package org.apache.doris.mysql.privilege;

import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.gson.annotations.SerializedName;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.doris.analysis.ResourcePattern;
import org.apache.doris.analysis.TablePattern;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.analysis.WorkloadGroupPattern;
import org.apache.doris.catalog.Env;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.PatternMatcherException;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.mysql.privilege.Auth;
import org.apache.doris.persist.gson.GsonPostProcessable;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.doris.resource.workloadgroup.WorkloadGroupMgr;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/privilege/Role.class */
public class Role implements Writable, GsonPostProcessable {
    private static final Logger LOG = LogManager.getLogger(Role.class);
    public static String OPERATOR_ROLE = "operator";
    public static String ADMIN_ROLE = Auth.ADMIN_USER;
    public static Role OPERATOR;
    public static Role ADMIN;

    @SerializedName("roleName")
    private String roleName;

    @SerializedName("tblPatternToPrivs")
    private Map<TablePattern, PrivBitSet> tblPatternToPrivs = Maps.newConcurrentMap();

    @SerializedName("resourcePatternToPrivs")
    private Map<ResourcePattern, PrivBitSet> resourcePatternToPrivs = Maps.newConcurrentMap();

    @SerializedName("workloadGroupPatternToPrivs")
    private Map<WorkloadGroupPattern, PrivBitSet> workloadGroupPatternToPrivs = Maps.newConcurrentMap();

    @SerializedName("colPrivMap")
    private Map<ColPrivilegeKey, Set<String>> colPrivMap = Maps.newHashMap();
    private GlobalPrivTable globalPrivTable = new GlobalPrivTable();
    private CatalogPrivTable catalogPrivTable = new CatalogPrivTable();
    private DbPrivTable dbPrivTable = new DbPrivTable();
    private TablePrivTable tablePrivTable = new TablePrivTable();
    private ResourcePrivTable resourcePrivTable = new ResourcePrivTable();
    private WorkloadGroupPrivTable workloadGroupPrivTable = new WorkloadGroupPrivTable();

    @Deprecated
    private Set<UserIdentity> users = Sets.newConcurrentHashSet();

    @Deprecated
    public Set<UserIdentity> getUsers() {
        return this.users;
    }

    private Role() {
    }

    public Role(String str) {
        this.roleName = str;
    }

    public Role(String str, TablePattern tablePattern, PrivBitSet privBitSet) throws DdlException {
        this.roleName = str;
        this.tblPatternToPrivs.put(tablePattern, privBitSet);
        grantPrivs(tablePattern, privBitSet.copy());
    }

    public Role(String str, TablePattern tablePattern, PrivBitSet privBitSet, Map<ColPrivilegeKey, Set<String>> map) throws DdlException {
        this.roleName = str;
        this.tblPatternToPrivs.put(tablePattern, privBitSet);
        grantPrivs(tablePattern, privBitSet.copy());
        grantCols(map);
    }

    public Role(String str, ResourcePattern resourcePattern, PrivBitSet privBitSet) throws DdlException {
        this.roleName = str;
        this.resourcePatternToPrivs.put(resourcePattern, privBitSet);
        grantPrivs(resourcePattern, privBitSet.copy());
    }

    public Role(String str, WorkloadGroupPattern workloadGroupPattern, PrivBitSet privBitSet) throws DdlException {
        this.roleName = str;
        this.workloadGroupPatternToPrivs.put(workloadGroupPattern, privBitSet);
        grantPrivs(workloadGroupPattern, privBitSet.copy());
    }

    public Role(String str, List<TablePattern> list, PrivBitSet privBitSet, WorkloadGroupPattern workloadGroupPattern, PrivBitSet privBitSet2) {
        this.roleName = str;
        this.workloadGroupPatternToPrivs.put(workloadGroupPattern, privBitSet2);
        list.forEach(tablePattern -> {
            try {
                this.tblPatternToPrivs.put(tablePattern, privBitSet);
                grantPrivs(tablePattern, privBitSet.copy());
            } catch (DdlException e) {
                LOG.warn("grant table failed,", e);
            }
        });
        try {
            grantPrivs(workloadGroupPattern, privBitSet2.copy());
        } catch (DdlException e) {
            LOG.warn("grant workload group failed,", e);
        }
    }

