package com.atlassian.jira.plugins.importer.external;

import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.jira.bc.projectroles.ProjectRoleService;
import com.atlassian.jira.bc.user.UserService;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.plugins.importer.Immutables;
import com.atlassian.jira.plugins.importer.compatibility.CompatibilityBridgeUtils;
import com.atlassian.jira.plugins.importer.external.beans.ExternalUser;
import com.atlassian.jira.plugins.importer.external.beans.NamedExternalObject;
import com.atlassian.jira.plugins.importer.imports.importer.ImportLogger;
import com.atlassian.jira.plugins.importer.imports.importer.impl.DefaultJiraDataImporter;
import com.atlassian.jira.plugins.importer.managers.CreateUserHandler;
import com.atlassian.jira.plugins.importer.managers.CreateUserHandlerProvider;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.groups.GroupManager;
import com.atlassian.jira.security.roles.ProjectRole;
import com.atlassian.jira.security.roles.ProjectRoleActors;
import com.atlassian.jira.security.roles.ProjectRoleImpl;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.ApplicationUsers;
import com.atlassian.jira.user.UserKeyService;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Ordering;
import com.google.common.collect.Sets;
import com.opensymphony.util.TextUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/jira/plugins/importer/external/ExternalUserUtils.class */
public class ExternalUserUtils {
    private static final String UNIFIED_USER_MANAGEMENT_FEATURE_FLAG = "unified.usermanagement";
    public static final String STUB_EMAIL_ADDRESS = "noreplay@example.com";
    private final GroupManager groupManager;
    private final GlobalPermissionManager globalPermissionManager;
    private final ProjectRoleService projectRoleService;
    private final UserKeyService userKeyService;
    private final FeatureManager featureManager;
    private final UserService userService;
    private final UserManager userManager;
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final CreateUserHandlerProvider createUserHandlerProvider;
    private final CompatibilityBridgeUtils bridgeUtils;

    /* loaded from: input_file:com/atlassian/jira/plugins/importer/external/ExternalUserUtils$CreatedUserStatus.class */
    public enum CreatedUserStatus {
        Active,
        InactiveDueToLicenseLimit,
        InactiveInExternalSystem,
        InactiveDueToLicenseRolesEnabled
    }

    @Autowired
    public ExternalUserUtils(@ComponentImport GroupManager groupManager, @ComponentImport GlobalPermissionManager globalPermissionManager, @ComponentImport ProjectRoleService projectRoleService, @ComponentImport UserKeyService userKeyService, @ComponentImport FeatureManager featureManager, @ComponentImport UserService userService, @ComponentImport UserManager userManager, @ComponentImport JiraAuthenticationContext jiraAuthenticationContext, CreateUserHandlerProvider createUserHandlerProvider, CompatibilityBridgeUtils compatibilityBridgeUtils) {
        this.groupManager = groupManager;
        this.globalPermissionManager = globalPermissionManager;
        this.projectRoleService = projectRoleService;
        this.createUserHandlerProvider = createUserHandlerProvider;
        this.userKeyService = userKeyService;
        this.featureManager = featureManager;
        this.userService = userService;
        this.userManager = userManager;
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.bridgeUtils = compatibilityBridgeUtils;
    }

    public Collection<ExternalUser> prepareUsers(Set<ExternalUser> set, DefaultJiraDataImporter.UserProvider userProvider, ImportLogger importLogger) throws InvalidUsernamesException {
        Iterable<ExternalUser> filterUnallowedUsernames = filterUnallowedUsernames(set, importLogger);
        checkInvalidUsernames(filterUnallowedUsernames, userProvider, importLogger);
        return Ordering.natural().onResultOf(NamedExternalObject.NAME_FUNCTION).immutableSortedCopy(filterUnallowedUsernames);
    }

    private void checkInvalidUsernames(Iterable<ExternalUser> iterable, final DefaultJiraDataImporter.UserProvider userProvider, ImportLogger importLogger) throws InvalidUsernamesException {
        int i = 0;
        for (ExternalUser externalUser : Iterables.filter(iterable, new Predicate<ExternalUser>() { // from class: com.atlassian.jira.plugins.importer.external.ExternalUserUtils.1
            public boolean apply(ExternalUser externalUser2) {
                return userProvider.getUser(externalUser2) == null;
            }
        })) {
            externalUser.setName(externalUser.getName().replaceAll("[\n\r]", ""));
            UserService.CreateUsernameValidationResult validateCreateUsername = this.bridgeUtils.validateCreateUsername(this.userService, this.jiraAuthenticationContext.getUser(), externalUser.getName());
            if (!validateCreateUsername.isValid()) {
                importLogger.warn("Invalid username '%s' - %s", externalUser.getName(), Joiner.on(", ").join(validateCreateUsername.getErrorCollection().getErrors().values()));
                i++;
            }
        }
        if (i > 0) {
            throw new InvalidUsernamesException("Cannot perform import due to " + i + " invalid usernames");
        }
    }

