package com.atlassian.confluence.impl.security;

import com.atlassian.confluence.event.events.permission.SpacePermissionsRemoveForGroupEvent;
import com.atlassian.confluence.event.events.permission.SpacePermissionsRemoveForUserEvent;
import com.atlassian.confluence.impl.security.SpacePermissionCachePrimer;
import com.atlassian.confluence.impl.security.access.SpacePermissionAccessMapper;
import com.atlassian.confluence.impl.vcache.SynchronousExternalCache;
import com.atlassian.confluence.internal.accessmode.AccessModeManager;
import com.atlassian.confluence.internal.security.SpacePermissionContext;
import com.atlassian.confluence.internal.security.SpacePermissionManagerInternal;
import com.atlassian.confluence.security.AbstractSpacePermissionManager;
import com.atlassian.confluence.security.PermissionCheckExemptions;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.access.ConfluenceAccessManager;
import com.atlassian.confluence.security.persistence.dao.SpacePermissionDao;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.user.persistence.dao.compatibility.FindUserHelper;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import com.atlassian.util.concurrent.Supplier;
import com.atlassian.vcache.VCacheFactory;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSetMultimap;
import java.io.Serializable;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager.class */
public class CoarseGrainedCachingSpacePermissionManager extends AbstractSpacePermissionManager implements SpacePermissionCachePrimer.Primeable {
    private static final Logger log = LoggerFactory.getLogger(CoarseGrainedCachingSpacePermissionManager.class);
    private static final String CACHE_NAME = CoarseGrainedCachingSpacePermissionManager.class.getName() + ".spacePermissions";
    protected final SpacePermissionDao spacePermissionDao;
    private final SpacePermissionManagerInternal delegate;
    private final PermissionsCache cache;
    private final EventPublisher eventPublisher;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$AnonymousSubject.class */
    public enum AnonymousSubject implements Subject {
        INSTANCE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$AuthenticatedUsersSubject.class */
    public enum AuthenticatedUsersSubject implements Subject {
        INSTANCE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$GroupSubject.class */
    public static class GroupSubject implements Subject {
        private final String groupName;

        public GroupSubject(String str) {
            this.groupName = str;
        }

        public String getGroupName() {
            return this.groupName;
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(this.groupName, ((GroupSubject) obj).groupName);
        }

        public int hashCode() {
            return Objects.hash(this.groupName);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$PermissionType.class */
    public static class PermissionType implements Serializable {
        private final String value;

        PermissionType(String str) {
            this.value = str;
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(this.value, ((PermissionType) obj).value);
        }

        public int hashCode() {
            return Objects.hash(this.value);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$PermissionsCache.class */
    public static class PermissionsCache {

        @VisibleForTesting
        static final String GLOBAL_PERMISSIONS_KEY = "_GLOBAL_";
        private final SynchronousExternalCache<ImmutableSetMultimap<PermissionType, Subject>> cache;
        private final Supplier<Collection<SpacePermission>> globalPermissionsLoader;
        private final Function<Space, Collection<SpacePermission>> spacePermissionsLoader;

        public PermissionsCache(VCacheFactory vCacheFactory, Function<Space, Collection<SpacePermission>> function, Supplier<Collection<SpacePermission>> supplier) {
            this.globalPermissionsLoader = (Supplier) Objects.requireNonNull(supplier);
            this.spacePermissionsLoader = (Function) Objects.requireNonNull(function);
            this.cache = SynchronousExternalCache.synchronousStableReadExternalCache(vCacheFactory, CoarseGrainedCachingSpacePermissionManager.CACHE_NAME, SynchronousExternalCache.serializableMarshaller(ImmutableSetMultimap.class));
        }

        @VisibleForTesting
        static String cacheKey(@Nullable Space space) {
            return space == null ? GLOBAL_PERMISSIONS_KEY : space.getKey();
        }

        public void preload(Iterable<? extends Space> iterable) {
            getPermissions(null);
            iterable.forEach(this::getPermissions);
        }

        public void removePermissions(@Nullable Space space) {
            this.cache.remove(cacheKey(space));
        }

        public void removeGlobalPermissions() {
            this.cache.remove(GLOBAL_PERMISSIONS_KEY);
        }

        public void removeAllPermissions() {
            this.cache.removeAll();
        }

        public ImmutableSetMultimap<PermissionType, Subject> getPermissions(@Nullable Space space) {
            return this.cache.get(cacheKey(space), () -> {
                return groupByPermissionType(loadPermissions(space));
            });
        }

        private Collection<SpacePermission> loadPermissions(@Nullable Space space) {
            return space == null ? (Collection) this.globalPermissionsLoader.get() : this.spacePermissionsLoader.apply(space);
        }

