package org.apache.kylin.rest.controller.v2;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.util.Pair;
import org.apache.kylin.metadata.project.NProjectManager;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.rest.controller.NBasicController;
import org.apache.kylin.rest.response.AccessEntryResponse;
import org.apache.kylin.rest.response.EnvelopeResponse;
import org.apache.kylin.rest.response.OpenAccessGroupResponse;
import org.apache.kylin.rest.response.OpenAccessUserResponse;
import org.apache.kylin.rest.service.AccessService;
import org.apache.kylin.rest.service.AclTCRService;
import org.apache.kylin.rest.service.IUserGroupService;
import org.apache.kylin.rest.service.UserService;
import org.apache.kylin.rest.util.AclEvaluate;
import org.apache.kylin.rest.util.PagingUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping(value = {"/api/access"}, produces = {"application/vnd.apache.kylin-v2+json"})
@Controller
/* loaded from: input_file:org/apache/kylin/rest/controller/v2/NAccessControllerV2.class */
public class NAccessControllerV2 extends NBasicController {

    @Autowired
    @Qualifier("accessService")
    private AccessService accessService;

    @Autowired
    @Qualifier("userService")
    protected UserService userService;

    @Autowired
    @Qualifier("userGroupService")
    private IUserGroupService userGroupService;

    @Autowired
    @Qualifier("aclTCRService")
    private AclTCRService aclTCRService;

    @Autowired
    private AclEvaluate aclEvaluate;
    private static final String PROJECT_NAME = "project_name";
    private static final String TABLE_NAME = "table_name";

    private ManagedUser checkAndGetUser(String str) {
        if (this.userService.userExists(str)) {
            return this.userService.loadUserByUsername(str);
        }
        throw new KylinException(ServerErrorCode.USER_NOT_EXIST, String.format(Locale.ROOT, "User '%s' does not exists.", str));
    }

    @ApiOperation(value = "getAllAccessEntitiesOfUser", tags = {"MID"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @GetMapping({"/{userName:.+}"})
    @ResponseBody
    public EnvelopeResponse getAllAccessEntitiesOfUser(@PathVariable("userName") String str) throws IOException {
        checkAndGetUser(str);
        ArrayList arrayList = new ArrayList();
        for (String str2 : this.accessService.getGrantedProjectsOfUser(str)) {
            HashMap hashMap = new HashMap();
            hashMap.put(PROJECT_NAME, str2);
            hashMap.put(TABLE_NAME, (List) this.aclTCRService.getAuthorizedTables(str2, str).stream().map((v0) -> {
                return v0.getIdentity();
            }).collect(Collectors.toList()));
            arrayList.add(hashMap);
        }
        return new EnvelopeResponse("000", arrayList, "");
    }

    @ApiOperation(value = "getAccessEntities", tags = {"MID"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @GetMapping(value = {"/{type}/{project}"}, produces = {"application/vnd.apache.kylin-v2+json"})
    @ResponseBody
    public EnvelopeResponse<Map<String, Object>> getAccessEntities(@PathVariable("type") String str, @PathVariable("project") String str2, @RequestParam(value = "name", required = false) String str3, @RequestParam(value = "isCaseSensitive", required = false) boolean z, @RequestParam(value = "pageOffset", required = false, defaultValue = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") Integer num2) throws IOException {
        List<AccessEntryResponse> accessList = getAccessList(str, str2, str3, z);
        List cutPage = PagingUtil.cutPage(accessList, num.intValue(), num2.intValue());
        HashMap hashMap = new HashMap();
        hashMap.put("sids", cutPage);
        hashMap.put("size", Integer.valueOf(accessList.size()));
        return new EnvelopeResponse<>("000", hashMap, "");
    }