    public CreatedUserStatus importUser(ExternalUser externalUser, ImportLogger importLogger) throws Exception {
        CreatedUserStatus createdUserStatus;
        if (StringUtils.isBlank(externalUser.getEmail())) {
            externalUser.setEmail(STUB_EMAIL_ADDRESS);
        } else if (!TextUtils.verifyEmail(externalUser.getEmail())) {
            importLogger.warn(String.format("User %s has an invalid e-mail address [%s], creating user with e-mail %s", externalUser.getName(), externalUser.getEmail(), STUB_EMAIL_ADDRESS), new Object[0]);
            externalUser.setEmail(STUB_EMAIL_ADDRESS);
        }
        if (StringUtils.isEmpty(externalUser.getFullname())) {
            externalUser.setFullname(externalUser.getName());
        }
        if (isOnDemandWithoutUnifiedUserManagement()) {
            createdUserStatus = importUserInODWithoutUnifiedUserManagement(externalUser, importLogger);
        } else {
            boolean z = !this.bridgeUtils.hasSeatsAvailableInLicense(1);
            ApplicationUser createUserNoNotification = this.bridgeUtils.createUserNoNotification(externalUser.getName(), externalUser.getPassword(), externalUser.getEmail(), externalUser.getFullname());
            fillUserGroups(importLogger, createUserNoNotification, externalUser.getGroups(), z);
            if (!externalUser.isActive()) {
                importLogger.log("Imported user %s (%s) as an inactive user because it was inactive in the external system", externalUser.getFullname(), externalUser.getName());
                createdUserStatus = CreatedUserStatus.InactiveInExternalSystem;
                removeUserUsePermission(createUserNoNotification, importLogger);
            } else if (this.bridgeUtils.rolesEnabled()) {
                importLogger.log("Imported user %s (%s) as an inactive", externalUser.getFullname(), externalUser.getName());
                createdUserStatus = CreatedUserStatus.InactiveDueToLicenseRolesEnabled;
                removeUserUsePermission(createUserNoNotification, importLogger);
            } else if (z) {
                importLogger.log("Imported user %s (%s) as an inactive user due to license limits", externalUser.getFullname(), externalUser.getName());
                createdUserStatus = CreatedUserStatus.InactiveDueToLicenseLimit;
                removeUserUsePermission(createUserNoNotification, importLogger);
            } else {
                importLogger.log("Imported user %s (%s)", externalUser.getFullname(), externalUser.getName());
                createdUserStatus = CreatedUserStatus.Active;
            }
        }
        return createdUserStatus;
    }

    private boolean isOnDemandWithoutUnifiedUserManagement() {
        return this.featureManager.isOnDemand() && !this.featureManager.getDarkFeatures().getGlobalEnabledFeatureKeys().contains(UNIFIED_USER_MANAGEMENT_FEATURE_FLAG);
    }

    private CreatedUserStatus importUserInODWithoutUnifiedUserManagement(ExternalUser externalUser, ImportLogger importLogger) throws Exception {
        CreatedUserStatus createdUserStatus;
        CreateUserHandler handler = getHandler();
        boolean z = handler.getRemainingLicenseLimit() == 0;
        ApplicationUser createUserNoNotification = this.bridgeUtils.createUserNoNotification(externalUser.getName(), externalUser.getPassword(), externalUser.getEmail(), externalUser.getFullname());
        fillUserGroups(importLogger, createUserNoNotification, externalUser.getGroups(), false);
        if (!externalUser.isActive()) {
            importLogger.log("Imported user %s (%s) will not be granted with access to JIRA because it was inactive in the external system", externalUser.getFullname(), externalUser.getName());
            handler.setUserJiraAccess(createUserNoNotification.getName(), false, importLogger);
            createdUserStatus = CreatedUserStatus.InactiveInExternalSystem;
        } else if (z) {
            importLogger.log("Imported user %s (%s) will not be granted with access to JIRA due to license limits.", externalUser.getFullname(), externalUser.getName());
            handler.setUserJiraAccess(createUserNoNotification.getName(), false, importLogger);
            createdUserStatus = CreatedUserStatus.InactiveDueToLicenseLimit;
        } else {
            importLogger.log("Imported user %s (%s)", externalUser.getFullname(), externalUser.getName());
            handler.setUserJiraAccess(createUserNoNotification.getName(), true, importLogger);
            createdUserStatus = CreatedUserStatus.Active;
        }
        return createdUserStatus;
    }

