package org.apache.kylin.rest.service;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.metadata.acl.TableACL;
import org.apache.kylin.metadata.project.ProjectManager;
import org.apache.kylin.metadata.querymeta.TableMeta;
import org.apache.kylin.rest.util.AclEvaluate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component("TableAclService")
/* loaded from: input_file:WEB-INF/lib/kylin-server-base-3.0.0.jar:org/apache/kylin/rest/service/TableACLService.class */
public class TableACLService extends BasicService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TableACLService.class);

    @Autowired
    private AclEvaluate aclEvaluate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/kylin-server-base-3.0.0.jar:org/apache/kylin/rest/service/TableACLService$AclFilter.class */
    public interface AclFilter<T> {
        boolean filter(T t, Set<String> set);
    }

    private TableACL getTableACLByProject(String str) throws IOException {
        return getTableACLManager().getTableACLByCache(str);
    }

    public boolean exists(String str, String str2, String str3) throws IOException {
        this.aclEvaluate.checkProjectWritePermission(str);
        return getTableACLByProject(str).contains(str2, str3);
    }

    public List<String> getNoAccessList(String str, String str2, String str3) throws IOException {
        this.aclEvaluate.checkProjectWritePermission(str);
        return getTableACLByProject(str).getNoAccessList(str2, str3);
    }

    public List<String> getCanAccessList(String str, String str2, Set<String> set, String str3) throws IOException {
        this.aclEvaluate.checkProjectWritePermission(str);
        return getTableACLByProject(str).getCanAccessList(str2, set, str3);
    }

    public void addToTableACL(String str, String str2, String str3, String str4) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        getTableACLManager().addTableACL(str, str2, str3, str4);
    }

    public void deleteFromTableACL(String str, String str2, String str3, String str4) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        getTableACLManager().deleteTableACL(str, str2, str3, str4);
    }

    public void deleteFromTableACL(String str, String str2, String str3) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        getTableACLManager().deleteTableACL(str, str2, str3);
    }

    public void deleteFromTableACLByTbl(String str, String str2) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        getTableACLManager().deleteTableACLByTbl(str, str2);
    }

    public List<TableMeta> filterTableMetasByAcl(List<TableMeta> list, String str) throws IOException {
        return filterByAcl(list, str, new AclFilter<TableMeta>() { // from class: org.apache.kylin.rest.service.TableACLService.1
            /* renamed from: filter, reason: avoid collision after fix types in other method */
            public boolean filter2(TableMeta tableMeta, Set<String> set) {
                return !set.contains(new StringBuilder().append(tableMeta.getTABLE_SCHEM()).append(".").append(tableMeta.getTABLE_NAME()).toString());
            }

            @Override // org.apache.kylin.rest.service.TableACLService.AclFilter
            public /* bridge */ /* synthetic */ boolean filter(TableMeta tableMeta, Set set) {
                return filter2(tableMeta, (Set<String>) set);
            }
        });
    }

    private <T> List<T> filterByAcl(List<T> list, String str, AclFilter aclFilter) throws IOException {
        if (this.aclEvaluate.hasProjectAdminPermission(ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(str))) {
            return list;
        }
        Set<String> blockedTablesByUser = getBlockedTablesByUser(str, SecurityContextHolder.getContext().getAuthentication().getName(), "user");
        ArrayList newArrayList = Lists.newArrayList();
        for (T t : list) {
            if (aclFilter.filter(t, blockedTablesByUser)) {
                newArrayList.add(t);
            }
        }
        return newArrayList;
    }

    private Set<String> getBlockedTablesByUser(String str, String str2, String str3) throws IOException {
        return getTableACLByProject(str).getBlockedTablesByUser(str2, str3);
    }
}
