package org.sonar.core.permission;

import com.google.common.annotations.VisibleForTesting;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.apache.ibatis.session.SqlSession;
import org.sonar.api.ServerComponent;
import org.sonar.api.config.Settings;
import org.sonar.api.security.DefaultGroups;
import org.sonar.api.task.TaskComponent;
import org.sonar.core.persistence.MyBatis;
import org.sonar.core.resource.ResourceDao;
import org.sonar.core.resource.ResourceDto;
import org.sonar.core.user.GroupDto;
import org.sonar.core.user.GroupRoleDto;
import org.sonar.core.user.RoleDao;
import org.sonar.core.user.UserDao;
import org.sonar.core.user.UserRoleDto;

/* loaded from: input_file:org/sonar/core/permission/PermissionFacade.class */
public class PermissionFacade implements TaskComponent, ServerComponent {
    private final MyBatis myBatis;
    private final RoleDao roleDao;
    private final UserDao userDao;
    private final PermissionTemplateDao permissionTemplateDao;
    private final Settings settings;
    private final ResourceDao resourceDao;

    public PermissionFacade(MyBatis myBatis, RoleDao roleDao, UserDao userDao, ResourceDao resourceDao, PermissionTemplateDao permissionTemplateDao, Settings settings) {
        this.myBatis = myBatis;
        this.roleDao = roleDao;
        this.userDao = userDao;
        this.resourceDao = resourceDao;
        this.permissionTemplateDao = permissionTemplateDao;
        this.settings = settings;
    }

    public void insertUserPermission(@Nullable Long l, Long l2, String str, @Nullable SqlSession sqlSession) {
        UserRoleDto resourceId = new UserRoleDto().setRole(str).setUserId(l2).setResourceId(l);
        if (sqlSession != null) {
            this.roleDao.insertUserRole(resourceId, sqlSession);
        } else {
            this.roleDao.insertUserRole(resourceId);
        }
    }

    public void insertUserPermission(@Nullable Long l, Long l2, String str) {
        insertUserPermission(l, l2, str, null);
    }

    public void deleteUserPermission(@Nullable Long l, Long l2, String str, @Nullable SqlSession sqlSession) {
        UserRoleDto resourceId = new UserRoleDto().setRole(str).setUserId(l2).setResourceId(l);
        if (sqlSession != null) {
            this.roleDao.deleteUserRole(resourceId, sqlSession);
        } else {
            this.roleDao.deleteUserRole(resourceId);
        }
    }

    public void deleteUserPermission(@Nullable Long l, Long l2, String str) {
        deleteUserPermission(l, l2, str, null);
    }

    public void insertGroupPermission(@Nullable Long l, @Nullable Long l2, String str, @Nullable SqlSession sqlSession) {
        GroupRoleDto resourceId = new GroupRoleDto().setRole(str).setGroupId(l2).setResourceId(l);
        if (sqlSession != null) {
            this.roleDao.insertGroupRole(resourceId, sqlSession);
        } else {
            this.roleDao.insertGroupRole(resourceId);
        }
    }

    public void insertGroupPermission(@Nullable Long l, @Nullable Long l2, String str) {
        insertGroupPermission(l, l2, str, (SqlSession) null);
    }

    public void insertGroupPermission(@Nullable Long l, String str, String str2, @Nullable SqlSession sqlSession) {
        if (DefaultGroups.isAnyone(str)) {
            insertGroupPermission(l, (Long) null, str2, sqlSession);
            return;
        }
        GroupDto selectGroupByName = this.userDao.selectGroupByName(str, sqlSession);
        if (selectGroupByName != null) {
            insertGroupPermission(l, selectGroupByName.getId(), str2, sqlSession);
        }
    }

    public void deleteGroupPermission(@Nullable Long l, @Nullable Long l2, String str, @Nullable SqlSession sqlSession) {
        GroupRoleDto resourceId = new GroupRoleDto().setRole(str).setGroupId(l2).setResourceId(l);
        if (sqlSession != null) {
            this.roleDao.deleteGroupRole(resourceId, sqlSession);
        } else {
            this.roleDao.deleteGroupRole(resourceId);
        }
    }

    public void deleteGroupPermission(@Nullable Long l, @Nullable Long l2, String str) {
        deleteGroupPermission(l, l2, str, (SqlSession) null);
    }

    public void deleteGroupPermission(@Nullable Long l, String str, String str2, @Nullable SqlSession sqlSession) {
        if (DefaultGroups.isAnyone(str)) {
            deleteGroupPermission(l, (Long) null, str2, sqlSession);
            return;
        }
        GroupDto selectGroupByName = this.userDao.selectGroupByName(str, sqlSession);
        if (selectGroupByName != null) {
            deleteGroupPermission(l, selectGroupByName.getId(), str2, sqlSession);
        }
    }

