package net.nemerosa.ontrack.service.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import net.nemerosa.ontrack.model.Ack;
import net.nemerosa.ontrack.model.exceptions.AccountDefaultAdminCannotDeleteException;
import net.nemerosa.ontrack.model.exceptions.AccountDefaultAdminCannotUpdateNameException;
import net.nemerosa.ontrack.model.security.Account;
import net.nemerosa.ontrack.model.security.AccountGroup;
import net.nemerosa.ontrack.model.security.AccountGroupContributor;
import net.nemerosa.ontrack.model.security.AccountGroupSelection;
import net.nemerosa.ontrack.model.security.AccountInput;
import net.nemerosa.ontrack.model.security.AccountManagement;
import net.nemerosa.ontrack.model.security.AccountService;
import net.nemerosa.ontrack.model.security.AuthenticatedAccount;
import net.nemerosa.ontrack.model.security.AuthenticationSourceProvider;
import net.nemerosa.ontrack.model.security.AuthenticationSourceService;
import net.nemerosa.ontrack.model.security.GlobalPermission;
import net.nemerosa.ontrack.model.security.GlobalRole;
import net.nemerosa.ontrack.model.security.PermissionInput;
import net.nemerosa.ontrack.model.security.PermissionTarget;
import net.nemerosa.ontrack.model.security.PermissionTargetType;
import net.nemerosa.ontrack.model.security.ProjectAuthorisationMgt;
import net.nemerosa.ontrack.model.security.ProjectPermission;
import net.nemerosa.ontrack.model.security.ProjectRoleAssociation;
import net.nemerosa.ontrack.model.security.RolesService;
import net.nemerosa.ontrack.model.security.SecurityRole;
import net.nemerosa.ontrack.model.security.SecurityService;
import net.nemerosa.ontrack.model.structure.ID;
import net.nemerosa.ontrack.model.structure.NameDescription;
import net.nemerosa.ontrack.repository.AccountGroupRepository;
import net.nemerosa.ontrack.repository.AccountRepository;
import net.nemerosa.ontrack.repository.RoleRepository;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service
/* loaded from: input_file:net/nemerosa/ontrack/service/security/AccountServiceImpl.class */
public class AccountServiceImpl implements AccountService {
    private final RoleRepository roleRepository;
    private final RolesService rolesService;
    private final AccountRepository accountRepository;
    private final AccountGroupRepository accountGroupRepository;
    private final SecurityService securityService;
    private final AuthenticationSourceService authenticationSourceService;
    private final PasswordEncoder passwordEncoder;
    private Collection<AccountGroupContributor> accountGroupContributors = Collections.emptyList();

    /* renamed from: net.nemerosa.ontrack.service.security.AccountServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:net/nemerosa/ontrack/service/security/AccountServiceImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType = new int[PermissionTargetType.values().length];

        static {
            try {
                $SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType[PermissionTargetType.ACCOUNT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType[PermissionTargetType.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Autowired
    public AccountServiceImpl(RoleRepository roleRepository, RolesService rolesService, AccountRepository accountRepository, AccountGroupRepository accountGroupRepository, SecurityService securityService, AuthenticationSourceService authenticationSourceService, PasswordEncoder passwordEncoder) {
        this.roleRepository = roleRepository;
        this.rolesService = rolesService;
        this.accountRepository = accountRepository;
        this.accountGroupRepository = accountGroupRepository;
        this.securityService = securityService;
        this.authenticationSourceService = authenticationSourceService;
        this.passwordEncoder = passwordEncoder;
    }

    @Autowired(required = false)
    public void setAccountGroupContributors(Collection<AccountGroupContributor> collection) {
        this.accountGroupContributors = collection;
    }

