package com.atlassian.servicedesk.internal.user.permission;

import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.bc.JiraServiceContextImpl;
import com.atlassian.jira.bc.issue.attachment.AttachmentService;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsService;
import com.atlassian.servicedesk.api.ServiceDesk;
import com.atlassian.servicedesk.api.customer.CustomerContextService;
import com.atlassian.servicedesk.api.user.SDUser;
import com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService;
import com.atlassian.servicedesk.internal.featureflag.SDFeatureFlags;
import com.atlassian.servicedesk.internal.permission.ServiceDeskProjectPermissionKeys;
import com.atlassian.servicedesk.internal.permission.security.RequestAccessUserStrategyManager;
import com.atlassian.servicedesk.internal.user.license.ServiceDeskUserLicenseService;
import io.atlassian.fugue.Option;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@ExportAsService
@Component
/* loaded from: input_file:com/atlassian/servicedesk/internal/user/permission/ServiceDeskLicenseAndPermissionServiceImpl.class */
public class ServiceDeskLicenseAndPermissionServiceImpl implements ServiceDeskLicenseAndPermissionService {
    private static final Logger LOGGER = LoggerFactory.getLogger(ServiceDeskLicenseAndPermissionServiceImpl.class);
    private final ApplicationRoleManager applicationRoleManager;
    private final AttachmentService attachmentService;
    private final CustomerContextService customerContextService;
    private final GlobalPermissionManager globalPermissionManager;
    private final PermissionManager jiraPermissionManager;
    private final RequestAccessUserStrategyManager requestAccessUserStrategyManager;
    private final ServiceDeskUserLicenseService sdUserLicenseService;
    private final FeatureManager featureManager;
    private final ProjectManager projectManager;

    @Autowired
    public ServiceDeskLicenseAndPermissionServiceImpl(ApplicationRoleManager applicationRoleManager, AttachmentService attachmentService, CustomerContextService customerContextService, GlobalPermissionManager globalPermissionManager, PermissionManager permissionManager, RequestAccessUserStrategyManager requestAccessUserStrategyManager, ServiceDeskUserLicenseService serviceDeskUserLicenseService, FeatureManager featureManager, ProjectManager projectManager) {
        this.applicationRoleManager = applicationRoleManager;
        this.attachmentService = attachmentService;
        this.customerContextService = customerContextService;
        this.globalPermissionManager = globalPermissionManager;
        this.jiraPermissionManager = permissionManager;
        this.requestAccessUserStrategyManager = requestAccessUserStrategyManager;
        this.sdUserLicenseService = serviceDeskUserLicenseService;
        this.featureManager = featureManager;
        this.projectManager = projectManager;
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canAdministerJIRA(SDUser sDUser) {
        return hasJiraAdministerAccess(sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canAdministerJIRA(ApplicationUser applicationUser) {
        return hasJiraAdministerAccess(applicationUser);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean hasValidAgentLicense(SDUser sDUser) {
        return this.sdUserLicenseService.hasValidAgentLicense(sDUser);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canAccessJIRA(SDUser sDUser) {
        return this.applicationRoleManager.hasAnyRole(sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewAgentView(SDUser sDUser, Project project) {
        return this.sdUserLicenseService.hasValidAgentLicense(sDUser) && hasAgentAccess(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewAgentView(SDUser sDUser, Issue issue) {
        return this.sdUserLicenseService.hasValidAgentLicense(sDUser) && hasAgentAccess(sDUser, issue);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewProject(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewPortal(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewServiceDesk(SDUser sDUser, Project project) {
        return (hasAgentAccess(sDUser, project) || canViewPortal(sDUser, project)) && (this.customerContextService.isInCustomerContext() || isLicensedCollaborator(sDUser));
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canAdministerServiceDesk(SDUser sDUser, Project project) {
        return this.sdUserLicenseService.hasValidAgentLicense(sDUser) && hasAgentAccess(sDUser, project) && hasProjectAdminPermissionOnProject(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean isProjectAdmin(ApplicationUser applicationUser, ServiceDesk serviceDesk) {
        Project projectObj = this.projectManager.getProjectObj(Long.valueOf(serviceDesk.getProjectId()));
        if (projectObj != null) {
            return this.jiraPermissionManager.hasPermission(ProjectPermissions.ADMINISTER_PROJECTS, projectObj, applicationUser);
        }
        LOGGER.warn("This service project isn't linked to any project. Maybe the data is inconsistent ?");
        return false;
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canAdministerSomeProject(ApplicationUser applicationUser) {
        return !this.jiraPermissionManager.getProjects(ProjectPermissions.ADMINISTER_PROJECTS, applicationUser).isEmpty();
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canBrowseSomeProject(ApplicationUser applicationUser) {
        return !this.jiraPermissionManager.getProjects(ProjectPermissions.BROWSE_PROJECTS, applicationUser).isEmpty();
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean isBrowseEnabledForAnonymous(Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, (ApplicationUser) null);
    }

    private boolean hasProjectAdminPermissionOnProject(SDUser sDUser, Project project) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, sDUser.forJIRA()) || this.jiraPermissionManager.hasPermission(ProjectPermissions.ADMINISTER_PROJECTS, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canEnableAndDisableServiceDesk(SDUser sDUser, Project project) {
        return canAdministerJIRA(sDUser) || hasProjectAdmin(sDUser, project);
    }

    private boolean hasProjectAdmin(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.ADMINISTER_PROJECTS, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canManageLicenses(SDUser sDUser) {
        return hasSiteAdministerAccess(sDUser);
    }

