package org.gridgain.internal.rest.rbac.privileges;

import io.micronaut.http.annotation.Controller;
import io.micronaut.security.utils.SecurityService;
import java.util.Collection;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import org.apache.ignite3.internal.rest.ResourceHolder;
import org.apache.ignite3.internal.rest.api.rbac.assignmens.PrivilegeAssignment;
import org.apache.ignite3.internal.rest.api.rbac.privileges.Privilege;
import org.apache.ignite3.internal.rest.api.rbac.privileges.PrivilegesApi;
import org.apache.ignite3.internal.rest.api.rbac.privileges.RolePrivileges;
import org.gridgain.internal.rbac.privileges.Action;
import org.gridgain.internal.rbac.privileges.ActionAlias;
import org.gridgain.internal.rbac.privileges.PrivilegeAlias;
import org.gridgain.internal.rbac.privileges.PrivilegeManagement;
import org.gridgain.internal.rbac.privileges.exception.IllegalPrivilegeException;
import org.gridgain.internal.rest.SecurityContextAware;
import org.jetbrains.annotations.Nullable;

@Controller("/management/v1/rbac/pg")
/* loaded from: input_file:org/gridgain/internal/rest/rbac/privileges/PrivilegesController.class */
public class PrivilegesController implements PrivilegesApi, ResourceHolder, SecurityContextAware {
    private PrivilegeManagement privilegeManagement;
    private final SecurityService securityService;

    public PrivilegesController(PrivilegeManagement privilegeManagement, SecurityService securityService) {
        this.privilegeManagement = privilegeManagement;
        this.securityService = securityService;
    }

    private static Action parseAction(String str) {
        try {
            return Action.valueOf(str);
        } catch (IllegalArgumentException e) {
            throw new IllegalPrivilegeException("Wrong action: " + str);
        }
    }

    private static Collection<Privilege> toDtos(Set<org.gridgain.internal.rbac.privileges.Privilege> set) {
        return (Collection) set.stream().map(PrivilegesController::toDto).collect(Collectors.toList());
    }

    private static Privilege toDto(org.gridgain.internal.rbac.privileges.Privilege privilege) {
        return new Privilege(privilege.action().name(), privilege.selector().toRawString());
    }

    private static Set<org.gridgain.internal.rbac.privileges.Privilege> fromDtos(Set<Privilege> set) {
        return (Set) set.stream().map(privilege -> {
            return fromDto(privilege.action(), privilege.on());
        }).collect(Collectors.toSet());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static org.gridgain.internal.rbac.privileges.Privilege fromDto(String str, @Nullable String str2) {
        return org.gridgain.internal.rbac.privileges.Privilege.builder().action(parseAction(str)).selector(str2).build();
    }

    @Nullable
    private static ActionAlias tryParseAlias(String str) {
        try {
            return ActionAlias.valueOf(str);
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    private static PrivilegeAlias aliasFromDto(Privilege privilege) {
        ActionAlias tryParseAlias = tryParseAlias(privilege.action());
        if (tryParseAlias == null) {
            throw new IllegalPrivilegeException("Wrong action: " + privilege.action());
        }
        return PrivilegeAlias.builder().selector(privilege.on()).alias(tryParseAlias).build();
    }

    private static boolean isAlias(String str) {
        return tryParseAlias(str) != null;
    }

    @Override // org.apache.ignite3.internal.rest.api.rbac.privileges.PrivilegesApi
    public CompletableFuture<Iterable<Privilege>> privileges(String str) {
        return (CompletableFuture) secured(() -> {
            return this.privilegeManagement.getPrivilegesAsync(str).thenApply(PrivilegesController::toDtos);
        });
    }

    @Override // org.apache.ignite3.internal.rest.api.rbac.privileges.PrivilegesApi
    public CompletableFuture<Void> grant(PrivilegeAssignment privilegeAssignment) {
        if (privilegeAssignment.privileges().size() == 1) {
            Privilege privilege = privilegeAssignment.privileges().stream().findFirst().get();
            if (isAlias(privilege.action())) {
                return (CompletableFuture) secured(() -> {
                    return this.privilegeManagement.grantAsync(aliasFromDto(privilege), privilegeAssignment.roleNames());
                });
            }
        }
        return (CompletableFuture) secured(() -> {
            return this.privilegeManagement.grantAsync(fromDtos(privilegeAssignment.privileges()), privilegeAssignment.roleNames());
        });
    }

    @Override // org.apache.ignite3.internal.rest.api.rbac.privileges.PrivilegesApi
    public CompletableFuture<Void> revoke(PrivilegeAssignment privilegeAssignment) {
        if (privilegeAssignment.privileges().size() == 1) {
            Privilege privilege = privilegeAssignment.privileges().stream().findFirst().get();
            if (isAlias(privilege.action())) {
                return (CompletableFuture) secured(() -> {
                    return this.privilegeManagement.revokeAsync(aliasFromDto(privilege), privilegeAssignment.roleNames());
                });
            }
        }
        return (CompletableFuture) secured(() -> {
            return this.privilegeManagement.revokeAsync(fromDtos(privilegeAssignment.privileges()), privilegeAssignment.roleNames());
        });
    }

    @Override // org.apache.ignite3.internal.rest.api.rbac.privileges.PrivilegesApi
    public CompletableFuture<Iterable<RolePrivileges>> rolesWithPrivileges() {
        return (CompletableFuture) secured(() -> {
            return this.privilegeManagement.getRolesWithPrivilegesAsync().thenApply(map -> {
                return (Iterable) map.entrySet().stream().map(entry -> {
                    return new RolePrivileges((String) entry.getKey(), toDtos((Set) entry.getValue()));
                }).collect(Collectors.toList());
            });
        });
    }

    @Override // org.apache.ignite3.internal.rest.ResourceHolder
    public void cleanResources() {
        this.privilegeManagement = null;
    }

    @Override // org.gridgain.internal.rest.SecurityContextAware
    public SecurityService securityService() {
        return this.securityService;
    }
}