    public Account withACL(AuthenticatedAccount authenticatedAccount) {
        Account account = authenticatedAccount.getAccount();
        Optional findGlobalRoleByAccount = this.roleRepository.findGlobalRoleByAccount(authenticatedAccount.getAccount().id());
        RolesService rolesService = this.rolesService;
        rolesService.getClass();
        Account withGlobalRole = account.withGlobalRole(findGlobalRoleByAccount.flatMap(rolesService::getGlobalRole));
        RoleRepository roleRepository = this.roleRepository;
        int id = authenticatedAccount.getAccount().id();
        RolesService rolesService2 = this.rolesService;
        rolesService2.getClass();
        return withGlobalRole.withProjectRoles(roleRepository.findProjectRoleAssociationsByAccount(id, (v1, v2) -> {
            return r3.getProjectRoleAssociation(v1, v2);
        })).withGroups((Collection) this.accountGroupRepository.findByAccount(authenticatedAccount.getAccount().id()).stream().map(this::groupWithACL).collect(Collectors.toList())).withGroups((Collection) this.accountGroupContributors.stream().flatMap(accountGroupContributor -> {
            return accountGroupContributor.collectGroups(authenticatedAccount).stream();
        }).map(this::groupWithACL).collect(Collectors.toList())).lock();
    }

    public List<Account> getAccounts() {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        AccountRepository accountRepository = this.accountRepository;
        AuthenticationSourceService authenticationSourceService = this.authenticationSourceService;
        authenticationSourceService.getClass();
        return (List) accountRepository.findAll(authenticationSourceService::getAuthenticationSource).stream().map(account -> {
            return account.withGroups(this.accountGroupRepository.findByAccount(account.id()));
        }).collect(Collectors.toList());
    }

    public Account create(AccountInput accountInput) {
        Account create = create(accountInput, "password");
        this.accountRepository.setPassword(create.id(), this.passwordEncoder.encode(accountInput.getPassword()));
        return create;
    }

    public Account create(AccountInput accountInput, String str) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        Account newAccount = this.accountRepository.newAccount(Account.of(accountInput.getName(), accountInput.getFullName(), accountInput.getEmail(), SecurityRole.USER, this.authenticationSourceService.getAuthenticationSource(str)));
        this.accountGroupRepository.linkAccountToGroups(newAccount.id(), accountInput.getGroups());
        return newAccount;
    }

    public Optional<Account> findUserByNameAndSource(String str, AuthenticationSourceProvider authenticationSourceProvider) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        return this.accountRepository.findUserByNameAndSource(str, authenticationSourceProvider);
    }

    public Account updateAccount(ID id, AccountInput accountInput) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        Account account = getAccount(id);
        if (account.isDefaultAdmin() && !StringUtils.equals(account.getName(), accountInput.getName())) {
            throw new AccountDefaultAdminCannotUpdateNameException();
        }
        Account update = account.update(accountInput);
        this.accountRepository.saveAccount(update);
        if (StringUtils.isNotBlank(accountInput.getPassword())) {
            this.accountRepository.setPassword(id.getValue(), this.passwordEncoder.encode(accountInput.getPassword()));
        }
        this.accountGroupRepository.linkAccountToGroups(update.id(), accountInput.getGroups());
        return getAccount(id);
    }

    public Ack deleteAccount(ID id) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        if (getAccount(id).isDefaultAdmin()) {
            throw new AccountDefaultAdminCannotDeleteException();
        }
        return this.accountRepository.deleteAccount(id);
    }

    public List<AccountGroup> getAccountGroups() {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        return this.accountGroupRepository.findAll();
    }

    public AccountGroup createGroup(NameDescription nameDescription) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        return this.accountGroupRepository.newAccountGroup(AccountGroup.of(nameDescription.getName(), nameDescription.getDescription()));
    }

    public AccountGroup getAccountGroup(ID id) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        return this.accountGroupRepository.getById(id);
    }

    public AccountGroup updateGroup(ID id, NameDescription nameDescription) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        AccountGroup update = getAccountGroup(id).update(nameDescription);
        this.accountGroupRepository.update(update);
        return update;
    }

    public Ack deleteGroup(ID id) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        return this.accountGroupRepository.delete(id);
    }

    public List<AccountGroupSelection> getAccountGroupsForSelection(ID id) {
        AccountGroupRepository accountGroupRepository = this.accountGroupRepository;
        accountGroupRepository.getClass();
        Set set = (Set) ((Collection) id.ifSet((v1) -> {
            return r1.findByAccount(v1);
        }).orElse(Collections.emptyList())).stream().map((v0) -> {
            return v0.id();
        }).collect(Collectors.toSet());
        return (List) getAccountGroups().stream().map(accountGroup -> {
            return AccountGroupSelection.of(accountGroup, set.contains(Integer.valueOf(accountGroup.id())));
        }).collect(Collectors.toList());
    }