    public static boolean isDefaultRoleName(String str) {
        return str.startsWith(RoleManager.DEFAULT_ROLE_PREFIX);
    }

    public String getRoleName() {
        return this.roleName;
    }

    public Map<TablePattern, PrivBitSet> getTblPatternToPrivs() {
        return this.tblPatternToPrivs;
    }

    public Map<ResourcePattern, PrivBitSet> getResourcePatternToPrivs() {
        return this.resourcePatternToPrivs;
    }

    public Map<WorkloadGroupPattern, PrivBitSet> getWorkloadGroupPatternToPrivs() {
        return this.workloadGroupPatternToPrivs;
    }

    public void mergeNotCheck(Role role) throws DdlException {
        for (Map.Entry<TablePattern, PrivBitSet> entry : role.getTblPatternToPrivs().entrySet()) {
            if (this.tblPatternToPrivs.containsKey(entry.getKey())) {
                this.tblPatternToPrivs.get(entry.getKey()).or(entry.getValue());
            } else {
                this.tblPatternToPrivs.put(entry.getKey(), entry.getValue());
            }
            grantPrivs(entry.getKey(), entry.getValue().copy());
        }
        for (Map.Entry<ResourcePattern, PrivBitSet> entry2 : role.resourcePatternToPrivs.entrySet()) {
            if (this.resourcePatternToPrivs.containsKey(entry2.getKey())) {
                this.resourcePatternToPrivs.get(entry2.getKey()).or(entry2.getValue());
            } else {
                this.resourcePatternToPrivs.put(entry2.getKey(), entry2.getValue());
            }
            grantPrivs(entry2.getKey(), entry2.getValue().copy());
        }
        for (Map.Entry<WorkloadGroupPattern, PrivBitSet> entry3 : role.workloadGroupPatternToPrivs.entrySet()) {
            if (this.workloadGroupPatternToPrivs.containsKey(entry3.getKey())) {
                this.workloadGroupPatternToPrivs.get(entry3.getKey()).or(entry3.getValue());
            } else {
                this.workloadGroupPatternToPrivs.put(entry3.getKey(), entry3.getValue());
            }
            grantPrivs(entry3.getKey(), entry3.getValue().copy());
        }
        mergeColPrivMap(this.colPrivMap, role.colPrivMap);
    }

    public static void mergeColPrivMap(Map<ColPrivilegeKey, Set<String>> map, Map<ColPrivilegeKey, Set<String>> map2) {
        for (Map.Entry<ColPrivilegeKey, Set<String>> entry : map2.entrySet()) {
            if (map.containsKey(entry.getKey())) {
                map.get(entry.getKey()).addAll(entry.getValue());
            } else {
                map.put(entry.getKey(), entry.getValue());
            }
        }
    }

    public void merge(Role role) throws DdlException {
        Preconditions.checkState(this.roleName.equalsIgnoreCase(role.getRoleName()));
        mergeNotCheck(role);
    }

    public boolean checkGlobalPriv(PrivPredicate privPredicate) {
        return checkGlobalInternal(privPredicate, PrivBitSet.of(new Privilege[0]));
    }

    public boolean checkCtlPriv(String str, PrivPredicate privPredicate) {
        PrivBitSet of = PrivBitSet.of(new Privilege[0]);
        if (checkGlobalInternal(privPredicate, of) || checkCatalogInternal(str, privPredicate, of)) {
            return true;
        }
        if (str != null && privPredicate == PrivPredicate.SHOW && checkAnyPrivWithinCatalog(str)) {
            return true;
        }
        LOG.debug("failed to get wanted privs: {}, granted: {}", privPredicate, of);
        return false;
    }

