package com.atlassian.servicedesk.internal.rest.temporary;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.bc.user.search.UserSearchParams;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import com.atlassian.pocketknife.api.commons.error.AnError;
import com.atlassian.pocketknife.api.commons.result.Unit;
import com.atlassian.servicedesk.api.ServiceDesk;
import com.atlassian.servicedesk.api.customer.CustomerContextService;
import com.atlassian.servicedesk.internal.api.search.user.UserSearchManager;
import com.atlassian.servicedesk.internal.feature.servicedesk.ServiceDeskInternalManager;
import com.atlassian.servicedesk.internal.priorities.ServiceDeskPrioritySchemeManagerImpl;
import com.google.common.base.Predicate;
import io.atlassian.fugue.Either;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/servicedesk/internal/rest/temporary/CustomerPortalPermissionsElevationCheckService.class */
class CustomerPortalPermissionsElevationCheckService {
    private final ServiceDeskInternalManager serviceDeskInternalManager;
    private final ProjectManager projectManager;
    private final UserSearchManager userSearchManager;
    private final PermissionManager permissionManager;
    private final GlobalPermissionManager globalPermissionManager;
    private final CustomerContextService customerContextService;
    private final CustomerPortalPermissionsUtil customerPortalPermissionUtil;
    private final ApplicationRoleManager applicationRoleManager;

    @Autowired
    public CustomerPortalPermissionsElevationCheckService(ServiceDeskInternalManager serviceDeskInternalManager, ProjectManager projectManager, UserSearchManager userSearchManager, PermissionManager permissionManager, GlobalPermissionManager globalPermissionManager, CustomerContextService customerContextService, CustomerPortalPermissionsUtil customerPortalPermissionsUtil, ApplicationRoleManager applicationRoleManager) {
        this.serviceDeskInternalManager = serviceDeskInternalManager;
        this.projectManager = projectManager;
        this.userSearchManager = userSearchManager;
        this.permissionManager = permissionManager;
        this.globalPermissionManager = globalPermissionManager;
        this.customerContextService = customerContextService;
        this.customerPortalPermissionUtil = customerPortalPermissionsUtil;
        this.applicationRoleManager = applicationRoleManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Either<AnError, Map<Project, Set<ApplicationUser>>> findPermissionElevationCustomers(ApplicationUser applicationUser) {
        Either<AnError, Unit> canUseResource = this.customerPortalPermissionUtil.canUseResource(applicationUser);
        if (canUseResource.isLeft()) {
            return Either.left(canUseResource.left().get());
        }
        return Either.right((Map) this.customerContextService.runInCustomerContext(this::findPermissionElevationCustomers));
    }

    private Map<Project, Set<ApplicationUser>> findPermissionElevationCustomers() {
        HashMap hashMap = new HashMap();
        Iterator<ServiceDesk> it = this.serviceDeskInternalManager.getAllEnabledServiceDesks().iterator();
        while (it.hasNext()) {
            Project projectObj = this.projectManager.getProjectObj(Long.valueOf(it.next().getProjectId()));
            if (projectObj != null) {
                hashMap.put(projectObj, findCustomersWithoutCreate(projectObj));
            }
        }
        return hashMap;
    }

    private Set<ApplicationUser> findCustomersWithoutCreate(Project project) {
        return (Set) this.userSearchManager.searchUnlimited(ServiceDeskPrioritySchemeManagerImpl.JSD_DEFAULT_PRIORITY_DESCRIPTION, UserSearchParams.builder().allowEmptyQuery(true).includeActive(true).includeInactive(false).maxResults((Integer) null).filter(getCustomerWithPermissionElevationPredicate(project)).build()).collect(Collectors.toSet());
    }

    private Predicate<User> getCustomerWithPermissionElevationPredicate(Project project) {
        return user -> {
            return isCustomerWithPermissionElevation(project, ApplicationUsers.from(user));
        };
    }

    private boolean isCustomerWithPermissionElevation(Project project, ApplicationUser applicationUser) {
        if (applicationUser == null || isSysadmin(applicationUser)) {
            return false;
        }
        if (this.applicationRoleManager.hasAnyRole(applicationUser) && checkBrowsePermission(project, applicationUser)) {
            return false;
        }
        return checkBrowseAndNotCreateInPortalContext(project, applicationUser);
    }

    boolean checkBrowseAndNotCreateInPortalContext(Project project, ApplicationUser applicationUser) {
        return ((Boolean) this.customerContextService.runInCustomerContext(() -> {
            if (checkBrowsePermission(project, applicationUser)) {
                return Boolean.valueOf(!checkCreatePermission(project, applicationUser));
            }
            return false;
        })).booleanValue();
    }

    private boolean isSysadmin(ApplicationUser applicationUser) {
        return this.globalPermissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, applicationUser);
    }

    private boolean checkBrowsePermission(Project project, ApplicationUser applicationUser) {
        return this.permissionManager.hasPermission(ProjectPermissions.BROWSE_PROJECTS, project, applicationUser);
    }

    private boolean checkCreatePermission(Project project, ApplicationUser applicationUser) {
        return this.permissionManager.hasPermission(ProjectPermissions.CREATE_ISSUES, project, applicationUser);
    }
}
