package com.google.gerrit.server.project;

import com.google.common.base.Preconditions;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRange;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.FailedPermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gerrit.server.util.MagicBranch;
import com.google.gwtorm.server.OrmException;
import com.google.inject.util.Providers;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/google/gerrit/server/project/RefControl.class */
public class RefControl {
    private final ProjectControl projectControl;
    private final String refName;
    private final PermissionCollection relevant;
    private final Map<String, List<PermissionRule>> effective = new HashMap();
    private Boolean owner;
    private Boolean canForgeAuthor;
    private Boolean canForgeCommitter;
    private Boolean isVisible;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/gerrit/server/project/RefControl$AllowedRange.class */
    public static class AllowedRange {
        private int allowMin;
        private int allowMax;
        private int blockMin;
        private int blockMax;

        private AllowedRange() {
            this.blockMin = Integer.MIN_VALUE;
            this.blockMax = Integer.MAX_VALUE;
        }

        void update(PermissionRule permissionRule) {
            if (permissionRule.isBlock()) {
                this.blockMin = Math.max(this.blockMin, permissionRule.getMin().intValue());
                this.blockMax = Math.min(this.blockMax, permissionRule.getMax().intValue());
            } else {
                this.allowMin = Math.min(this.allowMin, permissionRule.getMin().intValue());
                this.allowMax = Math.max(this.allowMax, permissionRule.getMax().intValue());
            }
        }

        int getAllowMin() {
            return this.allowMin;
        }

        int getAllowMax() {
            return this.allowMax;
        }

        int getBlockMin() {
            return Math.min(this.blockMin, this.allowMin - 1);
        }

        int getBlockMax() {
            return Math.max(this.blockMax, this.allowMax + 1);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/gerrit/server/project/RefControl$ForRefImpl.class */
    public class ForRefImpl extends PermissionBackend.ForRef {
        private ForRefImpl() {
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForRef
        public PermissionBackend.ForRef user(CurrentUser currentUser) {
            return RefControl.this.forUser(currentUser).asForRef().database(this.db);
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForRef
        public PermissionBackend.ForChange change(ChangeData changeData) {
            try {
                return RefControl.this.getProjectControl().controlFor(changeData.db(), changeData.change()).asForChange(changeData, Providers.of(changeData.db()));
            } catch (OrmException e) {
                return FailedPermissionBackend.change("unavailable", e);
            }
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForRef
        public PermissionBackend.ForChange change(ChangeNotes changeNotes) {
            Project.NameKey nameKey = RefControl.this.getProjectControl().getProject().getNameKey();
            Change change = changeNotes.getChange();
            Preconditions.checkArgument(nameKey.equals(change.getProject()), "expected change in project %s, not %s", nameKey, change.getProject());
            return RefControl.this.getProjectControl().controlFor(changeNotes).asForChange(null, this.db);
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForRef
        public PermissionBackend.ForChange indexedChange(ChangeData changeData, ChangeNotes changeNotes) {
            return RefControl.this.getProjectControl().controlFor(changeNotes).asForChange(changeData, this.db);
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForRef
        public void check(RefPermission refPermission) throws AuthException, PermissionBackendException {
            if (!can(refPermission)) {
                throw new AuthException(refPermission.describeForException() + " not permitted for " + RefControl.this.getRefName());
            }
        }

        @Override // com.google.gerrit.server.permissions.PermissionBackend.ForRef
        public Set<RefPermission> test(Collection<RefPermission> collection) throws PermissionBackendException {
            EnumSet noneOf = EnumSet.noneOf(RefPermission.class);
            for (RefPermission refPermission : collection) {
                if (can(refPermission)) {
                    noneOf.add(refPermission);
                }
            }
            return noneOf;
        }

        private boolean can(RefPermission refPermission) throws PermissionBackendException {
            switch (refPermission) {
                case READ:
                    return RefControl.this.isVisible();
                case CREATE:
                    return RefControl.this.canPerform(refPermission.permissionName().get());
                case DELETE:
                    return RefControl.this.canDelete();
                case UPDATE:
                    return RefControl.this.canUpdate();
                case FORCE_UPDATE:
                    return RefControl.this.canForceUpdate();
                case FORGE_AUTHOR:
                    return RefControl.this.canForgeAuthor();
                case FORGE_COMMITTER:
                    return RefControl.this.canForgeCommitter();
                case FORGE_SERVER:
                    return RefControl.this.canForgeGerritServerIdentity();
                case MERGE:
                    return RefControl.this.canUploadMerges();
                case CREATE_CHANGE:
                    return RefControl.this.canUpload();
                case UPDATE_BY_SUBMIT:
                    return RefControl.this.projectControl.controlForRef(MagicBranch.NEW_CHANGE + RefControl.this.getRefName()).canSubmit(true);
                case SKIP_VALIDATION:
                    return RefControl.this.canForgeAuthor() && RefControl.this.canForgeCommitter() && RefControl.this.canForgeGerritServerIdentity() && RefControl.this.canUploadMerges() && !RefControl.this.projectControl.getProjectState().isUseSignedOffBy();
                default:
                    throw new PermissionBackendException(refPermission + " unsupported");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RefControl(ProjectControl projectControl, String str, PermissionCollection permissionCollection) {
        this.projectControl = projectControl;
        this.refName = str;
        this.relevant = permissionCollection;
    }