    private boolean checkGlobalInternal(PrivPredicate privPredicate, PrivBitSet privBitSet) {
        this.globalPrivTable.getPrivs(privBitSet);
        return Privilege.satisfy(privBitSet, privPredicate);
    }

    private boolean checkAnyPrivWithinCatalog(String str) {
        return this.dbPrivTable.hasPrivsOfCatalog(str) || this.tablePrivTable.hasPrivsOfCatalog(str) || checkAnyColPrivWithinCtl(str);
    }

    private boolean checkCatalogInternal(String str, PrivPredicate privPredicate, PrivBitSet privBitSet) {
        this.catalogPrivTable.getPrivs(str, privBitSet);
        return Privilege.satisfy(privBitSet, privPredicate);
    }

    public boolean checkDbPriv(String str, String str2, PrivPredicate privPredicate) {
        PrivBitSet of = PrivBitSet.of(new Privilege[0]);
        if (checkGlobalInternal(privPredicate, of) || checkCatalogInternal(str, privPredicate, of) || checkDbInternal(str, str2, privPredicate, of)) {
            return true;
        }
        if (str != null && str2 != null && privPredicate == PrivPredicate.SHOW && checkAnyPrivWithinDb(str, str2)) {
            return true;
        }
        LOG.debug("failed to get wanted privs: {}, granted: {}", privPredicate, of);
        return false;
    }

    private boolean checkAnyPrivWithinDb(String str, String str2) {
        return this.tablePrivTable.hasPrivsOfDb(str, str2) || checkAnyColPrivWithinDb(str, str2);
    }

    private boolean checkAnyColPrivWithinCtl(String str) {
        String nameFromFullName = ClusterNamespace.getNameFromFullName(str);
        Iterator<ColPrivilegeKey> it = this.colPrivMap.keySet().iterator();
        while (it.hasNext()) {
            if (it.next().getCtl().equals(nameFromFullName)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkAnyColPrivWithinDb(String str, String str2) {
        String nameFromFullName = ClusterNamespace.getNameFromFullName(str);
        String nameFromFullName2 = ClusterNamespace.getNameFromFullName(str2);
        for (ColPrivilegeKey colPrivilegeKey : this.colPrivMap.keySet()) {
            if (colPrivilegeKey.getCtl().equals(nameFromFullName) && colPrivilegeKey.getDb().equals(nameFromFullName2)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkAnyColPrivWithinTbl(String str, String str2, String str3) {
        String nameFromFullName = ClusterNamespace.getNameFromFullName(str);
        String nameFromFullName2 = ClusterNamespace.getNameFromFullName(str2);
        String nameFromFullName3 = ClusterNamespace.getNameFromFullName(str3);
        for (ColPrivilegeKey colPrivilegeKey : this.colPrivMap.keySet()) {
            if (colPrivilegeKey.getCtl().equals(nameFromFullName) && colPrivilegeKey.getDb().equals(nameFromFullName2) && colPrivilegeKey.getTbl().equals(nameFromFullName3)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkDbInternal(String str, String str2, PrivPredicate privPredicate, PrivBitSet privBitSet) {
        this.dbPrivTable.getPrivs(str, str2, privBitSet);
        return Privilege.satisfy(privBitSet, privPredicate);
    }

    public boolean checkTblPriv(String str, String str2, String str3, PrivPredicate privPredicate) {
        PrivBitSet of = PrivBitSet.of(new Privilege[0]);
        if (checkGlobalInternal(privPredicate, of) || checkCatalogInternal(str, privPredicate, of) || checkDbInternal(str, str2, privPredicate, of) || checkTblInternal(str, str2, str3, privPredicate, of)) {
            return true;
        }
        if (str != null && str2 != null && str3 != null && privPredicate == PrivPredicate.SHOW && checkAnyColPrivWithinTbl(str, str2, str3)) {
            return true;
        }
        LOG.debug("failed to get wanted privs: {}, granted: {}", privPredicate, of);
        return false;
    }

