package io.camunda.zeebe.engine.processing.tenant;

import io.camunda.zeebe.engine.processing.Rejection;
import io.camunda.zeebe.engine.processing.distribution.CommandDistributionBehavior;
import io.camunda.zeebe.engine.processing.identity.AuthorizationCheckBehavior;
import io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.StateWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedRejectionWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedResponseWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.Writers;
import io.camunda.zeebe.engine.state.authorization.PersistedMapping;
import io.camunda.zeebe.engine.state.distribution.DistributionQueue;
import io.camunda.zeebe.engine.state.group.PersistedGroup;
import io.camunda.zeebe.engine.state.immutable.GroupState;
import io.camunda.zeebe.engine.state.immutable.MappingState;
import io.camunda.zeebe.engine.state.immutable.ProcessingState;
import io.camunda.zeebe.engine.state.immutable.TenantState;
import io.camunda.zeebe.engine.state.immutable.UserState;
import io.camunda.zeebe.engine.state.tenant.PersistedTenant;
import io.camunda.zeebe.engine.state.user.PersistedUser;
import io.camunda.zeebe.protocol.impl.record.value.tenant.TenantRecord;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.protocol.record.intent.TenantIntent;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.EntityType;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import io.camunda.zeebe.stream.api.records.TypedRecord;
import io.camunda.zeebe.stream.api.state.KeyGenerator;
import io.camunda.zeebe.util.Either;
import java.util.Optional;

/* loaded from: input_file:io/camunda/zeebe/engine/processing/tenant/TenantAddEntityProcessor.class */
public class TenantAddEntityProcessor implements DistributedTypedRecordProcessor<TenantRecord> {
    private final TenantState tenantState;
    private final UserState userState;
    private final MappingState mappingState;
    private final GroupState groupState;
    private final AuthorizationCheckBehavior authCheckBehavior;
    private final KeyGenerator keyGenerator;
    private final StateWriter stateWriter;
    private final TypedRejectionWriter rejectionWriter;
    private final TypedResponseWriter responseWriter;
    private final CommandDistributionBehavior commandDistributionBehavior;

    public TenantAddEntityProcessor(ProcessingState processingState, AuthorizationCheckBehavior authorizationCheckBehavior, KeyGenerator keyGenerator, Writers writers, CommandDistributionBehavior commandDistributionBehavior) {
        this.tenantState = processingState.getTenantState();
        this.userState = processingState.getUserState();
        this.mappingState = processingState.getMappingState();
        this.groupState = processingState.getGroupState();
        this.authCheckBehavior = authorizationCheckBehavior;
        this.keyGenerator = keyGenerator;
        this.stateWriter = writers.state();
        this.rejectionWriter = writers.rejection();
        this.responseWriter = writers.response();
        this.commandDistributionBehavior = commandDistributionBehavior;
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processNewCommand(TypedRecord<TenantRecord> typedRecord) {
        TenantRecord value = typedRecord.getValue();
        Either<String, PersistedTenant> persistedTenant = getPersistedTenant(value);
        if (persistedTenant.isLeft()) {
            rejectCommand(typedRecord, RejectionType.NOT_FOUND, persistedTenant.getLeft());
            return;
        }
        PersistedTenant persistedTenant2 = persistedTenant.get();
        long tenantKey = persistedTenant2.getTenantKey();
        String tenantId = persistedTenant2.getTenantId();
        value.setTenantId(tenantId);
        Either<Rejection, Void> isAuthorized = this.authCheckBehavior.isAuthorized(new AuthorizationCheckBehavior.AuthorizationRequest(typedRecord, AuthorizationResourceType.TENANT, PermissionType.UPDATE).addResourceId(tenantId));
        if (isAuthorized.isLeft()) {
            rejectCommandWithUnauthorizedError(typedRecord, isAuthorized.getLeft());
        } else if (validateEntityAssignment(typedRecord, tenantId)) {
            this.stateWriter.appendFollowUpEvent(tenantKey, TenantIntent.ENTITY_ADDED, value);
            this.responseWriter.writeEventOnCommand(tenantKey, TenantIntent.ENTITY_ADDED, value, typedRecord);
            distributeCommand(typedRecord);
        }
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processDistributedCommand(TypedRecord<TenantRecord> typedRecord) {
        TenantRecord value = typedRecord.getValue();
        if (validateEntityAssignment(typedRecord, value.getTenantId())) {
            this.stateWriter.appendFollowUpEvent(typedRecord.getKey(), TenantIntent.ENTITY_ADDED, value);
        }
        this.commandDistributionBehavior.acknowledgeCommand(typedRecord);
    }

