package com.google.gerrit.httpd.rpc.project;

import com.google.common.base.MoreObjects;
import com.google.gerrit.common.ProjectAccessUtil;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.errors.InvalidNameException;
import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.common.errors.UpdateParentFailedException;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.httpd.rpc.Handler;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.account.GroupBackends;
import com.google.gerrit.server.config.AllProjectsNameProvider;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.RefControl;
import com.google.gerrit.server.project.SetParent;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Provider;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.lib.ObjectId;

/* loaded from: input_file:WEB-INF/lib/gerrit-httpd-httpd.jar:com/google/gerrit/httpd/rpc/project/ProjectAccessHandler.class */
public abstract class ProjectAccessHandler<T> extends Handler<T> {
    private final ProjectControl.Factory projectControlFactory;
    protected final GroupBackend groupBackend;
    private final MetaDataUpdate.User metaDataUpdateFactory;
    private final AllProjectsNameProvider allProjects;
    private final Provider<SetParent> setParent;
    protected final Project.NameKey projectName;
    protected final ObjectId base;
    private List<AccessSection> sectionList;
    private final Project.NameKey parentProjectName;
    protected String message;
    private boolean checkIfOwner;

    /* JADX INFO: Access modifiers changed from: protected */
    public ProjectAccessHandler(ProjectControl.Factory factory, GroupBackend groupBackend, MetaDataUpdate.User user, AllProjectsNameProvider allProjectsNameProvider, Provider<SetParent> provider, Project.NameKey nameKey, ObjectId objectId, List<AccessSection> list, Project.NameKey nameKey2, String str, boolean z) {
        this.projectControlFactory = factory;
        this.groupBackend = groupBackend;
        this.metaDataUpdateFactory = user;
        this.allProjects = allProjectsNameProvider;
        this.setParent = provider;
        this.projectName = nameKey;
        this.base = objectId;
        this.sectionList = list;
        this.parentProjectName = nameKey2;
        this.message = str;
        this.checkIfOwner = z;
    }

    @Override // com.google.gerrit.httpd.rpc.Handler, java.util.concurrent.Callable
    public final T call() throws NoSuchProjectException, IOException, ConfigInvalidException, InvalidNameException, NoSuchGroupException, OrmException, UpdateParentFailedException {
        ProjectControl controlFor = this.projectControlFactory.controlFor(this.projectName);
        try {
            MetaDataUpdate create = this.metaDataUpdateFactory.create(this.projectName);
            try {
                ProjectConfig read = ProjectConfig.read(create, this.base);
                Set<String> scanSectionNames = scanSectionNames(read);
                for (AccessSection accessSection : ProjectAccessUtil.mergeSections(this.sectionList)) {
                    String name = accessSection.getName();
                    if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
                        if (!this.checkIfOwner || controlFor.isOwner()) {
                            replace(read, scanSectionNames, accessSection);
                        }
                    } else if (AccessSection.isValid(name)) {
                        if (!this.checkIfOwner || controlFor.controlForRef(name).isOwner()) {
                            RefControl.validateRefPattern(name);
                            replace(read, scanSectionNames, accessSection);
                        }
                    }
                }
                for (String str : scanSectionNames) {
                    if (AccessSection.GLOBAL_CAPABILITIES.equals(str)) {
                        if (!this.checkIfOwner || controlFor.isOwner()) {
                            read.remove(read.getAccessSection(str));
                        }
                    } else if (!this.checkIfOwner || controlFor.controlForRef(str).isOwner()) {
                        read.remove(read.getAccessSection(str));
                    }
                }
                boolean z = false;
                if (!read.getProject().getNameKey().equals(this.allProjects.get()) && !read.getProject().getParent(this.allProjects.get()).equals(this.parentProjectName)) {
                    z = true;
                    try {
                        this.setParent.get().validateParentUpdate(controlFor, ((Project.NameKey) MoreObjects.firstNonNull(this.parentProjectName, this.allProjects.get())).get(), this.checkIfOwner);
                        read.getProject().setParentName(this.parentProjectName);
                    } catch (AuthException e) {
                        throw new UpdateParentFailedException("You are not allowed to change the parent project since you are not an administrator. You may save the modifications for review so that an administrator can approve them.", e);
                    } catch (ResourceConflictException e2) {
                        throw new UpdateParentFailedException(e2.getMessage(), e2);
                    } catch (UnprocessableEntityException e3) {
                        throw new UpdateParentFailedException(e3.getMessage(), e3);
                    }
                }
                if (this.message == null || this.message.isEmpty()) {
                    create.setMessage("Modify access rules\n");
                } else {
                    if (!this.message.endsWith("\n")) {
                        this.message += "\n";
                    }
                    create.setMessage(this.message);
                }
                T updateProjectConfig = updateProjectConfig(controlFor, read, create, z);
                create.close();
                return updateProjectConfig;
            } catch (Throwable th) {
                create.close();
                throw th;
            }
        } catch (RepositoryNotFoundException e4) {
            throw new NoSuchProjectException(this.projectName);
        }
    }

    protected abstract T updateProjectConfig(ProjectControl projectControl, ProjectConfig projectConfig, MetaDataUpdate metaDataUpdate, boolean z) throws IOException, NoSuchProjectException, ConfigInvalidException, OrmException;

    private void replace(ProjectConfig projectConfig, Set<String> set, AccessSection accessSection) throws NoSuchGroupException {
        Iterator<Permission> it = accessSection.getPermissions().iterator();
        while (it.hasNext()) {
            Iterator<PermissionRule> it2 = it.next().getRules().iterator();
            while (it2.hasNext()) {
                lookupGroup(it2.next());
            }
        }
        projectConfig.replace(accessSection);
        set.remove(accessSection.getName());
    }

    private static Set<String> scanSectionNames(ProjectConfig projectConfig) {
        HashSet hashSet = new HashSet();
        Iterator<AccessSection> it = projectConfig.getAccessSections().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        return hashSet;
    }

    private void lookupGroup(PermissionRule permissionRule) throws NoSuchGroupException {
        GroupReference group = permissionRule.getGroup();
        if (group.getUUID() == null) {
            GroupReference findBestSuggestion = GroupBackends.findBestSuggestion(this.groupBackend, group.getName());
            if (findBestSuggestion == null) {
                throw new NoSuchGroupException(group.getName());
            }
            group.setUUID(findBestSuggestion.getUUID());
        }
    }
}