    public boolean checkColPriv(String str, String str2, String str3, String str4, PrivPredicate privPredicate) {
        Optional<Privilege> colPrivilege = privPredicate.getColPrivilege();
        Preconditions.checkState(colPrivilege.isPresent(), "this privPredicate should not use checkColPriv:" + privPredicate);
        return checkTblPriv(str, str2, str3, privPredicate) || onlyCheckColPriv(str, str2, str3, str4, colPrivilege.get());
    }

    private boolean onlyCheckColPriv(String str, String str2, String str3, String str4, Privilege privilege) {
        ColPrivilegeKey colPrivilegeKey = new ColPrivilegeKey(privilege, str, str2, str3);
        if (this.colPrivMap.containsKey(colPrivilegeKey)) {
            return this.colPrivMap.get(colPrivilegeKey).contains(str4);
        }
        return false;
    }

    private boolean checkTblInternal(String str, String str2, String str3, PrivPredicate privPredicate, PrivBitSet privBitSet) {
        this.tablePrivTable.getPrivs(str, str2, str3, privBitSet);
        return Privilege.satisfy(privBitSet, privPredicate);
    }

    public boolean checkResourcePriv(String str, PrivPredicate privPredicate) {
        PrivBitSet of = PrivBitSet.of(new Privilege[0]);
        if (checkGlobalInternal(privPredicate, of) || checkResourceInternal(str, privPredicate, of)) {
            return true;
        }
        LOG.debug("failed to get wanted privs: {}, granted: {}", privPredicate, of);
        return false;
    }

    private boolean checkResourceInternal(String str, PrivPredicate privPredicate, PrivBitSet privBitSet) {
        this.resourcePrivTable.getPrivs(str, privBitSet);
        return Privilege.satisfy(privBitSet, privPredicate);
    }

    public boolean checkWorkloadGroupPriv(String str, PrivPredicate privPredicate) {
        if (WorkloadGroupMgr.DEFAULT_GROUP_NAME.equals(str)) {
            return true;
        }
        PrivBitSet of = PrivBitSet.of(new Privilege[0]);
        if (checkGlobalInternal(PrivPredicate.ADMIN, of) || checkWorkloadGroupInternal(str, privPredicate, of)) {
            return true;
        }
        LOG.debug("failed to get wanted privs: {}, granted: {}", privPredicate, of);
        return false;
    }

    private boolean checkWorkloadGroupInternal(String str, PrivPredicate privPredicate, PrivBitSet privBitSet) {
        this.workloadGroupPrivTable.getPrivs(str, privBitSet);
        return Privilege.satisfy(privBitSet, privPredicate);
    }

    public boolean checkHasPriv(PrivPredicate privPredicate, Auth.PrivLevel[] privLevelArr) {
        int length = privLevelArr.length;
        for (int i = 0; i < length; i++) {
            switch (privLevelArr[i]) {
                case GLOBAL:
                    if (this.globalPrivTable.hasPriv(privPredicate)) {
                        return true;
                    }
                    break;
                case DATABASE:
                    if (this.dbPrivTable.hasPriv(privPredicate)) {
                        return true;
                    }
                    break;
                case TABLE:
                    if (this.tablePrivTable.hasPriv(privPredicate)) {
                        return true;
                    }
                    break;
            }
        }
        return false;
    }

    public GlobalPrivTable getGlobalPrivTable() {
        return this.globalPrivTable;
    }

    public CatalogPrivTable getCatalogPrivTable() {
        return this.catalogPrivTable;
    }

    public DbPrivTable getDbPrivTable() {
        return this.dbPrivTable;
    }

    public TablePrivTable getTablePrivTable() {
        return this.tablePrivTable;
    }