    public Collection<PermissionTarget> searchPermissionTargets(String str) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        ArrayList arrayList = new ArrayList();
        AccountRepository accountRepository = this.accountRepository;
        AuthenticationSourceService authenticationSourceService = this.authenticationSourceService;
        authenticationSourceService.getClass();
        arrayList.addAll((Collection) accountRepository.findByNameToken(str, authenticationSourceService::getAuthenticationSource).stream().map((v0) -> {
            return v0.asPermissionTarget();
        }).collect(Collectors.toList()));
        arrayList.addAll((Collection) this.accountGroupRepository.findByNameToken(str).stream().map((v0) -> {
            return v0.asPermissionTarget();
        }).collect(Collectors.toList()));
        return arrayList;
    }

    public Ack saveGlobalPermission(PermissionTargetType permissionTargetType, int i, PermissionInput permissionInput) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        switch (AnonymousClass1.$SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType[permissionTargetType.ordinal()]) {
            case 1:
                return this.roleRepository.saveGlobalRoleForAccount(i, permissionInput.getRole());
            case 2:
                return this.roleRepository.saveGlobalRoleForGroup(i, permissionInput.getRole());
            default:
                return Ack.NOK;
        }
    }

    public Collection<GlobalPermission> getGlobalPermissions() {
        ArrayList arrayList = new ArrayList();
        AccountRepository accountRepository = this.accountRepository;
        AuthenticationSourceService authenticationSourceService = this.authenticationSourceService;
        authenticationSourceService.getClass();
        arrayList.addAll((Collection) accountRepository.findAll(authenticationSourceService::getAuthenticationSource).stream().map(this::getGlobalPermission).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList()));
        arrayList.addAll((Collection) this.accountGroupRepository.findAll().stream().map(this::getGroupGlobalPermission).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList()));
        return arrayList;
    }

    public Ack deleteGlobalPermission(PermissionTargetType permissionTargetType, int i) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        switch (AnonymousClass1.$SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType[permissionTargetType.ordinal()]) {
            case 1:
                return this.roleRepository.deleteGlobalRoleForAccount(i);
            case 2:
                return this.roleRepository.deleteGlobalRoleForGroup(i);
            default:
                return Ack.NOK;
        }
    }

    public Collection<ProjectPermission> getProjectPermissions(ID id) {
        this.securityService.checkProjectFunction(id.getValue(), ProjectAuthorisationMgt.class);
        ArrayList arrayList = new ArrayList();
        AccountRepository accountRepository = this.accountRepository;
        AuthenticationSourceService authenticationSourceService = this.authenticationSourceService;
        authenticationSourceService.getClass();
        arrayList.addAll((Collection) accountRepository.findAll(authenticationSourceService::getAuthenticationSource).stream().map(account -> {
            return getProjectPermission(id, account);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList()));
        arrayList.addAll((Collection) this.accountGroupRepository.findAll().stream().map(accountGroup -> {
            return getGroupProjectPermission(id, accountGroup);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList()));
        return arrayList;
    }

    public Ack saveProjectPermission(ID id, PermissionTargetType permissionTargetType, int i, PermissionInput permissionInput) {
        this.securityService.checkProjectFunction(id.getValue(), ProjectAuthorisationMgt.class);
        switch (AnonymousClass1.$SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType[permissionTargetType.ordinal()]) {
            case 1:
                return this.roleRepository.saveProjectRoleForAccount(id.getValue(), i, permissionInput.getRole());
            case 2:
                return this.roleRepository.saveProjectRoleForGroup(id.getValue(), i, permissionInput.getRole());
            default:
                return Ack.NOK;
        }
    }

    public Ack deleteProjectPermission(ID id, PermissionTargetType permissionTargetType, int i) {
        this.securityService.checkProjectFunction(id.getValue(), ProjectAuthorisationMgt.class);
        switch (AnonymousClass1.$SwitchMap$net$nemerosa$ontrack$model$security$PermissionTargetType[permissionTargetType.ordinal()]) {
            case 1:
                return this.roleRepository.deleteProjectRoleForAccount(id.getValue(), i);
            case 2:
                return this.roleRepository.deleteProjectRoleForGroup(id.getValue(), i);
            default:
                return Ack.NOK;
        }
    }

