package org.gridgain.internal.rbac.roles;

import java.util.Collection;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import org.apache.ignite.internal.util.CompletableFutures;
import org.gridgain.internal.rbac.assignments.RoleAssignmentManagement;
import org.gridgain.internal.rbac.assignments.exception.RoleAssignmentExistsException;
import org.gridgain.internal.rbac.assignments.exception.RoleGrantedException;
import org.gridgain.internal.rbac.authorization.Authorizer;
import org.gridgain.internal.rbac.privileges.Action;
import org.gridgain.internal.rbac.privileges.Privilege;
import org.gridgain.internal.rbac.roles.exception.RoleAlreadyExistsException;
import org.gridgain.internal.rbac.roles.exception.RoleNotFoundException;
import org.gridgain.internal.rbac.roles.exception.RoleValidationException;
import org.gridgain.internal.rbac.users.exception.SystemUserModificationException;

/* loaded from: input_file:org/gridgain/internal/rbac/roles/RoleManagementImpl.class */
public class RoleManagementImpl implements RoleManagement {
    private final RoleStore roleStore;
    private final RoleAssignmentManagement roleAssignmentManagement;
    private final Authorizer authorizer;

    public RoleManagementImpl(RoleStore roleStore, RoleAssignmentManagement roleAssignmentManagement, Authorizer authorizer) {
        this.roleStore = roleStore;
        this.roleAssignmentManagement = roleAssignmentManagement;
        this.authorizer = authorizer;
    }

    public CompletableFuture<Void> createAsync(Role role) {
        return this.authorizer.authorizeThenCompose(Action.CREATE_ROLE, () -> {
            checkSystemRoleModification(role.name(), "System role can not be created.");
            return this.roleStore.putIfNotExists(role.name(), (String) role).thenAccept(operationResult -> {
                switch (operationResult) {
                    case SUCCESS:
                        return;
                    case ROLE_EXISTS:
                        throw new RoleAlreadyExistsException(role.name());
                    default:
                        throw new IllegalStateException("Unexpected operation result: " + operationResult);
                }
            });
        });
    }

    public CompletableFuture<Void> dropAsync(String str, boolean z) {
        if (Objects.equals(str, "system")) {
            return CompletableFuture.failedFuture(new RoleValidationException("Cannot drop the super role system"));
        }
        return this.authorizer.authorizeThenCompose(Set.of(Privilege.fromAction(Action.DROP_ROLE), Privilege.fromAction(Action.READ_ROLE)), () -> {
            checkSystemRoleModification(str, "System role can not be removed.");
            return this.roleAssignmentManagement.usernamesByRoleAsync(str).thenCompose(set -> {
                return set.isEmpty() ? CompletableFutures.nullCompletedFuture() : z ? this.roleAssignmentManagement.revokeAsync(Set.of(str), set) : CompletableFuture.failedFuture(new RoleAssignmentExistsException(str));
            }).thenCompose(r5 -> {
                return this.roleStore.removeIfExists(str).thenAccept(operationResult -> {
                    switch (operationResult) {
                        case SUCCESS:
                            return;
                        case ROLE_GRANTED:
                            throw new RoleGrantedException(str);
                        case ROLE_NOT_FOUND:
                            throw new RoleNotFoundException(str);
                        default:
                            throw new IllegalStateException("Unexpected operation result: " + operationResult);
                    }
                });
            });
        });
    }

    public CompletableFuture<Role> findByNameAsync(String str) {
        return this.authorizer.authorizeThenCompose(Action.READ_ROLE, () -> {
            return this.roleStore.get(str).thenApply(role -> {
                if (role == null) {
                    throw new RoleNotFoundException(str);
                }
                return role;
            });
        });
    }

    public CompletableFuture<Collection<Role>> findAllAsync() {
        Authorizer authorizer = this.authorizer;
        Action action = Action.READ_ROLE;
        RoleStore roleStore = this.roleStore;
        Objects.requireNonNull(roleStore);
        return authorizer.authorizeThenCompose(action, roleStore::getAll);
    }

    private static void checkSystemRoleModification(String str, String str2) {
        if (str.equalsIgnoreCase("gridgain-system-bypass")) {
            throw new SystemUserModificationException(str2);
        }
    }
}