    @VisibleForTesting
    PermissionTemplateDto getPermissionTemplateWithPermissions(String str) {
        PermissionTemplateDto selectTemplateByKey = this.permissionTemplateDao.selectTemplateByKey(str);
        if (selectTemplateByKey == null) {
            throw new IllegalArgumentException("Could not retrieve permission template with key " + str);
        }
        PermissionTemplateDto selectPermissionTemplate = this.permissionTemplateDao.selectPermissionTemplate(selectTemplateByKey.getKee());
        if (selectPermissionTemplate == null) {
            throw new IllegalArgumentException("Could not retrieve permissions for template with key " + str);
        }
        return selectPermissionTemplate;
    }

    public void applyPermissionTemplate(String str, Long l) {
        PermissionTemplateDto permissionTemplateWithPermissions = getPermissionTemplateWithPermissions(str);
        SqlSession openSession = this.myBatis.openSession();
        try {
            removeAllPermissions(l, openSession);
            List<PermissionTemplateUserDto> usersPermissions = permissionTemplateWithPermissions.getUsersPermissions();
            if (usersPermissions != null) {
                for (PermissionTemplateUserDto permissionTemplateUserDto : usersPermissions) {
                    insertUserPermission(l, permissionTemplateUserDto.getUserId(), permissionTemplateUserDto.getPermission(), openSession);
                }
            }
            List<PermissionTemplateGroupDto> groupsPermissions = permissionTemplateWithPermissions.getGroupsPermissions();
            if (groupsPermissions != null) {
                for (PermissionTemplateGroupDto permissionTemplateGroupDto : groupsPermissions) {
                    insertGroupPermission(l, permissionTemplateGroupDto.getGroupId() == null ? null : permissionTemplateGroupDto.getGroupId(), permissionTemplateGroupDto.getPermission(), openSession);
                }
            }
            openSession.commit();
            MyBatis.closeQuietly(openSession);
        } catch (Throwable th) {
            MyBatis.closeQuietly(openSession);
            throw th;
        }
    }

    public int countComponentPermissions(Long l) {
        return this.roleDao.countResourceGroupRoles(l) + this.roleDao.countResourceUserRoles(l);
    }

    public void removeAllPermissions(Long l, SqlSession sqlSession) {
        this.roleDao.deleteGroupRolesByResourceId(l, sqlSession);
        this.roleDao.deleteUserRolesByResourceId(l, sqlSession);
    }

    public List<String> selectGroupPermissions(String str, Long l) {
        return this.roleDao.selectGroupPermissions(str, l);
    }

    public List<String> selectUserPermissions(String str, Long l) {
        return this.roleDao.selectUserPermissions(str, l);
    }

    public void grantDefaultRoles(Long l, String str) {
        ResourceDto resource = this.resourceDao.getResource(l.longValue());
        if (resource == null) {
            throw new IllegalStateException("Unable to find resource with id " + l);
        }
        applyPermissionTemplate(getApplicablePermissionTemplateKey(resource.getKey(), str), l);
    }

    private String getApplicablePermissionTemplateKey(String str, String str2) {
        List<PermissionTemplateDto> selectAllPermissionTemplates = this.permissionTemplateDao.selectAllPermissionTemplates();
        ArrayList arrayList = new ArrayList();
        for (PermissionTemplateDto permissionTemplateDto : selectAllPermissionTemplates) {
            String keyPattern = permissionTemplateDto.getKeyPattern();
            if (StringUtils.isNotBlank(keyPattern) && str.matches(keyPattern)) {
                arrayList.add(permissionTemplateDto);
            }
        }
        checkAtMostOneMatchForComponentKey(str, arrayList);
        if (arrayList.size() == 1) {
            return arrayList.get(0).getKee();
        }
        String string = this.settings.getString("sonar.permission.template." + str2 + ".default");
        if (!StringUtils.isBlank(string)) {
            return string;
        }
        String string2 = this.settings.getString("sonar.permission.template.default");
        if (StringUtils.isBlank(string2)) {
            throw new IllegalStateException("At least one default permission template should be defined");
        }
        return string2;
    }

    private void checkAtMostOneMatchForComponentKey(String str, List<PermissionTemplateDto> list) {
        if (list.size() > 1) {
            StringBuilder sb = new StringBuilder();
            Iterator<PermissionTemplateDto> it = list.iterator();
            while (it.hasNext()) {
                sb.append("\"").append(it.next().getName()).append("\"");
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
            throw new IllegalStateException(MessageFormat.format("The \"{0}\" key matches multiple permission templates: {1}. A system administrator must update these templates so that only one of them matches the key.", str, sb.toString()));
        }
    }
}