    public String getRefName() {
        return this.refName;
    }

    public ProjectControl getProjectControl() {
        return this.projectControl;
    }

    public CurrentUser getUser() {
        return this.projectControl.getUser();
    }

    public RefControl forUser(CurrentUser currentUser) {
        ProjectControl forUser = this.projectControl.forUser(currentUser);
        return this.relevant.isUserSpecific() ? forUser.controlForRef(getRefName()) : new RefControl(forUser, getRefName(), this.relevant);
    }

    public boolean isOwner() {
        if (this.owner == null) {
            if (canPerform("owner")) {
                this.owner = true;
            } else {
                this.owner = Boolean.valueOf(this.projectControl.isOwner());
            }
        }
        return this.owner.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isVisible() {
        if (this.isVisible == null) {
            this.isVisible = Boolean.valueOf((getUser().isInternalUser() || canPerform(Permission.READ)) && isProjectStatePermittingRead());
        }
        return this.isVisible.booleanValue();
    }

    public boolean isEditVisible() {
        return canViewPrivateChanges();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canUpload() {
        return this.projectControl.controlForRef(new StringBuilder().append(MagicBranch.NEW_CHANGE).append(getRefName()).toString()).canPerform(Permission.PUSH) && isProjectStatePermittingWrite();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canAddPatchSet() {
        return this.projectControl.controlForRef(new StringBuilder().append(MagicBranch.NEW_CHANGE).append(getRefName()).toString()).canPerform(Permission.ADD_PATCH_SET) && isProjectStatePermittingWrite();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canUploadMerges() {
        return this.projectControl.controlForRef(new StringBuilder().append(MagicBranch.NEW_CHANGE).append(getRefName()).toString()).canPerform(Permission.PUSH_MERGE) && isProjectStatePermittingWrite();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canRebase() {
        return canPerform("rebase") && isProjectStatePermittingWrite();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canSubmit(boolean z) {
        return RefNames.REFS_CONFIG.equals(this.refName) ? this.projectControl.isOwner() : canPerform(Permission.SUBMIT, z) && isProjectStatePermittingWrite();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canUpdate() {
        return (!RefNames.REFS_CONFIG.equals(this.refName) || this.projectControl.isOwner() || (this.projectControl.getProjectState().isAllProjects() && this.projectControl.isAdmin())) && canPerform(Permission.PUSH) && isProjectStatePermittingWrite();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canForceUpdate() {
        if (!isProjectStatePermittingWrite()) {
            return false;
        }
        if (canPushWithForce()) {
            return true;
        }
        switch (getUser().getAccessPath()) {
            case GIT:
                return false;
            case JSON_RPC:
            case REST_API:
            case SSH_COMMAND:
            case UNKNOWN:
            case WEB_BROWSER:
            default:
                return (isOwner() && !isForceBlocked(Permission.PUSH)) || this.projectControl.isAdmin();
        }
    }

    private boolean isProjectStatePermittingWrite() {
        return getProjectControl().getProject().getState().permitsWrite();
    }

    private boolean isProjectStatePermittingRead() {
        return getProjectControl().getProject().getState().permitsRead();
    }

    private boolean canPushWithForce() {
        if (!isProjectStatePermittingWrite()) {
            return false;
        }
        if (!RefNames.REFS_CONFIG.equals(this.refName) || this.projectControl.isOwner()) {
            return canForcePerform(Permission.PUSH);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canDelete() {
        if (!isProjectStatePermittingWrite() || RefNames.REFS_CONFIG.equals(this.refName)) {
            return false;
        }
        switch (getUser().getAccessPath()) {
            case GIT:
                return canPushWithForce() || canPerform(Permission.DELETE);
            case JSON_RPC:
            case REST_API:
            case SSH_COMMAND:
            case UNKNOWN:
            case WEB_BROWSER:
            default:
                return (isOwner() && !isForceBlocked(Permission.PUSH)) || canPushWithForce() || canPerform(Permission.DELETE) || this.projectControl.isAdmin();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canForgeAuthor() {
        if (this.canForgeAuthor == null) {
            this.canForgeAuthor = Boolean.valueOf(canPerform(Permission.FORGE_AUTHOR));
        }
        return this.canForgeAuthor.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canForgeCommitter() {
        if (this.canForgeCommitter == null) {
            this.canForgeCommitter = Boolean.valueOf(canPerform(Permission.FORGE_COMMITTER));
        }
        return this.canForgeCommitter.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean canForgeGerritServerIdentity() {
        return canPerform(Permission.FORGE_SERVER);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canAbandon() {
        return canPerform(Permission.ABANDON);
    }

    boolean canRemoveReviewer() {
        return canPerform(Permission.REMOVE_REVIEWER);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canViewPrivateChanges() {
        return canPerform(Permission.VIEW_PRIVATE_CHANGES);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canDeleteOwnChanges() {
        return canPerform(Permission.DELETE_OWN_CHANGES);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canEditTopicName() {
        return canPerform(Permission.EDIT_TOPIC_NAME);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canEditHashtags() {
        return canPerform(Permission.EDIT_HASHTAGS);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canEditAssignee() {
        return canPerform(Permission.EDIT_ASSIGNEE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canForceEditTopicName() {
        return canForcePerform(Permission.EDIT_TOPIC_NAME);
    }

