package org.eclipse.hudson.security.team;

import hudson.model.Computer;
import hudson.model.Hudson;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.MyViewsProperty;
import hudson.model.View;
import hudson.security.Permission;
import hudson.security.SecurityRealm;
import hudson.security.SidACL;
import java.util.Iterator;
import org.eclipse.hudson.security.HudsonSecurityEntitiesHolder;
import org.eclipse.hudson.security.HudsonSecurityManager;
import org.eclipse.hudson.security.team.TeamManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.acls.model.Sid;

/* loaded from: input_file:WEB-INF/lib/hudson-core-3.3.3.jar:org/eclipse/hudson/security/team/TeamBasedACL.class */
public class TeamBasedACL extends SidACL {
    private static Logger LOGGER = LoggerFactory.getLogger(TeamBasedACL.class);
    private final SCOPE scope;
    private final TeamManager teamManager;
    private Job job;
    private View view;
    private Computer node;
    private Team team;

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.3.3.jar:org/eclipse/hudson/security/team/TeamBasedACL$SCOPE.class */
    public enum SCOPE {
        GLOBAL,
        TEAM_MANAGEMENT,
        TEAM,
        JOB,
        VIEW,
        NODE
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope) {
        this.teamManager = teamManager;
        this.scope = scope;
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope, Job job) {
        this(teamManager, scope);
        this.job = job;
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope, View view) {
        this(teamManager, scope);
        this.view = view;
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope, Computer computer) {
        this(teamManager, scope);
        this.node = computer;
    }

    public TeamBasedACL(TeamManager teamManager, SCOPE scope, Team team) {
        this(teamManager, scope);
        this.team = team;
    }

    @Override // hudson.security.SidACL
    protected Boolean hasPermission(Sid sid, Permission permission) {
        String teamBasedACL = toString(sid);
        if (this.teamManager.isSysAdmin(teamBasedACL)) {
            return true;
        }
        if (this.scope == SCOPE.TEAM_MANAGEMENT && this.teamManager.isSysAdmin(teamBasedACL)) {
            return true;
        }
        if (this.scope == SCOPE.GLOBAL) {
            if (permission.getImpliedBy() == Permission.READ) {
                return true;
            }
            if (permission == Item.CREATE) {
                for (Team team : this.teamManager.findUserTeams(teamBasedACL)) {
                    if (isTeamAwareSecurityRealm()) {
                        return true;
                    }
                    TeamMember findMember = team.findMember(teamBasedACL);
                    if (findMember != null && findMember.hasPermission(Item.CREATE)) {
                        return true;
                    }
                }
            }
            if (permission == View.CREATE) {
                Iterator<Team> it = this.teamManager.findUserTeams(teamBasedACL).iterator();
                while (it.hasNext()) {
                    TeamMember findMember2 = it.next().findMember(teamBasedACL);
                    if (findMember2 != null && findMember2.hasPermission(View.CREATE)) {
                        return true;
                    }
                }
            }
            if (permission == Computer.CREATE) {
                Iterator<Team> it2 = this.teamManager.findUserTeams(teamBasedACL).iterator();
                while (it2.hasNext()) {
                    TeamMember findMember3 = it2.next().findMember(teamBasedACL);
                    if (findMember3 != null && findMember3.hasPermission(Computer.CREATE)) {
                        return true;
                    }
                }
            }
        }
        if (this.scope == SCOPE.TEAM) {
            if (this.teamManager.isSysAdmin(teamBasedACL)) {
                return true;
            }
            for (Team team2 : this.teamManager.findUserTeams(teamBasedACL)) {
                if (team2 == this.team) {
                    if (team2.isAdmin(teamBasedACL)) {
                        return true;
                    }
                    if (team2.isMember(teamBasedACL) && permission.getImpliedBy() == Permission.READ) {
                        return true;
                    }
                }
            }
        }
        if (this.scope == SCOPE.JOB) {
            Team findJobOwnerTeam = this.teamManager.findJobOwnerTeam(this.job.getName());
            if (findJobOwnerTeam != null && findJobOwnerTeam.isMember(teamBasedACL)) {
                if (permission.getImpliedBy() != Permission.READ && !isTeamAwareSecurityRealm()) {
                    return Boolean.valueOf(findJobOwnerTeam.findMember(teamBasedACL).hasPermission(permission));
                }
                return true;
            }
            if (permission.getImpliedBy() == Permission.READ && hasReadPermission(findJobOwnerTeam, permission, teamBasedACL)) {
                return true;
            }
            if (permission == Item.EXTENDED_READ && hasReadPermission(findJobOwnerTeam, permission, teamBasedACL) && findJobOwnerTeam != null && findJobOwnerTeam.findJob(this.job.getName()).isAllowConfigView()) {
                return true;
            }
        }
        if (this.scope == SCOPE.VIEW) {
            Team findViewOwnerTeam = this.teamManager.findViewOwnerTeam(this.view.getViewName());
            if (permission == Item.CREATE) {
                Iterator<Team> it3 = this.teamManager.findUserTeams(teamBasedACL).iterator();
                while (it3.hasNext()) {
                    TeamMember findMember4 = it3.next().findMember(teamBasedACL);
                    if (findMember4 != null && findMember4.hasPermission(Item.CREATE)) {
                        return true;
                    }
                }
            }
            if (permission == Computer.CREATE) {
                Iterator<Team> it4 = this.teamManager.findUserTeams(teamBasedACL).iterator();
                while (it4.hasNext()) {
                    TeamMember findMember5 = it4.next().findMember(teamBasedACL);
                    if (findMember5 != null && findMember5.hasPermission(Computer.CREATE)) {
                        return true;
                    }
                }
            }
            if (permission == View.CREATE) {
                Iterator<Team> it5 = this.teamManager.findUserTeams(teamBasedACL).iterator();
                while (it5.hasNext()) {
                    TeamMember findMember6 = it5.next().findMember(teamBasedACL);
                    if (findMember6 != null && findMember6.hasPermission(View.CREATE)) {
                        return true;
                    }
                }
            }
            if ((this.view.getOwner() instanceof MyViewsProperty) && (permission == View.CONFIGURE || permission == View.DELETE)) {
                Iterator<Team> it6 = this.teamManager.findUserTeams(teamBasedACL).iterator();
                while (it6.hasNext()) {
                    TeamMember findMember7 = it6.next().findMember(teamBasedACL);
                    if (findMember7 != null && findMember7.hasPermission(permission)) {
                        return true;
                    }
                }
            }
            if (findViewOwnerTeam != null && findViewOwnerTeam.isMember(teamBasedACL)) {
                if (permission == View.READ) {
                    return true;
                }
                return Boolean.valueOf(findViewOwnerTeam.findMember(teamBasedACL).hasPermission(permission));
            }
            if (permission == View.READ && hasViewReadPermission(findViewOwnerTeam, permission, teamBasedACL)) {
                return true;
            }
        }
        if (this.scope != SCOPE.NODE) {
            return null;
        }
        String name = this.node.getName();
        if (this.node instanceof Hudson.MasterComputer) {
            name = "Master";
        }
        Team findNodeOwnerTeam = this.teamManager.findNodeOwnerTeam(name);
        if (permission == Computer.CREATE) {
            Iterator<Team> it7 = this.teamManager.findUserTeams(teamBasedACL).iterator();
            while (it7.hasNext()) {
                TeamMember findMember8 = it7.next().findMember(teamBasedACL);
                if (findMember8 != null && findMember8.hasPermission(Computer.CREATE)) {
                    return true;
                }
            }
        }
        if (findNodeOwnerTeam == null || !findNodeOwnerTeam.isMember(teamBasedACL)) {
            return (permission == Computer.READ && hasNodeReadPermission(findNodeOwnerTeam, permission, teamBasedACL)) ? true : null;
        }
        if (permission == Computer.READ) {
            return true;
        }
        return Boolean.valueOf(findNodeOwnerTeam.findMember(teamBasedACL).hasPermission(permission));
    }