    private Either<String, PersistedTenant> getPersistedTenant(TenantRecord tenantRecord) {
        if (tenantRecord.hasTenantKey()) {
            long tenantKey = tenantRecord.getTenantKey();
            return (Either) this.tenantState.getTenantByKey(tenantKey).map((v0) -> {
                return Either.right(v0);
            }).orElseGet(() -> {
                return Either.left("Expected to add entity to tenant with key '%s', but no tenant with this key exists.".formatted(Long.valueOf(tenantKey)));
            });
        }
        String tenantId = tenantRecord.getTenantId();
        return (Either) this.tenantState.getTenantById(tenantId).map((v0) -> {
            return Either.right(v0);
        }).orElseGet(() -> {
            return Either.left("Expected to add entity to tenant with id '%s', but no tenant with this id exists.".formatted(tenantId));
        });
    }

    private boolean validateEntityAssignment(TypedRecord<TenantRecord> typedRecord, String str) {
        EntityType entityType = typedRecord.getValue().getEntityType();
        long entityKey = typedRecord.getValue().getEntityKey();
        switch (entityType) {
            case USER:
                return checkUserAssignment(typedRecord, str);
            case MAPPING:
                return checkMappingAssignment(entityKey, typedRecord, str);
            case GROUP:
                return checkGroupAssignment(entityKey, typedRecord, str);
            default:
                throw new IllegalStateException(formatErrorMessage(entityKey, str, "doesn't exist"));
        }
    }

    private boolean checkUserAssignment(TypedRecord<TenantRecord> typedRecord, String str) {
        String entityId = typedRecord.getValue().getEntityId();
        Optional<PersistedUser> user = this.userState.getUser(entityId);
        if (user.isEmpty()) {
            rejectCommand(typedRecord, RejectionType.NOT_FOUND, "Expected to add user '%s' to tenant '%s', but the user doesn't exist.".formatted(entityId, str));
            return false;
        }
        if (!user.get().getTenantIdsList().contains(str)) {
            return true;
        }
        rejectCommand(typedRecord, RejectionType.INVALID_ARGUMENT, "Expected to add user '%s' to tenant '%s', but the user is already assigned to the tenant.".formatted(entityId, str));
        return false;
    }

    private boolean checkMappingAssignment(long j, TypedRecord<TenantRecord> typedRecord, String str) {
        Optional<PersistedMapping> optional = this.mappingState.get(j);
        if (optional.isEmpty()) {
            rejectCommand(typedRecord, RejectionType.NOT_FOUND, formatErrorMessage(j, str, "doesn't exist"));
            return false;
        }
        if (!optional.get().getTenantIdsList().contains(str)) {
            return true;
        }
        createEntityNotExistRejectCommand(typedRecord, j, str);
        return false;
    }

    private boolean checkGroupAssignment(long j, TypedRecord<TenantRecord> typedRecord, String str) {
        Optional<PersistedGroup> optional = this.groupState.get(j);
        if (optional.isEmpty()) {
            createEntityNotExistRejectCommand(typedRecord, j, str);
            return false;
        }
        if (!optional.get().getTenantIdsList().contains(str)) {
            return true;
        }
        createAlreadyAssignedRejectCommand(typedRecord, j, str);
        return false;
    }

    private void createEntityNotExistRejectCommand(TypedRecord<TenantRecord> typedRecord, long j, String str) {
        rejectCommand(typedRecord, RejectionType.NOT_FOUND, formatErrorMessage(j, str, "doesn't exist"));
    }

    private void createAlreadyAssignedRejectCommand(TypedRecord<TenantRecord> typedRecord, long j, String str) {
        rejectCommand(typedRecord, RejectionType.INVALID_ARGUMENT, formatErrorMessage(j, str, "is already assigned to the tenant"));
    }

    private String formatErrorMessage(long j, String str, String str2) {
        return "Expected to add entity with key '%s' to tenant with tenantId '%s', but the entity %s.".formatted(Long.valueOf(j), str, str2);
    }

    private void rejectCommandWithUnauthorizedError(TypedRecord<TenantRecord> typedRecord, Rejection rejection) {
        rejectCommand(typedRecord, rejection.type(), rejection.reason());
    }

    private void rejectCommand(TypedRecord<TenantRecord> typedRecord, RejectionType rejectionType, String str) {
        this.rejectionWriter.appendRejection(typedRecord, rejectionType, str);
        if (typedRecord.hasRequestMetadata()) {
            this.responseWriter.writeRejectionOnCommand(typedRecord, rejectionType, str);
        }
    }

    private void distributeCommand(TypedRecord<TenantRecord> typedRecord) {
        this.commandDistributionBehavior.withKey(this.keyGenerator.nextKey()).inQueue(DistributionQueue.IDENTITY.getQueueId()).distribute(typedRecord);
    }
}