    public Map<ColPrivilegeKey, Set<String>> getColPrivMap() {
        return this.colPrivMap;
    }

    public ResourcePrivTable getResourcePrivTable() {
        return this.resourcePrivTable;
    }

    public WorkloadGroupPrivTable getWorkloadGroupPrivTable() {
        return this.workloadGroupPrivTable;
    }

    public boolean checkCanEnterCluster(String str) {
        return checkGlobalPriv(PrivPredicate.ALL) || this.dbPrivTable.hasClusterPriv(str) || this.tablePrivTable.hasClusterPriv(str);
    }

    private void grantPrivs(ResourcePattern resourcePattern, PrivBitSet privBitSet) throws DdlException {
        if (privBitSet.isEmpty()) {
            return;
        }
        switch (resourcePattern.getPrivLevel()) {
            case GLOBAL:
                grantGlobalPrivs(privBitSet);
                return;
            case RESOURCE:
                grantResourcePrivs(resourcePattern.getResourceName(), privBitSet);
                return;
            default:
                Preconditions.checkNotNull((Object) null, resourcePattern.getPrivLevel());
                return;
        }
    }

    private void grantPrivs(WorkloadGroupPattern workloadGroupPattern, PrivBitSet privBitSet) throws DdlException {
        if (!privBitSet.isEmpty() && workloadGroupPattern.getPrivLevel().equals(Auth.PrivLevel.WORKLOAD_GROUP)) {
            grantWorkloadGroupPrivs(workloadGroupPattern.getworkloadGroupName(), privBitSet);
        }
    }

    private void grantCols(Map<ColPrivilegeKey, Set<String>> map) {
        if (Objects.isNull(map)) {
            return;
        }
        for (Map.Entry<ColPrivilegeKey, Set<String>> entry : map.entrySet()) {
            if (this.colPrivMap.containsKey(entry.getKey())) {
                this.colPrivMap.get(entry.getKey()).addAll(entry.getValue());
            } else {
                this.colPrivMap.put(entry.getKey(), Sets.newHashSet(entry.getValue()));
            }
        }
    }

    private void grantPrivs(TablePattern tablePattern, PrivBitSet privBitSet) throws DdlException {
        if (privBitSet.isEmpty()) {
            return;
        }
        switch (tablePattern.getPrivLevel()) {
            case GLOBAL:
                grantGlobalPrivs(privBitSet);
                return;
            case DATABASE:
                grantDbPrivs(tablePattern.getQualifiedCtl(), tablePattern.getQualifiedDb(), privBitSet);
                return;
            case TABLE:
                grantTblPrivs(tablePattern.getQualifiedCtl(), tablePattern.getQualifiedDb(), tablePattern.getTbl(), privBitSet);
                return;
            case RESOURCE:
            default:
                Preconditions.checkNotNull((Object) null, tablePattern.getPrivLevel());
                return;
            case CATALOG:
                grantCatalogPrivs(tablePattern.getQualifiedCtl(), privBitSet);
                return;
        }
    }

    private GlobalPrivEntry grantGlobalPrivs(PrivBitSet privBitSet) throws DdlException {
        GlobalPrivEntry create = GlobalPrivEntry.create(privBitSet);
        this.globalPrivTable.addEntry(create, false, false);
        return create;
    }