    @GetMapping(value = {"/all/users"}, produces = {"application/vnd.apache.kylin-v2+json"})
    @ApiOperation(value = "getAllAccessUsers", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<OpenAccessUserResponse> getAllAccessUsers(@RequestParam(value = "project", required = false) String str, @RequestParam(value = "userName", required = false) String str2, @RequestParam(value = "pageOffset", required = false, defaultValue = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") Integer num2) throws IOException {
        Set<ManagedUser> newHashSet = StringUtils.isNotEmpty(str2) ? Sets.newHashSet(new ManagedUser[]{checkAndGetUser(str2)}) : getUsersOfProjects(getGrantedProjects(str));
        return new EnvelopeResponse<>("000", new OpenAccessUserResponse(PagingUtil.cutPage(Lists.newArrayList(newHashSet), num.intValue(), num2.intValue()), newHashSet.size()), "");
    }

    @GetMapping(value = {"/all/groups"}, produces = {"application/vnd.apache.kylin-v2+json"})
    @ApiOperation(value = "getAllAccessGroups", tags = {"MID"})
    @ResponseBody
    public EnvelopeResponse<OpenAccessGroupResponse> getAllAccessGroups(@RequestParam(value = "project", required = false) String str, @RequestParam(value = "groupName", required = false) String str2, @RequestParam(value = "pageOffset", required = false, defaultValue = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") Integer num2) throws IOException {
        List<Pair<String, Integer>> newArrayList = StringUtils.isNotEmpty(str2) ? Lists.newArrayList(new Pair[]{Pair.newPair(str2, Integer.valueOf(this.userGroupService.getGroupMembersByName(str2).size()))}) : getUserGroupsOfProjects(getGrantedProjects(str));
        return new EnvelopeResponse<>("000", new OpenAccessGroupResponse(PagingUtil.cutPage(Lists.newArrayList(newArrayList), num.intValue(), num2.intValue()), newArrayList.size()), "");
    }

    private List<AccessEntryResponse> getAccessList(String str, String str2, String str3, boolean z) throws IOException {
        return this.accessService.generateAceResponsesByFuzzMatching(this.accessService.getAclEntity(str, getProject(str2).getUuid()), str3, z);
    }

    private List<String> getGrantedProjects(String str) {
        NProjectManager nProjectManager = NProjectManager.getInstance(KylinConfig.getInstanceFromEnv());
        return StringUtils.isBlank(str) ? (List) nProjectManager.listAllProjects().stream().map((v0) -> {
            return v0.getName();
        }).filter(str2 -> {
            return this.aclEvaluate.hasProjectAdminPermission(str2);
        }).collect(Collectors.toList()) : this.aclEvaluate.hasProjectReadPermission(nProjectManager.getProject(str)) ? Lists.newArrayList(new String[]{str}) : Lists.newArrayList();
    }

    private Set<ManagedUser> getUsersOfProjects(List<String> list) throws IOException {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            newHashSet.addAll((Collection) getAccessList("ProjectInstance", it.next(), null, false).stream().filter(accessEntryResponse -> {
                return accessEntryResponse.getSid() instanceof PrincipalSid;
            }).map(accessEntryResponse2 -> {
                return this.userService.loadUserByUsername(accessEntryResponse2.getSid().getPrincipal());
            }).collect(Collectors.toSet()));
        }
        return newHashSet;
    }

    private List<Pair<String, Integer>> getUserGroupsOfProjects(List<String> list) throws IOException {
        ArrayList newArrayList = Lists.newArrayList();
        ArrayList newArrayList2 = Lists.newArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            for (AccessEntryResponse accessEntryResponse : getAccessList("ProjectInstance", it.next(), null, false)) {
                if (accessEntryResponse.getSid() instanceof GrantedAuthoritySid) {
                    String grantedAuthority = accessEntryResponse.getSid().getGrantedAuthority();
                    if (!newArrayList2.contains(grantedAuthority)) {
                        newArrayList2.add(grantedAuthority);
                        newArrayList.add(Pair.newPair(grantedAuthority, Integer.valueOf(this.userGroupService.getGroupMembersByName(grantedAuthority).size())));
                    }
                }
            }
        }
        return newArrayList;
    }
}
