package com.atlassian.jira.bc.projectroles;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.bc.ServiceResult;
import com.atlassian.jira.bc.ServiceResultImpl;
import com.atlassian.jira.event.role.ProjectRoleDeletedEvent;
import com.atlassian.jira.event.role.ProjectRoleUpdatedEvent;
import com.atlassian.jira.exception.DataAccessException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.issue.comments.CommentManager;
import com.atlassian.jira.issue.security.IssueSecurityLevelManager;
import com.atlassian.jira.issue.security.IssueSecuritySchemeManager;
import com.atlassian.jira.issue.worklog.WorklogManager;
import com.atlassian.jira.notification.NotificationSchemeManager;
import com.atlassian.jira.notification.type.ProjectRoleSecurityAndNotificationType;
import com.atlassian.jira.permission.PermissionSchemeManager;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.scheme.SchemeEntity;
import com.atlassian.jira.scheme.SchemeFactory;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.roles.DefaultRoleActors;
import com.atlassian.jira.security.roles.ProjectRole;
import com.atlassian.jira.security.roles.ProjectRoleActor;
import com.atlassian.jira.security.roles.ProjectRoleActors;
import com.atlassian.jira.security.roles.ProjectRoleManager;
import com.atlassian.jira.security.roles.RoleActor;
import com.atlassian.jira.security.roles.RoleActorDoesNotExistException;
import com.atlassian.jira.security.roles.RoleActorFactory;
import com.atlassian.jira.sharing.SharePermissionDeleteUtils;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.ErrorCollections;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.jira.util.collect.CollectionBuilder;
import com.atlassian.jira.web.util.ChangeHistoryUtils;
import com.atlassian.jira.workflow.JiraWorkflow;
import com.atlassian.jira.workflow.WorkflowManager;
import com.atlassian.jira.workflow.condition.InProjectRoleCondition;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.opensymphony.util.TextUtils;
import com.opensymphony.workflow.loader.ActionDescriptor;
import com.opensymphony.workflow.loader.ConditionDescriptor;
import com.opensymphony.workflow.loader.ConditionsDescriptor;
import com.opensymphony.workflow.loader.RestrictionDescriptor;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import org.apache.commons.collections.MultiHashMap;
import org.apache.commons.collections.MultiMap;
import org.apache.commons.lang.StringUtils;
import org.ofbiz.core.entity.GenericEntityException;
import org.ofbiz.core.entity.GenericValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/bc/projectroles/DefaultProjectRoleService.class */
public class DefaultProjectRoleService implements ProjectRoleService {
    private static final Logger log = LoggerFactory.getLogger(DefaultProjectRoleService.class);
    private ProjectRoleManager projectRoleManager;
    private PermissionManager permissionManager;
    private JiraAuthenticationContext jiraAuthenticationContext;
    private RoleActorFactory roleActorFactory;
    private NotificationSchemeManager notificationSchemeManager;
    private PermissionSchemeManager permissionSchemeManager;
    private WorkflowManager workflowManager;
    private ProjectManager projectManager;
    private SchemeFactory schemeFactory;
    private final IssueSecurityLevelManager issueSecurityLevelManager;
    private final SharePermissionDeleteUtils sharePermissionDeleteUtils;
    private IssueSecuritySchemeManager issueSecuritySchemeManager;
    private EventPublisher eventPublisher;
    private final WorklogManager worklogManager;
    private final CommentManager commentManager;

    public DefaultProjectRoleService(ProjectRoleManager projectRoleManager, PermissionManager permissionManager, JiraAuthenticationContext jiraAuthenticationContext, RoleActorFactory roleActorFactory, NotificationSchemeManager notificationSchemeManager, PermissionSchemeManager permissionSchemeManager, WorkflowManager workflowManager, ProjectManager projectManager, SchemeFactory schemeFactory, IssueSecurityLevelManager issueSecurityLevelManager, SharePermissionDeleteUtils sharePermissionDeleteUtils, IssueSecuritySchemeManager issueSecuritySchemeManager, EventPublisher eventPublisher, WorklogManager worklogManager, CommentManager commentManager) {
        this.projectRoleManager = projectRoleManager;
        this.permissionManager = permissionManager;
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.roleActorFactory = roleActorFactory;
        this.notificationSchemeManager = notificationSchemeManager;
        this.permissionSchemeManager = permissionSchemeManager;
        this.workflowManager = workflowManager;
        this.projectManager = projectManager;
        this.schemeFactory = schemeFactory;
        this.issueSecurityLevelManager = issueSecurityLevelManager;
        this.sharePermissionDeleteUtils = sharePermissionDeleteUtils;
        this.issueSecuritySchemeManager = issueSecuritySchemeManager;
        this.eventPublisher = eventPublisher;
        this.worklogManager = worklogManager;
        this.commentManager = commentManager;
    }

    public Collection<ProjectRole> getProjectRoles(ApplicationUser applicationUser, ErrorCollection errorCollection) {
        return getProjectRoles(errorCollection);
    }

