package com.atlassian.bamboo.upgrade.tasks.v6_3;

import com.atlassian.bamboo.configuration.AdministrationConfigurationAccessor;
import com.atlassian.bamboo.deployments.environments.persistence.EnvironmentDao;
import com.atlassian.bamboo.deployments.projects.persistence.DeploymentProjectDao;
import com.atlassian.bamboo.persistence.BambooTransactionHibernateTemplate;
import com.atlassian.bamboo.plan.PlanDao;
import com.atlassian.bamboo.plan.TopLevelPlan;
import com.atlassian.bamboo.project.ProjectDao;
import com.atlassian.bamboo.project.ProjectPlanPermissions;
import com.atlassian.bamboo.repository.RepositoryDefinitionDao;
import com.atlassian.bamboo.security.GlobalApplicationSecureObject;
import com.atlassian.bamboo.security.acegi.BambooAcegiSecurityUtils;
import com.atlassian.bamboo.security.acegi.acls.AclDao;
import com.atlassian.bamboo.security.acegi.acls.BambooAclUpdateHelper;
import com.atlassian.bamboo.security.acegi.acls.BambooPermission;
import com.atlassian.bamboo.security.acegi.acls.HibernateObjectIdentityImpl;
import com.atlassian.bamboo.upgrade.AbstractUpgradeTask;
import com.atlassian.bamboo.upgrade.utils.DatabaseUpgradePaginator;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.MultimapBuilder;
import com.google.common.collect.Multimaps;
import com.google.common.collect.SetMultimap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.acegisecurity.acls.MutableAcl;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v6_3/UpgradeTask60301GrantMissingPermissions.class */
public class UpgradeTask60301GrantMissingPermissions extends AbstractUpgradeTask {
    private static final Logger log = Logger.getLogger(UpgradeTask60301GrantMissingPermissions.class);

    @Autowired
    private AdministrationConfigurationAccessor administrationConfigurationAccessor;

    @Autowired
    private AclDao aclDao;

    @Autowired
    private BambooAclUpdateHelper aclUpdateHelper;

    @Autowired
    private DatabaseUpgradePaginator upgradePaginator;

    @Autowired
    private BambooTransactionHibernateTemplate bambooTransactionHibernateTemplate;

    @Autowired
    private PlanDao planDao;

    @Autowired
    private ProjectDao projectDao;

    @Autowired
    private RepositoryDefinitionDao repositoryDefinitionDao;

    @Autowired
    private DeploymentProjectDao deploymentProjectDao;

    @Autowired
    private EnvironmentDao environmentDao;

    /* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v6_3/UpgradeTask60301GrantMissingPermissions$Dependencies.class */
    private interface Dependencies {
        public static final Multimap<BambooPermission, BambooPermission> GLOBAL_PERMISSION_DEPENDENCIES = UpgradeTask60301GrantMissingPermissions.calculateEffectiveDependencies(ImmutableMultimap.builder().put(BambooPermission.SOX_COMPLIANCE, BambooPermission.READ).put(BambooPermission.CREATE, BambooPermission.READ).put(BambooPermission.CREATE_REPOSITORY, BambooPermission.READ).put(BambooPermission.RESTRICTEDADMINISTRATION, BambooPermission.CREATE).put(BambooPermission.RESTRICTEDADMINISTRATION, BambooPermission.CREATE_REPOSITORY).put(BambooPermission.ADMINISTRATION, BambooPermission.RESTRICTEDADMINISTRATION).build());
        public static final Multimap<BambooPermission, BambooPermission> PLAN_PERMISSION_DEPENDENCIES = UpgradeTask60301GrantMissingPermissions.calculateEffectiveDependencies(ImmutableMultimap.builder().put(BambooPermission.WRITE, BambooPermission.READ).put(BambooPermission.BUILD, BambooPermission.READ).put(BambooPermission.CLONE, BambooPermission.READ).put(BambooPermission.ADMINISTRATION, BambooPermission.WRITE).put(BambooPermission.ADMINISTRATION, BambooPermission.BUILD).put(BambooPermission.ADMINISTRATION, BambooPermission.CLONE).build());
        public static final Multimap<BambooPermission, BambooPermission> PROJECT_PERMISSION_DEPENDENCIES = UpgradeTask60301GrantMissingPermissions.calculateEffectiveDependencies(ImmutableMultimap.builder().put(BambooPermission.ADMINISTRATION, BambooPermission.CREATE).build());
        public static final Multimap<BambooPermission, BambooPermission> PROJECT_PLAN_PERMISSION_DEPENDENCIES = PLAN_PERMISSION_DEPENDENCIES;
        public static final Multimap<BambooPermission, BambooPermission> REPOSITORY_PERMISSION_DEPENDENCIES = UpgradeTask60301GrantMissingPermissions.calculateEffectiveDependencies(ImmutableMultimap.builder().put(BambooPermission.ADMINISTRATION, BambooPermission.READ).build());
        public static final Multimap<BambooPermission, BambooPermission> DEPLOYMENT_PROJECT_PERMISSION_DEPENDENCIES = UpgradeTask60301GrantMissingPermissions.calculateEffectiveDependencies(ImmutableMultimap.builder().put(BambooPermission.WRITE, BambooPermission.READ).build());
        public static final Multimap<BambooPermission, BambooPermission> ENVIRONMENT_PERMISSION_DEPENDENCIES = UpgradeTask60301GrantMissingPermissions.calculateEffectiveDependencies(ImmutableMultimap.builder().put(BambooPermission.WRITE, BambooPermission.READ).put(BambooPermission.BUILD, BambooPermission.READ).build());
    }