    private Optional<ProjectPermission> getGroupProjectPermission(ID id, AccountGroup accountGroup) {
        RoleRepository roleRepository = this.roleRepository;
        int id2 = accountGroup.id();
        int value = id.getValue();
        RolesService rolesService = this.rolesService;
        rolesService.getClass();
        Optional findProjectRoleAssociationsByGroup = roleRepository.findProjectRoleAssociationsByGroup(id2, value, (v1, v2) -> {
            return r3.getProjectRoleAssociation(v1, v2);
        });
        return findProjectRoleAssociationsByGroup.isPresent() ? Optional.of(new ProjectPermission(id, accountGroup.asPermissionTarget(), ((ProjectRoleAssociation) findProjectRoleAssociationsByGroup.get()).getProjectRole())) : Optional.empty();
    }

    private Optional<ProjectPermission> getProjectPermission(ID id, Account account) {
        RoleRepository roleRepository = this.roleRepository;
        int id2 = account.id();
        int value = id.getValue();
        RolesService rolesService = this.rolesService;
        rolesService.getClass();
        Optional findProjectRoleAssociationsByAccount = roleRepository.findProjectRoleAssociationsByAccount(id2, value, (v1, v2) -> {
            return r3.getProjectRoleAssociation(v1, v2);
        });
        return findProjectRoleAssociationsByAccount.isPresent() ? Optional.of(new ProjectPermission(id, account.asPermissionTarget(), ((ProjectRoleAssociation) findProjectRoleAssociationsByAccount.get()).getProjectRole())) : Optional.empty();
    }

    private Optional<GlobalPermission> getGroupGlobalPermission(AccountGroup accountGroup) {
        Optional findGlobalRoleByGroup = this.roleRepository.findGlobalRoleByGroup(accountGroup.id());
        if (findGlobalRoleByGroup.isPresent()) {
            Optional globalRole = this.rolesService.getGlobalRole((String) findGlobalRoleByGroup.get());
            if (globalRole.isPresent()) {
                return Optional.of(new GlobalPermission(accountGroup.asPermissionTarget(), (GlobalRole) globalRole.get()));
            }
        }
        return Optional.empty();
    }

    private Optional<GlobalPermission> getGlobalPermission(Account account) {
        Optional findGlobalRoleByAccount = this.roleRepository.findGlobalRoleByAccount(account.id());
        if (findGlobalRoleByAccount.isPresent()) {
            Optional globalRole = this.rolesService.getGlobalRole((String) findGlobalRoleByAccount.get());
            if (globalRole.isPresent()) {
                return Optional.of(new GlobalPermission(account.asPermissionTarget(), (GlobalRole) globalRole.get()));
            }
        }
        return Optional.empty();
    }

    public Account getAccount(ID id) {
        this.securityService.checkGlobalFunction(AccountManagement.class);
        AccountRepository accountRepository = this.accountRepository;
        AuthenticationSourceService authenticationSourceService = this.authenticationSourceService;
        authenticationSourceService.getClass();
        return accountRepository.getAccount(id, authenticationSourceService::getAuthenticationSource).withGroups(this.accountGroupRepository.findByAccount(id.getValue()));
    }

    protected AccountGroup groupWithACL(AccountGroup accountGroup) {
        Optional findGlobalRoleByGroup = this.roleRepository.findGlobalRoleByGroup(accountGroup.id());
        RolesService rolesService = this.rolesService;
        rolesService.getClass();
        AccountGroup withGlobalRole = accountGroup.withGlobalRole(findGlobalRoleByGroup.flatMap(rolesService::getGlobalRole));
        RoleRepository roleRepository = this.roleRepository;
        int id = accountGroup.id();
        RolesService rolesService2 = this.rolesService;
        rolesService2.getClass();
        return withGlobalRole.withProjectRoles(roleRepository.findProjectRoleAssociationsByGroup(id, (v1, v2) -> {
            return r3.getProjectRoleAssociation(v1, v2);
        })).lock();
    }
}