    public ProjectRole getProjectRole(ApplicationUser applicationUser, Long l, ErrorCollection errorCollection) {
        return getProjectRole(l, errorCollection);
    }

    public ProjectRole getProjectRoleByName(ApplicationUser applicationUser, String str, ErrorCollection errorCollection) {
        return getProjectRoleByName(str, errorCollection);
    }

    private boolean isRoleNameValidString(String str, ErrorCollection errorCollection) {
        if (StringUtils.isBlank(str)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.name.null.create"));
            return false;
        }
        if (!str.trim().equals(str)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.name.trim.whitespace"));
            return false;
        }
        if (str.length() <= 255) {
            return true;
        }
        errorCollection.addErrorMessage(getText("project.roles.service.error.name.cannot.be.longer.255"));
        return false;
    }

    public ProjectRole createProjectRole(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        ProjectRole projectRole2 = null;
        boolean z = false;
        String str = null;
        if (projectRole == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null.create"));
            z = true;
        } else {
            str = projectRole.getName();
        }
        if (!isRoleNameValidString(str, errorCollection)) {
            z = true;
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        if (!isProjectRoleNameUnique(applicationUser, str, errorCollection)) {
            z = true;
        }
        if (!z) {
            projectRole2 = this.projectRoleManager.createRole(projectRole);
        }
        return projectRole2;
    }

    public boolean isProjectRoleNameUnique(ApplicationUser applicationUser, String str, ErrorCollection errorCollection) {
        boolean z = false;
        if (hasAdminPermission(applicationUser)) {
            z = this.projectRoleManager.isRoleNameUnique(str);
            if (!z) {
                errorCollection.addError("name", getText("admin.projectroles.duplicate.role.name.error", str), ErrorCollection.Reason.CONFLICT);
            }
        } else {
            addRequiredAdminPermissionErrorMessage(errorCollection);
        }
        return z;
    }

    public void deleteProjectRole(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null.delete"));
            z = true;
        }
        if (!z && projectRole.getId() == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null.id.delete"));
            z = true;
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        if (z) {
            return;
        }
        try {
            this.notificationSchemeManager.removeEntities("Project_Role", projectRole.getId().toString());
        } catch (RemoveException e) {
            log.error("Unable to remove notification scheme entites for project role: " + projectRole.getName());
        }
        try {
            this.permissionSchemeManager.removeEntities(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, projectRole.getId().toString());
        } catch (RemoveException e2) {
            log.error("Unable to remove permission scheme entites for project role: " + projectRole.getName());
        }
        try {
            this.issueSecuritySchemeManager.removeEntities(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, projectRole.getId().toString());
        } catch (RemoveException e3) {
            log.error("Unable to remove issue security scheme entites for project role: " + projectRole.getName());
        }
        this.sharePermissionDeleteUtils.deleteRoleSharePermissions(projectRole.getId());
        this.projectRoleManager.deleteRole(projectRole);
        clearIssueSecurityLevelCache();
        this.eventPublisher.publish(new ProjectRoleDeletedEvent(projectRole));
    }

    public void updateProjectRole(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null.update"));
            z = true;
        }
        if (!z && projectRole.getId() == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null.id.update"));
            z = true;
        }
        if (z || isRoleNameValidString(projectRole.getName(), errorCollection)) {
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        if (z) {
            return;
        }
        ProjectRole projectRole2 = this.projectRoleManager.getProjectRole(projectRole.getName());
        if (projectRole2 == null || projectRole2.getId().equals(projectRole.getId())) {
            this.projectRoleManager.updateRole(projectRole);
        } else {
            errorCollection.addErrorMessage(getText("admin.projectroles.duplicate.role.name.error", projectRole.getName()));
        }
    }

    public ProjectRoleActors getProjectRoleActors(ApplicationUser applicationUser, ProjectRole projectRole, Project project, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.actors.null.project.role"));
            z = true;
        }
        if (project == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.actors.null.project"));
            z = true;
        }
        ProjectRoleActors projectRoleActors = null;
        if (z || !hasProjectRolePermission(applicationUser, project)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.permission"), ErrorCollection.Reason.FORBIDDEN);
        } else {
            projectRoleActors = this.projectRoleManager.getProjectRoleActors(projectRole, project);
        }
        return projectRoleActors;
    }

    private void removeActorsFromProjectRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, Project project, String str, ErrorCollection errorCollection, boolean z) {
        if (!hasProjectRolePermission(applicationUser, project)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.no.permission.to.remove"), ErrorCollection.Reason.FORBIDDEN);
        } else if (canRemoveCurrentUser(applicationUser, collection, projectRole, project, str)) {
            updateActorsToProjectRole(applicationUser, collection, projectRole, project, str, errorCollection, false, z);
        } else {
            errorCollection.addErrorMessage(getText("project.roles.service.error.removeself.actor"));
        }
    }

