package com.google.gerrit.server.restapi.project;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.UnmodifiableIterator;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.entities.AccessSection;
import com.google.gerrit.entities.GroupDescription;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.entities.LabelType;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.PermissionRule;
import com.google.gerrit.entities.Project;
import com.google.gerrit.exceptions.InvalidNameException;
import com.google.gerrit.extensions.api.access.AccessSectionInfo;
import com.google.gerrit.extensions.api.access.PermissionInfo;
import com.google.gerrit.extensions.api.access.PermissionRuleInfo;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.group.GroupResolver;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.PluginPermissionsUtil;
import com.google.gerrit.server.project.ProjectConfig;
import com.google.gerrit.server.project.RefPattern;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

@Singleton
/* loaded from: input_file:com/google/gerrit/server/restapi/project/SetAccessUtil.class */
public class SetAccessUtil {
    private final GroupResolver groupResolver;
    private final AllProjectsName allProjects;
    private final Provider<SetParent> setParent;
    private final PluginPermissionsUtil pluginPermissionsUtil;

    @Inject
    private SetAccessUtil(GroupResolver groupResolver, AllProjectsName allProjectsName, Provider<SetParent> provider, PluginPermissionsUtil pluginPermissionsUtil) {
        this.groupResolver = groupResolver;
        this.allProjects = allProjectsName;
        this.setParent = provider;
        this.pluginPermissionsUtil = pluginPermissionsUtil;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ImmutableList<AccessSection> getAccessSections(Map<String, AccessSectionInfo> map) throws UnprocessableEntityException {
        if (map == null) {
            return ImmutableList.of();
        }
        ImmutableList.Builder builderWithExpectedSize = ImmutableList.builderWithExpectedSize(map.size());
        for (Map.Entry<String, AccessSectionInfo> entry : map.entrySet()) {
            if (entry.getValue().permissions != null) {
                AccessSection.Builder builder = AccessSection.builder(entry.getKey());
                for (Map.Entry<String, PermissionInfo> entry2 : entry.getValue().permissions.entrySet()) {
                    if (entry2.getValue().rules != null) {
                        Permission.Builder builder2 = Permission.builder(entry2.getKey());
                        if (entry2.getValue().exclusive != null) {
                            builder2.setExclusiveGroup(entry2.getValue().exclusive.booleanValue());
                        }
                        for (Map.Entry<String, PermissionRuleInfo> entry3 : entry2.getValue().rules.entrySet()) {
                            GroupDescription.Basic parseId = this.groupResolver.parseId(entry3.getKey());
                            if (parseId == null) {
                                throw new UnprocessableEntityException(entry3.getKey() + " is not a valid group ID");
                            }
                            PermissionRuleInfo value = entry3.getValue();
                            PermissionRule.Builder builder3 = PermissionRule.builder(GroupReference.forGroup(parseId));
                            if (value != null) {
                                if (value.max != null) {
                                    builder3.setMax(value.max.intValue());
                                }
                                if (value.min != null) {
                                    builder3.setMin(value.min.intValue());
                                }
                                if (value.action != null) {
                                    builder3.setAction(GetAccess.ACTION_TYPE.inverse().get(value.action));
                                }
                                if (value.force != null) {
                                    builder3.setForce(value.force.booleanValue());
                                }
                            }
                            builder2.add(builder3);
                        }
                        builder.addPermission(builder2);
                    }
                }
                builderWithExpectedSize.add((ImmutableList.Builder) builder.build());
            }
        }
        return builderWithExpectedSize.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateChanges(ProjectConfig projectConfig, List<AccessSection> list, List<AccessSection> list2) throws BadRequestException, InvalidNameException {
        Iterator it = Iterables.concat(list2, list).iterator();
        while (it.hasNext()) {
            if (AccessSection.GLOBAL_CAPABILITIES.equals(((AccessSection) it.next()).getName()) && !this.allProjects.equals(projectConfig.getName())) {
                throw new BadRequestException("Cannot edit global capabilities for projects other than " + this.allProjects.get());
            }
        }
        for (AccessSection accessSection : list2) {
            String name = accessSection.getName();
            if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
                UnmodifiableIterator<Permission> it2 = accessSection.getPermissions().iterator();
                while (it2.hasNext()) {
                    Permission next = it2.next();
                    if (!isCapability(next.getName())) {
                        throw new BadRequestException("Unknown global capability: " + next.getName());
                    }
                }
            } else {
                if (!AccessSection.isValidRefSectionName(name)) {
                    throw new BadRequestException("invalid section name");
                }
                RefPattern.validate(name);
                UnmodifiableIterator<Permission> it3 = accessSection.getPermissions().iterator();
                while (it3.hasNext()) {
                    Permission next2 = it3.next();
                    if (!isPermission(next2.getName())) {
                        throw new BadRequestException("Unknown permission: " + next2.getName());
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void applyChanges(ProjectConfig projectConfig, List<AccessSection> list, List<AccessSection> list2) {
        for (AccessSection accessSection : list) {
            if (accessSection.getPermissions().isEmpty()) {
                projectConfig.remove(projectConfig.getAccessSection(accessSection.getName()));
            } else {
                UnmodifiableIterator<Permission> it = accessSection.getPermissions().iterator();
                while (it.hasNext()) {
                    Permission next = it.next();
                    if (next.getRules().isEmpty()) {
                        projectConfig.remove(projectConfig.getAccessSection(accessSection.getName()), next);
                    } else {
                        UnmodifiableIterator<PermissionRule> it2 = next.getRules().iterator();
                        while (it2.hasNext()) {
                            projectConfig.remove(projectConfig.getAccessSection(accessSection.getName()), next, it2.next());
                        }
                    }
                }
            }
        }
        for (AccessSection accessSection2 : list2) {
            projectConfig.upsertAccessSection(accessSection2.getName(), builder -> {
                UnmodifiableIterator<Permission> it3 = accessSection2.getPermissions().iterator();
                while (it3.hasNext()) {
                    Permission next2 = it3.next();
                    if (builder.build().getPermission(next2.getName()) == null) {
                        builder.addPermission(next2.toBuilder());
                    } else {
                        UnmodifiableIterator<PermissionRule> it4 = next2.getRules().iterator();
                        while (it4.hasNext()) {
                            builder.upsertPermission(next2.getName()).add(it4.next().toBuilder());
                        }
                    }
                }
            });
        }
    }

