package com.google.gerrit.server.permissions;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.gerrit.entities.Account;
import com.google.gerrit.entities.Change;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.PermissionRange;
import com.google.gerrit.exceptions.StorageException;
import com.google.gerrit.extensions.conditions.BooleanCondition;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.LabelPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendCondition;
import com.google.gerrit.server.query.change.ChangeData;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Map;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/google/gerrit/server/permissions/ChangeControl.class */
public class ChangeControl {
    private final RefControl refControl;
    private final ChangeData changeData;

    /* loaded from: input_file:com/google/gerrit/server/permissions/ChangeControl$ForChangeImpl.class */
    private class ForChangeImpl extends PermissionBackend.ForChange {
        private Map<String, PermissionRange> labels;
        private String resourcePath;

        private ForChangeImpl() {
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForChange
        public String resourcePath() {
            if (this.resourcePath == null) {
                this.resourcePath = String.format("/projects/%s/+changes/%s", ChangeControl.this.getProjectControl().getProjectState().getName(), Integer.valueOf(ChangeControl.this.changeData.getId().get()));
            }
            return this.resourcePath;
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForChange
        public void check(ChangePermissionOrLabel changePermissionOrLabel) throws AuthException, PermissionBackendException {
            if (!can(changePermissionOrLabel)) {
                throw new AuthException(changePermissionOrLabel.describeForException() + " not permitted");
            }
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForChange
        public <T extends ChangePermissionOrLabel> Set<T> test(Collection<T> collection) throws PermissionBackendException {
            Set<T> newSet = ChangeControl.newSet(collection);
            for (T t : collection) {
                if (can(t)) {
                    newSet.add(t);
                }
            }
            return newSet;
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForChange
        public BooleanCondition testCond(ChangePermissionOrLabel changePermissionOrLabel) {
            return new PermissionBackendCondition.ForChange(this, changePermissionOrLabel, ChangeControl.this.getUser());
        }

        private boolean can(ChangePermissionOrLabel changePermissionOrLabel) throws PermissionBackendException {
            if (changePermissionOrLabel instanceof ChangePermission) {
                return can((ChangePermission) changePermissionOrLabel);
            }
            if (changePermissionOrLabel instanceof LabelPermission) {
                return can((LabelPermission) changePermissionOrLabel);
            }
            if (changePermissionOrLabel instanceof LabelPermission.WithValue) {
                return can((LabelPermission.WithValue) changePermissionOrLabel);
            }
            throw new PermissionBackendException(changePermissionOrLabel + " unsupported");
        }

        private boolean can(ChangePermission changePermission) throws PermissionBackendException {
            try {
                switch (changePermission) {
                    case READ:
                        return ChangeControl.this.isVisible();
                    case ABANDON:
                        return ChangeControl.this.canAbandon();
                    case DELETE:
                        return ChangeControl.this.getProjectControl().isAdmin() || ChangeControl.this.refControl.canDeleteChanges(ChangeControl.this.isOwner());
                    case ADD_PATCH_SET:
                        return ChangeControl.this.canAddPatchSet();
                    case EDIT_ASSIGNEE:
                        return ChangeControl.this.canEditAssignee();
                    case EDIT_DESCRIPTION:
                        return ChangeControl.this.canEditDescription();
                    case EDIT_HASHTAGS:
                        return ChangeControl.this.canEditHashtags();
                    case EDIT_TOPIC_NAME:
                        return ChangeControl.this.canEditTopicName();
                    case REBASE:
                        return ChangeControl.this.canRebase();
                    case RESTORE:
                        return ChangeControl.this.canRestore();
                    case REVERT:
                        return ChangeControl.this.canRevert();
                    case SUBMIT:
                        return ChangeControl.this.refControl.canSubmit(ChangeControl.this.isOwner());
                    case TOGGLE_WORK_IN_PROGRESS_STATE:
                        return ChangeControl.this.canToggleWorkInProgressState();
                    case REMOVE_REVIEWER:
                    case SUBMIT_AS:
                        return ChangeControl.this.refControl.canPerform(ChangeControl.changePermissionName(changePermission));
                    default:
                        throw new PermissionBackendException(changePermission + " unsupported");
                }
            } catch (StorageException e) {
                throw new PermissionBackendException("unavailable", e);
            }
        }

        private boolean can(LabelPermission labelPermission) {
            return !label(DefaultPermissionMappings.labelPermissionName(labelPermission)).isEmpty();
        }

        private boolean can(LabelPermission.WithValue withValue) {
            PermissionRange label = label(DefaultPermissionMappings.labelPermissionName(withValue));
            if (withValue.forUser() == LabelPermission.ForUser.ON_BEHALF_OF && label.isEmpty()) {
                return false;
            }
            return label.contains(withValue.value());
        }

