package org.artifactory.ui.rest.service.common;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSetMultimap;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.tuple.Pair;
import org.artifactory.api.security.UserGroupService;
import org.artifactory.security.AceInfo;
import org.artifactory.security.Acl;
import org.artifactory.security.PermissionTarget;
import org.artifactory.ui.rest.model.artifacts.browse.treebrowser.tabs.permission.EffectivePermission;
import org.artifactory.ui.rest.model.artifacts.browse.treebrowser.tabs.permission.PrincipalEffectivePermissions;
import org.artifactory.util.CollectionUtils;
import org.jfrog.common.StreamSupportUtils;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/artifactory/ui/rest/service/common/EffectivePermissionHelper.class */
public class EffectivePermissionHelper {
    private final UserGroupService userGroupService;
    private ImmutableSetMultimap<String, String> userInGroups;

    public EffectivePermissionHelper(UserGroupService userGroupService) {
        this.userGroupService = userGroupService;
    }

    public void addAdminsToMaps(Map<String, PrincipalEffectivePermissions> map, Map<String, PrincipalEffectivePermissions> map2, boolean z) {
        Map allUsersAndAdminStatus = this.userGroupService.getAllUsersAndAdminStatus(true);
        if (z) {
            allUsersAndAdminStatus.remove("super");
        }
        allUsersAndAdminStatus.keySet().forEach(str -> {
            changeAdminPermissions(str, map);
        });
        this.userGroupService.getAllAdminGroupsNames().forEach(str2 -> {
            changeAdminPermissions(str2, map2);
        });
    }

    private void changeAdminPermissions(String str, Map<String, PrincipalEffectivePermissions> map) {
        map.putIfAbsent(str, new PrincipalEffectivePermissions(str));
        PrincipalEffectivePermissions principalEffectivePermissions = map.get(str);
        principalEffectivePermissions.getPermission().setAdmin();
        principalEffectivePermissions.setAdmin(true);
    }

    public void addAclInfoToAclList(Acl<? extends PermissionTarget> acl, Map<String, PrincipalEffectivePermissions> map, Map<String, PrincipalEffectivePermissions> map2) {
        String name = acl.getPermissionTarget().getName();
        acl.getMutableAces().forEach(mutableAceInfo -> {
            addAceInfo(mutableAceInfo, name, map, map2);
        });
    }

    private void addAceInfo(AceInfo aceInfo, String str, Map<String, PrincipalEffectivePermissions> map, Map<String, PrincipalEffectivePermissions> map2) {
        if (aceInfo.isGroup()) {
            addPermissionsToPrincipal(aceInfo.getPrincipal(), str, aceInfo, map2);
        } else {
            addPermissionsToPrincipal(aceInfo.getPrincipal(), str, aceInfo, map);
        }
    }

    private void addPermissionsToPrincipal(String str, String str2, AceInfo aceInfo, Map<String, PrincipalEffectivePermissions> map) {
        map.putIfAbsent(str, new PrincipalEffectivePermissions(str));
        PrincipalEffectivePermissions principalEffectivePermissions = map.get(str);
        principalEffectivePermissions.getPermission().aggregatePermissions(aceInfo);
        addPermissionTargetsWithCap(principalEffectivePermissions, str2);
        map.put(str, principalEffectivePermissions);
    }

    private void addPermissionTargetsWithCap(PrincipalEffectivePermissions principalEffectivePermissions, List<String> list) {
        List<String> permissionTargets = principalEffectivePermissions.getPermissionTargets();
        for (String str : list) {
            if (!principalEffectivePermissions.isPermissionTargetsCap()) {
                permissionTargets.add(str);
                if (principalEffectivePermissions.isPermissionTargetsCap()) {
                    principalEffectivePermissions.setPermissionTargetsCap(true);
                    return;
                }
            }
        }
    }

