package com.atlassian.servicedesk.internal.permission;

import com.atlassian.jira.cache.request.RequestCache;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.plugin.ProjectPermissionKey;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.servicedesk.api.customer.CustomerContextService;
import com.atlassian.servicedesk.internal.api.ServiceDeskManager;
import com.atlassian.servicedesk.internal.api.license.ServiceDeskOperationalStatus;
import com.atlassian.servicedesk.internal.api.user.UserFactoryOld;
import com.atlassian.servicedesk.internal.user.permission.ServiceDeskPermissions;
import com.atlassian.servicedesk.internal.utils.context.PermissionOverrideContext;
import com.atlassian.servicedesk.plugins.base.internal.api.cache.CacheFactoryManager;
import com.atlassian.servicedesk.plugins.base.internal.api.util.cache.CacheUtil;
import com.google.common.collect.ImmutableList;
import io.atlassian.fugue.Option;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/servicedesk/internal/permission/PermissionOverrideHelper.class */
public class PermissionOverrideHelper {
    private final ServiceDeskOperationalStatus serviceDeskOperationalStatus;
    private final CustomerContextService customerContextService;
    private final ServiceDeskManager serviceDeskManager;
    private final UserFactoryOld userFactoryOld;
    private final PermissionOverrideContext permissionOverrideContext;
    private final ServiceDeskPermissions serviceDeskPermissions;
    private final RequestCache<String, Boolean> permissionCache;
    private static final List<ProjectPermissionKey> BLACKLISTED_PERMISSIONS = ImmutableList.of(ProjectPermissions.ASSIGN_ISSUES, ProjectPermissions.ASSIGNABLE_USER, ProjectPermissions.CLOSE_ISSUES, ProjectPermissions.DELETE_ALL_ATTACHMENTS, ProjectPermissions.DELETE_ALL_COMMENTS, ProjectPermissions.DELETE_ALL_WORKLOGS, ProjectPermissions.DELETE_ISSUES, ProjectPermissions.DELETE_OWN_WORKLOGS, ProjectPermissions.EDIT_ALL_COMMENTS, ProjectPermissions.EDIT_ALL_WORKLOGS, ProjectPermissions.EDIT_ISSUES, ProjectPermissions.EDIT_OWN_WORKLOGS, new ProjectPermissionKey[]{ProjectPermissions.LINK_ISSUES, ProjectPermissions.MANAGE_WATCHERS, ProjectPermissions.MODIFY_REPORTER, ProjectPermissions.MOVE_ISSUES, ProjectPermissions.RESOLVE_ISSUES, ProjectPermissions.SCHEDULE_ISSUES, ProjectPermissions.SET_ISSUE_SECURITY, ProjectPermissions.TRANSITION_ISSUES, ProjectPermissions.VIEW_READONLY_WORKFLOW, ProjectPermissions.WORK_ON_ISSUES});
    private static final String NULL_STRING = "null";

    @Autowired
    public PermissionOverrideHelper(ServiceDeskOperationalStatus serviceDeskOperationalStatus, CustomerContextService customerContextService, ServiceDeskManager serviceDeskManager, UserFactoryOld userFactoryOld, PermissionOverrideContext permissionOverrideContext, ServiceDeskPermissions serviceDeskPermissions, CacheFactoryManager cacheFactoryManager) {
        this.serviceDeskOperationalStatus = serviceDeskOperationalStatus;
        this.customerContextService = customerContextService;
        this.serviceDeskManager = serviceDeskManager;
        this.userFactoryOld = userFactoryOld;
        this.permissionOverrideContext = permissionOverrideContext;
        this.serviceDeskPermissions = serviceDeskPermissions;
        this.permissionCache = cacheFactoryManager.getRequestCache(CacheUtil.standardName(this, "collaboratorPermissionOverrideCache"));
    }

    public boolean shouldDenyPermission(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser) {
        if (this.permissionOverrideContext.isInPermissionOverrideContext() || !this.serviceDeskOperationalStatus.isOperational()) {
            return false;
        }
        return ((Boolean) this.permissionCache.get(generateCacheKey(projectPermissionKey, project, applicationUser), () -> {
            return Boolean.valueOf(isVetoablePermission(projectPermissionKey) && inJIRAContext() && this.serviceDeskManager.isServiceDeskEnabled(project) && shouldDenyUserPermission(applicationUser, project));
        })).booleanValue();
    }

    private boolean shouldDenyUserPermission(ApplicationUser applicationUser, Project project) {
        return ((Boolean) this.userFactoryOld.wrap(applicationUser).fold(anError -> {
            return true;
        }, checkedUser -> {
            return (Boolean) this.permissionOverrideContext.inPermissionOverrideContext(() -> {
                return Boolean.valueOf(!this.serviceDeskPermissions.canViewAgentView(checkedUser, project));
            });
        })).booleanValue();
    }

    private boolean isVetoablePermission(ProjectPermissionKey projectPermissionKey) {
        return BLACKLISTED_PERMISSIONS.contains(projectPermissionKey);
    }

    private boolean inJIRAContext() {
        return !this.customerContextService.isInCustomerContext();
    }

    private String generateCacheKey(ProjectPermissionKey projectPermissionKey, Project project, ApplicationUser applicationUser) {
        return "permissionOverride_" + ((String) Option.option(applicationUser).map(applicationUser2 -> {
            return applicationUser2.getKey() + ":" + applicationUser2.getDirectoryId();
        }).getOrElse(NULL_STRING)) + "_" + ((String) Option.option(project).map((v0) -> {
            return v0.getKey();
        }).getOrElse(NULL_STRING)) + "_" + projectPermissionKey.permissionKey();
    }
}
