package com.atlassian.bamboo.configuration;

import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.security.acegi.BambooAcegiSecurityUtils;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.GroupPrincipalSid;
import com.atlassian.bamboo.security.acegi.acls.HibernateMutableAclService;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.user.BambooUser;
import com.atlassian.bamboo.user.BambooUserManager;
import com.atlassian.bamboo.ww2.BambooActionSupport;
import com.atlassian.bamboo.ww2.actions.ViewActivityLog;
import java.io.Serializable;
import java.util.Optional;
import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.MutableAcl;
import org.acegisecurity.acls.NotFoundException;
import org.acegisecurity.acls.Permission;
import org.acegisecurity.acls.objectidentity.ObjectIdentity;
import org.acegisecurity.acls.sid.PrincipalSid;
import org.acegisecurity.acls.sid.Sid;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/bamboo/configuration/AddPermissionAction.class */
public class AddPermissionAction extends BambooActionSupport {
    private static final String USER_PRINCIPAL_TYPE = "User";
    private static final String GROUP_PRINCIPAL_TYPE = "Group";

    @Autowired
    private HibernateMutableAclService aclService;

    @Autowired
    private BambooUserManager bambooUserManager;
    private MutableAcl acl;
    private Acl globalAcl;
    private String newUser;
    private String newGroup;
    private String principalType = USER_PRINCIPAL_TYPE;
    private String permissionToGrant;
    private String javaType;
    private long entityId;

    public String createPrincipal() throws Exception {
        String str = this.principalType;
        boolean z = -1;
        switch (str.hashCode()) {
            case 2645995:
                if (str.equals(USER_PRINCIPAL_TYPE)) {
                    z = false;
                    break;
                }
                break;
            case 69076575:
                if (str.equals(GROUP_PRINCIPAL_TYPE)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return addUserPrincipal();
            case ViewActivityLog.DEFAULT_REFRESH_RATE /* 1 */:
                return addGroupPrincipal();
            default:
                addActionError("Unknown principal type: " + this.principalType);
                return "error";
        }
    }

    private String addUserPrincipal() throws Exception {
        BambooUser bambooUser = this.bambooUserManager.getBambooUser(this.newUser);
        if (bambooUser == null) {
            addActionError("The user you specified is not valid.");
            return "error";
        }
        MutableAcl acl = getAcl();
        if (acl == null) {
            addActionError("Could not perform operation, no permission settings available for this entity.");
            return "error";
        }
        PrincipalSid principalSid = new PrincipalSid(this.newUser);
        acl.insertAce((Serializable) null, (Permission) Optional.ofNullable(getPermissionToGrant()).map(BambooPermission::buildFromName).orElse(BambooPermission.READ), principalSid, true);
        if (getAdministrationConfiguration().isSoxComplianceModeEnabled() && BambooAcegiSecurityUtils.hasAuthority(bambooUser, Authority.SOX_COMPLIANT_USER)) {
            acl.insertAce((Serializable) null, BambooPermission.BUILD, principalSid, true);
        }
        this.aclService.updateAcl(acl);
        return "success";
    }

    private String addGroupPrincipal() throws Exception {
        if (this.bambooUserManager.getGroup(this.newGroup) == null) {
            addActionError("The group you specified is not valid");
            return "error";
        }
        MutableAcl acl = getAcl();
        if (acl == null) {
            addActionError("Could not perform operation, no permission settings available for this entity.");
            return "error";
        }
        GroupPrincipalSid groupPrincipalSid = new GroupPrincipalSid(this.newGroup);
        acl.insertAce((Serializable) null, (Permission) Optional.ofNullable(getPermissionToGrant()).map(BambooPermission::buildFromName).orElse(BambooPermission.READ), groupPrincipalSid, true);
        if (getAdministrationConfiguration().isSoxComplianceModeEnabled() && hasSoxCompliancePermission(groupPrincipalSid)) {
            acl.insertAce((Serializable) null, BambooPermission.BUILD, groupPrincipalSid, true);
        }
        this.aclService.updateAcl(acl);
        return "success";
    }

    private boolean hasSoxCompliancePermission(@NotNull Sid sid) {
        try {
            return getGlobalAcl().isGranted(new Permission[]{BambooPermission.SOX_COMPLIANCE}, new Sid[]{sid}, false);
        } catch (NotFoundException e) {
            return false;
        }
    }

    @NotNull
    private ObjectIdentity getObjectIdentity() {
        return new HibernateObjectIdentityImpl(this.javaType, Long.valueOf(this.entityId));
    }

    @Nullable
    public MutableAcl getAcl() {
        if (this.acl == null) {
            this.acl = this.aclService.readMutableAclById(getObjectIdentity());
        }
        return this.acl;
    }

    public void setAcl(MutableAcl mutableAcl) {
        this.acl = mutableAcl;
    }

    private Acl getGlobalAcl() {
        if (this.globalAcl == null) {
            this.globalAcl = this.aclService.readMutableAclById(new HibernateObjectIdentityImpl(GlobalApplicationSecureObject.INSTANCE));
        }
        return this.globalAcl;
    }

    public String getNewUser() {
        return this.newUser;
    }

    public void setNewUser(String str) {
        this.newUser = str;
    }

    public String getNewGroup() {
        return this.newGroup;
    }

    public void setNewGroup(String str) {
        this.newGroup = str;
    }

    public long getEntityId() {
        return this.entityId;
    }

    public void setEntityId(long j) {
        this.entityId = j;
    }

    public String getJavaType() {
        return this.javaType;
    }

    public void setJavaType(String str) {
        this.javaType = str;
    }

    public String getPrincipalType() {
        return this.principalType;
    }

    public void setPrincipalType(String str) {
        this.principalType = str;
    }

    public String getPermissionToGrant() {
        return this.permissionToGrant;
    }

    public void setPermissionToGrant(String str) {
        this.permissionToGrant = str;
    }
}
