package com.atlassian.bamboo.configuration;

import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.HibernateAclImpl;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.user.BambooUser;
import com.atlassian.bamboo.ww2.aware.permissions.GlobalAdminSecurityAware;
import com.atlassian.struts.Preparable;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/bamboo/configuration/ConfigureGlobalPermissions.class */
public class ConfigureGlobalPermissions extends AbstractPermissionAction implements GlobalAdminSecurityAware, Preparable {
    private static final Logger log = Logger.getLogger(ConfigureGlobalPermissions.class);
    private static final String ANONYMOUS_ACCESS_ALLOWED_PERMISSION_KEY = BambooAclUpdateHelper.createRolePermissionKey(Authority.ANONYMOUS.getAuthority(), BambooPermission.READ.getName());

    @Autowired
    private AdministrationConfigurationAccessor administrationConfigurationAccessor;

    @Autowired
    private AdministrationConfigurationPersister administrationConfigurationPersister;
    private Map<String, String> editablePermissions = new LinkedHashMap();
    private Map<String, String> editablePermissionsForLoggedInUsers = new LinkedHashMap();
    private Map<String, String> editablePermissionsForAnonymousUsers = new LinkedHashMap();

    public void prepare() throws Exception {
        this.editablePermissions.put("config.global.permissions.read", BambooPermission.READ.getName());
        if (getAdministrationConfiguration().isSoxComplianceModeEnabled()) {
            this.editablePermissions.put("config.global.permissions.sox.compliance", BambooPermission.SOX_COMPLIANCE.getName());
        }
        this.editablePermissions.put("config.global.permissions.create", BambooPermission.CREATE.getName());
        this.editablePermissions.put("config.global.permissions.create.repository", BambooPermission.CREATE_REPOSITORY.getName());
        if (isRestrictedAdminEnabled()) {
            this.editablePermissions.put("config.global.permissions.restricted.admin", BambooPermission.RESTRICTEDADMINISTRATION.getName());
        }
        if (hasGlobalAdminPermission()) {
            this.editablePermissions.put("config.global.permissions.admin", BambooPermission.ADMINISTRATION.getName());
        }
        this.editablePermissionsForLoggedInUsers.put("config.global.permissions.read", BambooPermission.READ.getName());
        if (getAdministrationConfiguration().isSoxComplianceModeEnabled()) {
            this.editablePermissionsForLoggedInUsers.put("config.global.permissions.sox.compliance", BambooPermission.SOX_COMPLIANCE.getName());
        }
        this.editablePermissionsForLoggedInUsers.put("config.global.permissions.create", BambooPermission.CREATE.getName());
        this.editablePermissionsForLoggedInUsers.put("config.global.permissions.create.repository", BambooPermission.CREATE_REPOSITORY.getName());
        this.editablePermissionsForAnonymousUsers.put("config.global.permissions.read", BambooPermission.READ.getName());
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    @Nullable
    public MutableAcl getAcl() {
        if (this.acl == null) {
            synchronized (GlobalApplicationSecureObject.INSTANCE) {
                HibernateObjectIdentityImpl hibernateObjectIdentityImpl = new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.INSTANCE);
                try {
                    this.acl = this.aclService.readMutableAclById(hibernateObjectIdentityImpl);
                } catch (NotFoundException e) {
                    log.warn("Bamboo cannot find a access control entry for the global application. Creating a new one.");
                    this.acl = this.aclService.createAcl(hibernateObjectIdentityImpl);
                    PrincipalSid principalSid = new PrincipalSid(getUser().getName());
                    this.acl = new HibernateAclImpl(new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.class, GlobalApplicationSecureObject.INSTANCE.getId()), (Acl) null, true, principalSid);
                    this.acl.insertAce((Serializable) null, BambooPermission.ADMINISTRATION, principalSid, true);
                }
            }
        }
        return this.acl;
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    @NotNull
    public String getEntityName() {
        return "";
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    @NotNull
    public Map<String, String> getEditablePermissions() {
        return this.editablePermissions;
    }

    public Map<String, String> getEditablePermissionsForLoggedInUsers() {
        return this.editablePermissionsForLoggedInUsers;
    }

    public String getLoggedInUsersPrincipal() {
        return Authority.USER.getAuthority();
    }

    public Map<String, String> getEditablePermissionsForAnonymousUsers() {
        return this.editablePermissionsForAnonymousUsers;
    }

    public String getAnonymousUsersPrincipal() {
        return Authority.ANONYMOUS.getAuthority();
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    public boolean hasEditPermissionForUserName(String str) {
        return hasEditPermissionForUser(getBambooUserManager().getBambooUser(str));
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    public boolean hasEditPermissionForUser(BambooUser bambooUser) {
        if (bambooUser != null) {
            return hasGlobalAdminPermission() || !getBambooPermissionManager().isSystemAdmin(bambooUser.getName());
        }
        return false;
    }