        private PermissionRange label(String str) {
            if (this.labels == null) {
                this.labels = Maps.newHashMapWithExpectedSize(4);
            }
            PermissionRange permissionRange = this.labels.get(str);
            if (permissionRange == null) {
                permissionRange = ChangeControl.this.getRange(str);
                this.labels.put(str, permissionRange);
            }
            return permissionRange;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ChangeControl(RefControl refControl, ChangeData changeData) {
        this.refControl = refControl;
        this.changeData = changeData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionBackend.ForChange asForChange() {
        return new ForChangeImpl();
    }

    private CurrentUser getUser() {
        return this.refControl.getUser();
    }

    private ProjectControl getProjectControl() {
        return this.refControl.getProjectControl();
    }

    private Change getChange() {
        return this.changeData.change();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isVisible() {
        if (!getChange().isPrivate() || isPrivateVisible(this.changeData)) {
            return this.refControl.asForRef().testOrFalse(RefPermission.READ);
        }
        return false;
    }

    private boolean canAbandon() {
        return isOwner() || this.refControl.isOwner() || getProjectControl().isOwner() || this.refControl.canPerform(Permission.ABANDON) || getProjectControl().isAdmin();
    }

    private boolean canRebase() {
        return (isOwner() || this.refControl.canSubmit(isOwner()) || this.refControl.canRebase()) && this.refControl.asForRef().testOrFalse(RefPermission.CREATE_CHANGE);
    }

    private boolean canRestore() {
        return canAbandon() && this.refControl.asForRef().testOrFalse(RefPermission.CREATE_CHANGE);
    }

    private boolean canRevert() {
        return this.refControl.canRevert() && this.refControl.asForRef().testOrFalse(RefPermission.CREATE_CHANGE);
    }

    private PermissionRange getRange(String str) {
        return this.refControl.getRange(str, isOwner());
    }

    private boolean canAddPatchSet() {
        if (!this.refControl.asForRef().testOrFalse(RefPermission.CREATE_CHANGE)) {
            return false;
        }
        if (isOwner()) {
            return true;
        }
        return this.refControl.canAddPatchSet();
    }

    private boolean isOwner() {
        if (getUser().isIdentifiedUser()) {
            return getUser().asIdentifiedUser().getAccountId().equals(getChange().getOwner());
        }
        return false;
    }

    private boolean isAssignee() {
        Account.Id assignee = getChange().getAssignee();
        if (assignee == null || !getUser().isIdentifiedUser()) {
            return false;
        }
        return getUser().getAccountId().equals(assignee);
    }

    private boolean isReviewer(ChangeData changeData) {
        if (getUser().isIdentifiedUser()) {
            return changeData.reviewers().all().contains(getUser().getAccountId());
        }
        return false;
    }

    private boolean canEditTopicName() {
        return getChange().isNew() ? isOwner() || this.refControl.isOwner() || getProjectControl().isOwner() || this.refControl.canPerform(Permission.EDIT_TOPIC_NAME) || getProjectControl().isAdmin() : this.refControl.canForceEditTopicName();
    }

    private boolean canToggleWorkInProgressState() {
        return isOwner() || getProjectControl().isOwner() || this.refControl.canPerform(Permission.TOGGLE_WORK_IN_PROGRESS_STATE) || getProjectControl().isAdmin();
    }

    private boolean canEditDescription() {
        if (getChange().isNew()) {
            return isOwner() || this.refControl.isOwner() || getProjectControl().isOwner() || getProjectControl().isAdmin();
        }
        return false;
    }

    private boolean canEditAssignee() {
        return isOwner() || getProjectControl().isOwner() || this.refControl.canPerform(Permission.EDIT_ASSIGNEE) || isAssignee();
    }

    private boolean canEditHashtags() {
        return isOwner() || this.refControl.isOwner() || getProjectControl().isOwner() || this.refControl.canPerform(Permission.EDIT_HASHTAGS) || getProjectControl().isAdmin();
    }

    private boolean isPrivateVisible(ChangeData changeData) {
        return isOwner() || isReviewer(changeData) || this.refControl.canPerform(Permission.VIEW_PRIVATE_CHANGES) || getUser().isInternalUser();
    }

    private static <T extends ChangePermissionOrLabel> Set<T> newSet(Collection<T> collection) {
        if (!(collection instanceof EnumSet)) {
            return Sets.newHashSetWithExpectedSize(collection.size());
        }
        EnumSet clone = ((EnumSet) collection).clone();
        clone.clear();
        return clone;
    }

    private static String changePermissionName(ChangePermission changePermission) {
        return DefaultPermissionMappings.changePermissionName(changePermission).orElseThrow(() -> {
            return new IllegalStateException("no name for " + changePermission);
        });
    }
}
