package com.atlassian.confluence.user.administrators;

import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.SpacePermissionManager;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.util.i18n.Message;
import com.atlassian.hibernate.util.SessionHelper;
import com.atlassian.spring.container.ComponentNotFoundException;
import com.atlassian.spring.container.ContainerManager;
import com.atlassian.user.Group;
import com.atlassian.user.User;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.persistence.PersistenceException;
import org.hibernate.SessionFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/user/administrators/DefaultEditUserGroupAdministrator.class */
public class DefaultEditUserGroupAdministrator implements EditUserGroupAdministrator {
    private static final Logger log = LoggerFactory.getLogger(DefaultEditUserGroupAdministrator.class);
    private final User user;
    private final User remoteUser;
    private List<String> initialMemberGroups;
    private List<String> readOnlyGroups;
    private List<SpacePermission> globalPermissions;
    private List<Message> errors = new ArrayList();
    private final UserAccessor userAccessor;
    private final PermissionManager permissionManager;
    private final SpacePermissionManager spacePermissionManager;

    public DefaultEditUserGroupAdministrator(User user, User user2, UserAccessor userAccessor, PermissionManager permissionManager, SpacePermissionManager spacePermissionManager) {
        this.user = user;
        this.remoteUser = user2;
        this.userAccessor = userAccessor;
        this.permissionManager = permissionManager;
        this.spacePermissionManager = spacePermissionManager;
        loadGroups();
    }

    @Override // com.atlassian.confluence.user.administrators.EditUserGroupAdministrator
    public List<String> getInitialMemberGroups() {
        return this.initialMemberGroups;
    }

    private void loadGroups() {
        this.initialMemberGroups = new ArrayList();
        this.readOnlyGroups = new ArrayList();
        for (Group group : this.userAccessor.getGroups(this.user)) {
            if (this.userAccessor.isReadOnly(group)) {
                this.readOnlyGroups.add(group.getName());
            } else {
                this.initialMemberGroups.add(group.getName());
            }
        }
    }

    @Override // com.atlassian.confluence.user.administrators.EditUserGroupAdministrator
    public List<String> getReadOnlyGroups() {
        return this.readOnlyGroups;
    }

    @Override // com.atlassian.confluence.user.administrators.EditUserGroupAdministrator
    public boolean checkPermissions(List<String> list) {
        boolean equals = this.remoteUser.getName().equals(this.user.getName());
        boolean hasUserPermissions = hasUserPermissions(SpacePermission.SYSTEM_ADMINISTRATOR_PERMISSION);
        boolean hasUserPermissions2 = hasUserPermissions(SpacePermission.USE_CONFLUENCE_PERMISSION);
        if (!equals) {
            return true;
        }
        if (hasUserPermissions && hasUserPermissions2) {
            return true;
        }
        boolean z = hasUserPermissions;
        boolean z2 = hasUserPermissions2;
        for (String str : list) {
            if (z || hasGroupPermission(str, SpacePermission.SYSTEM_ADMINISTRATOR_PERMISSION)) {
                z = true;
            }
            if (z2 || hasGroupPermission(str, SpacePermission.USE_CONFLUENCE_PERMISSION)) {
                z2 = true;
            }
        }
        return z && z2;
    }

    private boolean hasUserPermissions(String str) {
        for (SpacePermission spacePermission : getGlobalPermissions()) {
            if (spacePermission.getType().equals(str) && spacePermission.isUserPermission() && spacePermission.getUserName().equals(this.remoteUser.getName())) {
                return true;
            }
        }
        return false;
    }

    private boolean hasGroupPermission(String str, String str2) {
        for (SpacePermission spacePermission : getGlobalPermissions()) {
            if (spacePermission.getType().equals(str2) && spacePermission.isGroupPermission() && spacePermission.getGroup().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private List<SpacePermission> getGlobalPermissions() {
        if (this.globalPermissions == null) {
            this.globalPermissions = this.spacePermissionManager.getGlobalPermissions();
        }
        return this.globalPermissions;
    }

    @Override // com.atlassian.confluence.user.administrators.EditUserGroupAdministrator
    public boolean updateGroups(List<String> list) {
        ArrayList<String> arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        arrayList.addAll(list);
        arrayList.removeAll(this.initialMemberGroups);
        for (String str : this.initialMemberGroups) {
            if (!list.contains(str)) {
                arrayList2.add(str);
            }
        }
        for (String str2 : arrayList) {
            Group group = this.userAccessor.getGroup(str2);
            if (group != null && !this.userAccessor.hasMembership(str2, this.user.getName())) {
                if (this.permissionManager.hasPermission(this.remoteUser, Permission.EDIT, group)) {
                    this.userAccessor.addMembership(group, this.user);
                    if (!this.userAccessor.hasMembership(group, this.user)) {
                        this.errors.add(Message.getInstance("cannot.add.group.membership.failed", this.user.getName(), group.getName()));
                    }
                } else {
                    this.errors.add(Message.getInstance("cannot.add.group.membership.permissions", group.getName()));
                }
            }
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            Group group2 = this.userAccessor.getGroup((String) it.next());
            if (group2 != null && this.userAccessor.hasMembership(group2.getName(), this.user.getName())) {
                if (this.permissionManager.hasPermission(this.remoteUser, Permission.EDIT, group2)) {
                    this.userAccessor.removeMembership(group2, this.user);
                    if (this.userAccessor.hasMembership(group2, this.user)) {
                        this.errors.add(Message.getInstance("cannot.remove.group.membership.failed", this.user.getName(), group2.getName()));
                    }
                } else {
                    this.errors.add(Message.getInstance("cannot.remove.group.membership.permissions", group2.getName()));
                }
            }
        }
        flush();
        return this.errors.isEmpty();
    }

    private void flush() {
        if (ContainerManager.getInstance().getContainerContext() != null) {
            try {
                SessionHelper.flushAllowNoTransaction(((SessionFactory) ContainerManager.getInstance().getContainerContext().getComponent("sessionFactory5")).getCurrentSession());
            } catch (ComponentNotFoundException | PersistenceException e) {
                log.error("Unable to flush session", e);
            }
        }
    }

    @Override // com.atlassian.confluence.user.administrators.EditUserGroupAdministrator
    public List<Message> getErrors() {
        return this.errors;
    }
}