    public void setActorsForProjectRole(ApplicationUser applicationUser, Map<String, Set<String>> map, ProjectRole projectRole, Project project, ErrorCollection errorCollection) {
        ProjectRoleActors projectRoleActors = getProjectRoleActors(applicationUser, projectRole, project, errorCollection);
        if (errorCollection.hasAnyErrors()) {
            return;
        }
        if (projectRoleActors == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.actors.null"));
            return;
        }
        if (map == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.new.role.actors.null"));
            return;
        }
        Set<RoleActor> roleActors = projectRoleActors.getRoleActors();
        HashMap newHashMap = Maps.newHashMap();
        for (RoleActor roleActor : roleActors) {
            String type = roleActor.getType();
            String parameter = roleActor.getParameter();
            Set set = (Set) newHashMap.get(type);
            if (set == null) {
                set = Sets.newHashSet();
            }
            set.add(parameter);
            newHashMap.put(type, set);
        }
        Set<String> asSet = CollectionBuilder.newBuilder().addAll(newHashMap.keySet()).addAll(map.keySet()).asSet();
        HashMap newHashMap2 = Maps.newHashMap(newHashMap);
        HashMap newHashMap3 = Maps.newHashMap(map);
        for (String str : asSet) {
            Set<String> set2 = map.get(str);
            Set set3 = (Set) newHashMap2.get(str);
            if (set2 != null && set3 != null) {
                HashSet newHashSet = Sets.newHashSet(set3);
                newHashSet.removeAll(set2);
                newHashMap2.put(str, newHashSet);
            }
            Set set4 = (Set) newHashMap.get(str);
            Set set5 = (Set) newHashMap3.get(str);
            if (set4 != null && set5 != null) {
                HashSet newHashSet2 = Sets.newHashSet(set5);
                newHashSet2.removeAll(set4);
                newHashMap3.put(str, newHashSet2);
            }
        }
        for (String str2 : asSet) {
            Set set6 = (Set) newHashMap3.get(str2);
            if (set6 != null && set6.size() > 0) {
                updateActorsToProjectRole(this.jiraAuthenticationContext.getUser(), set6, projectRole, project, str2, errorCollection, true, false);
            }
            Set set7 = (Set) newHashMap2.get(str2);
            if (set7 != null && set7.size() > 0) {
                removeActorsFromProjectRole(this.jiraAuthenticationContext.getUser(), set7, projectRole, project, str2, errorCollection, false);
            }
        }
        this.eventPublisher.publish(new ProjectRoleUpdatedEvent(project, projectRole, this.projectRoleManager.getProjectRoleActors(projectRole, project), projectRoleActors));
    }

    boolean canRemoveCurrentUser(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, Project project, String str) {
        if (this.permissionManager.hasPermission(0, applicationUser) || !doesProjectRoleExistForAdministerProjectsPermission(project, projectRole)) {
            return true;
        }
        ProjectRoleActors projectRoleActors = this.projectRoleManager.getProjectRoleActors(projectRole, project);
        ArrayList arrayList = new ArrayList();
        int i = 0;
        for (RoleActor roleActor : projectRoleActors.getRoleActors()) {
            arrayList.addAll(roleActor.getUsers());
            if (roleActorsToRemoveContainsRoleActorFromProjectRole(roleActor, str, applicationUser, collection, projectRole, project)) {
                i++;
            }
        }
        return getAmountOfTimesUsernameInList(arrayList, applicationUser) > i;
    }

    boolean doesProjectRoleExistForAdministerProjectsPermission(Project project, ProjectRole projectRole) {
        if (this.permissionSchemeManager == null) {
            throw new NullPointerException("Instance of " + PermissionSchemeManager.class.getName() + " required.");
        }
        if (this.schemeFactory == null) {
            throw new NullPointerException("Instance of " + SchemeFactory.class.getName() + " required.");
        }
        if (project == null) {
            throw new NullPointerException("Instance of " + Project.class.getName() + " required.");
        }
        if (projectRole == null) {
            throw new NullPointerException("Instance of " + ProjectRole.class.getName() + " required.");
        }
        try {
            Iterator it = this.permissionSchemeManager.getSchemes(project.getGenericValue()).iterator();
            while (it.hasNext()) {
                for (SchemeEntity schemeEntity : this.schemeFactory.getSchemeWithEntitiesComparable((GenericValue) it.next()).getEntitiesByType(23L)) {
                    boolean z = schemeEntity.getParameter() != null && projectRole.getId().toString().equals(schemeEntity.getParameter());
                    if (ProjectRoleSecurityAndNotificationType.PROJECT_ROLE.equals(schemeEntity.getType()) && z) {
                        return true;
                    }
                }
            }
            return false;
        } catch (GenericEntityException e) {
            throw new DataAccessException(e);
        }
    }

    public DefaultRoleActors getDefaultRoleActors(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.actors.null.project.role"));
            z = true;
        }
        DefaultRoleActors defaultRoleActors = null;
        if (!z && hasAdminPermission(applicationUser)) {
            defaultRoleActors = this.projectRoleManager.getDefaultRoleActors(projectRole);
        } else if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
        }
        return defaultRoleActors;
    }

