package org.apache.druid.indexing.overlord.http.security;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.inject.Inject;
import com.sun.jersey.spi.container.ContainerRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import org.apache.druid.indexing.overlord.supervisor.SupervisorManager;
import org.apache.druid.indexing.overlord.supervisor.SupervisorSpec;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.server.http.security.AbstractResourceFilter;
import org.apache.druid.server.security.Action;
import org.apache.druid.server.security.AuthorizationResult;
import org.apache.druid.server.security.AuthorizationUtils;
import org.apache.druid.server.security.AuthorizerMapper;
import org.apache.druid.server.security.ForbiddenException;

/* loaded from: input_file:org/apache/druid/indexing/overlord/http/security/SupervisorResourceFilter.class */
public class SupervisorResourceFilter extends AbstractResourceFilter {
    private final SupervisorManager supervisorManager;

    @Inject
    public SupervisorResourceFilter(AuthorizerMapper authorizerMapper, SupervisorManager supervisorManager) {
        super(authorizerMapper);
        this.supervisorManager = supervisorManager;
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        String str = (String) Preconditions.checkNotNull(((PathSegment) containerRequest.getPathSegments().get(Iterables.indexOf(containerRequest.getPathSegments(), new Predicate<PathSegment>() { // from class: org.apache.druid.indexing.overlord.http.security.SupervisorResourceFilter.1
            public boolean apply(PathSegment pathSegment) {
                return "supervisor".equals(pathSegment.getPath());
            }
        }) + 1)).getPath());
        Optional<SupervisorSpec> supervisorSpec = this.supervisorManager.getSupervisorSpec(str);
        if (!supervisorSpec.isPresent()) {
            throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).type("text/plain").entity(StringUtils.format("Cannot find any supervisor with id: [%s]", new Object[]{str})).build());
        }
        SupervisorSpec supervisorSpec2 = (SupervisorSpec) supervisorSpec.get();
        Preconditions.checkArgument(supervisorSpec2.getDataSources() != null && supervisorSpec2.getDataSources().size() > 0, "No dataSources found to perform authorization checks");
        AuthorizationResult authorizeAllResourceActions = AuthorizationUtils.authorizeAllResourceActions(getReq(), Iterables.transform(supervisorSpec2.getDataSources(), getAction(containerRequest) == Action.READ ? AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR : AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR), getAuthorizerMapper());
        if (authorizeAllResourceActions.allowAccessWithNoRestriction()) {
            return containerRequest;
        }
        throw new ForbiddenException(authorizeAllResourceActions.getErrorMessage());
    }
}