    private CreateUserHandler getHandler() {
        return (CreateUserHandler) Preconditions.checkNotNull(this.createUserHandlerProvider.getHandler(), "Cannot find CreateUserHandler!");
    }

    private Iterable<ExternalUser> filterUnallowedUsernames(Iterable<ExternalUser> iterable, final ImportLogger importLogger) {
        return Iterables.filter(iterable, new Predicate<ExternalUser>() { // from class: com.atlassian.jira.plugins.importer.external.ExternalUserUtils.2
            public boolean apply(@Nullable ExternalUser externalUser) {
                String name = externalUser != null ? externalUser.getName() : "";
                boolean z = "Unassigned".equalsIgnoreCase(name) || ExternalUserUtils.this.jiraAuthenticationContext.getI18nHelper().getText("assignee.types.unassigned").equalsIgnoreCase(name);
                if (z) {
                    importLogger.log("Cannot import user '%s' - this name is invalid!", name);
                }
                return !z;
            }
        });
    }

    private void fillUserGroups(ImportLogger importLogger, ApplicationUser applicationUser, Set<String> set, boolean z) throws Exception {
        ArrayList arrayList = new ArrayList(set.size());
        ArrayList arrayList2 = new ArrayList(2);
        ArrayList arrayList3 = new ArrayList();
        Collection groupsWithPermission = this.featureManager.isOnDemand() ? this.globalPermissionManager.getGroupsWithPermission(44) : ImmutableList.of();
        Collection<Group> groupsThatConsumesLicense = this.bridgeUtils.getGroupsThatConsumesLicense();
        for (String str : set) {
            Group groupObject = this.groupManager.groupExists(str) ? this.groupManager.getGroupObject(str) : this.groupManager.createGroup(str);
            if (z && groupsThatConsumesLicense.contains(groupObject)) {
                arrayList3.add(str);
            } else if (addUserToNonSysadminGroup(applicationUser, groupObject, groupsWithPermission)) {
                arrayList.add(str);
            } else {
                arrayList2.add(str);
            }
        }
        if (!arrayList2.isEmpty()) {
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                importLogger.warn("User: %s - was not added to group %s due to permission controls.", applicationUser.getName(), (String) it.next());
            }
        }
        if (!arrayList3.isEmpty()) {
            importLogger.log("User: %s was not added to groups [ %s ] due to license limit", applicationUser.getName(), Joiner.on(", ").join(arrayList3));
        }
        if (arrayList.isEmpty()) {
            return;
        }
        importLogger.log("User: %s added to %d groups: %s", applicationUser.getName(), Integer.valueOf(arrayList.size()), Joiner.on(", ").join(arrayList));
    }

    private boolean addUserToNonSysadminGroup(ApplicationUser applicationUser, Group group, Collection<Group> collection) throws Exception {
        if (this.featureManager.isOnDemand()) {
            Iterator<Group> it = collection.iterator();
            while (it.hasNext()) {
                if (it.next().getName().equals(group.getName())) {
                    return false;
                }
            }
            if ("system-administrators".equals(group.getName()) || "confluence-administrators".equals(group.getName())) {
                return false;
            }
        }
        this.bridgeUtils.addUserToGroup(applicationUser, group);
        return true;
    }

    public void deactivateUser(ApplicationUser applicationUser, ImportLogger importLogger) {
        if (this.featureManager.isOnDemand()) {
            return;
        }
        UserService.UpdateUserValidationResult validateUpdateUser = this.userService.validateUpdateUser(ApplicationUsers.from(ImmutableUser.newUser(applicationUser.getDirectoryUser()).active(false).toUser()));
        if (!validateUpdateUser.isValid()) {
            importLogger.warn("Cannot deactivate user: %s (%s) due to: %s", applicationUser.getDisplayName(), applicationUser.getName(), Joiner.on('\n').join(validateUpdateUser.getErrorCollection().getErrors().values()));
        } else {
            this.userService.updateUser(validateUpdateUser);
            restoreUserToUseGroup(applicationUser, importLogger);
        }
    }

