package io.confluent.connect.security.permissions;

import io.confluent.common.security.util.AuthorizerUtils;
import io.confluent.connect.security.permissions.entities.Permissions;
import io.confluent.connect.security.rbac.ConnectActions;
import io.confluent.connect.security.rbac.ConnectorOperations;
import io.confluent.security.auth.client.RestAuthorizer;
import io.confluent.security.authorizer.Scope;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.Context;
import org.apache.kafka.connect.health.ConnectClusterState;

@Produces({"application/json"})
@Path("/permissions")
/* loaded from: input_file:io/confluent/connect/security/permissions/PermissionsResource.class */
public class PermissionsResource {
    private final Scope scope;
    private final RestAuthorizer restAuthorizer;
    private final ConnectClusterState clusterState;

    public PermissionsResource(Scope scope, RestAuthorizer restAuthorizer, ConnectClusterState connectClusterState) {
        this.scope = scope;
        this.restAuthorizer = restAuthorizer;
        this.clusterState = connectClusterState;
    }

    @GET
    public Permissions getPermissions(@Context ContainerRequestContext containerRequestContext) {
        PermissionsBuilder withAuthorizer = new PermissionsBuilder().withScope(this.scope).withPrincipal(AuthorizerUtils.kafkaPrincipalFor(containerRequestContext.getSecurityContext().getUserPrincipal())).withAuthorizer(this.restAuthorizer);
        this.clusterState.connectors().forEach(str -> {
            withAuthorizer.withOperations(ConnectActions.CONNECTOR_RESOURCE, str, ConnectorOperations.ALL);
        });
        return withAuthorizer.build();
    }
}
