package org.apache.ambari.server.controller.internal;

import com.google.inject.Inject;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.ambari.server.StaticallyInject;
import org.apache.ambari.server.controller.AmbariManagementController;
import org.apache.ambari.server.controller.UserAuthorizationResponse;
import org.apache.ambari.server.controller.predicate.EqualsPredicate;
import org.apache.ambari.server.controller.spi.ClusterController;
import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
import org.apache.ambari.server.controller.spi.NoSuchResourceException;
import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.Request;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.controller.spi.ResourceProvider;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.ClusterControllerHelper;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.AuthorizationHelper;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.RoleAuthorization;

@StaticallyInject
/* loaded from: input_file:org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.class */
public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider {
    public static final String AUTHORIZATION_ID_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_id");
    public static final String USERNAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "user_name");
    public static final String AUTHORIZATION_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_name");
    public static final String AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "resource_type");
    public static final String AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "cluster_name");
    public static final String AUTHORIZATION_VIEW_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "view_name");
    public static final String AUTHORIZATION_VIEW_VERSION_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "view_version");
    public static final String AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", ViewURLResourceProvider.VIEW_INSTANCE_NAME_PROPERTY_ID);
    private static final Set<String> PK_PROPERTY_IDS;
    private static final Set<String> PROPERTY_IDS;
    private static final Map<Resource.Type, String> KEY_PROPERTY_IDS;

    @Inject
    private static PermissionDAO permissionDAO;

    @Inject
    private static ResourceTypeDAO resourceTypeDAO;
    private final ClusterController clusterController;

    public static void init(PermissionDAO permissionDAO2, ResourceTypeDAO resourceTypeDAO2) {
        permissionDAO = permissionDAO2;
        resourceTypeDAO = resourceTypeDAO2;
    }

    public UserAuthorizationResourceProvider(AmbariManagementController ambariManagementController) {
        super(Resource.Type.UserAuthorization, PROPERTY_IDS, KEY_PROPERTY_IDS, ambariManagementController);
        this.clusterController = ClusterControllerHelper.getClusterController();
    }

    @Override // org.apache.ambari.server.controller.internal.ReadOnlyResourceProvider, org.apache.ambari.server.controller.internal.AbstractAuthorizedResourceProvider, org.apache.ambari.server.controller.spi.ResourceProvider
    public Set<Resource> getResources(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
        Set<String> requestPropertyIds = getRequestPropertyIds(request, predicate);
        HashSet hashSet = new HashSet();
        ResourceProvider ensureResourceProvider = this.clusterController.ensureResourceProvider(Resource.Type.UserPrivilege);
        boolean isAuthorized = AuthorizationHelper.isAuthorized(ResourceType.AMBARI, (Long) null, RoleAuthorization.AMBARI_MANAGE_USERS);
        Iterator<Map<String, Object>> it = getPropertyMaps(predicate).iterator();
        while (it.hasNext()) {
            String str = (String) it.next().get(USERNAME_PROPERTY_ID);
            if (!isAuthorized && !AuthorizationHelper.getAuthenticatedName().equalsIgnoreCase(str)) {
                throw new AuthorizationException();
            }
            Set<Resource> resources = ensureResourceProvider.getResources(createUserPrivilegeRequest(), createUserPrivilegePredicate(str));
            if (resources != null) {
                for (Resource resource : resources) {
                    String str2 = (String) resource.getPropertyValue(PrivilegeResourceProvider.PERMISSION_NAME);
                    String str3 = (String) resource.getPropertyValue(AmbariPrivilegeResourceProvider.TYPE);
                    ResourceTypeEntity findByName = resourceTypeDAO.findByName(str3);
                    if (findByName != null) {
                        PermissionEntity findPermissionByNameAndType = permissionDAO.findPermissionByNameAndType(str2, findByName);
                        Collection<RoleAuthorizationEntity> authorizations = findPermissionByNameAndType == null ? null : findPermissionByNameAndType.getAuthorizations();
                        if (authorizations != null) {
                            if ("VIEW".equals(str3)) {
                                addViewResources(hashSet, str, str3, resource, authorizations, requestPropertyIds);
                            } else {
                                addClusterResources(hashSet, str, str3, resource, authorizations, requestPropertyIds);
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    @Override // org.apache.ambari.server.controller.internal.AbstractResourceProvider
    protected Set<String> getPKPropertyIds() {
        return PK_PROPERTY_IDS;
    }

    private Predicate createUserPrivilegePredicate(String str) {
        return new EqualsPredicate("PrivilegeInfo/user_name", str);
    }