    public void removeAllRoleActorsByNameAndType(ApplicationUser applicationUser, String str, String str2, ErrorCollection errorCollection) {
        ErrorCollection validateRemoveAllRoleActorsByNameAndType = validateRemoveAllRoleActorsByNameAndType(applicationUser, str, str2);
        if (validateRemoveAllRoleActorsByNameAndType.hasAnyErrors()) {
            errorCollection.addErrorCollection(validateRemoveAllRoleActorsByNameAndType);
        } else {
            removeAllRoleActorsByNameAndType(str, str2);
        }
    }

    public ErrorCollection validateRemoveAllRoleActorsByNameAndType(ApplicationUser applicationUser, String str, String str2) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (!TextUtils.stringSet(str)) {
            simpleErrorCollection.addErrorMessage(getText("project.roles.service.error.name.null.remove"));
        }
        if (!TextUtils.stringSet(str2)) {
            simpleErrorCollection.addErrorMessage(getText("project.roles.service.error.type.null.remove"));
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(simpleErrorCollection);
        }
        return simpleErrorCollection;
    }

    public void removeAllRoleActorsByNameAndType(String str, String str2) {
        this.projectRoleManager.removeAllRoleActorsByNameAndType(str, str2);
    }

    public void removeAllRoleActorsByProject(ApplicationUser applicationUser, Project project, ErrorCollection errorCollection) {
        boolean z = false;
        if (project == null || project.getId() == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.null"));
            z = true;
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        if (z) {
            return;
        }
        this.projectRoleManager.removeAllRoleActorsByProject(project);
    }

    public Collection getAssociatedNotificationSchemes(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        return getAssociatedNotificationSchemes(projectRole, errorCollection);
    }

    public Collection<GenericValue> getAssociatedIssueSecuritySchemes(ProjectRole projectRole, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null || projectRole.getId() == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null"));
            z = true;
        }
        return !z ? this.issueSecuritySchemeManager.getSchemesContainingEntity(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, projectRole.getId().toString()) : Lists.newArrayList();
    }

    public Collection getAssociatedIssueSecuritySchemes(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        return getAssociatedIssueSecuritySchemes(projectRole, errorCollection);
    }

    public Collection getAssociatedPermissionSchemes(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        return getAssociatedPermissionSchemes(projectRole, errorCollection);
    }

    public MultiMap getAssociatedWorkflows(ApplicationUser applicationUser, ProjectRole projectRole, ErrorCollection errorCollection) {
        return getAssociatedWorkflows(projectRole, errorCollection);
    }

    public Collection<Project> getProjectsContainingRoleActorByNameAndType(ApplicationUser applicationUser, String str, String str2, ErrorCollection errorCollection) {
        Collection projectIdsContainingRoleActorByNameAndType;
        boolean z = false;
        if (!TextUtils.stringSet(str)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.name.null.remove"));
            z = true;
        }
        if (!TextUtils.stringSet(str2)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.type.null.remove"));
            z = true;
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        if (!z && (projectIdsContainingRoleActorByNameAndType = this.projectRoleManager.getProjectIdsContainingRoleActorByNameAndType(str, str2)) != null) {
            return this.projectManager.convertToProjectObjects(projectIdsContainingRoleActorByNameAndType);
        }
        return Collections.emptyList();
    }

    public List<Long> roleActorOfTypeExistsForProjects(ApplicationUser applicationUser, List<Long> list, ProjectRole projectRole, String str, String str2, ErrorCollection errorCollection) {
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        if (list == null || list.isEmpty()) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.admin.projects.to.limit.needed"));
            z = true;
        }
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        if (!z) {
            arrayList.addAll(this.projectRoleManager.roleActorOfTypeExistsForProjects(list, projectRole, str, str2));
        }
        return arrayList;
    }

    public Map<Long, List<String>> getProjectIdsForUserInGroupsBecauseOfRole(ApplicationUser applicationUser, List<Long> list, ProjectRole projectRole, String str, String str2, ErrorCollection errorCollection) {
        boolean z = false;
        if (!hasAdminPermission(applicationUser)) {
            addRequiredAdminPermissionErrorMessage(errorCollection);
            z = true;
        }
        return !z ? this.projectRoleManager.getProjectIdsForUserInGroupsBecauseOfRole(list, projectRole, str, str2) : new HashMap();
    }

    private boolean conditionsDescriptorContainsProjectRoleCondition(ConditionsDescriptor conditionsDescriptor, Long l) {
        for (Object obj : conditionsDescriptor.getConditions()) {
            if (!(obj instanceof ConditionsDescriptor)) {
                String str = (String) ((ConditionDescriptor) obj).getArgs().get(InProjectRoleCondition.KEY_PROJECT_ROLE_ID);
                if (str != null && str.equals(l.toString())) {
                    return true;
                }
            } else if (conditionsDescriptorContainsProjectRoleCondition((ConditionsDescriptor) obj, l)) {
                return true;
            }
        }
        return false;
    }

