package com.google.gerrit.server.account;

import com.google.gerrit.common.data.GroupDescription;
import com.google.gerrit.common.data.GroupDescriptions;
import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.group.InternalGroupDescription;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;

/* loaded from: input_file:com/google/gerrit/server/account/GroupControl.class */
public class GroupControl {
    private final CurrentUser user;
    private final GroupDescription.Basic group;
    private Boolean isOwner;
    private final PermissionBackend.WithUser perm;
    private final GroupBackend groupBackend;

    /* loaded from: input_file:com/google/gerrit/server/account/GroupControl$Factory.class */
    public static class Factory {
        private final PermissionBackend permissionBackend;
        private final GroupCache groupCache;
        private final Provider<CurrentUser> user;
        private final GroupBackend groupBackend;

        @Inject
        Factory(PermissionBackend permissionBackend, GroupCache groupCache, Provider<CurrentUser> provider, GroupBackend groupBackend) {
            this.permissionBackend = permissionBackend;
            this.groupCache = groupCache;
            this.user = provider;
            this.groupBackend = groupBackend;
        }

        public GroupControl controlFor(AccountGroup.Id id) throws NoSuchGroupException {
            return (GroupControl) this.groupCache.get(id).map(InternalGroupDescription::new).map((v1) -> {
                return controlFor(v1);
            }).orElseThrow(() -> {
                return new NoSuchGroupException(id);
            });
        }

        public GroupControl controlFor(AccountGroup.UUID uuid) throws NoSuchGroupException {
            GroupDescription.Basic basic = this.groupBackend.get(uuid);
            if (basic == null) {
                throw new NoSuchGroupException(uuid);
            }
            return controlFor(basic);
        }

        public GroupControl controlFor(AccountGroup accountGroup) {
            return controlFor(GroupDescriptions.forAccountGroup(accountGroup));
        }

        public GroupControl controlFor(GroupDescription.Basic basic) {
            return new GroupControl(this.user.get(), basic, this.permissionBackend, this.groupBackend);
        }

        public GroupControl validateFor(AccountGroup.UUID uuid) throws NoSuchGroupException {
            GroupControl controlFor = controlFor(uuid);
            if (controlFor.isVisible()) {
                return controlFor;
            }
            throw new NoSuchGroupException(uuid);
        }
    }

    @Singleton
    /* loaded from: input_file:com/google/gerrit/server/account/GroupControl$GenericFactory.class */
    public static class GenericFactory {
        private final PermissionBackend permissionBackend;
        private final GroupBackend groupBackend;

        @Inject
        GenericFactory(PermissionBackend permissionBackend, GroupBackend groupBackend) {
            this.permissionBackend = permissionBackend;
            this.groupBackend = groupBackend;
        }

        public GroupControl controlFor(CurrentUser currentUser, AccountGroup.UUID uuid) throws NoSuchGroupException {
            GroupDescription.Basic basic = this.groupBackend.get(uuid);
            if (basic == null) {
                throw new NoSuchGroupException(uuid);
            }
            return new GroupControl(currentUser, basic, this.permissionBackend, this.groupBackend);
        }
    }

    GroupControl(CurrentUser currentUser, GroupDescription.Basic basic, PermissionBackend permissionBackend, GroupBackend groupBackend) {
        this.user = currentUser;
        this.group = basic;
        this.perm = permissionBackend.user(this.user);
        this.groupBackend = groupBackend;
    }

    public GroupDescription.Basic getGroup() {
        return this.group;
    }

    public CurrentUser getUser() {
        return this.user;
    }

    public boolean isVisible() {
        return this.user.isInternalUser() || this.groupBackend.isVisibleToAll(this.group.getGroupUUID()) || this.user.getEffectiveGroups().contains(this.group.getGroupUUID()) || isOwner() || canAdministrateServer();
    }

    public boolean isOwner() {
        if (this.isOwner != null) {
            return this.isOwner.booleanValue();
        }
        if (this.group instanceof GroupDescription.Internal) {
            this.isOwner = Boolean.valueOf(getUser().getEffectiveGroups().contains(((GroupDescription.Internal) this.group).getOwnerGroupUUID()) || canAdministrateServer());
        } else {
            this.isOwner = false;
        }
        return this.isOwner.booleanValue();
    }

    private boolean canAdministrateServer() {
        try {
            this.perm.check(GlobalPermission.ADMINISTRATE_SERVER);
            return true;
        } catch (AuthException | PermissionBackendException e) {
            return false;
        }
    }

    public boolean canAddMember() {
        return isOwner();
    }

    public boolean canRemoveMember() {
        return isOwner();
    }

    public boolean canSeeMember(Account.Id id) {
        if (this.user.isIdentifiedUser() && this.user.getAccountId().equals(id)) {
            return true;
        }
        return canSeeMembers();
    }

    public boolean canAddGroup() {
        return isOwner();
    }

    public boolean canRemoveGroup() {
        return isOwner();
    }

    public boolean canSeeGroup() {
        return canSeeMembers();
    }

    private boolean canSeeMembers() {
        if (this.group instanceof GroupDescription.Internal) {
            return ((GroupDescription.Internal) this.group).isVisibleToAll() || isOwner();
        }
        return false;
    }
}
