package io.camunda.zeebe.engine.processing.identity;

import io.camunda.zeebe.engine.processing.Rejection;
import io.camunda.zeebe.engine.processing.distribution.CommandDistributionBehavior;
import io.camunda.zeebe.engine.processing.identity.AuthorizationCheckBehavior;
import io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.StateWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedRejectionWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.TypedResponseWriter;
import io.camunda.zeebe.engine.processing.streamprocessor.writers.Writers;
import io.camunda.zeebe.engine.state.authorization.PersistedMapping;
import io.camunda.zeebe.engine.state.distribution.DistributionQueue;
import io.camunda.zeebe.engine.state.immutable.AuthorizationState;
import io.camunda.zeebe.engine.state.immutable.MappingState;
import io.camunda.zeebe.engine.state.immutable.ProcessingState;
import io.camunda.zeebe.engine.state.immutable.TenantState;
import io.camunda.zeebe.protocol.impl.record.value.authorization.AuthorizationRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.MappingRecord;
import io.camunda.zeebe.protocol.impl.record.value.authorization.RoleRecord;
import io.camunda.zeebe.protocol.impl.record.value.group.GroupRecord;
import io.camunda.zeebe.protocol.impl.record.value.tenant.TenantRecord;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.protocol.record.intent.AuthorizationIntent;
import io.camunda.zeebe.protocol.record.intent.GroupIntent;
import io.camunda.zeebe.protocol.record.intent.MappingIntent;
import io.camunda.zeebe.protocol.record.intent.RoleIntent;
import io.camunda.zeebe.protocol.record.intent.TenantIntent;
import io.camunda.zeebe.protocol.record.value.AuthorizationOwnerType;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.EntityType;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import io.camunda.zeebe.stream.api.records.TypedRecord;
import io.camunda.zeebe.stream.api.state.KeyGenerator;
import io.camunda.zeebe.util.Either;
import java.util.Iterator;
import java.util.Optional;

/* loaded from: input_file:io/camunda/zeebe/engine/processing/identity/MappingDeleteProcessor.class */
public class MappingDeleteProcessor implements DistributedTypedRecordProcessor<MappingRecord> {
    private static final String MAPPING_NOT_FOUND_ERROR_MESSAGE = "Expected to delete mapping with key '%s', but a mapping with this key does not exist.";
    private final MappingState mappingState;
    private final TenantState tenantState;
    private final AuthorizationState authorizationState;
    private final AuthorizationCheckBehavior authCheckBehavior;
    private final KeyGenerator keyGenerator;
    private final StateWriter stateWriter;
    private final TypedRejectionWriter rejectionWriter;
    private final TypedResponseWriter responseWriter;
    private final CommandDistributionBehavior commandDistributionBehavior;

    public MappingDeleteProcessor(ProcessingState processingState, AuthorizationCheckBehavior authorizationCheckBehavior, KeyGenerator keyGenerator, Writers writers, CommandDistributionBehavior commandDistributionBehavior) {
        this.mappingState = processingState.getMappingState();
        this.tenantState = processingState.getTenantState();
        this.authorizationState = processingState.getAuthorizationState();
        this.authCheckBehavior = authorizationCheckBehavior;
        this.keyGenerator = keyGenerator;
        this.stateWriter = writers.state();
        this.rejectionWriter = writers.rejection();
        this.responseWriter = writers.response();
        this.commandDistributionBehavior = commandDistributionBehavior;
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processNewCommand(TypedRecord<MappingRecord> typedRecord) {
        MappingRecord value = typedRecord.getValue();
        long mappingKey = value.getMappingKey();
        Optional<PersistedMapping> optional = this.mappingState.get(mappingKey);
        if (optional.isEmpty()) {
            String formatted = MAPPING_NOT_FOUND_ERROR_MESSAGE.formatted(Long.valueOf(mappingKey));
            this.rejectionWriter.appendRejection(typedRecord, RejectionType.NOT_FOUND, formatted);
            this.responseWriter.writeRejectionOnCommand(typedRecord, RejectionType.NOT_FOUND, formatted);
            return;
        }
        Either<Rejection, Void> isAuthorized = this.authCheckBehavior.isAuthorized(new AuthorizationCheckBehavior.AuthorizationRequest(typedRecord, AuthorizationResourceType.MAPPING_RULE, PermissionType.DELETE));
        if (isAuthorized.isLeft()) {
            Rejection left = isAuthorized.getLeft();
            this.rejectionWriter.appendRejection(typedRecord, left.type(), left.reason());
            this.responseWriter.writeRejectionOnCommand(typedRecord, left.type(), left.reason());
        } else {
            deleteMapping(optional.get());
            this.responseWriter.writeEventOnCommand(mappingKey, MappingIntent.DELETED, value, typedRecord);
            this.commandDistributionBehavior.withKey(this.keyGenerator.nextKey()).inQueue(DistributionQueue.IDENTITY.getQueueId()).distribute(typedRecord);
        }
    }

    @Override // io.camunda.zeebe.engine.processing.streamprocessor.DistributedTypedRecordProcessor
    public void processDistributedCommand(TypedRecord<MappingRecord> typedRecord) {
        MappingRecord value = typedRecord.getValue();
        this.mappingState.get(value.getMappingKey()).ifPresentOrElse(this::deleteMapping, () -> {
            this.rejectionWriter.appendRejection(typedRecord, RejectionType.NOT_FOUND, MAPPING_NOT_FOUND_ERROR_MESSAGE.formatted(Long.valueOf(value.getMappingKey())));
        });
        this.commandDistributionBehavior.acknowledgeCommand(typedRecord);
    }

    private void deleteMapping(PersistedMapping persistedMapping) {
        long mappingKey = persistedMapping.getMappingKey();
        deleteAuthorizations(mappingKey);
        Iterator<String> it = persistedMapping.getTenantIdsList().iterator();
        while (it.hasNext()) {
            long longValue = this.tenantState.getTenantKeyById(it.next()).orElseThrow().longValue();
            this.stateWriter.appendFollowUpEvent(longValue, TenantIntent.ENTITY_REMOVED, new TenantRecord().setTenantKey(longValue).setEntityKey(mappingKey).setEntityType(EntityType.MAPPING));
        }
        for (Long l : persistedMapping.getRoleKeysList()) {
            this.stateWriter.appendFollowUpEvent(l.longValue(), RoleIntent.ENTITY_REMOVED, new RoleRecord().setRoleKey(l.longValue()).setEntityKey(mappingKey).setEntityType(EntityType.MAPPING));
        }
        for (Long l2 : persistedMapping.getGroupKeysList()) {
            this.stateWriter.appendFollowUpEvent(l2.longValue(), GroupIntent.ENTITY_REMOVED, new GroupRecord().setGroupKey(l2.longValue()).setEntityKey(mappingKey).setEntityType(EntityType.MAPPING));
        }
        this.stateWriter.appendFollowUpEvent(mappingKey, MappingIntent.DELETED, new MappingRecord().setMappingKey(mappingKey));
    }

    private void deleteAuthorizations(long j) {
        this.authorizationState.getAuthorizationKeysForOwner(AuthorizationOwnerType.MAPPING, String.valueOf(j)).forEach(l -> {
            this.stateWriter.appendFollowUpEvent(l.longValue(), AuthorizationIntent.DELETED, new AuthorizationRecord().setAuthorizationKey(l));
        });
    }
}