    private void updateActorsToProjectRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, Project project, String str, ErrorCollection errorCollection, boolean z, boolean z2) {
        ProjectRoleActors projectRoleActors = getProjectRoleActors(applicationUser, projectRole, project, errorCollection);
        if (projectRoleActors == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.actors.null"));
            return;
        }
        ArrayList arrayList = new ArrayList();
        boolean createRoleActors = createRoleActors(collection, projectRole, project, str, projectRoleActors, errorCollection, arrayList, z);
        Project projectObj = this.projectManager.getProjectObj(projectRoleActors.getProjectId());
        boolean hasProjectRolePermission = hasProjectRolePermission(applicationUser, projectObj);
        if (createRoleActors || !hasProjectRolePermission || arrayList.size() <= 0) {
            if (hasProjectRolePermission) {
                return;
            }
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.permission"));
        } else {
            ProjectRoleActors removeRoleActors = z ? (ProjectRoleActors) projectRoleActors.addRoleActors(arrayList) : projectRoleActors.removeRoleActors(arrayList);
            this.projectRoleManager.updateProjectRoleActors(removeRoleActors);
            clearIssueSecurityLevelCache();
            if (z2) {
                this.eventPublisher.publish(new ProjectRoleUpdatedEvent(projectObj, projectRole, removeRoleActors, projectRoleActors));
            }
        }
    }

    private boolean validateAllUsersAreActive(List<RoleActor> list, ErrorCollection errorCollection) {
        boolean z = true;
        Iterator<RoleActor> it = list.iterator();
        while (it.hasNext()) {
            for (ApplicationUser applicationUser : it.next().getUsers()) {
                if (!applicationUser.isActive()) {
                    errorCollection.addErrorMessage("User '" + applicationUser.getName() + "' does not exist.");
                    z = false;
                }
            }
        }
        return z;
    }

    public boolean hasProjectRolePermission(ApplicationUser applicationUser, Project project) {
        return hasAdminPermission(applicationUser) || hasProjectAdminPermission(applicationUser, project);
    }

    public ServiceResult validateNoRoleUsage(ProjectRole projectRole) {
        return new ServiceResultImpl(ErrorCollections.join(new ErrorCollection[]{validateNoSchemeAssociationsForRole(projectRole), validateNoUsageOfRoleInWorkflows(projectRole), validateNoUsageOfRoleInComments(projectRole), validateNoUsageOfRoleInWorklogs(projectRole)}));
    }

    public void swapRole(ProjectRole projectRole, ProjectRole projectRole2) {
        swapRoleInSchemes(projectRole, projectRole2);
        swapRoleInWorkflows(projectRole, projectRole2);
        this.worklogManager.swapWorklogRoleRestriction(projectRole.getId(), projectRole2.getId());
        this.commentManager.swapCommentRoleRestriction(projectRole.getId(), projectRole2.getId());
    }

    private ErrorCollection validateNoSchemeAssociationsForRole(ProjectRole projectRole) {
        return ErrorCollections.join(new ErrorCollection[]{validateNoAssociations(projectRole, this::getAssociatedNotificationSchemes, "rest.role.used.in.notification.schemes"), validateNoAssociations(projectRole, this::getAssociatedIssueSecuritySchemes, "rest.role.used.in.security.schemes"), validateNoAssociations(projectRole, this::getAssociatedPermissionSchemes, "rest.role.used.in.permission.schemes")});
    }

    private ErrorCollection validateNoUsageOfRoleInWorkflows(ProjectRole projectRole) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        Set keySet = getAssociatedWorkflows(projectRole, simpleErrorCollection).keySet();
        if (!keySet.isEmpty()) {
            simpleErrorCollection.addErrorMessage(getText("rest.role.used.in.workflows", "[" + StringUtils.join((List) keySet.stream().map((v0) -> {
                return v0.getDisplayName();
            }).collect(Collectors.toList()), ",") + ChangeHistoryUtils.LINE_ENDING), ErrorCollection.Reason.CONFLICT);
        }
        return simpleErrorCollection;
    }

    private ErrorCollection validateNoUsageOfRoleInWorklogs(ProjectRole projectRole) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (this.worklogManager.getCountForWorklogsRestrictedByRole(projectRole.getId()) != 0) {
            simpleErrorCollection.addErrorMessage(getText("rest.role.used.in.worklogs"), ErrorCollection.Reason.CONFLICT);
        }
        return simpleErrorCollection;
    }

    private ErrorCollection validateNoUsageOfRoleInComments(ProjectRole projectRole) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        if (this.commentManager.getCountForCommentsRestrictedByRole(projectRole.getId()) != 0) {
            simpleErrorCollection.addErrorMessage(getText("rest.role.used.in.comments"), ErrorCollection.Reason.CONFLICT);
        }
        return simpleErrorCollection;
    }