    public void setParentName(IdentifiedUser identifiedUser, ProjectConfig projectConfig, Project.NameKey nameKey, Project.NameKey nameKey2, boolean z) throws ResourceConflictException, AuthException, PermissionBackendException, BadRequestException {
        if (nameKey2 == null || projectConfig.getProject().getNameKey().equals(this.allProjects) || projectConfig.getProject().getParent(this.allProjects).equals(nameKey2)) {
            return;
        }
        try {
            this.setParent.get().validateParentUpdate(nameKey, identifiedUser, nameKey2.get(), z);
            projectConfig.updateProject(builder -> {
                builder.setParent(nameKey2);
            });
        } catch (UnprocessableEntityException e) {
            throw new ResourceConflictException(e.getMessage(), e);
        }
    }

    private boolean isPermission(String str) {
        if (!Permission.isPermission(str)) {
            return this.pluginPermissionsUtil.collectPluginProjectPermissions().keySet().contains(str);
        }
        if (!Permission.isLabel(str) && !Permission.isLabelAs(str)) {
            return true;
        }
        try {
            LabelType.checkName(Permission.extractLabel(str));
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private boolean isCapability(String str) {
        if (GlobalCapability.isGlobalCapability(str)) {
            return true;
        }
        return this.pluginPermissionsUtil.collectPluginCapabilities().keySet().contains(str);
    }
}