    private void restoreUserToUseGroup(ApplicationUser applicationUser, ImportLogger importLogger) {
        if (this.bridgeUtils.hasSeatsAvailableInLicense(1)) {
            try {
                this.bridgeUtils.addUserToDefaultGroups(applicationUser);
            } catch (Exception e) {
                importLogger.warn(e, "Deactivated user '%s' cannot be added to jira-users group", new Object[0]);
            }
        }
    }

    private void removeUserUsePermission(ApplicationUser applicationUser, ImportLogger importLogger) {
        try {
            this.bridgeUtils.removeUserFromGroups(this.bridgeUtils.getGroupsThatConsumesLicense(), applicationUser);
        } catch (RemoveException e) {
            importLogger.fail(e, "Cannot remove 'USE' permissions for user %s (%s)", applicationUser.getName(), applicationUser.getDisplayName());
        } catch (PermissionException e2) {
            importLogger.fail(e2, "Cannot remove 'USE' permissions for user %s (%s)", applicationUser.getName(), applicationUser.getDisplayName());
        }
    }

    public void addUsersToProjectRole(ApplicationUser applicationUser, Project project, String str, Collection<String> collection, ImportLogger importLogger) throws Exception {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        ProjectRole projectRoleByName = this.projectRoleService.getProjectRoleByName(str, simpleErrorCollection);
        if (!simpleErrorCollection.hasAnyErrors()) {
            if (projectRoleByName == null) {
                projectRoleByName = this.projectRoleService.createProjectRole(new ProjectRoleImpl(str, (String) null), simpleErrorCollection);
            }
            if (projectRoleByName != null && !simpleErrorCollection.hasAnyErrors()) {
                ProjectRoleActors projectRoleActors = this.projectRoleService.getProjectRoleActors(projectRoleByName, project, simpleErrorCollection);
                if (!simpleErrorCollection.hasAnyErrors() && projectRoleActors != null) {
                    Collection<?> transformThenCopyToList = Immutables.transformThenCopyToList(projectRoleActors.getApplicationUsers(), new Function<ApplicationUser, String>() { // from class: com.atlassian.jira.plugins.importer.external.ExternalUserUtils.3
                        public String apply(@Nullable ApplicationUser applicationUser2) {
                            return applicationUser2.getName();
                        }
                    });
                    HashSet newHashSet = Sets.newHashSet(collection);
                    Set<String> inactiveUsers = getInactiveUsers(collection);
                    if (inactiveUsers.size() > 0) {
                        logInactiveUsersInformation(inactiveUsers, str, project.getName(), importLogger);
                        newHashSet.removeAll(inactiveUsers);
                    }
                    newHashSet.removeAll(transformThenCopyToList);
                    HashSet hashSet = new HashSet();
                    Iterator it = newHashSet.iterator();
                    while (it.hasNext()) {
                        String keyForUsername = this.userKeyService.getKeyForUsername((String) it.next());
                        if (!"".equals(keyForUsername) && keyForUsername != null) {
                            hashSet.add(keyForUsername);
                        }
                    }
                    if (hashSet.isEmpty()) {
                        return;
                    }
                    this.projectRoleService.addActorsToProjectRole(hashSet, projectRoleByName, project, "atlassian-user-role-actor", simpleErrorCollection);
                    if (!simpleErrorCollection.hasAnyErrors()) {
                        return;
                    }
                }
            }
        }
        throw new Exception(String.format("Failed to add users to '%s' role for the project '%s': %s", str, project.getKey(), simpleErrorCollection.toString()));
    }

    private void logInactiveUsersInformation(Set<String> set, String str, String str2, ImportLogger importLogger) {
        importLogger.log("Cannot add inactive User(s): %s to role '%s' in project '%s'", Joiner.on(", ").join(set), str, str2);
    }

    private Set<String> getInactiveUsers(Iterable<String> iterable) {
        return ImmutableSet.copyOf(Iterables.transform(Iterables.filter(Iterables.transform(iterable, new Function<String, ApplicationUser>() { // from class: com.atlassian.jira.plugins.importer.external.ExternalUserUtils.4
            public ApplicationUser apply(String str) {
                return ExternalUserUtils.this.userManager.getUserByName(str);
            }
        }), Predicates.and(Predicates.notNull(), new Predicate<ApplicationUser>() { // from class: com.atlassian.jira.plugins.importer.external.ExternalUserUtils.5
            public boolean apply(ApplicationUser applicationUser) {
                return !applicationUser.isActive();
            }
        })), new Function<ApplicationUser, String>() { // from class: com.atlassian.jira.plugins.importer.external.ExternalUserUtils.6
            public String apply(ApplicationUser applicationUser) {
                return applicationUser.getName();
            }
        }));
    }
}