    public UpgradeTask60301GrantMissingPermissions() {
        super("Grant missing dependent permissions to all principals");
    }

    public void doUpgrade() throws Exception {
        log.info("Upgrading global permissions");
        Multimap<BambooPermission, BambooPermission> filterRestrictedAdminIfRoleDisabled = filterRestrictedAdminIfRoleDisabled(Dependencies.GLOBAL_PERMISSION_DEPENDENCIES);
        this.bambooTransactionHibernateTemplate.doWork(connection -> {
            doUpgrade(GlobalApplicationSecureObject.INSTANCE, filterRestrictedAdminIfRoleDisabled);
        });
        log.info(String.format("Upgrading permissions of %d plans", Long.valueOf(this.planDao.countAll(TopLevelPlan.class))));
        this.upgradePaginator.forEach((i, i2) -> {
            return this.planDao.findAllPlans(TopLevelPlan.class, i, i2);
        }, topLevelPlan -> {
            doUpgrade(topLevelPlan, Dependencies.PLAN_PERMISSION_DEPENDENCIES);
        });
        log.info(String.format("Upgrading permissions of %d projects (also upgrading project-plan permissions)", Long.valueOf(this.projectDao.count().longValue())));
        DatabaseUpgradePaginator databaseUpgradePaginator = this.upgradePaginator;
        ProjectDao projectDao = this.projectDao;
        projectDao.getClass();
        databaseUpgradePaginator.forEach(projectDao::findAll, project -> {
            doUpgrade(project, Dependencies.PROJECT_PERMISSION_DEPENDENCIES);
            doUpgrade(new ProjectPlanPermissions(project), Dependencies.PROJECT_PLAN_PERMISSION_DEPENDENCIES);
        });
        log.info(String.format("Upgrading permissions of %d repositories", Long.valueOf(this.repositoryDefinitionDao.countTopLevelGlobalRepositories())));
        DatabaseUpgradePaginator databaseUpgradePaginator2 = this.upgradePaginator;
        RepositoryDefinitionDao repositoryDefinitionDao = this.repositoryDefinitionDao;
        repositoryDefinitionDao.getClass();
        databaseUpgradePaginator2.forEach(repositoryDefinitionDao::getTopLevelGlobalRepositories, repositoryDataEntity -> {
            doUpgrade(repositoryDataEntity, Dependencies.REPOSITORY_PERMISSION_DEPENDENCIES);
        });
        log.info(String.format("Upgrading permissions of %d deployment projects", Long.valueOf(this.deploymentProjectDao.countAllDeploymentProjects())));
        DatabaseUpgradePaginator databaseUpgradePaginator3 = this.upgradePaginator;
        DeploymentProjectDao deploymentProjectDao = this.deploymentProjectDao;
        deploymentProjectDao.getClass();
        databaseUpgradePaginator3.forEach(deploymentProjectDao::getAllDeploymentProjects, mutableDeploymentProject -> {
            doUpgrade(mutableDeploymentProject, Dependencies.DEPLOYMENT_PROJECT_PERMISSION_DEPENDENCIES);
        });
        log.info(String.format("Upgrading permissions of %d environments", Long.valueOf(this.environmentDao.countAll())));
        DatabaseUpgradePaginator databaseUpgradePaginator4 = this.upgradePaginator;
        EnvironmentDao environmentDao = this.environmentDao;
        environmentDao.getClass();
        databaseUpgradePaginator4.forEach(environmentDao::findAll, mutableEnvironment -> {
            doUpgrade(mutableEnvironment, Dependencies.ENVIRONMENT_PERMISSION_DEPENDENCIES);
        });
    }

