package com.google.gerrit.server.project;

import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.GroupDescription;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.errors.InvalidNameException;
import com.google.gerrit.extensions.api.access.AccessSectionInfo;
import com.google.gerrit.extensions.api.access.PermissionInfo;
import com.google.gerrit.extensions.api.access.PermissionRuleInfo;
import com.google.gerrit.extensions.api.access.ProjectAccessInfo;
import com.google.gerrit.extensions.api.access.ProjectAccessInput;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.GroupsCollection;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.jgit.errors.ConfigInvalidException;

@Singleton
/* loaded from: input_file:com/google/gerrit/server/project/SetAccess.class */
public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessInput> {
    protected final GroupBackend groupBackend;
    private final GroupsCollection groupsCollection;
    private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
    private final AllProjectsName allProjects;
    private final Provider<SetParent> setParent;
    private final GetAccess getAccess;
    private final ProjectCache projectCache;
    private final Provider<IdentifiedUser> identifiedUser;

    @Inject
    private SetAccess(GroupBackend groupBackend, Provider<MetaDataUpdate.User> provider, AllProjectsName allProjectsName, Provider<SetParent> provider2, GroupsCollection groupsCollection, ProjectCache projectCache, GetAccess getAccess, Provider<IdentifiedUser> provider3) {
        this.groupBackend = groupBackend;
        this.metaDataUpdateFactory = provider;
        this.allProjects = allProjectsName;
        this.setParent = provider2;
        this.groupsCollection = groupsCollection;
        this.getAccess = getAccess;
        this.projectCache = projectCache;
        this.identifiedUser = provider3;
    }

    /* JADX WARN: Failed to calculate best type for var: r14v2 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 14, insn: 0x03f5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r14 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:139:0x03f5 */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x03fa: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:141:0x03fa */
    /* JADX WARN: Type inference failed for: r14v2, types: [com.google.gerrit.server.git.MetaDataUpdate] */
    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable] */
    @Override // com.google.gerrit.extensions.restapi.RestModifyView
    public ProjectAccessInfo apply(ProjectResource projectResource, ProjectAccessInput projectAccessInput) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException {
        List<AccessSection> accessSections = getAccessSections(projectAccessInput.remove);
        List<AccessSection> accessSections2 = getAccessSections(projectAccessInput.add);
        MetaDataUpdate.User user = this.metaDataUpdateFactory.get();
        ProjectControl control = projectResource.getControl();
        Project.NameKey nameKey = projectAccessInput.parent == null ? null : new Project.NameKey(projectAccessInput.parent);
        try {
            try {
                MetaDataUpdate create = user.create(projectResource.getNameKey());
                Throwable th = null;
                ProjectConfig read = ProjectConfig.read(create);
                for (AccessSection accessSection : accessSections) {
                    if (AccessSection.GLOBAL_CAPABILITIES.equals(accessSection.getName())) {
                        checkGlobalCapabilityPermissions(read.getName());
                    } else if (!control.controlForRef(accessSection.getName()).isOwner()) {
                        throw new AuthException("You are not allowed to edit permissionsfor ref: " + accessSection.getName());
                    }
                }
                for (AccessSection accessSection2 : accessSections2) {
                    String name = accessSection2.getName();
                    boolean equals = AccessSection.GLOBAL_CAPABILITIES.equals(name);
                    if (equals) {
                        checkGlobalCapabilityPermissions(read.getName());
                    } else {
                        if (!AccessSection.isValid(name)) {
                            throw new BadRequestException("invalid section name");
                        }
                        if (!control.controlForRef(name).isOwner()) {
                            throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
                        }
                        RefPattern.validate(name);
                    }
                    for (Permission permission : accessSection2.getPermissions()) {
                        if (equals && !GlobalCapability.isCapability(permission.getName())) {
                            throw new BadRequestException("Cannot add non-global capability " + permission.getName() + " to global capabilities");
                        }
                    }
                }
                for (AccessSection accessSection3 : accessSections) {
                    if (accessSection3.getPermissions().isEmpty()) {
                        read.remove(read.getAccessSection(accessSection3.getName()));
                    }
                    for (Permission permission2 : accessSection3.getPermissions()) {
                        if (permission2.getRules().isEmpty()) {
                            read.remove(read.getAccessSection(accessSection3.getName()), permission2);
                        } else {
                            Iterator<PermissionRule> it = permission2.getRules().iterator();
                            while (it.hasNext()) {
                                read.remove(read.getAccessSection(accessSection3.getName()), permission2, it.next());
                            }
                        }
                    }
                }
                for (AccessSection accessSection4 : accessSections2) {
                    AccessSection accessSection5 = read.getAccessSection(accessSection4.getName());
                    if (accessSection5 == null) {
                        read.replace(accessSection4);
                    } else {
                        for (Permission permission3 : accessSection4.getPermissions()) {
                            Permission permission4 = accessSection5.getPermission(permission3.getName());
                            if (permission4 == null) {
                                accessSection5.addPermission(permission3);
                            } else {
                                Iterator<PermissionRule> it2 = permission3.getRules().iterator();
                                while (it2.hasNext()) {
                                    permission4.add(it2.next());
                                }
                            }
                        }
                    }
                }
                if (nameKey != null && !read.getProject().getNameKey().equals(this.allProjects) && !read.getProject().getParent(this.allProjects).equals(nameKey)) {
                    try {
                        this.setParent.get().validateParentUpdate(control, ((Project.NameKey) MoreObjects.firstNonNull(nameKey, this.allProjects)).get(), true);
                        read.getProject().setParentName(nameKey);
                    } catch (UnprocessableEntityException e) {
                        throw new ResourceConflictException(e.getMessage(), e);
                    }
                }
                if (Strings.isNullOrEmpty(projectAccessInput.message)) {
                    create.setMessage("Modify access rules\n");
                } else {
                    if (!projectAccessInput.message.endsWith(StringUtils.LF)) {
                        projectAccessInput.message += StringUtils.LF;
                    }
                    create.setMessage(projectAccessInput.message);
                }
                read.commit(create);
                this.projectCache.evict(read.getProject());
                if (create != null) {
                    if (0 != 0) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        create.close();
                    }
                }
                return this.getAccess.apply(projectResource.getNameKey());
            } finally {
            }
        } catch (InvalidNameException e2) {
            throw new BadRequestException(e2.toString());
        } catch (ConfigInvalidException e3) {
            throw new ResourceConflictException(projectResource.getName());
        }
    }

