package org.apache.druid.indexing.overlord.http.security;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.inject.Inject;
import com.sun.jersey.spi.container.ContainerRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import org.apache.druid.indexing.common.task.Task;
import org.apache.druid.indexing.overlord.TaskStorageQueryAdapter;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.server.http.security.AbstractResourceFilter;
import org.apache.druid.server.security.Access;
import org.apache.druid.server.security.AuthorizationUtils;
import org.apache.druid.server.security.AuthorizerMapper;
import org.apache.druid.server.security.ForbiddenException;
import org.apache.druid.server.security.Resource;
import org.apache.druid.server.security.ResourceAction;
import org.apache.druid.server.security.ResourceType;

/* loaded from: input_file:org/apache/druid/indexing/overlord/http/security/TaskResourceFilter.class */
public class TaskResourceFilter extends AbstractResourceFilter {
    private final TaskStorageQueryAdapter taskStorageQueryAdapter;

    @Inject
    public TaskResourceFilter(TaskStorageQueryAdapter taskStorageQueryAdapter, AuthorizerMapper authorizerMapper) {
        super(authorizerMapper);
        this.taskStorageQueryAdapter = taskStorageQueryAdapter;
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        String str = (String) Preconditions.checkNotNull(((PathSegment) containerRequest.getPathSegments().get(Iterables.indexOf(containerRequest.getPathSegments(), new Predicate<PathSegment>() { // from class: org.apache.druid.indexing.overlord.http.security.TaskResourceFilter.1
            public boolean apply(PathSegment pathSegment) {
                return "task".equals(pathSegment.getPath());
            }
        }) + 1)).getPath());
        Optional<Task> task = this.taskStorageQueryAdapter.getTask(str);
        if (!task.isPresent()) {
            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity(StringUtils.format("Cannot find any task with id: [%s]", new Object[]{str})).build());
        }
        Access authorizeResourceAction = AuthorizationUtils.authorizeResourceAction(getReq(), new ResourceAction(new Resource((String) Preconditions.checkNotNull(((Task) task.get()).getDataSource()), ResourceType.DATASOURCE), getAction(containerRequest)), getAuthorizerMapper());
        if (authorizeResourceAction.isAllowed()) {
            return containerRequest;
        }
        throw new ForbiddenException(authorizeResourceAction.toString());
    }

    public boolean isApplicable(String str) {
        for (String str2 : ImmutableList.of("druid/indexer/v1/task/")) {
            if (str.startsWith(str2) && !str.equals(str2)) {
                return true;
            }
        }
        return false;
    }
}