    PermissionRange getRange(String str) {
        return getRange(str, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionRange getRange(String str, boolean z) {
        if (Permission.hasRange(str)) {
            return toRange(str, access(str, z));
        }
        return null;
    }

    private PermissionRange toRange(String str, List<PermissionRule> list) {
        HashMap hashMap = new HashMap();
        for (PermissionRule permissionRule : list) {
            ProjectRef ruleProps = this.relevant.getRuleProps(permissionRule);
            AllowedRange allowedRange = (AllowedRange) hashMap.get(ruleProps);
            if (allowedRange == null) {
                allowedRange = new AllowedRange();
                hashMap.put(ruleProps, allowedRange);
            }
            allowedRange.update(permissionRule);
        }
        int i = 0;
        int i2 = 0;
        int i3 = Integer.MIN_VALUE;
        int i4 = Integer.MAX_VALUE;
        for (AllowedRange allowedRange2 : hashMap.values()) {
            i = Math.min(i, allowedRange2.getAllowMin());
            i2 = Math.max(i2, allowedRange2.getAllowMax());
            i3 = Math.max(i3, allowedRange2.getBlockMin());
            i4 = Math.min(i4, allowedRange2.getBlockMax());
        }
        return new PermissionRange(str, Math.max(i, i3 + 1), Math.min(i2, i4 - 1));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean canPerform(String str) {
        return canPerform(str, false);
    }

    boolean canPerform(String str, boolean z) {
        return doCanPerform(str, z, false);
    }

    public boolean isBlocked(String str) {
        return !doCanPerform(str, false, true);
    }

    private boolean doCanPerform(String str, boolean z, boolean z2) {
        List<PermissionRule> access = access(str, z);
        List<PermissionRule> overridden = this.relevant.getOverridden(str);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (PermissionRule permissionRule : access) {
            if (!permissionRule.isBlock() || permissionRule.getForce().booleanValue()) {
                hashSet.add(this.relevant.getRuleProps(permissionRule));
            } else {
                hashSet2.add(this.relevant.getRuleProps(permissionRule));
            }
        }
        Iterator<PermissionRule> it = overridden.iterator();
        while (it.hasNext()) {
            hashSet2.remove(this.relevant.getRuleProps(it.next()));
        }
        hashSet2.removeAll(hashSet);
        return hashSet2.isEmpty() && (!hashSet.isEmpty() || z2);
    }

    private boolean canForcePerform(String str) {
        List<PermissionRule> access = access(str);
        List<PermissionRule> overridden = this.relevant.getOverridden(str);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (PermissionRule permissionRule : access) {
            if (permissionRule.isBlock()) {
                hashSet2.add(this.relevant.getRuleProps(permissionRule));
            } else if (permissionRule.getForce().booleanValue()) {
                hashSet.add(this.relevant.getRuleProps(permissionRule));
            }
        }
        for (PermissionRule permissionRule2 : overridden) {
            if (permissionRule2.getForce().booleanValue()) {
                hashSet2.remove(this.relevant.getRuleProps(permissionRule2));
            }
        }
        hashSet2.removeAll(hashSet);
        return hashSet2.isEmpty() && !hashSet.isEmpty();
    }

    private boolean isForceBlocked(String str) {
        List<PermissionRule> access = access(str);
        List<PermissionRule> overridden = this.relevant.getOverridden(str);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (PermissionRule permissionRule : access) {
            if (permissionRule.isBlock()) {
                hashSet2.add(this.relevant.getRuleProps(permissionRule));
            } else if (permissionRule.getForce().booleanValue()) {
                hashSet.add(this.relevant.getRuleProps(permissionRule));
            }
        }
        for (PermissionRule permissionRule2 : overridden) {
            if (permissionRule2.getForce().booleanValue()) {
                hashSet2.remove(this.relevant.getRuleProps(permissionRule2));
            }
        }
        hashSet2.removeAll(hashSet);
        return !hashSet2.isEmpty();
    }

    private List<PermissionRule> access(String str) {
        return access(str, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.util.List] */
    private List<PermissionRule> access(String str, boolean z) {
        List<PermissionRule> list = this.effective.get(str);
        if (list != null) {
            return list;
        }
        List<PermissionRule> permission = this.relevant.getPermission(str);
        ArrayList arrayList = new ArrayList(permission.size());
        for (PermissionRule permissionRule : permission) {
            if (this.projectControl.match(permissionRule, z)) {
                arrayList.add(permissionRule);
            }
        }
        if (arrayList.isEmpty()) {
            arrayList = Collections.emptyList();
        }
        this.effective.put(str, arrayList);
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionBackend.ForRef asForRef() {
        return new ForRefImpl();
    }
}