    private boolean hasReadPermission(Team team, Permission permission, String str) {
        try {
            if (this.teamManager.findTeam(Team.PUBLIC_TEAM_NAME).isJobOwner(this.job.getName())) {
                if (permission.getImpliedBy() == Permission.READ) {
                    return true;
                }
            }
        } catch (TeamManager.TeamNotFoundException e) {
            LOGGER.error("The public team must exists.", (Throwable) e);
        }
        if (team == null) {
            return false;
        }
        TeamJob findJob = team.findJob(this.job.getName());
        Iterator<Team> it = this.teamManager.findUserTeams(str).iterator();
        while (it.hasNext()) {
            if (findJob.isVisible(it.next().getName()).booleanValue()) {
                return true;
            }
        }
        return findJob.isVisible(Team.PUBLIC_TEAM_NAME).booleanValue();
    }

    private boolean hasViewReadPermission(Team team, Permission permission, String str) {
        try {
            if (this.teamManager.findTeam(Team.PUBLIC_TEAM_NAME).isViewOwner(this.view.getViewName())) {
                if (permission == View.READ) {
                    return true;
                }
            }
        } catch (TeamManager.TeamNotFoundException e) {
            LOGGER.error("The public team must exists.", (Throwable) e);
        }
        if (team == null) {
            return false;
        }
        TeamView findView = team.findView(this.view.getViewName());
        Iterator<Team> it = this.teamManager.findUserTeams(str).iterator();
        while (it.hasNext()) {
            if (findView.isVisible(it.next().getName()).booleanValue()) {
                return true;
            }
        }
        return findView.isVisible(Team.PUBLIC_TEAM_NAME).booleanValue();
    }

    private boolean hasNodeReadPermission(Team team, Permission permission, String str) {
        String name = this.node.getName();
        if (this.node instanceof Hudson.MasterComputer) {
            name = "Master";
        }
        try {
            if (this.teamManager.findTeam(Team.PUBLIC_TEAM_NAME).isNodeOwner(name)) {
                if (permission == Computer.READ) {
                    return true;
                }
            }
        } catch (TeamManager.TeamNotFoundException e) {
            LOGGER.error("The public team must exists.", (Throwable) e);
        }
        if (team == null) {
            return false;
        }
        TeamNode findNode = team.findNode(name);
        Iterator<Team> it = this.teamManager.findUserTeams(str).iterator();
        while (it.hasNext()) {
            if (findNode.isVisible(it.next().getName()).booleanValue()) {
                return true;
            }
        }
        return findNode.isVisible(Team.PUBLIC_TEAM_NAME).booleanValue();
    }

    private boolean isTeamAwareSecurityRealm() {
        HudsonSecurityManager hudsonSecurityManager = HudsonSecurityEntitiesHolder.getHudsonSecurityManager();
        SecurityRealm securityRealm = null;
        if (hudsonSecurityManager != null) {
            securityRealm = hudsonSecurityManager.getSecurityRealm();
        }
        return securityRealm != null && (securityRealm instanceof TeamAwareSecurityRealm);
    }
}
