package com.atlassian.servicedesk.internal.permission.security.type;

import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.pocketknife.api.commons.error.AnError;
import com.atlassian.servicedesk.api.ServiceDesk;
import com.atlassian.servicedesk.api.customer.CustomerContextService;
import com.atlassian.servicedesk.api.user.CheckedUser;
import com.atlassian.servicedesk.internal.api.featureflag.ServiceDeskFeatureFlags;
import com.atlassian.servicedesk.internal.api.user.UserFactoryOld;
import com.atlassian.servicedesk.internal.feature.organization.member.CustomerOrganizationMemberManager;
import com.atlassian.servicedesk.internal.feature.servicedesk.InternalServiceDeskAccessManager;
import com.atlassian.servicedesk.internal.feature.servicedesk.ServiceDeskInternalManager;
import com.atlassian.servicedesk.internal.permission.security.RequestAccessUserStrategyManager;
import com.atlassian.servicedesk.internal.user.permission.roles.ServiceDeskJiraRoleManager;
import com.atlassian.servicedesk.internal.user.permission.roles.ServiceDeskProjectRole;
import com.atlassian.servicedesk.internal.utils.context.ServiceDeskOutsideCustomerPermissionContext;
import io.atlassian.fugue.Either;
import io.atlassian.fugue.Suppliers;
import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/servicedesk/internal/permission/security/type/CustomerPortalOnlyPermissionChecker.class */
public class CustomerPortalOnlyPermissionChecker {
    private static final Logger log = LoggerFactory.getLogger(CustomerPortalOnlyPermissionChecker.class);
    private final UserFactoryOld userFactoryOld;
    private final ServiceDeskJiraRoleManager serviceDeskJIRARoleManager;
    private final ServiceDeskInternalManager serviceDeskManager;
    private final InternalServiceDeskAccessManager internalServiceDeskAccessManager;
    private final RequestAccessUserStrategyManager requestAccessUserStrategyManager;
    private final CustomerContextService customerContextService;
    private final CustomerOrganizationMemberManager customerOrganizationMemberManager;
    private final UserManager userManager;
    private final ServiceDeskOutsideCustomerPermissionContext serviceDeskOutsideCustomerPermissionContext;
    private final FeatureManager featureManager;

    @Autowired
    public CustomerPortalOnlyPermissionChecker(CustomerContextService customerContextService, UserFactoryOld userFactoryOld, ServiceDeskJiraRoleManager serviceDeskJiraRoleManager, ServiceDeskInternalManager serviceDeskInternalManager, InternalServiceDeskAccessManager internalServiceDeskAccessManager, RequestAccessUserStrategyManager requestAccessUserStrategyManager, CustomerOrganizationMemberManager customerOrganizationMemberManager, UserManager userManager, ServiceDeskOutsideCustomerPermissionContext serviceDeskOutsideCustomerPermissionContext, FeatureManager featureManager) {
        this.customerContextService = customerContextService;
        this.userFactoryOld = userFactoryOld;
        this.serviceDeskJIRARoleManager = serviceDeskJiraRoleManager;
        this.serviceDeskManager = serviceDeskInternalManager;
        this.internalServiceDeskAccessManager = internalServiceDeskAccessManager;
        this.requestAccessUserStrategyManager = requestAccessUserStrategyManager;
        this.customerOrganizationMemberManager = customerOrganizationMemberManager;
        this.userManager = userManager;
        this.serviceDeskOutsideCustomerPermissionContext = serviceDeskOutsideCustomerPermissionContext;
        this.featureManager = featureManager;
    }

    public Set<ApplicationUser> getCustomerPortalOnlyPermissionUsers(Project project) {
        if (this.featureManager.isEnabled(ServiceDeskFeatureFlags.USE_SEARCH_BY_PERMISSIONS) && this.customerContextService.isInCustomerContext()) {
            if (!isOpenAccess(project)) {
                return (Set) Stream.concat(this.serviceDeskJIRARoleManager.getAllUsersInRole(project, ServiceDeskProjectRole.CUSTOMER).stream(), getOrganizationMembersForProject(project)).collect(Collectors.toSet());
            }
            log.warn("This call is going to return all users on your instance. Better to check if service project is open access first, and avoid this call. Use debug logging to see this call stack");
            log.debug("Current call stack that is asking to return all users on your instance", new Exception());
            return this.userManager.getAllUsers();
        }
        return Collections.emptySet();
    }

    public boolean hasCustomerPortalOnlyPermission(ApplicationUser applicationUser, Issue issue) {
        return hasCustomerPortalOnlyPermissionForIssue(applicationUser, issue);
    }

    public boolean hasCustomerPortalOnlyPermission(ApplicationUser applicationUser, Project project) {
        return hasCustomerPortalOnlyPermissionForProject(applicationUser, project);
    }

    private boolean hasCustomerPortalOnlyPermissionForIssue(ApplicationUser applicationUser, Issue issue) {
        return hasCustomerPortalOnlyPermissionForProject(applicationUser, issue.getProjectObject()) && this.requestAccessUserStrategyManager.match(applicationUser, issue);
    }

    private boolean hasCustomerPortalOnlyPermissionForProject(ApplicationUser applicationUser, Project project) {
        return ((Boolean) this.userFactoryOld.wrap(applicationUser).map(checkedUser -> {
            return Boolean.valueOf(this.customerContextService.isInCustomerContext() && allowUserToAccessPortal(checkedUser, project));
        }).getOr(Suppliers.alwaysFalse())).booleanValue();
    }

    private boolean allowUserToAccessPortal(CheckedUser checkedUser, Project project) {
        return isOpenAccess(project) || this.serviceDeskJIRARoleManager.isUserInRole(checkedUser, project, ServiceDeskProjectRole.CUSTOMER) || isMemberOfAnyOrganisationsInProject(checkedUser, project) || this.serviceDeskOutsideCustomerPermissionContext.isInProjectOutsideCustomerContext(checkedUser, project);
    }

    private boolean isOpenAccess(Project project) {
        Either<AnError, ServiceDesk> serviceDesk = this.serviceDeskManager.getServiceDesk(project, false);
        InternalServiceDeskAccessManager internalServiceDeskAccessManager = this.internalServiceDeskAccessManager;
        internalServiceDeskAccessManager.getClass();
        return serviceDesk.exists(internalServiceDeskAccessManager::isOpenAccess);
    }

    private boolean isMemberOfAnyOrganisationsInProject(CheckedUser checkedUser, Project project) {
        return this.customerOrganizationMemberManager.isMemberOfAnyOrganizationsInProject(checkedUser, project);
    }

    private Stream<ApplicationUser> getOrganizationMembersForProject(Project project) {
        return this.customerOrganizationMemberManager.getOrganizationMembersForProject(project).stream();
    }
}