    private void grantResourcePrivs(String str, PrivBitSet privBitSet) throws DdlException {
        try {
            this.resourcePrivTable.addEntry(ResourcePrivEntry.create(str, privBitSet), false, false);
        } catch (AnalysisException | PatternMatcherException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void grantCatalogPrivs(String str, PrivBitSet privBitSet) throws DdlException {
        try {
            this.catalogPrivTable.addEntry(CatalogPrivEntry.create(str, privBitSet), false, false);
        } catch (AnalysisException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void grantDbPrivs(String str, String str2, PrivBitSet privBitSet) throws DdlException {
        try {
            this.dbPrivTable.addEntry(DbPrivEntry.create(str, str2, privBitSet), false, false);
        } catch (AnalysisException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void grantTblPrivs(String str, String str2, String str3, PrivBitSet privBitSet) throws DdlException {
        try {
            this.tablePrivTable.addEntry(TablePrivEntry.create(str, str2, str3, privBitSet), false, false);
        } catch (AnalysisException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void grantWorkloadGroupPrivs(String str, PrivBitSet privBitSet) throws DdlException {
        try {
            this.workloadGroupPrivTable.addEntry(WorkloadGroupPrivEntry.create(str, privBitSet), false, false);
        } catch (AnalysisException | PatternMatcherException e) {
            throw new DdlException(e.getMessage());
        }
    }

    public void revokePrivs(TablePattern tablePattern, PrivBitSet privBitSet, Map<ColPrivilegeKey, Set<String>> map, boolean z) throws DdlException {
        PrivBitSet privBitSet2 = this.tblPatternToPrivs.get(tablePattern);
        if (privBitSet2 == null) {
            if (z) {
                throw new DdlException(tablePattern + " does not exist in role " + this.roleName);
            }
        } else {
            privBitSet2.remove(privBitSet);
            revokePrivs(tablePattern, privBitSet);
            revokeCols(map);
        }
    }

    private void revokeCols(Map<ColPrivilegeKey, Set<String>> map) {
        if (Objects.isNull(map)) {
            return;
        }
        for (Map.Entry<ColPrivilegeKey, Set<String>> entry : map.entrySet()) {
            if (this.colPrivMap.containsKey(entry.getKey())) {
                this.colPrivMap.get(entry.getKey()).removeAll(entry.getValue());
                if (CollectionUtils.isEmpty(this.colPrivMap.get(entry.getKey()))) {
                    this.colPrivMap.remove(entry.getKey());
                }
            }
        }
    }

    public void revokePrivs(ResourcePattern resourcePattern, PrivBitSet privBitSet, boolean z) throws DdlException {
        PrivBitSet privBitSet2 = this.resourcePatternToPrivs.get(resourcePattern);
        if (privBitSet2 == null) {
            if (z) {
                throw new DdlException(resourcePattern + " does not exist in role " + this.roleName);
            }
        } else {
            privBitSet2.remove(privBitSet);
            revokePrivs(resourcePattern, privBitSet);
        }
    }

    private void revokePrivs(ResourcePattern resourcePattern, PrivBitSet privBitSet) throws DdlException {
        switch (resourcePattern.getPrivLevel()) {
            case GLOBAL:
                revokeGlobalPrivs(privBitSet);
                return;
            case RESOURCE:
                revokeResourcePrivs(resourcePattern.getResourceName(), privBitSet);
                return;
            default:
                return;
        }
    }

    private void revokeResourcePrivs(String str, PrivBitSet privBitSet) throws DdlException {
        try {
            this.resourcePrivTable.revoke(ResourcePrivEntry.create(str, privBitSet), false, true);
        } catch (AnalysisException | PatternMatcherException e) {
            throw new DdlException(e.getMessage());
        }
    }

    public void revokePrivs(WorkloadGroupPattern workloadGroupPattern, PrivBitSet privBitSet, boolean z) throws DdlException {
        PrivBitSet privBitSet2 = this.workloadGroupPatternToPrivs.get(workloadGroupPattern);
        if (privBitSet2 == null) {
            if (z) {
                throw new DdlException(workloadGroupPattern + " does not exist in role " + this.roleName);
            }
        } else {
            privBitSet2.remove(privBitSet);
            revokePrivs(workloadGroupPattern, privBitSet);
        }
    }

