package com.atlassian.jira.issue.security;

import com.atlassian.fugue.Either;
import com.atlassian.fugue.Option;
import com.atlassian.jira.bc.ServiceOutcome;
import com.atlassian.jira.bc.ServiceOutcomeImpl;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.I18nHelper;
import com.google.common.base.Function;
import com.google.common.base.Supplier;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeServiceImpl.class */
public class IssueSecuritySchemeServiceImpl implements IssueSecuritySchemeService {
    private final IssueSecuritySchemeManager issueSecuritySchemeManager;
    private final IssueSecurityLevelManager issueSecurityLevelManager;
    private final GlobalPermissionManager globalPermissionManager;
    private final I18nHelper i18n;
    private final PermissionManager permissionManager;
    private final ProjectManager projectManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeServiceImpl$ParameterlessPredicate.class */
    public interface ParameterlessPredicate {
        boolean apply();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/issue/security/IssueSecuritySchemeServiceImpl$ServiceAction.class */
    public interface ServiceAction<T> {
        ServiceOutcome<T> perform();
    }

    public IssueSecuritySchemeServiceImpl(IssueSecuritySchemeManager issueSecuritySchemeManager, IssueSecurityLevelManager issueSecurityLevelManager, GlobalPermissionManager globalPermissionManager, PermissionManager permissionManager, I18nHelper i18nHelper, ProjectManager projectManager) {
        this.issueSecuritySchemeManager = issueSecuritySchemeManager;
        this.issueSecurityLevelManager = issueSecurityLevelManager;
        this.globalPermissionManager = globalPermissionManager;
        this.permissionManager = permissionManager;
        this.i18n = i18nHelper;
        this.projectManager = projectManager;
    }

    public ServiceOutcome<? extends Collection<IssueSecurityLevelScheme>> getIssueSecurityLevelSchemes(ApplicationUser applicationUser) {
        return asAdmin(applicationUser, () -> {
            return ServiceOutcomeImpl.ok(this.issueSecuritySchemeManager.getIssueSecurityLevelSchemes());
        });
    }

    private boolean canViewSchemeAsProjectAdmin(ApplicationUser applicationUser, long j) {
        return !Collections.disjoint(this.permissionManager.getProjects(ProjectPermissions.ADMINISTER_PROJECTS, applicationUser), this.issueSecuritySchemeManager.getProjectsUsingScheme(j));
    }

    private boolean canViewProjectAsAdmin(ApplicationUser applicationUser, Project project) {
        return project != null && this.permissionManager.hasPermission(ProjectPermissions.ADMINISTER_PROJECTS, project, applicationUser);
    }

    public ServiceOutcome<IssueSecurityLevelScheme> getIssueSecurityLevelScheme(ApplicationUser applicationUser, long j) {
        return asAdminOrProjectAdminWithAccessToScheme(applicationUser, Long.valueOf(j), () -> {
            return (ServiceOutcome) Option.option(this.issueSecuritySchemeManager.getIssueSecurityLevelScheme(Long.valueOf(j))).fold(notFoundSupplier("rest.error.issuesecurityscheme.securityscheme.not.found", String.valueOf(j)), okOutcome());
        });
    }

    public ServiceOutcome<IssueSecurityLevelScheme> getIssueSecurityLevelSchemeForProject(ApplicationUser applicationUser, long j) {
        return getIssueSecurityLevelSchemeForProject(applicationUser, Either.left(Long.valueOf(j)));
    }

    public ServiceOutcome<IssueSecurityLevelScheme> getIssueSecurityLevelSchemeForProject(ApplicationUser applicationUser, String str) {
        return getIssueSecurityLevelSchemeForProject(applicationUser, Either.right(str));
    }

    public ServiceOutcome<String> assignSchemeToProject(ApplicationUser applicationUser, long j, Long l, Map<Long, Long> map) {
        return asAdminOrProjectAdminWithAdminAccessToProject(applicationUser, Either.left(Long.valueOf(j)), project -> {
            return ServiceOutcomeImpl.ok(this.issueSecuritySchemeManager.assignSchemeToProject(project, l, map));
        });
    }

    private ServiceOutcome<IssueSecurityLevelScheme> getIssueSecurityLevelSchemeForProject(ApplicationUser applicationUser, Either<Long, String> either) {
        Supplier notFoundSupplier = notFoundSupplier("rest.error.issuesecurityscheme.securitylevel.for.project.not.found", (String) either.fold(l -> {
            return l.toString();
        }, (v0) -> {
            return v0.toString();
        }));
        return asAdminOrProjectAdminWithAdminAccessToProject(applicationUser, either, project -> {
            return (ServiceOutcome) Option.option(this.issueSecuritySchemeManager.getIssueSecurityLevelScheme(this.issueSecuritySchemeManager.getSchemeIdFor(project))).fold(notFoundSupplier, okOutcome());
        });
    }

