package org.elasticsearch.shield.action.interceptor;

import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.bulk.BulkRequest;
import org.elasticsearch.action.update.UpdateRequest;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authz.InternalAuthorizationService;
import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.transport.TransportRequest;

/* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/action/interceptor/BulkRequestInterceptor.class */
public class BulkRequestInterceptor extends AbstractComponent implements RequestInterceptor<BulkRequest> {
    @Inject
    public BulkRequestInterceptor(Settings settings) {
        super(settings);
    }

    @Override // org.elasticsearch.shield.action.interceptor.RequestInterceptor
    public void intercept(BulkRequest bulkRequest, User user) {
        IndicesAccessControl indicesAccessControl = (IndicesAccessControl) bulkRequest.getFromContext(InternalAuthorizationService.INDICES_PERMISSIONS_KEY);
        for (IndicesRequest indicesRequest : bulkRequest.subRequests()) {
            for (String str : indicesRequest.indices()) {
                IndicesAccessControl.IndexAccessControl indexPermissions = indicesAccessControl.getIndexPermissions(str);
                if (indexPermissions != null) {
                    boolean z = indexPermissions.getFields() != null;
                    boolean z2 = indexPermissions.getQueries() != null;
                    if (z || z2) {
                        this.logger.debug("intercepted request for index [{}] with field level or document level security enabled, disabling features", new Object[]{str});
                        if (indicesRequest instanceof UpdateRequest) {
                            throw new ElasticsearchSecurityException("Can't execute an bulk request with update requests embedded if field or document level security is enabled", RestStatus.BAD_REQUEST, new Object[0]);
                        }
                    }
                }
                this.logger.trace("intercepted request for index [{}] with neither field level or document level security not enabled, doing nothing", new Object[]{str});
            }
        }
    }

    @Override // org.elasticsearch.shield.action.interceptor.RequestInterceptor
    public boolean supports(TransportRequest transportRequest) {
        return transportRequest instanceof BulkRequest;
    }
}
