package org.apache.kylin.rest.controller.open;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.rest.controller.NBasicController;
import org.apache.kylin.rest.request.AclTCRRequest;
import org.apache.kylin.rest.response.EnvelopeResponse;
import org.apache.kylin.rest.service.AccessService;
import org.apache.kylin.rest.service.AclTCRService;
import org.apache.kylin.rest.service.IUserGroupService;
import org.apache.kylin.rest.util.AclPermissionUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping(value = {"/api/acl"}, produces = {"application/vnd.apache.kylin-v4-public+json"})
@Controller
/* loaded from: input_file:org/apache/kylin/rest/controller/open/OpenAclTCRController.class */
public class OpenAclTCRController extends NBasicController {

    @Autowired
    @Qualifier("aclTCRService")
    private AclTCRService aclTCRService;

    @Autowired
    @Qualifier("accessService")
    private AccessService accessService;

    @Autowired
    @Qualifier("userGroupService")
    private IUserGroupService userGroupService;

    @PutMapping({"/sid/{sid_type:.+}/{sid:.+}"})
    @ApiOperation(value = "updateProjectAcl", tags = {"MID"}, notes = "Update URL: {project}; Update Param: project")
    @ResponseBody
    public EnvelopeResponse<String> updateProject(@PathVariable("sid_type") String str, @PathVariable("sid") String str2, @RequestParam("project") String str3, @RequestBody List<AclTCRRequest> list) throws IOException {
        checkProjectName(str3);
        AclPermissionUtil.checkAclUpdatable(str3, this.aclTCRService.getCurrentUserGroups());
        list.stream().forEach(aclTCRRequest -> {
            ((List) Optional.ofNullable(aclTCRRequest.getTables()).orElse(Lists.newArrayList())).stream().forEach(table -> {
                table.setRowFilter((AclTCRRequest.RowFilter) null);
            });
        });
        if (str.equalsIgnoreCase("user")) {
            mergeSidAclTCR(str3, makeUserNameCaseInSentive(str2), true, list);
        } else {
            if (!str.equalsIgnoreCase("group")) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getInvalidSidType());
            }
            mergeSidAclTCR(str3, str2, false, list);
        }
        return new EnvelopeResponse<>("000", "", "");
    }

    private void mergeSidAclTCR(String str, String str2, boolean z, List<AclTCRRequest> list) throws IOException {
        mergeSidAclTCR(str, str2, z, list, null);
    }

    private void mergeSidAclTCR(String str, String str2, boolean z, List<AclTCRRequest> list, Set<String> set) throws IOException {
        if (set != null) {
            this.accessService.batchCheckSid(str2, z, set);
        } else {
            this.accessService.checkSid(str2, z);
        }
        if (this.accessService.hasProjectPermission(str, str2, z)) {
            this.aclTCRService.mergeAclTCR(str, str2, z, list);
        } else {
            throw new KylinException(ServerErrorCode.ACCESS_DENIED, String.format(Locale.ROOT, MsgPicker.getMsg().getGrantTableWithSidHasNotProjectPermission(), str2, str));
        }
    }

    @PutMapping({"/batch/{sid_type:.+}"})
    @ApiOperation(value = "updateProjectAcl With New Foramt", tags = {"MID"}, notes = "Update URL: {project}; Update Param: project")
    @ResponseBody
    public EnvelopeResponse<String> batchUpdateProject(@PathVariable("sid_type") String str, @RequestParam("project") String str2, @RequestBody Map<String, List<AclTCRRequest>> map) throws IOException {
        checkProjectName(str2);
        Preconditions.checkState(str.equalsIgnoreCase("group"));
        AclPermissionUtil.checkAclUpdatable(str2, this.aclTCRService.getCurrentUserGroups());
        List allUserGroups = this.userGroupService.getAllUserGroups();
        if (CollectionUtils.isEmpty(allUserGroups)) {
            throw new KylinException(ServerErrorCode.EMPTY_USERGROUP_NAME, MsgPicker.getMsg().getEmptySid());
        }
        HashSet newHashSet = Sets.newHashSet(allUserGroups);
        for (Map.Entry<String, List<AclTCRRequest>> entry : map.entrySet()) {
            mergeSidAclTCR(str2, entry.getKey(), false, entry.getValue(), newHashSet);
        }
        return new EnvelopeResponse<>("000", "", "");
    }

    @PutMapping({"/{sid_type:.+}/{sid:.+}"})
    @ApiOperation(value = "updateProjectAcl With New Foramt", tags = {"MID"}, notes = "Update URL: {project}; Update Param: project")
    @ResponseBody
    public EnvelopeResponse<String> updateProjectV2(@PathVariable("sid_type") String str, @PathVariable("sid") String str2, @RequestParam("project") String str3, @RequestBody List<AclTCRRequest> list) throws IOException {
        checkProjectName(str3);
        AclPermissionUtil.checkAclUpdatable(str3, this.aclTCRService.getCurrentUserGroups());
        if (str.equalsIgnoreCase("user")) {
            mergeSidAclTCR(str3, makeUserNameCaseInSentive(str2), true, list);
        } else {
            if (!str.equalsIgnoreCase("group")) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getInvalidSidType());
            }
            mergeSidAclTCR(str3, str2, false, list);
        }
        return new EnvelopeResponse<>("000", "", "");
    }
}
