package org.apache.kylin.rest.service;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.persistence.JsonSerializer;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.common.persistence.Serializer;
import org.apache.kylin.common.persistence.WriteConflictException;
import org.apache.kylin.metadata.MetadataConstants;
import org.apache.kylin.metadata.acl.UserGroup;
import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.rest.security.ManagedUser;
import org.apache.kylin.rest.util.AclEvaluate;
import org.apache.kylin.shaded.com.google.common.collect.Lists;
import org.apache.kylin.shaded.com.google.common.collect.Maps;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/kylin-server-base-4.0.4.jar:org/apache/kylin/rest/service/KylinUserGroupService.class */
public class KylinUserGroupService extends UserGroupService {
    private ResourceStore store = ResourceStore.getStore(KylinConfig.getInstanceFromEnv());
    private static final String PATH = "/user_group/";

    @Autowired
    @Qualifier("userService")
    private UserService userService;

    @Autowired
    private AclEvaluate aclEvaluate;

    @Autowired
    @Qualifier("accessService")
    private AccessService accessService;
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) KylinUserGroupService.class);
    private static final Serializer<UserGroup> USER_GROUP_SERIALIZER = new JsonSerializer(UserGroup.class);

    @Override // org.apache.kylin.rest.service.UserGroupService, org.apache.kylin.rest.service.IUserGroupService
    public boolean exists(String str) throws IOException {
        return getUserGroup().getAllGroups().contains(str);
    }

    @PostConstruct
    public void init() throws IOException, InterruptedException {
        for (int i = 100; i > 0; i--) {
            UserGroup userGroup = getUserGroup();
            if (!userGroup.exists(Constant.GROUP_ALL_USERS)) {
                userGroup.add(Constant.GROUP_ALL_USERS);
            }
            if (!userGroup.exists(Constant.ROLE_ADMIN)) {
                userGroup.add(Constant.ROLE_ADMIN);
            }
            if (!userGroup.exists(Constant.ROLE_MODELER)) {
                userGroup.add(Constant.ROLE_MODELER);
            }
            if (!userGroup.exists(Constant.ROLE_ANALYST)) {
                userGroup.add(Constant.ROLE_ANALYST);
            }
            try {
                this.store.checkAndPutResource(PATH, userGroup, USER_GROUP_SERIALIZER);
                return;
            } catch (WriteConflictException e) {
                logger.info("Find WriteConflictException, sleep 100 ms.", (Throwable) e);
                Thread.sleep(100L);
            }
        }
        logger.error("Failed to update user group's metadata.");
    }

    private UserGroup getUserGroup() throws IOException {
        UserGroup userGroup = (UserGroup) this.store.getResource(PATH, USER_GROUP_SERIALIZER);
        if (userGroup == null) {
            userGroup = new UserGroup();
        }
        return userGroup;
    }

    @Override // org.apache.kylin.rest.service.UserGroupService
    protected List<String> getAllUserGroups() throws IOException {
        return getUserGroup().getAllGroups();
    }

    @Override // org.apache.kylin.rest.service.UserGroupService
    public Map<String, List<String>> getGroupMembersMap() throws IOException {
        HashMap newHashMap = Maps.newHashMap();
        for (ManagedUser managedUser : this.userService.listUsers()) {
            Iterator<SimpleGrantedAuthority> it2 = managedUser.getAuthorities().iterator();
            while (it2.hasNext()) {
                String authority = it2.next().getAuthority();
                List list = (List) newHashMap.get(authority);
                if (list == null) {
                    newHashMap.put(authority, Lists.newArrayList(managedUser.getUsername()));
                } else {
                    list.add(managedUser.getUsername());
                }
            }
        }
        return newHashMap;
    }

    @Override // org.apache.kylin.rest.service.UserGroupService
    public List<ManagedUser> getGroupMembersByName(String str) throws IOException {
        List<ManagedUser> listUsers = this.userService.listUsers();
        Iterator<ManagedUser> it2 = listUsers.iterator();
        while (it2.hasNext()) {
            if (!it2.next().getAuthorities().contains(new SimpleGrantedAuthority(str))) {
                it2.remove();
            }
        }
        return listUsers;
    }

    @Override // org.apache.kylin.rest.service.UserGroupService
    public void addGroup(String str) throws IOException {
        this.aclEvaluate.checkIsGlobalAdmin();
        this.store.checkAndPutResource(PATH, getUserGroup().add(str), USER_GROUP_SERIALIZER);
    }

    @Override // org.apache.kylin.rest.service.UserGroupService
    public void deleteGroup(String str) throws IOException {
        this.aclEvaluate.checkIsGlobalAdmin();
        for (ManagedUser managedUser : this.userService.listUsers()) {
            if (managedUser.getAuthorities().contains(new SimpleGrantedAuthority(str))) {
                managedUser.removeAuthorities(str);
                this.userService.updateUser(managedUser);
            }
        }
        this.accessService.revokeProjectPermission(str, MetadataConstants.TYPE_GROUP);
        this.store.checkAndPutResource(PATH, getUserGroup().delete(str), USER_GROUP_SERIALIZER);
    }

    @Override // org.apache.kylin.rest.service.UserGroupService
    public void modifyGroupUsers(String str, List<String> list) throws IOException {
        this.aclEvaluate.checkIsGlobalAdmin();
        ArrayList arrayList = new ArrayList();
        Iterator<ManagedUser> it2 = getGroupMembersByName(str).iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getUsername());
        }
        ArrayList newArrayList = Lists.newArrayList(list);
        ArrayList newArrayList2 = Lists.newArrayList(arrayList);
        newArrayList.removeAll(arrayList);
        newArrayList2.removeAll(list);
        Iterator it3 = newArrayList.iterator();
        while (it3.hasNext()) {
            ManagedUser managedUser = (ManagedUser) this.userService.loadUserByUsername((String) it3.next());
            managedUser.addAuthorities(str);
            this.userService.updateUser(managedUser);
        }
        Iterator it4 = newArrayList2.iterator();
        while (it4.hasNext()) {
            ManagedUser managedUser2 = (ManagedUser) this.userService.loadUserByUsername((String) it4.next());
            managedUser2.removeAuthorities(str);
            this.userService.updateUser(managedUser2);
        }
    }
}
