package org.guvnor.common.services.project.client.security;

import elemental2.promise.Promise;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.guvnor.common.services.project.model.WorkspaceProject;
import org.guvnor.common.services.project.security.ProjectPermissionsService;
import org.guvnor.structure.contributors.Contributor;
import org.guvnor.structure.contributors.ContributorType;
import org.guvnor.structure.organizationalunit.OrganizationalUnit;
import org.guvnor.structure.organizationalunit.config.BranchPermissions;
import org.guvnor.structure.organizationalunit.config.RolePermissions;
import org.guvnor.structure.repositories.Branch;
import org.guvnor.structure.repositories.Repository;
import org.guvnor.structure.security.RepositoryAction;
import org.jboss.errai.common.client.api.Caller;
import org.jboss.errai.security.shared.api.identity.User;
import org.uberfire.client.promise.Promises;
import org.uberfire.security.authz.AuthorizationManager;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/uberfire-project-client-2.21.0-SNAPSHOT.jar:org/guvnor/common/services/project/client/security/ProjectController.class */
public class ProjectController {
    private AuthorizationManager authorizationManager;
    private User user;
    private Caller<ProjectPermissionsService> projectPermissionsService;
    private Promises promises;

    @Inject
    public ProjectController(AuthorizationManager authorizationManager, User user, Caller<ProjectPermissionsService> caller, Promises promises) {
        this.authorizationManager = authorizationManager;
        this.user = user;
        this.projectPermissionsService = caller;
        this.promises = promises;
    }

    public boolean canCreateProjects(OrganizationalUnit organizationalUnit) {
        return this.authorizationManager.authorize(Repository.RESOURCE_TYPE, RepositoryAction.CREATE, this.user) || userIsAtLeast(ContributorType.CONTRIBUTOR, organizationalUnit.getContributors());
    }

    public boolean canReadProject(WorkspaceProject workspaceProject) {
        return this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.READ, this.user) || userIsAtLeast(ContributorType.OWNER, workspaceProject.getOrganizationalUnit().getContributors()) || userIsAtLeast(ContributorType.CONTRIBUTOR, workspaceProject.getRepository().getContributors());
    }

    public Promise<Boolean> canUpdateProject(WorkspaceProject workspaceProject) {
        return canUpdateBranch(workspaceProject, workspaceProject.getBranch());
    }

    public Promise<Boolean> canUpdateBranch(WorkspaceProject workspaceProject, Branch branch) {
        return workspaceProject.getMainModule() == null ? this.promises.resolve(false) : this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.UPDATE, this.user) ? this.promises.resolve(true) : checkBranchPermission(workspaceProject, branch.getName(), (v0) -> {
            return v0.canWrite();
        });
    }

    public boolean canDeleteProject(WorkspaceProject workspaceProject) {
        return this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.DELETE, this.user) || userIsAtLeast(ContributorType.OWNER, workspaceProject.getRepository().getContributors()) || userIsAtLeast(ContributorType.OWNER, workspaceProject.getOrganizationalUnit().getContributors());
    }

    public Promise<Boolean> canBuildProject(WorkspaceProject workspaceProject) {
        return workspaceProject.getMainModule() == null ? this.promises.resolve(false) : this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.BUILD, this.user) ? this.promises.resolve(true) : checkBranchPermission(workspaceProject, workspaceProject.getBranch().getName(), (v0) -> {
            return v0.canWrite();
        });
    }

    public Promise<Boolean> canDeployProject(WorkspaceProject workspaceProject) {
        return workspaceProject.getMainModule() == null ? this.promises.resolve(false) : this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.BUILD, this.user) ? this.promises.resolve(true) : checkBranchPermission(workspaceProject, workspaceProject.getBranch().getName(), (v0) -> {
            return v0.canDeploy();
        });
    }

    public Promise<Boolean> canReadBranch(WorkspaceProject workspaceProject) {
        return canReadBranch(workspaceProject, workspaceProject.getBranch().getName());
    }

