package com.google.gerrit.server.restapi.project;

import com.google.common.collect.ImmutableBiMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.UnmodifiableIterator;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.entities.AccessSection;
import com.google.gerrit.entities.AccountGroup;
import com.google.gerrit.entities.GroupDescription;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.PermissionRule;
import com.google.gerrit.entities.Project;
import com.google.gerrit.entities.RefNames;
import com.google.gerrit.extensions.api.access.AccessSectionInfo;
import com.google.gerrit.extensions.api.access.PermissionInfo;
import com.google.gerrit.extensions.api.access.PermissionRuleInfo;
import com.google.gerrit.extensions.api.access.ProjectAccessInfo;
import com.google.gerrit.extensions.common.GroupInfo;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.WebLinks;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.meta.MetaDataUpdate;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectConfig;
import com.google.gerrit.server.project.ProjectJson;
import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.stream.Collectors;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.lib.AnyObjectId;

@Singleton
/* loaded from: input_file:WEB-INF/lib/com_google_gerrit_server_restapi_librestapi.jar:com/google/gerrit/server/restapi/project/GetAccess.class */
public class GetAccess implements RestReadView<ProjectResource> {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    public static final ImmutableBiMap<PermissionRule.Action, PermissionRuleInfo.Action> ACTION_TYPE = ImmutableBiMap.of(PermissionRule.Action.ALLOW, PermissionRuleInfo.Action.ALLOW, PermissionRule.Action.BATCH, PermissionRuleInfo.Action.BATCH, PermissionRule.Action.BLOCK, PermissionRuleInfo.Action.BLOCK, PermissionRule.Action.DENY, PermissionRuleInfo.Action.DENY, PermissionRule.Action.INTERACTIVE, PermissionRuleInfo.Action.INTERACTIVE);
    private final Provider<CurrentUser> user;
    private final PermissionBackend permissionBackend;
    private final AllProjectsName allProjectsName;
    private final ProjectJson projectJson;
    private final ProjectCache projectCache;
    private final Provider<MetaDataUpdate.Server> metaDataUpdateFactory;
    private final GroupBackend groupBackend;
    private final WebLinks webLinks;
    private final ProjectConfig.Factory projectConfigFactory;

    @Inject
    public GetAccess(Provider<CurrentUser> provider, PermissionBackend permissionBackend, AllProjectsName allProjectsName, ProjectCache projectCache, Provider<MetaDataUpdate.Server> provider2, ProjectJson projectJson, GroupBackend groupBackend, WebLinks webLinks, ProjectConfig.Factory factory) {
        this.user = provider;
        this.permissionBackend = permissionBackend;
        this.allProjectsName = allProjectsName;
        this.projectJson = projectJson;
        this.projectCache = projectCache;
        this.metaDataUpdateFactory = provider2;
        this.groupBackend = groupBackend;
        this.webLinks = webLinks;
        this.projectConfigFactory = factory;
    }

    public ProjectAccessInfo apply(Project.NameKey nameKey) throws Exception {
        return apply(new ProjectResource(this.projectCache.get(nameKey).orElseThrow(() -> {
            return new ResourceNotFoundException(nameKey.get());
        }), this.user.get())).value();
    }

