package com.google.gerrit.server.account;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.entities.AccessSection;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.PermissionRange;
import com.google.gerrit.entities.PermissionRule;
import com.google.gerrit.server.config.AdministrateServerGroups;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/com_google_gerrit_server_libserver.jar:com/google/gerrit/server/account/CapabilityCollection.class */
public class CapabilityCollection {
    private final SystemGroupBackend systemGroupBackend;
    private final ImmutableMap<String, ImmutableList<PermissionRule>> permissions;
    public final ImmutableList<PermissionRule> administrateServer;
    public final ImmutableList<PermissionRule> batchChangesLimit;
    public final ImmutableList<PermissionRule> emailReviewers;
    public final ImmutableList<PermissionRule> priority;
    public final ImmutableList<PermissionRule> readAs;
    public final ImmutableList<PermissionRule> queryLimit;
    public final ImmutableList<PermissionRule> createGroup;

    /* loaded from: input_file:WEB-INF/lib/com_google_gerrit_server_libserver.jar:com/google/gerrit/server/account/CapabilityCollection$Factory.class */
    public interface Factory {
        CapabilityCollection create(@Nullable AccessSection accessSection);
    }

    @Inject
    CapabilityCollection(SystemGroupBackend systemGroupBackend, @AdministrateServerGroups ImmutableSet<GroupReference> immutableSet, @Assisted @Nullable AccessSection accessSection) {
        this.systemGroupBackend = systemGroupBackend;
        accessSection = accessSection == null ? AccessSection.create(AccessSection.GLOBAL_CAPABILITIES) : accessSection;
        HashMap hashMap = new HashMap();
        UnmodifiableIterator<Permission> it = accessSection.getPermissions().iterator();
        while (it.hasNext()) {
            Permission next = it.next();
            UnmodifiableIterator<PermissionRule> it2 = next.getRules().iterator();
            while (it2.hasNext()) {
                PermissionRule next2 = it2.next();
                if (next.getName().equals(GlobalCapability.EMAIL_REVIEWERS) || next2.getAction() != PermissionRule.Action.DENY) {
                    List<PermissionRule> list = hashMap.get(next.getName());
                    if (list == null) {
                        list = new ArrayList(2);
                        hashMap.put(next.getName(), list);
                    }
                    list.add(next2);
                }
            }
        }
        configureDefaults(hashMap, accessSection);
        if (!hashMap.containsKey(GlobalCapability.ADMINISTRATE_SERVER) && !immutableSet.isEmpty()) {
            hashMap.put(GlobalCapability.ADMINISTRATE_SERVER, ImmutableList.of());
        }
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (Map.Entry<String, List<PermissionRule>> entry : hashMap.entrySet()) {
            List<PermissionRule> value = entry.getValue();
            if (GlobalCapability.ADMINISTRATE_SERVER.equals(entry.getKey())) {
                value = mergeAdmin(immutableSet, value);
            }
            builder.put(entry.getKey(), ImmutableList.copyOf((Collection) value));
        }
        this.permissions = builder.build();
        this.administrateServer = getPermission(GlobalCapability.ADMINISTRATE_SERVER);
        this.batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT);
        this.emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS);
        this.priority = getPermission("priority");
        this.readAs = getPermission(GlobalCapability.READ_AS);
        this.queryLimit = getPermission(GlobalCapability.QUERY_LIMIT);
        this.createGroup = getPermission(GlobalCapability.CREATE_GROUP);
    }

    private static List<PermissionRule> mergeAdmin(Set<GroupReference> set, List<PermissionRule> list) {
        if (set.isEmpty()) {
            return list;
        }
        ArrayList arrayList = new ArrayList(set.size() + list.size());
        Iterator<GroupReference> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(PermissionRule.create(it.next()));
        }
        for (PermissionRule permissionRule : list) {
            if (!set.contains(permissionRule.getGroup())) {
                arrayList.add(permissionRule);
            }
        }
        return arrayList;
    }

    public ImmutableList<PermissionRule> getPermission(String str) {
        ImmutableList<PermissionRule> immutableList = this.permissions.get(str);
        return immutableList != null ? immutableList : ImmutableList.of();
    }

    private void configureDefaults(Map<String, List<PermissionRule>> map, AccessSection accessSection) {
        configureDefault(map, accessSection, GlobalCapability.QUERY_LIMIT, this.systemGroupBackend.getGroup(SystemGroupBackend.ANONYMOUS_USERS));
    }

    private static void configureDefault(Map<String, List<PermissionRule>> map, AccessSection accessSection, String str, GroupReference groupReference) {
        PermissionRange.WithDefaults range;
        if (!doesNotDeclare(accessSection, str) || (range = GlobalCapability.getRange(str)) == null) {
            return;
        }
        PermissionRule.Builder builder = PermissionRule.builder(groupReference);
        builder.setRange(range.getDefaultMin(), range.getDefaultMax());
        map.put(str, Collections.singletonList(builder.build()));
    }

    private static boolean doesNotDeclare(AccessSection accessSection, String str) {
        return accessSection.getPermission(str) == null;
    }
}