    @VisibleForTesting
    void doUpgrade(@NotNull Object obj, @NotNull Multimap<BambooPermission, BambooPermission> multimap) {
        HibernateObjectIdentityImpl hibernateObjectIdentityImpl = new HibernateObjectIdentityImpl(obj);
        Map findAcls = this.aclDao.findAcls(hibernateObjectIdentityImpl);
        if (findAcls.isEmpty()) {
            log.warn("ACL for entity not found: " + hibernateObjectIdentityImpl);
            return;
        }
        MutableAcl mutableAcl = (MutableAcl) findAcls.get(new AclDao.ObjectIdentityDto(hibernateObjectIdentityImpl));
        ArrayList arrayList = new ArrayList();
        Map asMap = multimap.asMap();
        SetMultimap build = MultimapBuilder.treeKeys(BambooAcegiSecurityUtils.sidComparator()).hashSetValues().build();
        Arrays.stream(mutableAcl.getEntries()).forEach(accessControlEntry -> {
            build.put(accessControlEntry.getSid(), accessControlEntry.getPermission());
        });
        build.asMap().forEach((sid, collection) -> {
            ((List) collection.stream().flatMap(bambooPermission -> {
                return Stream.concat(Stream.of(bambooPermission), ((Collection) asMap.getOrDefault(bambooPermission, Collections.emptyList())).stream());
            }).distinct().collect(Collectors.toList())).forEach(bambooPermission2 -> {
                arrayList.add(BambooAclUpdateHelper.createPermissionKey(sid, bambooPermission2.getName()));
            });
        });
        if (arrayList.size() > build.size()) {
            this.aclUpdateHelper.modifyAclAces(mutableAcl, arrayList);
            this.aclDao.save(mutableAcl);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotNull
    public static Multimap<BambooPermission, BambooPermission> calculateEffectiveDependencies(@NotNull Multimap<BambooPermission, BambooPermission> multimap) {
        ImmutableMultimap.Builder builder = ImmutableMultimap.builder();
        multimap.keySet().forEach(bambooPermission -> {
            builder.putAll(bambooPermission, calculateEffectiveDependencies(multimap, bambooPermission));
        });
        return builder.build();
    }

    @NotNull
    private static Collection<BambooPermission> calculateEffectiveDependencies(@NotNull Multimap<BambooPermission, BambooPermission> multimap, @NotNull BambooPermission bambooPermission) {
        return (Collection) ((Collection) multimap.asMap().getOrDefault(bambooPermission, Collections.emptyList())).stream().flatMap(bambooPermission2 -> {
            return Stream.concat(Stream.of(bambooPermission2), calculateEffectiveDependencies(multimap, bambooPermission2).stream());
        }).collect(Collectors.toSet());
    }

    @NotNull
    private Multimap<BambooPermission, BambooPermission> filterRestrictedAdminIfRoleDisabled(@NotNull Multimap<BambooPermission, BambooPermission> multimap) {
        return this.administrationConfigurationAccessor.getAdministrationConfiguration().isEnableRestrictedAdmin() ? multimap : Multimaps.filterEntries(multimap, entry -> {
            return (entry == null || Objects.equals(entry.getKey(), BambooPermission.RESTRICTEDADMINISTRATION) || Objects.equals(entry.getValue(), BambooPermission.RESTRICTEDADMINISTRATION)) ? false : true;
        });
    }
}
