package com.google.gerrit.server.account;

import com.google.common.base.Predicate;
import com.google.common.collect.Sets;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.GroupControl;
import com.google.gerrit.server.git.AccountsSection;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/gerrit-server-server.jar:com/google/gerrit/server/account/AccountControl.class */
public class AccountControl {
    private final AccountsSection accountsSection;
    private final GroupControl.Factory groupControlFactory;
    private final CurrentUser currentUser;
    private final IdentifiedUser.GenericFactory userFactory;
    private final AccountVisibility accountVisibility;

    /* loaded from: input_file:WEB-INF/lib/gerrit-server-server.jar:com/google/gerrit/server/account/AccountControl$Factory.class */
    public static class Factory {
        private final ProjectCache projectCache;
        private final GroupControl.Factory groupControlFactory;
        private final Provider<CurrentUser> user;
        private final IdentifiedUser.GenericFactory userFactory;
        private final AccountVisibility accountVisibility;

        @Inject
        Factory(ProjectCache projectCache, GroupControl.Factory factory, Provider<CurrentUser> provider, IdentifiedUser.GenericFactory genericFactory, AccountVisibility accountVisibility) {
            this.projectCache = projectCache;
            this.groupControlFactory = factory;
            this.user = provider;
            this.userFactory = genericFactory;
            this.accountVisibility = accountVisibility;
        }

        public AccountControl get() {
            return new AccountControl(this.projectCache, this.groupControlFactory, this.user.get(), this.userFactory, this.accountVisibility);
        }
    }

    AccountControl(ProjectCache projectCache, GroupControl.Factory factory, CurrentUser currentUser, IdentifiedUser.GenericFactory genericFactory, AccountVisibility accountVisibility) {
        this.accountsSection = projectCache.getAllProjects().getConfig().getAccountsSection();
        this.groupControlFactory = factory;
        this.currentUser = currentUser;
        this.userFactory = genericFactory;
        this.accountVisibility = accountVisibility;
    }

    public boolean canSee(Account account) {
        return canSee(account.getId());
    }

    public boolean canSee(Account.Id id) {
        if ((this.currentUser.isIdentifiedUser() && ((IdentifiedUser) this.currentUser).getAccountId().equals(id)) || this.currentUser.getCapabilities().canViewAllAccounts()) {
            return true;
        }
        switch (this.accountVisibility) {
            case ALL:
                return true;
            case SAME_GROUP:
                Set<AccountGroup.UUID> groupsOf = groupsOf(id);
                for (PermissionRule permissionRule : this.accountsSection.getSameGroupVisibility()) {
                    if (permissionRule.isBlock() || permissionRule.isDeny()) {
                        groupsOf.remove(permissionRule.getGroup().getUUID());
                    }
                }
                return this.currentUser.getEffectiveGroups().containsAnyOf(groupsOf);
            case VISIBLE_GROUP:
                Iterator<AccountGroup.UUID> it = groupsOf(id).iterator();
                while (it.hasNext()) {
                    if (this.groupControlFactory.controlFor(it.next()).isVisible()) {
                        return true;
                    }
                }
                return false;
            case NONE:
                return false;
            default:
                throw new IllegalStateException("Bad AccountVisibility " + this.accountVisibility);
        }
    }

    private Set<AccountGroup.UUID> groupsOf(Account.Id id) {
        return new HashSet(Sets.filter(this.userFactory.create(id).getEffectiveGroups().getKnownGroups(), new Predicate<AccountGroup.UUID>() { // from class: com.google.gerrit.server.account.AccountControl.1
            @Override // com.google.common.base.Predicate
            public boolean apply(AccountGroup.UUID uuid) {
                return !SystemGroupBackend.isSystemGroup(uuid);
            }
        }));
    }
}