    @Override // com.google.gerrit.extensions.restapi.RestReadView
    public Response<ProjectAccessInfo> apply(ProjectResource projectResource) throws ResourceNotFoundException, ResourceConflictException, IOException, PermissionBackendException {
        Project.NameKey nameKey = projectResource.getNameKey();
        ProjectAccessInfo projectAccessInfo = new ProjectAccessInfo();
        ProjectState orElseThrow = this.projectCache.get(nameKey).orElseThrow(ProjectCache.illegalState(nameKey));
        PermissionBackend.ForProject project = this.permissionBackend.currentUser().project(nameKey);
        try {
            MetaDataUpdate create = this.metaDataUpdateFactory.get().create(nameKey);
            try {
                ProjectConfig read = this.projectConfigFactory.read(create);
                projectAccessInfo.configWebLinks = new ArrayList();
                if (read.getRevision() != null) {
                    projectAccessInfo.configWebLinks.addAll(this.webLinks.getFileHistoryLinks(nameKey.get(), read.getRevision().getName(), ProjectConfig.PROJECT_CONFIG));
                }
                if (read.updateGroupNames(this.groupBackend)) {
                    create.setMessage("Update group names\n");
                    read.commit(create);
                    this.projectCache.evictAndReindex(read.getProject());
                    orElseThrow = this.projectCache.get(nameKey).orElseThrow(ProjectCache.illegalState(nameKey));
                    project = this.permissionBackend.currentUser().project(nameKey);
                } else if (read.getRevision() != null && !read.getRevision().equals((AnyObjectId) orElseThrow.getConfig().getRevision().orElse(null))) {
                    this.projectCache.evictAndReindex(read.getProject());
                    orElseThrow = this.projectCache.get(nameKey).orElseThrow(ProjectCache.illegalState(nameKey));
                    project = this.permissionBackend.currentUser().project(nameKey);
                }
                if (create != null) {
                    create.close();
                }
                projectAccessInfo.local = new HashMap();
                projectAccessInfo.ownerOf = new HashSet();
                HashMap hashMap = new HashMap();
                boolean check = check(project, RefNames.REFS_CONFIG, RefPermission.READ);
                boolean check2 = check(project, ProjectPermission.WRITE_CONFIG);
                if (!check2) {
                    orElseThrow.checkStatePermitsRead();
                }
                for (AccessSection accessSection : read.getAccessSections()) {
                    String name = accessSection.getName();
                    if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
                        if (check2) {
                            projectAccessInfo.local.put(name, createAccessSection(hashMap, accessSection));
                            projectAccessInfo.ownerOf.add(name);
                        } else if (check) {
                            projectAccessInfo.local.put(accessSection.getName(), createAccessSection(hashMap, accessSection));
                        }
                    } else if (AccessSection.isValidRefSectionName(name)) {
                        if (check(project, name, RefPermission.WRITE_CONFIG)) {
                            projectAccessInfo.local.put(name, createAccessSection(hashMap, accessSection));
                            projectAccessInfo.ownerOf.add(name);
                        } else if (check) {
                            projectAccessInfo.local.put(name, createAccessSection(hashMap, accessSection));
                        } else if (check(project, name, RefPermission.READ)) {
                            AccessSection.Builder builder = null;
                            UnmodifiableIterator<Permission> it = accessSection.getPermissions().iterator();
                            while (it.hasNext()) {
                                Permission next = it.next();
                                Permission.Builder builder2 = null;
                                UnmodifiableIterator<PermissionRule> it2 = next.getRules().iterator();
                                while (it2.hasNext()) {
                                    PermissionRule next2 = it2.next();
                                    AccountGroup.UUID uuid = next2.getGroup().getUUID();
                                    if (uuid != null) {
                                        loadGroup(hashMap, uuid);
                                        if (builder2 == null) {
                                            if (builder == null) {
                                                builder = AccessSection.builder(name);
                                                projectAccessInfo.local.put(name, createAccessSection(hashMap, builder.build()));
                                            }
                                            builder2 = builder.upsertPermission(next.getName());
                                        }
                                        builder2.add(next2.toBuilder());
                                    }
                                }
                            }
                        }
                    }
                }
                if (projectAccessInfo.ownerOf.isEmpty()) {
                    try {
                        this.permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
                        projectAccessInfo.ownerOf.add(AccessSection.ALL);
                    } catch (AuthException e) {
                    }
                }
                if (read.getRevision() != null) {
                    projectAccessInfo.revision = read.getRevision().name();
                }
                ProjectState projectState = (ProjectState) Iterables.getFirst(orElseThrow.parents(), null);
                if (projectState != null) {
                    projectAccessInfo.inheritsFrom = this.projectJson.format(projectState.getProject());
                }
                if (nameKey.equals(this.allProjectsName) && this.permissionBackend.currentUser().testOrFalse(GlobalPermission.ADMINISTRATE_SERVER)) {
                    projectAccessInfo.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
                }
                projectAccessInfo.isOwner = toBoolean(check2);
                projectAccessInfo.canUpload = toBoolean(orElseThrow.statePermitsWrite() && (check2 || (check && project.ref(RefNames.REFS_CONFIG).testOrFalse(RefPermission.CREATE_CHANGE))));
                projectAccessInfo.canAdd = toBoolean(project.testOrFalse(ProjectPermission.CREATE_REF));
                projectAccessInfo.canAddTags = toBoolean(project.testOrFalse(ProjectPermission.CREATE_TAG_REF));
                projectAccessInfo.configVisible = Boolean.valueOf(check || check2);
                projectAccessInfo.groups = (Map) hashMap.entrySet().stream().filter(entry -> {
                    return entry.getValue() != null;
                }).collect(Collectors.toMap(entry2 -> {
                    return ((AccountGroup.UUID) entry2.getKey()).get();
                }, (v0) -> {
                    return v0.getValue();
                }));
                return Response.ok(projectAccessInfo);
            } finally {
            }
        } catch (ConfigInvalidException e2) {
            throw new ResourceConflictException(e2.getMessage());
        } catch (RepositoryNotFoundException e3) {
            throw new ResourceNotFoundException(projectResource.getName(), e3);
        }
    }