    private Request createUserPrivilegeRequest() {
        HashSet hashSet = new HashSet();
        hashSet.add(PrivilegeResourceProvider.PRIVILEGE_ID);
        hashSet.add(PrivilegeResourceProvider.PERMISSION_NAME);
        hashSet.add(AmbariPrivilegeResourceProvider.TYPE);
        hashSet.add("PrivilegeInfo/cluster_name");
        hashSet.add(ViewPrivilegeResourceProvider.VIEW_NAME);
        hashSet.add(ViewPrivilegeResourceProvider.VERSION);
        hashSet.add(ViewPrivilegeResourceProvider.INSTANCE_NAME);
        return new RequestImpl(hashSet, null, null, null);
    }

    private void addClusterResources(Set<Resource> set, String str, String str2, Resource resource, Collection<RoleAuthorizationEntity> collection, Set<String> set2) {
        for (RoleAuthorizationEntity roleAuthorizationEntity : collection) {
            ResourceImpl resourceImpl = new ResourceImpl(Resource.Type.UserAuthorization);
            setResourceProperty(resourceImpl, AUTHORIZATION_ID_PROPERTY_ID, getResponse(roleAuthorizationEntity.getAuthorizationId(), roleAuthorizationEntity.getAuthorizationName(), (String) resource.getPropertyValue("PrivilegeInfo/cluster_name"), str2, str).getAuthorizationId(), set2);
            setResourceProperty(resourceImpl, USERNAME_PROPERTY_ID, str, set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_NAME_PROPERTY_ID, roleAuthorizationEntity.getAuthorizationName(), set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID, str2, set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID, resource.getPropertyValue("PrivilegeInfo/cluster_name"), set2);
            set.add(resourceImpl);
        }
    }

    private void addViewResources(Set<Resource> set, String str, String str2, Resource resource, Collection<RoleAuthorizationEntity> collection, Set<String> set2) {
        for (RoleAuthorizationEntity roleAuthorizationEntity : collection) {
            ResourceImpl resourceImpl = new ResourceImpl(Resource.Type.UserAuthorization);
            UserAuthorizationResponse response = getResponse(roleAuthorizationEntity.getAuthorizationId(), roleAuthorizationEntity.getAuthorizationName(), str2, str, (String) resource.getPropertyValue(ViewPrivilegeResourceProvider.VIEW_NAME), (String) resource.getPropertyValue(ViewPrivilegeResourceProvider.VERSION), (String) resource.getPropertyValue(ViewPrivilegeResourceProvider.INSTANCE_NAME));
            setResourceProperty(resourceImpl, AUTHORIZATION_ID_PROPERTY_ID, response.getAuthorizationId(), set2);
            setResourceProperty(resourceImpl, USERNAME_PROPERTY_ID, response.getUserName(), set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_NAME_PROPERTY_ID, response.getAuthorizationName(), set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID, response.getResourceType(), set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_VIEW_NAME_PROPERTY_ID, response.getViewName(), set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_VIEW_VERSION_PROPERTY_ID, response.getViewVersion(), set2);
            setResourceProperty(resourceImpl, AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID, response.getViewInstanceName(), set2);
            set.add(resourceImpl);
        }
    }

    private UserAuthorizationResponse getResponse(String str, String str2, String str3, String str4, String str5) {
        return new UserAuthorizationResponse(str, str2, str3, str4, str5);
    }

    private UserAuthorizationResponse getResponse(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        return new UserAuthorizationResponse(str, str2, str3, str4, str5, str6, str7);
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(AUTHORIZATION_ID_PROPERTY_ID);
        hashSet.add(USERNAME_PROPERTY_ID);
        hashSet.add(AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID);
        PK_PROPERTY_IDS = Collections.unmodifiableSet(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(AUTHORIZATION_ID_PROPERTY_ID);
        hashSet2.add(USERNAME_PROPERTY_ID);
        hashSet2.add(AUTHORIZATION_NAME_PROPERTY_ID);
        hashSet2.add(AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID);
        hashSet2.add(AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID);
        hashSet2.add(AUTHORIZATION_VIEW_NAME_PROPERTY_ID);
        hashSet2.add(AUTHORIZATION_VIEW_VERSION_PROPERTY_ID);
        hashSet2.add(AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID);
        PROPERTY_IDS = Collections.unmodifiableSet(hashSet2);
        HashMap hashMap = new HashMap();
        hashMap.put(Resource.Type.User, USERNAME_PROPERTY_ID);
        hashMap.put(Resource.Type.UserAuthorization, AUTHORIZATION_ID_PROPERTY_ID);
        KEY_PROPERTY_IDS = Collections.unmodifiableMap(hashMap);
    }
}
