package org.apache.kylin.rest.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.common.persistence.transaction.UnitOfWork;
import org.apache.kylin.metadata.cachesync.CachedCrudAssist;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.acls.model.Permission;

/* loaded from: input_file:org/apache/kylin/rest/security/UserAclManager.class */
public class UserAclManager {
    private static final Logger logger = LoggerFactory.getLogger(UserAclManager.class);
    private KylinConfig config;
    private CachedCrudAssist<UserAcl> crud;

    /* loaded from: input_file:org/apache/kylin/rest/security/UserAclManager$UserAclUpdater.class */
    public interface UserAclUpdater {
        void update(UserAcl userAcl);
    }

    public static UserAclManager getInstance(KylinConfig kylinConfig) {
        return (UserAclManager) kylinConfig.getManager(UserAclManager.class);
    }

    static UserAclManager newInstance(KylinConfig kylinConfig) {
        return new UserAclManager(kylinConfig);
    }

    public UserAclManager(KylinConfig kylinConfig) {
        if (!UnitOfWork.isAlreadyInTransaction()) {
            logger.info("Initializing UserAclManager with KylinConfig Id: {}", Integer.valueOf(System.identityHashCode(kylinConfig)));
        }
        this.config = kylinConfig;
        this.crud = new CachedCrudAssist<UserAcl>(getStore(), "/_global/sys_acl/user", "", UserAcl.class) { // from class: org.apache.kylin.rest.security.UserAclManager.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.apache.kylin.metadata.cachesync.CachedCrudAssist
            public UserAcl initEntityAfterReload(UserAcl userAcl, String str) {
                return userAcl;
            }
        };
        this.crud.reloadAll();
    }

    public ResourceStore getStore() {
        return ResourceStore.getKylinMetaStore(this.config);
    }

    public List<String> listAclUsernames() {
        return ImmutableList.copyOf((Collection) this.crud.listAll().stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toList()));
    }

    public List<UserAcl> listUserAcl() {
        return ImmutableList.copyOf(this.crud.listAll());
    }

    public boolean exists(String str) {
        return filterUsername(str).isPresent();
    }

    public Optional<String> filterUsername(String str) {
        return listAclUsernames().stream().filter(str2 -> {
            return StringUtils.equalsIgnoreCase(str2, str);
        }).findAny();
    }

    public UserAcl get(String str) {
        Optional<String> filterUsername = filterUsername(str);
        if (filterUsername.isPresent()) {
            return this.crud.get(filterUsername.get());
        }
        return null;
    }

    public void add(String str) {
        addPermission(str, AclPermission.DATA_QUERY);
    }

    public void delete(String str) {
        Optional<String> filterUsername = filterUsername(str);
        if (filterUsername.isPresent()) {
            this.crud.delete(filterUsername.get());
        }
    }

    public void addPermission(String str, Permission permission) {
        addPermission(str, Sets.newHashSet(new Permission[]{permission}));
    }

    public void addPermission(String str, Set<Permission> set) {
        Optional<String> filterUsername = filterUsername(str);
        if (filterUsername.isPresent()) {
            updateAcl(get(filterUsername.get()), userAcl -> {
                userAcl.getClass();
                set.forEach(userAcl::addPermission);
            });
        } else {
            this.crud.save(new UserAcl(str, set));
        }
    }

    public void addDataQueryProject(String str, String str2) {
        Optional<String> filterUsername = filterUsername(str);
        if (!filterUsername.isPresent()) {
            UserAcl userAcl = new UserAcl(str, Collections.emptySet());
            userAcl.addDataQueryProject(str2);
            this.crud.save(userAcl);
        } else {
            UserAcl userAcl2 = get(filterUsername.get());
            if (userAcl2.hasPermission(AclPermission.DATA_QUERY)) {
                return;
            }
            updateAcl(userAcl2, userAcl3 -> {
                userAcl3.addDataQueryProject(str2);
            });
        }
    }

    public void deletePermission(String str, Permission permission) {
        Optional<String> filterUsername = filterUsername(str);
        if (filterUsername.isPresent()) {
            updateAcl(get(filterUsername.get()), userAcl -> {
                userAcl.deletePermission(permission);
                userAcl.setDataQueryProjects(Collections.emptyList());
            });
        }
    }

    public void deleteDataQueryProject(String str, String str2) {
        Optional<String> filterUsername = filterUsername(str);
        if (filterUsername.isPresent()) {
            UserAcl userAcl = get(filterUsername.get());
            if (userAcl.hasPermission(AclPermission.DATA_QUERY)) {
                return;
            }
            updateAcl(userAcl, userAcl2 -> {
                userAcl2.deleteDataQueryProject(str2);
            });
        }
    }

    private UserAcl updateAcl(UserAcl userAcl, UserAclUpdater userAclUpdater) {
        UserAcl copyForWrite = this.crud.copyForWrite(userAcl);
        userAclUpdater.update(copyForWrite);
        this.crud.save(copyForWrite);
        return get(userAcl.getUsername());
    }
}