    private ErrorCollection validateNoAssociations(ProjectRole projectRole, BiFunction<ProjectRole, ErrorCollection, Collection> biFunction, String str) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        Collection apply = biFunction.apply(projectRole, simpleErrorCollection);
        if (!apply.isEmpty()) {
            simpleErrorCollection.addErrorMessage(getText(str, "[" + StringUtils.join((List) apply.stream().map(genericValue -> {
                return genericValue.get("name").toString();
            }).collect(Collectors.toList()), ",") + ChangeHistoryUtils.LINE_ENDING), ErrorCollection.Reason.CONFLICT);
        }
        return simpleErrorCollection;
    }

    private void swapRoleInSchemes(ProjectRole projectRole, ProjectRole projectRole2) {
        String l = projectRole.getId().toString();
        String l2 = projectRole2.getId().toString();
        this.notificationSchemeManager.swapParameterForEntitiesOfType("Project_Role", l, l2);
        this.issueSecuritySchemeManager.swapParameterForEntitiesOfType(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, l, l2);
        this.permissionSchemeManager.swapParameterForEntitiesOfType(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, l, l2);
    }

    private void swapRoleInWorkflows(ProjectRole projectRole, ProjectRole projectRole2) {
        MultiMap associatedWorkflows = getAssociatedWorkflows(projectRole, new SimpleErrorCollection());
        for (Object obj : associatedWorkflows.keySet()) {
            if (!(associatedWorkflows.get(obj) instanceof Collection)) {
                throw new IllegalStateException("Associated workflows returned an unexpected map");
            }
            for (ActionDescriptor actionDescriptor : (Collection) associatedWorkflows.get(obj)) {
                this.workflowManager.replaceConditionInTransition(actionDescriptor, ImmutableMap.of(InProjectRoleCondition.KEY_PROJECT_ROLE_ID, projectRole.getId().toString(), "class.name", "com.atlassian.jira.workflow.condition.InProjectRoleCondition"), ImmutableMap.of(InProjectRoleCondition.KEY_PROJECT_ROLE_ID, projectRole2.getId().toString()));
                this.workflowManager.saveWorkflowWithoutAudit((JiraWorkflow) obj);
            }
        }
    }

    private boolean createRoleActors(Collection<String> collection, ProjectRole projectRole, Project project, String str, DefaultRoleActors defaultRoleActors, ErrorCollection errorCollection, List<RoleActor> list, boolean z) {
        Long l;
        ApplicationUser applicationUser;
        boolean z2 = false;
        for (String str2 : collection) {
            if (project != null) {
                try {
                    l = project.getId();
                } catch (RoleActorDoesNotExistException e) {
                    errorCollection.addErrorMessage(getText("admin.user.role.actor.action.error.invalid", str2));
                    z2 = true;
                }
            } else {
                l = null;
            }
            ProjectRoleActor createRoleActor = this.roleActorFactory.createRoleActor((Long) null, projectRole != null ? projectRole.getId() : null, l, str, str2);
            if (!z) {
                list.add(createRoleActor);
            } else if (defaultRoleActors.getRoleActors().contains(createRoleActor)) {
                String str3 = str2;
                if ("atlassian-user-role-actor".equals(createRoleActor.getType())) {
                    Iterator it = createRoleActor.getUsers().iterator();
                    if (it.hasNext() && (applicationUser = (ApplicationUser) it.next()) != null) {
                        str3 = applicationUser.getName();
                    }
                }
                errorCollection.addErrorMessage(getText("admin.user.role.actor.action.error.exists", str3));
                z2 = true;
            } else if (createRoleActor.isActive()) {
                list.add(createRoleActor);
            } else {
                errorCollection.addErrorMessage(this.jiraAuthenticationContext.getI18nHelper().getText("admin.user.role.actor.action.error.not.found", createRoleActor.getParameter()));
                z2 = true;
            }
        }
        return z2;
    }

    private String getText(String str) {
        return this.jiraAuthenticationContext.getI18nHelper().getText(str);
    }

    private String getText(String str, String str2) {
        return this.jiraAuthenticationContext.getI18nHelper().getText(str, str2);
    }

    private boolean hasProjectAdminPermission(ApplicationUser applicationUser, Project project) {
        return this.permissionManager.hasPermission(ProjectPermissions.ADMINISTER_PROJECTS, project, applicationUser);
    }

    private boolean hasAdminPermission(ApplicationUser applicationUser) {
        return this.permissionManager.hasPermission(0, applicationUser);
    }

    private void updateActorsToDefaultRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, String str, ErrorCollection errorCollection, boolean z) {
        DefaultRoleActors defaultRoleActors = getDefaultRoleActors(applicationUser, projectRole, errorCollection);
        if (defaultRoleActors == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.actors.null"));
            return;
        }
        ArrayList arrayList = new ArrayList();
        boolean createRoleActors = createRoleActors(collection, projectRole, null, str, defaultRoleActors, errorCollection, arrayList, z);
        boolean hasAdminPermission = hasAdminPermission(applicationUser);
        if (!createRoleActors && hasAdminPermission && arrayList.size() > 0) {
            this.projectRoleManager.updateDefaultRoleActors(z ? defaultRoleActors.addRoleActors(arrayList) : defaultRoleActors.removeRoleActors(arrayList));
        } else {
            if (hasAdminPermission) {
                return;
            }
            addRequiredAdminPermissionErrorMessage(errorCollection);
        }
    }