    private void revokePrivs(WorkloadGroupPattern workloadGroupPattern, PrivBitSet privBitSet) throws DdlException {
        if (workloadGroupPattern.getPrivLevel().equals(Auth.PrivLevel.WORKLOAD_GROUP)) {
            revokeWorkloadGroupPrivs(workloadGroupPattern.getworkloadGroupName(), privBitSet);
        }
    }

    private void revokeWorkloadGroupPrivs(String str, PrivBitSet privBitSet) throws DdlException {
        try {
            this.workloadGroupPrivTable.revoke(WorkloadGroupPrivEntry.create(str, privBitSet), false, true);
        } catch (AnalysisException | PatternMatcherException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void revokePrivs(TablePattern tablePattern, PrivBitSet privBitSet) throws DdlException {
        switch (tablePattern.getPrivLevel()) {
            case GLOBAL:
                revokeGlobalPrivs(privBitSet);
                return;
            case DATABASE:
                revokeDbPrivs(tablePattern.getQualifiedCtl(), tablePattern.getQualifiedDb(), privBitSet);
                return;
            case TABLE:
                revokeTblPrivs(tablePattern.getQualifiedCtl(), tablePattern.getQualifiedDb(), tablePattern.getTbl(), privBitSet);
                return;
            case RESOURCE:
            default:
                Preconditions.checkNotNull((Object) null, tablePattern.getPrivLevel());
                return;
            case CATALOG:
                revokeCatalogPrivs(tablePattern.getQualifiedCtl(), privBitSet);
                return;
        }
    }

    private void revokeGlobalPrivs(PrivBitSet privBitSet) throws DdlException {
        this.globalPrivTable.revoke(GlobalPrivEntry.create(privBitSet), false, false);
    }

    private void revokeCatalogPrivs(String str, PrivBitSet privBitSet) throws DdlException {
        try {
            this.catalogPrivTable.revoke(CatalogPrivEntry.create(str, privBitSet), false, true);
        } catch (AnalysisException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void revokeDbPrivs(String str, String str2, PrivBitSet privBitSet) throws DdlException {
        try {
            this.dbPrivTable.revoke(DbPrivEntry.create(str, str2, privBitSet), false, true);
        } catch (AnalysisException e) {
            throw new DdlException(e.getMessage());
        }
    }

    private void revokeTblPrivs(String str, String str2, String str3, PrivBitSet privBitSet) throws DdlException {
        try {
            this.tablePrivTable.revoke(TablePrivEntry.create(str, str2, str3, privBitSet), false, true);
        } catch (AnalysisException e) {
            throw new DdlException(e.getMessage());
        }
    }

    public void rectifyPrivs() {
        PrivBitSet privBitSet = new PrivBitSet();
        for (Map.Entry<TablePattern, PrivBitSet> entry : this.tblPatternToPrivs.entrySet()) {
            TablePattern key = entry.getKey();
            PrivBitSet value = entry.getValue();
            if (value.containsPrivs(Privilege.ADMIN_PRIV, Privilege.NODE_PRIV, Privilege.USAGE_PRIV) && key.getPrivLevel() != Auth.PrivLevel.GLOBAL) {
                LOG.debug("rectify privs {}: {} -> {}", this.roleName, key, value);
                PrivBitSet copy = value.copy();
                copy.and(PrivBitSet.of(Privilege.ADMIN_PRIV, Privilege.NODE_PRIV, Privilege.USAGE_PRIV));
                privBitSet.or(copy);
                value.unset(Privilege.USAGE_PRIV.getIdx());
                value.unset(Privilege.NODE_PRIV.getIdx());
                value.unset(Privilege.ADMIN_PRIV.getIdx());
                LOG.debug("alter rectify privs {}: {} -> {}, modified global priv: {}", this.roleName, key, value, privBitSet);
            }
        }
        if (!privBitSet.isEmpty()) {
            PrivBitSet privBitSet2 = this.tblPatternToPrivs.get(TablePattern.ALL);
            if (privBitSet2 == null) {
                this.tblPatternToPrivs.put(TablePattern.ALL, privBitSet);
            } else {
                privBitSet2.or(privBitSet);
            }
        }
        rebuildPrivTables();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("role: ").append(this.roleName).append(", db table privs: ").append(this.tblPatternToPrivs);
        sb.append(", resource privs: ").append(this.resourcePatternToPrivs);
        sb.append(", workload group privs: ").append(this.workloadGroupPatternToPrivs);
        return sb.toString();
    }