    public ServiceOutcome<? extends List<IssueSecurityLevel>> getIssueSecurityLevels(ApplicationUser applicationUser, long j) {
        return asAdminOrProjectAdminWithAccessToScheme(applicationUser, Long.valueOf(j), () -> {
            return (ServiceOutcome) Option.option(this.issueSecuritySchemeManager.getIssueSecurityLevelScheme(Long.valueOf(j))).fold(notFoundSupplier("rest.error.issuesecurityscheme.securityscheme.not.found", String.valueOf(j)), issueSecurityLevelScheme -> {
                return ServiceOutcomeImpl.ok(this.issueSecurityLevelManager.getIssueSecurityLevels(j));
            });
        });
    }

    public ServiceOutcome<IssueSecurityLevel> getIssueSecurityLevel(ApplicationUser applicationUser, long j) {
        return asAdmin(applicationUser, () -> {
            return (ServiceOutcome) Option.option(this.issueSecurityLevelManager.getSecurityLevel(j)).fold(notFoundSupplier("rest.error.issuesecurityscheme.securitylevel.not.found", String.valueOf(j)), okOutcome());
        });
    }

    public ServiceOutcome<? extends Collection<IssueSecurityLevelPermission>> getPermissionsByIssueSecurityLevel(ApplicationUser applicationUser, long j) {
        return asAdmin(applicationUser, () -> {
            return (ServiceOutcome) Option.option(this.issueSecurityLevelManager.getSecurityLevel(j)).fold(notFoundSupplier("rest.error.issuesecurityscheme.securitylevel.not.found", String.valueOf(j)), issueSecurityLevel -> {
                return ServiceOutcomeImpl.ok(this.issueSecuritySchemeManager.getPermissionsBySecurityLevel(Long.valueOf(j)));
            });
        });
    }

    private static <T> Function<T, ServiceOutcome<T>> okOutcome() {
        return ServiceOutcomeImpl::ok;
    }

    private <T> Supplier<ServiceOutcome<T>> notFoundSupplier(String str, String... strArr) {
        return () -> {
            return ServiceOutcomeImpl.error(this.i18n.getText(str, strArr), ErrorCollection.Reason.NOT_FOUND);
        };
    }

    private boolean isAdmin(ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser);
    }

    private <T> ServiceOutcome<T> asAdmin(ApplicationUser applicationUser, ServiceAction<T> serviceAction) {
        return performActionWithUserPermissionCondition(applicationUser, () -> {
            return isAdmin(applicationUser);
        }, serviceAction);
    }

    private <T> ServiceOutcome<T> asAdminOrProjectAdminWithAccessToScheme(ApplicationUser applicationUser, Long l, ServiceAction<T> serviceAction) {
        return performActionWithUserPermissionCondition(applicationUser, () -> {
            return isAdmin(applicationUser) || canViewSchemeAsProjectAdmin(applicationUser, l.longValue());
        }, serviceAction);
    }

    private <T> ServiceOutcome<T> asAdminOrProjectAdminWithAdminAccessToProject(ApplicationUser applicationUser, Either<Long, String> either, Function<Project, ServiceOutcome<T>> function) {
        ProjectManager projectManager = this.projectManager;
        projectManager.getClass();
        Function function2 = projectManager::getProjectObj;
        ProjectManager projectManager2 = this.projectManager;
        projectManager2.getClass();
        Project project = (Project) either.fold(function2, projectManager2::getProjectObjByKey);
        return project == null ? ServiceOutcomeImpl.error(this.i18n.getText("admin.errors.portal.project.nonexist"), ErrorCollection.Reason.NOT_FOUND) : performActionWithUserPermissionCondition(applicationUser, () -> {
            return isAdmin(applicationUser) || canViewProjectAsAdmin(applicationUser, project);
        }, () -> {
            return (ServiceOutcome) function.apply(project);
        });
    }

    private <T> ServiceOutcome<T> performActionWithUserPermissionCondition(ApplicationUser applicationUser, ParameterlessPredicate parameterlessPredicate, ServiceAction<T> serviceAction) {
        String text = this.i18n.getText("admin.schemes.permissions.forbidden");
        return applicationUser == null ? ServiceOutcomeImpl.error(text, ErrorCollection.Reason.NOT_LOGGED_IN) : !parameterlessPredicate.apply() ? ServiceOutcomeImpl.error(text, ErrorCollection.Reason.FORBIDDEN) : serviceAction.perform();
    }
}