    private void addPermissionTargetsWithCap(PrincipalEffectivePermissions principalEffectivePermissions, String str) {
        principalEffectivePermissions.advancePermissionTargetsCount();
        if (principalEffectivePermissions.isPermissionTargetsCap()) {
            return;
        }
        principalEffectivePermissions.getPermissionTargets().add(str);
        if (principalEffectivePermissions.isPermissionTargetsCap()) {
            principalEffectivePermissions.setPermissionTargetsCap(true);
        }
    }

    public void grantGroupUsersEffectivePermissions(Map<String, PrincipalEffectivePermissions> map, Map<String, PrincipalEffectivePermissions> map2) {
        this.userInGroups = this.userGroupService.getAllUsersInGroups();
        if (Objects.isNull(this.userInGroups) || CollectionUtils.isNullOrEmpty(this.userInGroups.entries())) {
            return;
        }
        ImmutableMap asMap = this.userInGroups.inverse().asMap();
        StreamSupportUtils.mapEntriesStream(map).filter(entry -> {
            return !((PrincipalEffectivePermissions) entry.getValue()).isAdmin();
        }).flatMap(entry2 -> {
            return groupPathToUserPath(entry2, asMap);
        }).forEach(pair -> {
            copyPermissionsToUser((PrincipalEffectivePermissions) pair.getRight(), (String) pair.getLeft(), map2);
        });
    }

    private Stream<Pair<String, PrincipalEffectivePermissions>> groupPathToUserPath(Map.Entry<String, PrincipalEffectivePermissions> entry, Map<String, Collection<String>> map) {
        return StreamSupportUtils.stream(map.get(entry.getKey())).map(str -> {
            return Pair.of(str, (PrincipalEffectivePermissions) entry.getValue());
        });
    }

    private void copyPermissionsToUser(PrincipalEffectivePermissions principalEffectivePermissions, String str, Map<String, PrincipalEffectivePermissions> map) {
        map.putIfAbsent(str, new PrincipalEffectivePermissions(str));
        PrincipalEffectivePermissions principalEffectivePermissions2 = map.get(str);
        EffectivePermission permission = principalEffectivePermissions2.getPermission();
        permission.aggregatePermissions(principalEffectivePermissions.getPermission());
        addPermissionTargetsWithCap(principalEffectivePermissions2, principalEffectivePermissions.getPermissionTargets());
        principalEffectivePermissions2.setPermission(permission);
    }

    public List<String> getPermissionByEntity(List<? extends Acl<? extends PermissionTarget>> list, boolean z, String str) {
        if (z) {
            return (List) list.stream().filter(acl -> {
                return entityNameInAce(acl, str, true);
            }).map(acl2 -> {
                return acl2.getPermissionTarget().getName();
            }).collect(Collectors.toList());
        }
        try {
            Set<String> userGroups = getUserGroups(str);
            return (List) list.stream().filter(acl3 -> {
                return userInAcl(acl3, str, userGroups);
            }).map(acl4 -> {
                return acl4.getPermissionTarget().getName();
            }).collect(Collectors.toList());
        } catch (UsernameNotFoundException e) {
            return null;
        }
    }

    private boolean userInAcl(Acl<? extends PermissionTarget> acl, String str, Set<String> set) {
        return entityNameInAce(acl, str, false) || userGroupInAce(acl, set);
    }

    private boolean userGroupInAce(Acl<? extends PermissionTarget> acl, Set<String> set) {
        return acl.getMutableAces().stream().anyMatch(mutableAceInfo -> {
            return mutableAceInfo.isGroup() && set.contains(mutableAceInfo.getPrincipal());
        });
    }

    private boolean entityNameInAce(Acl<? extends PermissionTarget> acl, String str, boolean z) {
        return acl.getMutableAces().stream().anyMatch(mutableAceInfo -> {
            return mutableAceInfo.getPrincipal().equals(str) && mutableAceInfo.isGroup() == z;
        });
    }

    private Set<String> getUserGroups(String str) {
        return (Set) this.userGroupService.findUser(str).getGroups().stream().map((v0) -> {
            return v0.getGroupName();
        }).collect(Collectors.toSet());
    }
}