    private int getAmountOfTimesUsernameInList(List<ApplicationUser> list, ApplicationUser applicationUser) {
        int i = 0;
        Iterator<ApplicationUser> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getName().equals(applicationUser.getName())) {
                i++;
            }
        }
        return i;
    }

    private boolean roleActorsToRemoveContainsRoleActorFromProjectRole(RoleActor roleActor, String str, ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, Project project) {
        if (!roleActor.getType().equals(str) || !roleActor.contains(applicationUser)) {
            return false;
        }
        for (String str2 : collection) {
            try {
                if (this.roleActorFactory.createRoleActor((Long) null, projectRole.getId(), project.getId(), str, str2).equals(roleActor)) {
                    return true;
                }
            } catch (RoleActorDoesNotExistException e) {
                throw new IllegalArgumentException("Unexpected error: the role actor '" + str2 + "' of type '" + str + "' does not exist.");
            }
        }
        return false;
    }

    private void clearIssueSecurityLevelCache() {
        try {
            if (this.issueSecurityLevelManager != null) {
                this.issueSecurityLevelManager.clearUsersLevels();
            }
        } catch (UnsupportedOperationException e) {
            log.debug("Unsupported operation was thrown when trying to clear the issue security level manager cache", e);
        }
    }

    public Collection<ProjectRole> getProjectRoles(ErrorCollection errorCollection) {
        return this.projectRoleManager.getProjectRoles();
    }

    public ProjectRole getProjectRole(Long l, ErrorCollection errorCollection) {
        ProjectRole projectRole = null;
        if (l == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.id.null"));
        } else {
            projectRole = this.projectRoleManager.getProjectRole(l);
        }
        return projectRole;
    }

    public ProjectRole getProjectRoleByName(String str, ErrorCollection errorCollection) {
        ProjectRole projectRole = null;
        if (StringUtils.isBlank(str)) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.name.null"));
        } else {
            projectRole = this.projectRoleManager.getProjectRole(str);
        }
        return projectRole;
    }

    public ProjectRole createProjectRole(ProjectRole projectRole, ErrorCollection errorCollection) {
        return createProjectRole(this.jiraAuthenticationContext.getLoggedInUser(), projectRole, errorCollection);
    }

    public boolean isProjectRoleNameUnique(String str, ErrorCollection errorCollection) {
        return isProjectRoleNameUnique(this.jiraAuthenticationContext.getLoggedInUser(), str, errorCollection);
    }

    public void deleteProjectRole(ProjectRole projectRole, ErrorCollection errorCollection) {
        deleteProjectRole(this.jiraAuthenticationContext.getLoggedInUser(), projectRole, errorCollection);
    }

    public void updateProjectRole(ProjectRole projectRole, ErrorCollection errorCollection) {
        updateProjectRole(this.jiraAuthenticationContext.getLoggedInUser(), projectRole, errorCollection);
    }

    public ProjectRoleActors getProjectRoleActors(ProjectRole projectRole, Project project, ErrorCollection errorCollection) {
        return getProjectRoleActors(this.jiraAuthenticationContext.getLoggedInUser(), projectRole, project, errorCollection);
    }

    public DefaultRoleActors getDefaultRoleActors(ProjectRole projectRole, ErrorCollection errorCollection) {
        return getDefaultRoleActors(this.jiraAuthenticationContext.getLoggedInUser(), projectRole, errorCollection);
    }

    public void addActorsToProjectRole(Collection<String> collection, ProjectRole projectRole, Project project, String str, ErrorCollection errorCollection) {
        updateActorsToProjectRole(this.jiraAuthenticationContext.getLoggedInUser(), collection, projectRole, project, str, errorCollection, true, true);
    }

    public void addActorsToProjectRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, Project project, String str, ErrorCollection errorCollection) {
        updateActorsToProjectRole(applicationUser, collection, projectRole, project, str, errorCollection, true, true);
    }

    public void removeActorsFromProjectRole(Collection<String> collection, ProjectRole projectRole, Project project, String str, ErrorCollection errorCollection) {
        removeActorsFromProjectRole(this.jiraAuthenticationContext.getLoggedInUser(), collection, projectRole, project, str, errorCollection, true);
    }

    public void removeActorsFromProjectRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, Project project, String str, ErrorCollection errorCollection) {
        removeActorsFromProjectRole(applicationUser, collection, projectRole, project, str, errorCollection, true);
    }

    public void setActorsForProjectRole(Map<String, Set<String>> map, ProjectRole projectRole, Project project, ErrorCollection errorCollection) {
        setActorsForProjectRole(this.jiraAuthenticationContext.getLoggedInUser(), map, projectRole, project, errorCollection);
    }