        private static ImmutableSetMultimap<PermissionType, Subject> groupByPermissionType(Collection<SpacePermission> collection) {
            ImmutableSetMultimap.Builder builder = ImmutableSetMultimap.builder();
            for (SpacePermission spacePermission : collection) {
                builder.put(CoarseGrainedCachingSpacePermissionManager.permissionType(spacePermission), Subject.of(spacePermission));
            }
            return builder.build();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$Subject.class */
    public interface Subject extends Serializable {
        static Subject ofUser(@Nonnull User user) {
            return new UserSubject(FindUserHelper.getUser(user));
        }

        static Subject ofAnonymousUsers() {
            return AnonymousSubject.INSTANCE;
        }

        static Subject ofAuthenticatedUsers() {
            return AuthenticatedUsersSubject.INSTANCE;
        }

        static Subject of(SpacePermission spacePermission) {
            if (spacePermission.isAnonymousPermission()) {
                return AnonymousSubject.INSTANCE;
            }
            if (spacePermission.isAuthenticatedUsersPermission()) {
                return AuthenticatedUsersSubject.INSTANCE;
            }
            if (spacePermission.isGroupPermission()) {
                return new GroupSubject(spacePermission.getGroup());
            }
            if (spacePermission.isUserPermission()) {
                return new UserSubject(spacePermission.getUserSubject());
            }
            throw new IllegalStateException("Unsupported permission subject: " + spacePermission);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/confluence/impl/security/CoarseGrainedCachingSpacePermissionManager$UserSubject.class */
    public static class UserSubject implements Subject {
        private final UserKey userKey;

        public UserSubject(ConfluenceUser confluenceUser) {
            this.userKey = confluenceUser.getKey();
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(this.userKey, ((UserSubject) obj).userKey);
        }

        public int hashCode() {
            return Objects.hash(this.userKey);
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public CoarseGrainedCachingSpacePermissionManager(PermissionCheckExemptions permissionCheckExemptions, VCacheFactory vCacheFactory, SpacePermissionManagerInternal spacePermissionManagerInternal, SpacePermissionDao spacePermissionDao, EventPublisher eventPublisher, ConfluenceAccessManager confluenceAccessManager, SpacePermissionAccessMapper spacePermissionAccessMapper, CrowdService crowdService, Supplier<UserAccessor> supplier, AccessModeManager accessModeManager) {
        super(permissionCheckExemptions, confluenceAccessManager, spacePermissionAccessMapper, crowdService, supplier::get, accessModeManager);
        supplier.getClass();
        this.eventPublisher = (EventPublisher) Objects.requireNonNull(eventPublisher);
        this.spacePermissionDao = (SpacePermissionDao) Objects.requireNonNull(spacePermissionDao);
        this.delegate = (SpacePermissionManagerInternal) Objects.requireNonNull(spacePermissionManagerInternal);
        spacePermissionDao.getClass();
        Function function = spacePermissionDao::findPermissionsForSpace;
        spacePermissionDao.getClass();
        this.cache = new PermissionsCache(vCacheFactory, function, spacePermissionDao::findAllGlobalPermissions);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeAllPermissions(Space space) {
        removeAllPermissions(space, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeAllPermissions(Space space, SpacePermissionContext spacePermissionContext) {
        log.debug("removing all for space {}", space);
        this.delegate.removeAllPermissions(space, spacePermissionContext);
        this.cache.removePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removePermission(SpacePermission spacePermission) {
        removePermission(spacePermission, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removePermission(SpacePermission spacePermission, SpacePermissionContext spacePermissionContext) {
        log.debug("removing for {}", spacePermission);
        Space space = spacePermission.getSpace();
        this.delegate.removePermission(spacePermission, spacePermissionContext);
        this.cache.removePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeAllUserPermissions(ConfluenceUser confluenceUser) {
        removeAllUserPermissions(confluenceUser, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeAllUserPermissions(ConfluenceUser confluenceUser, SpacePermissionContext spacePermissionContext) {
        log.debug("removing all for user {}", confluenceUser);
        List<SpacePermission> findPermissionsForUser = this.spacePermissionDao.findPermissionsForUser(confluenceUser);
        removePermissions(findPermissionsForUser, SpacePermissionContext.builder(spacePermissionContext).sendEvents(false).build());
        if (spacePermissionContext.shouldSendEvents()) {
            this.eventPublisher.publish(new SpacePermissionsRemoveForUserEvent(this, confluenceUser, findPermissionsForUser));
        }
    }