    public void write(DataOutput dataOutput) throws IOException {
        Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
    }

    public static Role read(DataInput dataInput) throws IOException {
        if (Env.getCurrentEnvJournalVersion() >= 116) {
            return (Role) GsonUtils.GSON.fromJson(Text.readString(dataInput), Role.class);
        }
        Role role = new Role();
        try {
            role.readFields(dataInput);
        } catch (DdlException e) {
            LOG.warn("grant failed,", e);
        }
        return role;
    }

    @Deprecated
    private void readFields(DataInput dataInput) throws IOException, DdlException {
        this.roleName = Text.readString(dataInput);
        int readInt = dataInput.readInt();
        for (int i = 0; i < readInt; i++) {
            TablePattern read = TablePattern.read(dataInput);
            PrivBitSet read2 = PrivBitSet.read(dataInput);
            this.tblPatternToPrivs.put(read, read2);
            grantPrivs(read, read2.copy());
        }
        int readInt2 = dataInput.readInt();
        for (int i2 = 0; i2 < readInt2; i2++) {
            ResourcePattern read3 = ResourcePattern.read(dataInput);
            PrivBitSet read4 = PrivBitSet.read(dataInput);
            this.resourcePatternToPrivs.put(read3, read4);
            grantPrivs(read3, read4.copy());
        }
        int readInt3 = dataInput.readInt();
        for (int i3 = 0; i3 < readInt3; i3++) {
            this.users.add(UserIdentity.read(dataInput));
        }
    }

    @Override // org.apache.doris.persist.gson.GsonPostProcessable
    public void gsonPostProcess() {
        rebuildPrivTables();
    }

    private void rebuildPrivTables() {
        this.globalPrivTable = new GlobalPrivTable();
        this.catalogPrivTable = new CatalogPrivTable();
        this.dbPrivTable = new DbPrivTable();
        this.tablePrivTable = new TablePrivTable();
        this.resourcePrivTable = new ResourcePrivTable();
        this.workloadGroupPrivTable = new WorkloadGroupPrivTable();
        for (Map.Entry<TablePattern, PrivBitSet> entry : this.tblPatternToPrivs.entrySet()) {
            try {
                grantPrivs(entry.getKey(), entry.getValue().copy());
            } catch (DdlException e) {
                LOG.warn("grant failed,", e);
            }
        }
        for (Map.Entry<ResourcePattern, PrivBitSet> entry2 : this.resourcePatternToPrivs.entrySet()) {
            try {
                grantPrivs(entry2.getKey(), entry2.getValue().copy());
            } catch (DdlException e2) {
                LOG.warn("grant failed,", e2);
            }
        }
        for (Map.Entry<WorkloadGroupPattern, PrivBitSet> entry3 : this.workloadGroupPatternToPrivs.entrySet()) {
            try {
                grantPrivs(entry3.getKey(), entry3.getValue().copy());
            } catch (DdlException e3) {
                LOG.warn("grant failed,", e3);
            }
        }
    }

    static {
        try {
            OPERATOR = new Role(OPERATOR_ROLE, TablePattern.ALL, PrivBitSet.of(Privilege.NODE_PRIV, Privilege.ADMIN_PRIV));
            ADMIN = new Role(ADMIN_ROLE, TablePattern.ALL, PrivBitSet.of(Privilege.ADMIN_PRIV));
        } catch (DdlException e) {
            LOG.warn("Initialize operator and admin role error.", e);
        }
    }
}
