package org.apache.kylin.rest.controller;

import com.google.common.collect.Lists;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.rest.request.AclTCRRequest;
import org.apache.kylin.rest.response.AclTCRResponse;
import org.apache.kylin.rest.response.EnvelopeResponse;
import org.apache.kylin.rest.service.AccessService;
import org.apache.kylin.rest.service.AclTCRService;
import org.apache.kylin.rest.service.IUserGroupService;
import org.apache.kylin.rest.service.UserService;
import org.apache.kylin.rest.util.AclPermissionUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping(value = {"/api/acl"}, produces = {"application/vnd.apache.kylin-v4+json"})
@Controller
/* loaded from: input_file:org/apache/kylin/rest/controller/AclTCRController.class */
public class AclTCRController extends NBasicController {

    @Autowired
    @Qualifier("aclTCRService")
    private AclTCRService aclTCRService;

    @Autowired
    @Qualifier("userService")
    protected UserService userService;

    @Autowired
    @Qualifier("userGroupService")
    private IUserGroupService userGroupService;

    @Autowired
    @Qualifier("accessService")
    private AccessService accessService;

    @GetMapping(value = {"/sid/{sid_type:.+}/{sid:.+}"}, produces = {"application/vnd.apache.kylin-v4+json", "application/vnd.apache.kylin-v4-public+json"})
    @ApiOperation(value = "getProjectSidTCR", tags = {"MID"}, notes = "Update URL: {project}; Update Param: project, authorized_only")
    @ResponseBody
    public EnvelopeResponse<List<AclTCRResponse>> getProjectSidTCR(@PathVariable("sid_type") String str, @PathVariable("sid") String str2, @RequestParam("project") String str3, @RequestParam(value = "authorized_only", required = false, defaultValue = "false") boolean z) throws IOException {
        List<AclTCRResponse> projectSidTCR;
        checkProjectName(str3);
        if (str.equalsIgnoreCase("user")) {
            projectSidTCR = getProjectSidTCR(str3, makeUserNameCaseInSentive(str2), true, z);
        } else {
            if (!str.equalsIgnoreCase("group")) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getInvalidSidType());
            }
            projectSidTCR = getProjectSidTCR(str3, str2, false, z);
        }
        projectSidTCR.stream().forEach(aclTCRResponse -> {
            ((List) Optional.ofNullable(aclTCRResponse.getTables()).orElse(Lists.newArrayList())).stream().forEach(table -> {
                table.setRowFilter((AclTCRResponse.RowFilter) null);
            });
        });
        return new EnvelopeResponse<>("000", projectSidTCR, "");
    }

    @GetMapping(value = {"/{sid_type:.+}/{sid:.+}"}, produces = {"application/vnd.apache.kylin-v4+json", "application/vnd.apache.kylin-v4-public+json"})
    @ApiOperation(value = "getProjectSidTCR", tags = {"MID"}, notes = "Update URL: {project}; Update Param: project, authorized_only")
    @ResponseBody
    public EnvelopeResponse<List<AclTCRResponse>> getProjectSidTCRV2(@PathVariable("sid_type") String str, @PathVariable("sid") String str2, @RequestParam("project") String str3, @RequestParam(value = "authorized_only", required = false, defaultValue = "false") boolean z) throws IOException {
        List<AclTCRResponse> projectSidTCR;
        checkProjectName(str3);
        if (str.equalsIgnoreCase("user")) {
            projectSidTCR = getProjectSidTCR(str3, makeUserNameCaseInSentive(str2), true, z);
        } else {
            if (!str.equalsIgnoreCase("group")) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getInvalidSidType());
            }
            projectSidTCR = getProjectSidTCR(str3, str2, false, z);
        }
        projectSidTCR.stream().forEach(aclTCRResponse -> {
            ((List) Optional.ofNullable(aclTCRResponse.getTables()).orElse(Lists.newArrayList())).stream().forEach(table -> {
                table.setRows((List) null);
                table.setLikeRows((List) null);
            });
        });
        return new EnvelopeResponse<>("000", projectSidTCR, "");
    }

    @PutMapping({"/sid/{sid_type:.+}/{sid:.+}"})
    @ApiOperation(value = "updateProject", tags = {"MID"}, notes = "Update URL: {project}")
    @ResponseBody
    public EnvelopeResponse<String> updateProject(@PathVariable("sid_type") String str, @PathVariable("sid") String str2, @RequestParam("project") String str3, @RequestBody List<AclTCRRequest> list) throws IOException {
        checkProjectName(str3);
        AclPermissionUtil.checkAclUpdatable(str3, this.aclTCRService.getCurrentUserGroups());
        list.stream().forEach(aclTCRRequest -> {
            ((List) Optional.ofNullable(aclTCRRequest.getTables()).orElse(Lists.newArrayList())).stream().forEach(table -> {
                table.setRowFilter((AclTCRRequest.RowFilter) null);
            });
        });
        if (str.equalsIgnoreCase("user")) {
            updateSidAclTCR(str3, makeUserNameCaseInSentive(str2), true, list);
        } else {
            if (!str.equalsIgnoreCase("group")) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getInvalidSidType());
            }
            updateSidAclTCR(str3, str2, false, list);
        }
        return new EnvelopeResponse<>("000", "", "");
    }

    @GetMapping(value = {"/updatable"}, produces = {"application/vnd.apache.kylin-v4+json", "application/vnd.apache.kylin-v4-public+json"})
    @ResponseBody
    public EnvelopeResponse<Boolean> getAllowAclUpdatable(@RequestParam("project") String str) throws IOException {
        return new EnvelopeResponse<>("000", Boolean.valueOf(AclPermissionUtil.isAclUpdatable(str, this.aclTCRService.getCurrentUserGroups())), "");
    }

    private List<AclTCRResponse> getProjectSidTCR(String str, String str2, boolean z, boolean z2) throws IOException {
        this.accessService.checkSid(str2, z);
        return this.aclTCRService.getAclTCRResponse(str, str2, z, z2);
    }

    private void updateSidAclTCR(String str, String str2, boolean z, List<AclTCRRequest> list) throws IOException {
        this.accessService.checkSid(str2, z);
        if (this.accessService.hasProjectPermission(str, str2, z)) {
            this.aclTCRService.updateAclTCR(str, str2, z, list);
        } else {
            throw new KylinException(ServerErrorCode.ACCESS_DENIED, String.format(Locale.ROOT, MsgPicker.getMsg().getGrantTableWithSidHasNotProjectPermission(), str2, str));
        }
    }
}