    private void removePermissions(Collection<SpacePermission> collection, SpacePermissionContext spacePermissionContext) {
        log.debug("removing permissions {}", collection);
        Stream distinct = collection.stream().peek(spacePermission -> {
            this.delegate.removePermission(spacePermission, spacePermissionContext);
        }).map((v0) -> {
            return v0.getSpace();
        }).distinct();
        PermissionsCache permissionsCache = this.cache;
        permissionsCache.getClass();
        distinct.forEach(permissionsCache::removePermissions);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeAllUserPermissions(String str) {
        Optional.ofNullable(FindUserHelper.getUserByUsername(str)).ifPresent(this::removeAllUserPermissions);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeGlobalPermissionForUser(ConfluenceUser confluenceUser, String str) {
        removeGlobalPermissionForUser(confluenceUser, str, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeGlobalPermissionForUser(ConfluenceUser confluenceUser, String str, SpacePermissionContext spacePermissionContext) {
        log.debug("remove global perm {} for user {}", str, confluenceUser);
        this.delegate.removeGlobalPermissionForUser(confluenceUser, str, spacePermissionContext);
        this.cache.removeGlobalPermissions();
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void removeAllPermissionsForGroup(String str) {
        removeAllPermissionsForGroup(str, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionManagerInternal
    public void removeAllPermissionsForGroup(String str, SpacePermissionContext spacePermissionContext) {
        log.debug("remove all perms for group {}", str);
        List<SpacePermission> allPermissionsForGroup = getAllPermissionsForGroup(str);
        removePermissions(allPermissionsForGroup, SpacePermissionContext.builder(spacePermissionContext).sendEvents(false).build());
        if (spacePermissionContext.shouldSendEvents()) {
            this.eventPublisher.publish(new SpacePermissionsRemoveForGroupEvent(this, str, allPermissionsForGroup));
        }
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public List<SpacePermission> getAllPermissionsForGroup(String str) {
        return this.delegate.getAllPermissionsForGroup(str);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public List<SpacePermission> getGlobalPermissions() {
        return this.delegate.getGlobalPermissions();
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public List<SpacePermission> getGlobalPermissions(String str) {
        return this.delegate.getGlobalPermissions(str);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void flushCaches() {
        log.debug("Flushing caches");
        this.delegate.flushCaches();
        this.cache.removeAllPermissions();
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    @Deprecated
    public void createInitialSpacePermissions(Space space) {
        log.debug("create initial space perms for {}", space);
        this.delegate.createInitialSpacePermissions(space);
        this.cache.removePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void createDefaultSpacePermissions(Space space) {
        log.debug("create default space perms for {}", space);
        this.delegate.createDefaultSpacePermissions(space);
        this.cache.removePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public void createPrivateSpacePermissions(Space space) {
        log.debug("create private space perms for {}", space);
        this.delegate.createPrivateSpacePermissions(space);
        this.cache.removePermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Collection<Group> getGroupsWithPermissions(@Nullable Space space) {
        return this.delegate.getGroupsWithPermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Map<String, Long> getGroupsForPermissionType(String str, Space space) {
        return this.delegate.getGroupsForPermissionType(str, space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Collection<User> getUsersWithPermissions(@Nullable Space space) {
        return this.delegate.getUsersWithPermissions(space);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager
    public Map<String, Long> getUsersForPermissionType(String str, Space space) {
        return this.delegate.getUsersForPermissionType(str, space);
    }

    @Override // com.atlassian.confluence.security.AbstractSpacePermissionManager
    protected Iterable<String> getGroupNamesWithPermission(@Nullable Space space, String str) {
        return getGroupNamesWithPermission(space, permissionType(str));
    }

    private Iterable<String> getGroupNamesWithPermission(@Nullable Space space, PermissionType permissionType) {
        Stream stream = this.cache.getPermissions(space).get(permissionType).stream();
        Class<GroupSubject> cls = GroupSubject.class;
        GroupSubject.class.getClass();
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<GroupSubject> cls2 = GroupSubject.class;
        GroupSubject.class.getClass();
        return (Iterable) filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getGroupName();
        }).collect(Collectors.toList());
    }

    @Override // com.atlassian.confluence.security.SpacePermissionManager, com.atlassian.confluence.security.access.DefaultConfluenceAccessManager.AccessManagerPermissionChecker
    public boolean permissionExists(SpacePermission spacePermission) {
        return permissionExists(spacePermission.getSpace(), permissionType(spacePermission), Subject.of(spacePermission));
    }

    private boolean permissionExists(@Nullable Space space, PermissionType permissionType, Subject subject) {
        return this.cache.getPermissions(space).get(permissionType).contains(subject);
    }

    @Override // com.atlassian.confluence.security.SpacePermissionSaver
    @Deprecated
    public void savePermission(SpacePermission spacePermission) {
        savePermission(spacePermission, SpacePermissionContext.createDefault());
    }

    @Override // com.atlassian.confluence.internal.security.SpacePermissionSaverInternal
    public void savePermission(SpacePermission spacePermission, SpacePermissionContext spacePermissionContext) {
        log.debug("save permission {}", spacePermission);
        this.delegate.savePermission(spacePermission, spacePermissionContext);
        this.cache.removePermissions(spacePermission.getSpace());
    }

    @Override // com.atlassian.confluence.impl.security.SpacePermissionCachePrimer.Primeable
    public void prime(Iterable<? extends Space> iterable) {
        this.cache.preload(iterable);
    }

    private static PermissionType permissionType(String str) {
        return new PermissionType(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PermissionType permissionType(SpacePermission spacePermission) {
        return permissionType(spacePermission.getType());
    }
}