    public Promise<Boolean> canReadBranch(WorkspaceProject workspaceProject, String str) {
        return this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.READ, this.user) ? this.promises.resolve(true) : checkBranchPermission(workspaceProject, str, (v0) -> {
            return v0.canRead();
        });
    }

    public Promise<Boolean> canDeleteBranch(WorkspaceProject workspaceProject) {
        return canDeleteBranch(workspaceProject, workspaceProject.getBranch().getName());
    }

    public Promise<Boolean> canDeleteBranch(WorkspaceProject workspaceProject, String str) {
        return workspaceProject.getBranch().getName().equals("master") ? this.promises.resolve(false) : this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.DELETE, this.user) ? this.promises.resolve(true) : checkBranchPermission(workspaceProject, str, (v0) -> {
            return v0.canDelete();
        });
    }

    boolean userIsAtLeast(ContributorType contributorType, Collection<Contributor> collection) {
        return collection.stream().anyMatch(contributor -> {
            return contributor.getUsername().equals(this.user.getIdentifier()) && ContributorType.PRIORITY_ORDER.indexOf(contributor.getType()) <= ContributorType.PRIORITY_ORDER.indexOf(contributorType);
        });
    }

    Optional<Contributor> getUserContributor(Collection<Contributor> collection) {
        return collection.stream().filter(contributor -> {
            return contributor.getUsername().equals(this.user.getIdentifier());
        }).findFirst();
    }

    Promise<Boolean> checkBranchPermission(WorkspaceProject workspaceProject, String str, Function<RolePermissions, Boolean> function) {
        return getBranchPermissionsForUser(workspaceProject, str).then(optional -> {
            return optional.isPresent() ? this.promises.resolve(function.apply(optional.get())) : this.promises.resolve(false);
        });
    }

    public Promise<Optional<RolePermissions>> getBranchPermissionsForUser(WorkspaceProject workspaceProject, String str) {
        return this.promises.promisify(this.projectPermissionsService, projectPermissionsService -> {
            return projectPermissionsService.loadBranchPermissions(workspaceProject.getSpace().getName(), workspaceProject.getRepository().getIdentifier(), str);
        }).then(branchPermissions -> {
            return this.promises.resolve(getBranchPermissionsForUser(workspaceProject, branchPermissions.getPermissionsByRole()));
        });
    }

    public Optional<RolePermissions> getBranchPermissionsForUser(WorkspaceProject workspaceProject, Map<String, RolePermissions> map) {
        RolePermissions rolePermissions;
        Optional<Contributor> userContributor = getUserContributor(workspaceProject.getRepository().getContributors());
        return (!userContributor.isPresent() || (rolePermissions = map.get(userContributor.get().getType().name())) == null) ? Optional.empty() : Optional.of(rolePermissions);
    }

    public Promise<List<Branch>> getUpdatableBranches(WorkspaceProject workspaceProject) {
        return workspaceProject.getMainModule() == null ? this.promises.resolve(Collections.emptyList()) : this.authorizationManager.authorize(workspaceProject.getRepository(), RepositoryAction.UPDATE, this.user) ? this.promises.resolve(new ArrayList(workspaceProject.getRepository().getBranches())) : getBranchesWithPermission(workspaceProject, (v0) -> {
            return v0.canWrite();
        });
    }

    private Promise<List<Branch>> getBranchesWithPermission(WorkspaceProject workspaceProject, Function<RolePermissions, Boolean> function) {
        return this.promises.promisify(this.projectPermissionsService, projectPermissionsService -> {
            return projectPermissionsService.loadBranchPermissions(workspaceProject.getSpace().getName(), workspaceProject.getRepository().getIdentifier(), (List<String>) workspaceProject.getRepository().getBranches().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList()));
        }).then(map -> {
            return this.promises.resolve(workspaceProject.getRepository().getBranches().stream().filter(branch -> {
                return ((Boolean) getBranchPermissionsForUser(workspaceProject, ((BranchPermissions) map.get(branch.getName())).getPermissionsByRole()).map(function).orElse(false)).booleanValue();
            }).collect(Collectors.toList()));
        });
    }
}