    @Override // com.atlassian.bamboo.ww2.BambooActionSupport, com.atlassian.bamboo.ww2.aware.permissions.DomainObjectSecurityAware
    public Object getSecuredDomainObject() {
        return GlobalApplicationSecureObject.INSTANCE;
    }

    public String execute() throws Exception {
        return !hasParameters() ? view() : doSave();
    }

    public String view() throws Exception {
        return "input";
    }

    public String doSave() throws Exception {
        return (getActionErrors().isEmpty() && getFieldErrors().isEmpty()) ? ((getAddUserPrincipal() == null || !"Add".equals(getAddUserPrincipal())) && (getAddGroupPrincipal() == null || !"Add".equals(getAddGroupPrincipal()))) ? saveAllPermissions() : "Group".equals(getPrincipalType()) ? doAddGroupPrincipal() : doAddUserPrincipal() : "input";
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    protected String saveAllPermissions() {
        MutableAcl acl = getAcl();
        if (acl == null) {
            addActionError("Could not perform operation, no permission settings available for this instance.");
            return "error";
        }
        if (this.grantedPermissions == null) {
            this.grantedPermissions = new ArrayList();
        }
        Iterator<String> it = this.grantedPermissions.iterator();
        while (it.hasNext()) {
            if (!this.bambooPermissionManager.isAllowedToSetGlobalPermission(this.aclUpdateHelper.getPermission(it.next()))) {
                addActionError("No permission for requested operation");
                resetListsForDisplay();
                return "input";
            }
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        this.aclUpdateHelper.buildPermissionAndUserGroupListsFromAcl(arrayList, arrayList2, arrayList3, arrayList4, acl, hasGlobalAdminPermission(), getBambooPermissionManager());
        List<String> arrayList5 = new ArrayList<>();
        arrayList5.addAll(this.grantedPermissions);
        arrayList5.addAll(arrayList4);
        validateSaveAllPermissions(arrayList5);
        if (hasActionErrors()) {
            resetListsForDisplay();
            return "input";
        }
        this.aclService.updateAclAces(acl, arrayList5);
        persistAnonymousAccessConfiguration();
        addActionMessage("Permissions have been successfully updated.");
        return "success";
    }

    private void persistAnonymousAccessConfiguration() {
        AdministrationConfiguration administrationConfiguration = this.administrationConfigurationAccessor.getAdministrationConfiguration();
        administrationConfiguration.setEnableAnonymousAccess(isAnonymousAccessAllowed(this.grantedPermissions));
        this.administrationConfigurationPersister.saveAdministrationConfiguration(administrationConfiguration);
    }

    private boolean isAnonymousAccessAllowed(List<String> list) {
        return list.contains(ANONYMOUS_ACCESS_ALLOWED_PERMISSION_KEY);
    }

    private void resetListsForDisplay() {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        this.aclUpdateHelper.buildUserGroupListsFromPermissions(this.grantedPermissions, arrayList, arrayList2);
        setGrantedUsers(arrayList);
        setGrantedGroups(arrayList2);
    }

    @Override // com.atlassian.bamboo.configuration.AbstractPermissionAction
    public void validateSaveAllPermissions(List<String> list) {
        String determineNameFromPermission = BambooPermission.determineNameFromPermission(BambooPermission.ADMINISTRATION);
        String determineNameFromPermission2 = BambooPermission.determineNameFromPermission(BambooPermission.RESTRICTEDADMINISTRATION);
        for (String str : list) {
            if (str.endsWith(determineNameFromPermission) && !str.endsWith(determineNameFromPermission2)) {
                return;
            }
        }
        addActionError("There must at least be one global administrator.");
    }
}