    private void loadGroup(Map<AccountGroup.UUID, GroupInfo> map, AccountGroup.UUID uuid) {
        GroupInfo groupInfo;
        if (map.containsKey(uuid)) {
            return;
        }
        GroupDescription.Basic basic = this.groupBackend.get(uuid);
        if (basic != null) {
            groupInfo = new GroupInfo();
            groupInfo.name = basic.getName();
            groupInfo.url = basic.getUrl();
        } else {
            logger.atWarning().log("no such group: %s", uuid);
            groupInfo = null;
        }
        map.put(uuid, groupInfo);
    }

    private static boolean check(PermissionBackend.ForProject forProject, String str, RefPermission refPermission) throws PermissionBackendException {
        try {
            forProject.ref(str).check(refPermission);
            return true;
        } catch (AuthException e) {
            return false;
        }
    }

    private static boolean check(PermissionBackend.ForProject forProject, ProjectPermission projectPermission) throws PermissionBackendException {
        try {
            forProject.check(projectPermission);
            return true;
        } catch (AuthException e) {
            return false;
        }
    }

    private AccessSectionInfo createAccessSection(Map<AccountGroup.UUID, GroupInfo> map, AccessSection accessSection) {
        AccessSectionInfo accessSectionInfo = new AccessSectionInfo();
        accessSectionInfo.permissions = new HashMap();
        UnmodifiableIterator<Permission> it = accessSection.getPermissions().iterator();
        while (it.hasNext()) {
            Permission next = it.next();
            PermissionInfo permissionInfo = new PermissionInfo(next.getLabel(), next.getExclusiveGroup() ? true : null);
            permissionInfo.rules = new HashMap();
            UnmodifiableIterator<PermissionRule> it2 = next.getRules().iterator();
            while (it2.hasNext()) {
                PermissionRule next2 = it2.next();
                PermissionRuleInfo permissionRuleInfo = new PermissionRuleInfo(ACTION_TYPE.get(next2.getAction()), Boolean.valueOf(next2.getForce()));
                if (next2.hasRange()) {
                    permissionRuleInfo.max = Integer.valueOf(next2.getMax());
                    permissionRuleInfo.min = Integer.valueOf(next2.getMin());
                }
                AccountGroup.UUID uuid = next2.getGroup().getUUID();
                if (uuid != null) {
                    permissionInfo.rules.putIfAbsent(uuid.get(), permissionRuleInfo);
                    loadGroup(map, uuid);
                }
            }
            accessSectionInfo.permissions.put(next.getName(), permissionInfo);
        }
        return accessSectionInfo;
    }

    private static Boolean toBoolean(boolean z) {
        return z ? true : null;
    }
}