    public void addDefaultActorsToProjectRole(Collection<String> collection, ProjectRole projectRole, String str, ErrorCollection errorCollection) {
        updateActorsToDefaultRole(this.jiraAuthenticationContext.getLoggedInUser(), collection, projectRole, str, errorCollection, true);
    }

    public void addDefaultActorsToProjectRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, String str, ErrorCollection errorCollection) {
        updateActorsToDefaultRole(this.jiraAuthenticationContext.getLoggedInUser(), collection, projectRole, str, errorCollection, true);
    }

    public void removeDefaultActorsFromProjectRole(Collection<String> collection, ProjectRole projectRole, String str, ErrorCollection errorCollection) {
        updateActorsToDefaultRole(this.jiraAuthenticationContext.getLoggedInUser(), collection, projectRole, str, errorCollection, false);
    }

    public void removeDefaultActorsFromProjectRole(ApplicationUser applicationUser, Collection<String> collection, ProjectRole projectRole, String str, ErrorCollection errorCollection) {
        updateActorsToDefaultRole(this.jiraAuthenticationContext.getLoggedInUser(), collection, projectRole, str, errorCollection, false);
    }

    public ErrorCollection validateRemoveAllRoleActorsByNameAndType(String str, String str2) {
        return validateRemoveAllRoleActorsByNameAndType(this.jiraAuthenticationContext.getLoggedInUser(), str, str2);
    }

    public void removeAllRoleActorsByNameAndType(String str, String str2, ErrorCollection errorCollection) {
        removeAllRoleActorsByNameAndType(this.jiraAuthenticationContext.getLoggedInUser(), str, str2, errorCollection);
    }

    public void removeAllRoleActorsByProject(Project project, ErrorCollection errorCollection) {
        removeAllRoleActorsByProject(this.jiraAuthenticationContext.getLoggedInUser(), project, errorCollection);
    }

    public Collection getAssociatedNotificationSchemes(ProjectRole projectRole, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null || projectRole.getId() == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null"));
            z = true;
        }
        return !z ? this.notificationSchemeManager.getSchemesContainingEntity("Project_Role", projectRole.getId().toString()) : Lists.newArrayList();
    }

    public Collection<GenericValue> getAssociatedPermissionSchemes(ProjectRole projectRole, ErrorCollection errorCollection) {
        boolean z = false;
        if (projectRole == null || projectRole.getId() == null) {
            errorCollection.addErrorMessage(getText("project.roles.service.error.project.role.null"));
            z = true;
        }
        return !z ? this.permissionSchemeManager.getSchemesContainingEntity(ProjectRoleSecurityAndNotificationType.PROJECT_ROLE, projectRole.getId().toString()) : Lists.newArrayList();
    }

    public MultiMap getAssociatedWorkflows(ProjectRole projectRole, ErrorCollection errorCollection) {
        Collection<JiraWorkflow> workflows = this.workflowManager.getWorkflows();
        MultiHashMap multiHashMap = new MultiHashMap(workflows.size());
        for (JiraWorkflow jiraWorkflow : workflows) {
            for (ActionDescriptor actionDescriptor : jiraWorkflow.getAllActions()) {
                RestrictionDescriptor restriction = actionDescriptor.getRestriction();
                if (restriction != null && conditionsDescriptorContainsProjectRoleCondition(restriction.getConditionsDescriptor(), projectRole.getId())) {
                    multiHashMap.put(jiraWorkflow, actionDescriptor);
                }
            }
        }
        return multiHashMap;
    }

    public Collection<Project> getProjectsContainingRoleActorByNameAndType(String str, String str2, ErrorCollection errorCollection) {
        return getProjectsContainingRoleActorByNameAndType(this.jiraAuthenticationContext.getLoggedInUser(), str, str2, errorCollection);
    }

    public List<Long> roleActorOfTypeExistsForProjects(List<Long> list, ProjectRole projectRole, String str, String str2, ErrorCollection errorCollection) {
        return roleActorOfTypeExistsForProjects(this.jiraAuthenticationContext.getLoggedInUser(), list, projectRole, str, str2, errorCollection);
    }

    public Map<Long, List<String>> getProjectIdsForUserInGroupsBecauseOfRole(List<Long> list, ProjectRole projectRole, String str, String str2, ErrorCollection errorCollection) {
        return getProjectIdsForUserInGroupsBecauseOfRole(this.jiraAuthenticationContext.getLoggedInUser(), list, projectRole, str, str2, errorCollection);
    }

    public boolean hasProjectRolePermission(Project project) {
        return hasProjectRolePermission(this.jiraAuthenticationContext.getLoggedInUser(), project);
    }

    private void addRequiredAdminPermissionErrorMessage(ErrorCollection errorCollection) {
        errorCollection.addErrorMessage(getText("project.roles.service.error.admin.permission"), ErrorCollection.Reason.FORBIDDEN);
    }
}
