package com.google.gerrit.server.project;

import com.google.common.collect.Iterables;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.GroupDescription;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.errors.InvalidNameException;
import com.google.gerrit.extensions.api.access.AccessSectionInfo;
import com.google.gerrit.extensions.api.access.PermissionInfo;
import com.google.gerrit.extensions.api.access.PermissionRuleInfo;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.GroupsCollection;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

@Singleton
/* loaded from: input_file:com/google/gerrit/server/project/SetAccessUtil.class */
public class SetAccessUtil {
    private final GroupsCollection groupsCollection;
    private final AllProjectsName allProjects;
    private final Provider<SetParent> setParent;

    @Inject
    private SetAccessUtil(GroupsCollection groupsCollection, AllProjectsName allProjectsName, Provider<SetParent> provider) {
        this.groupsCollection = groupsCollection;
        this.allProjects = allProjectsName;
        this.setParent = provider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<AccessSection> getAccessSections(Map<String, AccessSectionInfo> map) throws UnprocessableEntityException {
        if (map == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(map.size());
        for (Map.Entry<String, AccessSectionInfo> entry : map.entrySet()) {
            if (entry.getValue().permissions != null) {
                AccessSection accessSection = new AccessSection(entry.getKey());
                for (Map.Entry<String, PermissionInfo> entry2 : entry.getValue().permissions.entrySet()) {
                    if (entry2.getValue().rules != null) {
                        Permission permission = new Permission(entry2.getKey());
                        if (entry2.getValue().exclusive != null) {
                            permission.setExclusiveGroup(entry2.getValue().exclusive);
                        }
                        for (Map.Entry<String, PermissionRuleInfo> entry3 : entry2.getValue().rules.entrySet()) {
                            GroupDescription.Basic parseId = this.groupsCollection.parseId(entry3.getKey());
                            if (parseId == null) {
                                throw new UnprocessableEntityException(entry3.getKey() + " is not a valid group ID");
                            }
                            PermissionRuleInfo value = entry3.getValue();
                            PermissionRule permissionRule = new PermissionRule(GroupReference.forGroup(parseId));
                            if (value != null) {
                                if (value.max != null) {
                                    permissionRule.setMax(value.max);
                                }
                                if (value.min != null) {
                                    permissionRule.setMin(value.min);
                                }
                                if (value.action != null) {
                                    permissionRule.setAction(GetAccess.ACTION_TYPE.inverse().get(value.action));
                                }
                                if (value.force != null) {
                                    permissionRule.setForce(value.force);
                                }
                            }
                            permission.add(permissionRule);
                        }
                        accessSection.getPermissions().add(permission);
                    }
                }
                arrayList.add(accessSection);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateChanges(ProjectConfig projectConfig, List<AccessSection> list, List<AccessSection> list2) throws BadRequestException, InvalidNameException {
        Iterator it = Iterables.concat(list2, list).iterator();
        while (it.hasNext()) {
            if (AccessSection.GLOBAL_CAPABILITIES.equals(((AccessSection) it.next()).getName()) && !this.allProjects.equals(projectConfig.getName())) {
                throw new BadRequestException("Cannot edit global capabilities for projects other than " + this.allProjects.get());
            }
        }
        for (AccessSection accessSection : list2) {
            String name = accessSection.getName();
            if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
                for (Permission permission : accessSection.getPermissions()) {
                    if (!GlobalCapability.isCapability(permission.getName())) {
                        throw new BadRequestException("Cannot add non-global capability " + permission.getName() + " to global capabilities");
                    }
                }
            } else {
                if (!AccessSection.isValid(name)) {
                    throw new BadRequestException("invalid section name");
                }
                RefPattern.validate(name);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void applyChanges(ProjectConfig projectConfig, List<AccessSection> list, List<AccessSection> list2) {
        for (AccessSection accessSection : list) {
            if (accessSection.getPermissions().isEmpty()) {
                projectConfig.remove(projectConfig.getAccessSection(accessSection.getName()));
            } else {
                for (Permission permission : accessSection.getPermissions()) {
                    if (permission.getRules().isEmpty()) {
                        projectConfig.remove(projectConfig.getAccessSection(accessSection.getName()), permission);
                    } else {
                        Iterator<PermissionRule> it = permission.getRules().iterator();
                        while (it.hasNext()) {
                            projectConfig.remove(projectConfig.getAccessSection(accessSection.getName()), permission, it.next());
                        }
                    }
                }
            }
        }
        for (AccessSection accessSection2 : list2) {
            AccessSection accessSection3 = projectConfig.getAccessSection(accessSection2.getName());
            if (accessSection3 == null) {
                projectConfig.replace(accessSection2);
            } else {
                for (Permission permission2 : accessSection2.getPermissions()) {
                    Permission permission3 = accessSection3.getPermission(permission2.getName());
                    if (permission3 == null) {
                        accessSection3.addPermission(permission2);
                    } else {
                        Iterator<PermissionRule> it2 = permission2.getRules().iterator();
                        while (it2.hasNext()) {
                            permission3.add(it2.next());
                        }
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setParentName(IdentifiedUser identifiedUser, ProjectConfig projectConfig, Project.NameKey nameKey, Project.NameKey nameKey2, boolean z) throws ResourceConflictException, AuthException, PermissionBackendException {
        if (nameKey2 == null || projectConfig.getProject().getNameKey().equals(this.allProjects) || projectConfig.getProject().getParent(this.allProjects).equals(nameKey2)) {
            return;
        }
        try {
            this.setParent.get().validateParentUpdate(nameKey, identifiedUser, nameKey2.get(), z);
            projectConfig.getProject().setParentName(nameKey2);
        } catch (UnprocessableEntityException e) {
            throw new ResourceConflictException(e.getMessage(), e);
        }
    }
}
