package com.atlassian.confluence.impl.security.query;

import com.atlassian.annotations.Internal;
import com.atlassian.confluence.impl.hibernate.query.InExpressionBuilder;
import com.atlassian.confluence.impl.security.access.SpacePermissionSubjectType;
import com.atlassian.confluence.search.lucene.DocumentFieldName;
import com.atlassian.confluence.setup.settings.beans.CaptchaSettings;
import com.atlassian.confluence.user.ConfluenceUser;
import com.google.common.base.Supplier;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.query.Query;

@Internal
/* loaded from: input_file:com/atlassian/confluence/impl/security/query/SpacePermissionQueryBuilderImpl.class */
public class SpacePermissionQueryBuilderImpl implements SpacePermissionQueryBuilder {
    private final ConfluenceUser user;
    private final Set<SpacePermissionSubjectType> permissionSubjectTypes;
    private final Supplier<List<String>> userGroupNames;
    private final String permissionType;
    private InExpressionBuilder inExpressionBuilder = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SpacePermissionQueryBuilderImpl(ConfluenceUser confluenceUser, Set<SpacePermissionSubjectType> set, Supplier<List<String>> supplier, String str) {
        this.user = confluenceUser;
        this.permissionSubjectTypes = set;
        this.userGroupNames = supplier;
        this.permissionType = str;
    }

    private boolean includeGroupMembershipPermissionCheck() {
        return this.permissionSubjectTypes.contains(SpacePermissionSubjectType.GROUP) && !((List) this.userGroupNames.get()).isEmpty();
    }

    private boolean includeUserPermissionCheck() {
        return this.permissionSubjectTypes.contains(SpacePermissionSubjectType.USER) && this.user != null;
    }

    @Override // com.atlassian.confluence.impl.security.query.SpacePermissionQueryBuilder
    public String getHqlPermissionFilterString(String str) {
        ArrayList newArrayList = Lists.newArrayList();
        if (includeUserPermissionCheck()) {
            newArrayList.add(str + ".userSubject.id = :userKey");
        }
        if (includeGroupMembershipPermissionCheck()) {
            this.inExpressionBuilder = new InExpressionBuilder(str + ".group", CaptchaSettings.GROUPS, (List) this.userGroupNames.get());
            newArrayList.add(this.inExpressionBuilder.buildInExpressionString());
        }
        if (this.permissionSubjectTypes.contains(SpacePermissionSubjectType.ALL_AUTHENTICATED_USERS)) {
            newArrayList.add(str + ".allUsersSubject = 'authenticated-users'");
        }
        if (this.permissionSubjectTypes.contains(SpacePermissionSubjectType.ANONYMOUS)) {
            newArrayList.add("(" + str + ".userSubject is null and " + str + ".group is null and " + str + ".allUsersSubject is null)");
        }
        if (newArrayList.isEmpty()) {
            throw new IllegalStateException("Expected to find at least 1 permission category clause");
        }
        return "(" + ("(" + StringUtils.join(newArrayList, " or ") + ")") + " and " + (str + ".type = :permission") + ")";
    }

    @Override // com.atlassian.confluence.impl.security.query.SpacePermissionQueryBuilder
    public void substituteHqlQueryParameters(Query query) {
        if (includeUserPermissionCheck()) {
            query.setParameter(DocumentFieldName.USER_KEY, this.user.getKey().getStringValue());
        }
        if (includeGroupMembershipPermissionCheck() && this.inExpressionBuilder != null) {
            this.inExpressionBuilder.substituteInExpressionParameters(query);
        }
        query.setParameter("permission", this.permissionType);
    }

    @Override // com.atlassian.confluence.impl.security.query.SpacePermissionQueryBuilder
    @Nullable
    public ConfluenceUser getUser() {
        return this.user;
    }
}
