(@NotNull ValidationContext validationContext, @NotNull List<UserPermissionProperties> list) throws PropertiesValidationException {
        List list2 = (List) list.stream().map((v0) -> {
            return v0.getUsername();
        }).filter(str -> {
            return this.userManager.getUser(str) == null;
        }).collect(Collectors.toList());
        ImporterUtils.checkArgument(validationContext, list2.isEmpty(), "Cannot set permission for non existing users: " + list2);
    }

    private void validateGroups(@NotNull ValidationContext validationContext, @NotNull List<GroupPermissionProperties> list) throws PropertiesValidationException {
        List list2 = (List) list.stream().map((v0) -> {
            return v0.getGroup();
        }).filter(str -> {
            return this.userManager.getGroup(str) == null;
        }).collect(Collectors.toList());
        ImporterUtils.checkArgument(validationContext, list2.isEmpty(), "Cannot set permission for non existing groups: " + list2);
    }
}
