package org.eclipse.hudson.security.team;

import hudson.model.Item;
import hudson.model.Job;
import hudson.security.Permission;
import hudson.security.SecurityRealm;
import hudson.security.SidACL;
import java.util.Iterator;
import org.eclipse.hudson.security.HudsonSecurityEntitiesHolder;
import org.eclipse.hudson.security.HudsonSecurityManager;
import org.eclipse.hudson.security.team.TeamManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.acls.sid.Sid;

/* loaded from: input_file:WEB-INF/lib/hudson-core-3.1.0.jar:org/eclipse/hudson/security/team/TeamBasedACL.class */
public class TeamBasedACL extends SidACL {
    private transient Logger logger;
    private final SCOPE scope;
    private final TeamManager teamManager;
    private Job job;
    private Team team;

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.1.0.jar:org/eclipse/hudson/security/team/TeamBasedACL$SCOPE.class */
    public enum SCOPE {
        GLOBAL,
        TEAM_MANAGEMENT,
        TEAM,
        JOB
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope) {
        this.logger = LoggerFactory.getLogger(TeamBasedACL.class);
        this.teamManager = teamManager;
        this.scope = scope;
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope, Job job) {
        this(teamManager, scope);
        this.job = job;
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope, Team team) {
        this(teamManager, scope);
        this.team = team;
    }

    @Override // hudson.security.SidACL
    protected Boolean hasPermission(Sid sid, Permission permission) {
        String teamBasedACL = toString(sid);
        if (this.teamManager.isSysAdmin(teamBasedACL)) {
            return true;
        }
        if (this.scope == SCOPE.TEAM_MANAGEMENT && this.teamManager.isSysAdmin(teamBasedACL)) {
            return true;
        }
        if (this.scope == SCOPE.GLOBAL) {
            if (permission.getImpliedBy() == Permission.READ) {
                return true;
            }
            if (permission == Item.CREATE) {
                for (Team team : this.teamManager.findUserTeams(teamBasedACL)) {
                    if (isTeamAwareSecurityRealm()) {
                        return true;
                    }
                    TeamMember findMember = team.findMember(teamBasedACL);
                    if (findMember != null && findMember.hasPermission(Item.CREATE)) {
                        return true;
                    }
                }
            }
        }
        if (this.scope == SCOPE.TEAM) {
            if (this.teamManager.isSysAdmin(teamBasedACL)) {
                return true;
            }
            for (Team team2 : this.teamManager.findUserTeams(teamBasedACL)) {
                if (team2 == this.team) {
                    if (team2.isAdmin(teamBasedACL)) {
                        return true;
                    }
                    if (team2.isMember(teamBasedACL) && permission.getImpliedBy() == Permission.READ) {
                        return true;
                    }
                }
            }
        }
        if (this.scope != SCOPE.JOB) {
            return null;
        }
        Team findJobOwnerTeam = this.teamManager.findJobOwnerTeam(this.job.getName());
        if (findJobOwnerTeam != null && findJobOwnerTeam.isMember(teamBasedACL)) {
            if (permission.getImpliedBy() != Permission.READ && !isTeamAwareSecurityRealm()) {
                return Boolean.valueOf(findJobOwnerTeam.findMember(teamBasedACL).hasPermission(permission));
            }
            return true;
        }
        if (permission.getImpliedBy() != Permission.READ) {
            return null;
        }
        try {
            if (this.teamManager.findTeam(Team.PUBLIC_TEAM_NAME).isJobOwner(this.job.getName()) && permission.getImpliedBy() == Permission.READ) {
                return true;
            }
        } catch (TeamManager.TeamNotFoundException e) {
            this.logger.error("The public team must exists.", (Throwable) e);
        }
        if (findJobOwnerTeam == null) {
            return null;
        }
        TeamJob findJob = findJobOwnerTeam.findJob(this.job.getName());
        Iterator<Team> it = this.teamManager.findUserTeams(teamBasedACL).iterator();
        while (it.hasNext()) {
            if (findJob.isVisible(it.next().getName()).booleanValue()) {
                return true;
            }
        }
        return findJob.isVisible(Team.PUBLIC_TEAM_NAME).booleanValue() ? true : null;
    }

    private boolean isTeamAwareSecurityRealm() {
        HudsonSecurityManager hudsonSecurityManager = HudsonSecurityEntitiesHolder.getHudsonSecurityManager();
        SecurityRealm securityRealm = null;
        if (hudsonSecurityManager != null) {
            securityRealm = hudsonSecurityManager.getSecurityRealm();
        }
        return securityRealm != null && (securityRealm instanceof TeamAwareSecurityRealm);
    }
}