    private boolean hasJiraAdministerAccess(ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, applicationUser);
    }

    private boolean hasSiteAdministerAccess(SDUser sDUser) {
        return hasJiraAdministerAccess(sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean hasSystemAdminAccess(SDUser sDUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canBrowseAndEdit(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, sDUser.forJIRA()) && this.jiraPermissionManager.hasPermission(ProjectPermissions.EDIT_ISSUES, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewRequestInPortal(SDUser sDUser, Issue issue) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, issue, sDUser.forJIRA()) && (userIsCustomerOfIssue(sDUser, issue) || userIsAgentOfIssue(sDUser, issue));
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canCreateRequest(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.CREATE_ISSUES, project, sDUser.forJIRA()) && canViewPortal(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canCreateComment(SDUser sDUser, Issue issue) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.ADD_COMMENTS, issue, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canCreateInternalComment(SDUser sDUser, Issue issue) {
        return ((Boolean) this.customerContextService.runOutOfCustomerContext(() -> {
            return Boolean.valueOf(canCreateComment(sDUser, issue) && (canViewAgentView(sDUser, issue) || (isLicensedCollaborator(sDUser) && canViewIssue(sDUser, issue))));
        })).booleanValue();
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canCreatePublicComment(SDUser sDUser, Issue issue) {
        return canCreateComment(sDUser, issue) && (canViewAgentView(sDUser, issue) || (this.customerContextService.isInCustomerContext() && userIsCustomerOfIssue(sDUser, issue)));
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewInternalComment(SDUser sDUser, Issue issue) {
        return ((Boolean) this.customerContextService.runOutOfCustomerContext(() -> {
            return Boolean.valueOf(isLicensedCollaborator(sDUser) && canViewIssue(sDUser, issue));
        })).booleanValue();
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canModifyReporter(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.MODIFY_REPORTER, project, sDUser.forJIRA()) && canViewAgentView(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canUpdateRequest(SDUser sDUser, Project project) {
        return canViewAgentView(sDUser, project) && this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, sDUser.forJIRA()) && this.jiraPermissionManager.hasPermission(ProjectPermissions.EDIT_ISSUES, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canManageAgents(SDUser sDUser, Project project) {
        return canAdministerJIRA(sDUser) || canAdministerServiceDesk(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean isIssueOwner(SDUser sDUser, Issue issue) {
        return userIsCustomerOfIssue(sDUser, issue);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewAttachment(SDUser sDUser, Issue issue) {
        return canViewIssue(sDUser, issue);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canCreateAttachment(SDUser sDUser, Issue issue) {
        return this.attachmentService.canCreateAttachments(new JiraServiceContextImpl(sDUser.forJIRA()), issue);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canCreateAttachment(SDUser sDUser, Project project) {
        return this.attachmentService.canCreateAttachments(new JiraServiceContextImpl(sDUser.forJIRA()), project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canEditDueDate(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.SCHEDULE_ISSUES, project, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewDueDate(SDUser sDUser, Issue issue) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.SCHEDULE_ISSUES, issue, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewIssue(SDUser sDUser, Issue issue) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, issue, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canViewPortalPermissionFixTransition(SDUser sDUser, Project project) {
        return this.featureManager.isEnabled(SDFeatureFlags.CUSTOMER_PORTAL_BROWSE_PERMISSION_ONLY) ? canViewPortal(sDUser, project) : canCreateRequest(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean userIsCustomerOfIssue(SDUser sDUser, Issue issue) {
        return this.requestAccessUserStrategyManager.match(sDUser.forJIRA(), issue);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean userIsAgentOfIssue(SDUser sDUser, Issue issue) {
        return this.sdUserLicenseService.hasValidAgentLicense(sDUser) && hasAgentAccess(sDUser, issue);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean userIsReporterOfIssue(SDUser sDUser, Issue issue) {
        return Option.option(issue.getReporter()).exists(applicationUser -> {
            return Objects.equals(applicationUser.getName(), sDUser.forJIRA().getName());
        });
    }

    private boolean hasAgentAccess(SDUser sDUser, Project project) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, sDUser.forJIRA()) && this.jiraPermissionManager.hasPermission(ServiceDeskProjectPermissionKeys.SERVICEDESK_AGENT, project, sDUser.forJIRA());
    }

    private boolean hasAgentAccess(SDUser sDUser, Issue issue) {
        return this.jiraPermissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, issue, sDUser.forJIRA()) && this.jiraPermissionManager.hasPermission(ServiceDeskProjectPermissionKeys.SERVICEDESK_AGENT, issue, sDUser.forJIRA());
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean hasInternalCustomerAccess(SDUser sDUser, Project project) {
        return canViewProject(sDUser, project);
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean hasExternalCustomerAccess(SDUser sDUser) {
        return (sDUser.isAnonymous() || this.applicationRoleManager.hasAnyRole(sDUser.forJIRA()) || this.globalPermissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, sDUser.forJIRA()) || this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, sDUser.forJIRA())) ? false : true;
    }

    @Override // com.atlassian.servicedesk.internal.api.user.permission.ServiceDeskLicenseAndPermissionService
    public boolean canManageSlas(ApplicationUser applicationUser, ServiceDesk serviceDesk) {
        return isProjectAdmin(applicationUser, serviceDesk) || hasJiraAdministerAccess(applicationUser);
    }

    private boolean isLicensedCollaborator(SDUser sDUser) {
        return canAccessJIRA(sDUser);
    }
}