    private List<AccessSection> getAccessSections(Map<String, AccessSectionInfo> map) throws UnprocessableEntityException {
        if (map == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(map.size());
        for (Map.Entry<String, AccessSectionInfo> entry : map.entrySet()) {
            AccessSection accessSection = new AccessSection(entry.getKey());
            if (entry.getValue().permissions != null) {
                for (Map.Entry<String, PermissionInfo> entry2 : entry.getValue().permissions.entrySet()) {
                    Permission permission = new Permission(entry2.getKey());
                    if (entry2.getValue().exclusive != null) {
                        permission.setExclusiveGroup(entry2.getValue().exclusive);
                    }
                    if (entry2.getValue().rules != null) {
                        for (Map.Entry<String, PermissionRuleInfo> entry3 : entry2.getValue().rules.entrySet()) {
                            PermissionRuleInfo value = entry3.getValue();
                            GroupDescription.Basic parseId = this.groupsCollection.parseId(entry3.getKey());
                            if (parseId == null) {
                                throw new UnprocessableEntityException(entry3.getKey() + " is not a valid group ID");
                            }
                            PermissionRule permissionRule = new PermissionRule(GroupReference.forGroup(parseId));
                            if (value != null) {
                                if (value.max != null) {
                                    permissionRule.setMax(value.max);
                                }
                                if (value.min != null) {
                                    permissionRule.setMin(value.min);
                                }
                                permissionRule.setAction(GetAccess.ACTION_TYPE.inverse().get(value.action));
                                if (value.force != null) {
                                    permissionRule.setForce(value.force);
                                }
                            }
                            permission.add(permissionRule);
                        }
                        accessSection.getPermissions().add(permission);
                    }
                }
                arrayList.add(accessSection);
            }
        }
        return arrayList;
    }

    private void checkGlobalCapabilityPermissions(Project.NameKey nameKey) throws BadRequestException, AuthException {
        if (!this.allProjects.equals(nameKey)) {
            throw new BadRequestException("Cannot edit global capabilities for projects other than " + this.allProjects.get());
        }
        if (!this.identifiedUser.get().getCapabilities().canAdministrateServer()) {
            throw new AuthException("Editing global capabilities requires administrateServer");
        }
    }
}
