package org.apache.doris.mysql.privilege;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.gson.annotations.SerializedName;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.doris.analysis.ResourcePattern;
import org.apache.doris.analysis.TablePattern;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.analysis.WorkloadGroupPattern;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.InfoSchemaDb;
import org.apache.doris.catalog.MysqlDb;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.FeConstants;
import org.apache.doris.common.io.Text;
import org.apache.doris.common.io.Writable;
import org.apache.doris.mysql.privilege.Auth;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.doris.qe.ConnectContext;
import org.apache.doris.resource.workloadgroup.WorkloadGroupMgr;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/privilege/RoleManager.class */
public class RoleManager implements Writable {
    private static final Logger LOG = LogManager.getLogger(RoleManager.class);
    public static String DEFAULT_ROLE_PREFIX = "default_role_rbac_";

    @SerializedName("roles")
    private Map<String, Role> roles = Maps.newHashMap();

    public RoleManager() {
        this.roles.put(Role.OPERATOR.getRoleName(), Role.OPERATOR);
        this.roles.put(Role.ADMIN.getRoleName(), Role.ADMIN);
    }

    public Role getRole(String str) {
        return this.roles.get(str);
    }

    public Role addOrMergeRole(Role role, boolean z) throws DdlException {
        Role role2 = this.roles.get(role.getRoleName());
        if (role2 == null) {
            this.roles.put(role.getRoleName(), role);
            return role;
        }
        if (z) {
            throw new DdlException("Role " + role + " already exists");
        }
        role2.merge(role);
        return role2;
    }

    public void dropRole(String str, boolean z) throws DdlException {
        if (this.roles.containsKey(str)) {
            this.roles.remove(str);
        } else if (z) {
            throw new DdlException("Role " + str + " does not exist");
        }
    }

    public Role revokePrivs(String str, TablePattern tablePattern, PrivBitSet privBitSet, Map<ColPrivilegeKey, Set<String>> map, boolean z) throws DdlException {
        Role role = this.roles.get(str);
        if (role != null) {
            role.revokePrivs(tablePattern, privBitSet, map, z);
            return role;
        }
        if (z) {
            throw new DdlException("Role " + str + " does not exist");
        }
        return null;
    }

    public Role revokePrivs(String str, ResourcePattern resourcePattern, PrivBitSet privBitSet, boolean z) throws DdlException {
        Role role = this.roles.get(str);
        if (role != null) {
            role.revokePrivs(resourcePattern, privBitSet, z);
            return role;
        }
        if (z) {
            throw new DdlException("Role " + str + " does not exist");
        }
        return null;
    }

    public Role revokePrivs(String str, WorkloadGroupPattern workloadGroupPattern, PrivBitSet privBitSet, boolean z) throws DdlException {
        Role role = this.roles.get(str);
        if (role != null) {
            role.revokePrivs(workloadGroupPattern, privBitSet, z);
            return role;
        }
        if (z) {
            throw new DdlException("Role " + str + " does not exist");
        }
        return null;
    }

    public void getRoleInfo(List<List<String>> list) {
        for (Role role : this.roles.values()) {
            if (!ClusterNamespace.getNameFromFullName(role.getRoleName()).startsWith(DEFAULT_ROLE_PREFIX) || (ConnectContext.get() != null && ConnectContext.get().getSessionVariable().showUserDefaultRole)) {
                ArrayList newArrayList = Lists.newArrayList();
                newArrayList.add(role.getRoleName());
                newArrayList.add(Joiner.on(", ").join(Env.getCurrentEnv().getAuth().getRoleUsers(role.getRoleName())));
                Map map = (Map) Stream.concat(((Map) role.getTblPatternToPrivs().entrySet().stream().collect(Collectors.groupingBy(entry -> {
                    return ((TablePattern) entry.getKey()).getPrivLevel();
                }))).entrySet().stream(), Stream.concat(((Map) role.getResourcePatternToPrivs().entrySet().stream().collect(Collectors.groupingBy(entry2 -> {
                    return ((ResourcePattern) entry2.getKey()).getPrivLevel();
                }))).entrySet().stream(), ((Map) role.getWorkloadGroupPatternToPrivs().entrySet().stream().collect(Collectors.groupingBy(entry3 -> {
                    return ((WorkloadGroupPattern) entry3.getKey()).getPrivLevel();
                }))).entrySet().stream())).collect(Collectors.toMap((v0) -> {
                    return v0.getKey();
                }, entry4 -> {
                    return entry4.getKey() == Auth.PrivLevel.GLOBAL ? (String) ((List) entry4.getValue()).stream().findFirst().map(entry4 -> {
                        return ((PrivBitSet) entry4.getValue()).toString();
                    }).orElse(FeConstants.null_string) : (String) ((List) entry4.getValue()).stream().map(entry5 -> {
                        return entry5.getKey() + ": " + entry5.getValue();
                    }).collect(Collectors.joining("; "));
                }, (str, str2) -> {
                    return str + " " + str2;
                }));
                Stream.of((Object[]) new Auth.PrivLevel[]{Auth.PrivLevel.GLOBAL, Auth.PrivLevel.CATALOG, Auth.PrivLevel.DATABASE, Auth.PrivLevel.TABLE, Auth.PrivLevel.RESOURCE}).forEach(privLevel -> {
                    String str3 = (String) map.get(privLevel);
                    if (Strings.isNullOrEmpty(str3)) {
                        str3 = FeConstants.null_string;
                    }
                    newArrayList.add(str3);
                });
                list.add(newArrayList);
            }
        }
    }

    public Role createDefaultRole(UserIdentity userIdentity) throws DdlException {
        String userDefaultRoleName = getUserDefaultRoleName(userIdentity);
        if (this.roles.containsKey(userDefaultRoleName)) {
            return this.roles.get(userDefaultRoleName);
        }
        ArrayList newArrayList = Lists.newArrayList();
        TablePattern tablePattern = new TablePattern("internal", InfoSchemaDb.DATABASE_NAME, "*");
        try {
            tablePattern.analyze("default_cluster");
            newArrayList.add(tablePattern);
        } catch (AnalysisException e) {
            LOG.warn("should not happen", e);
        }
        TablePattern tablePattern2 = new TablePattern("internal", MysqlDb.DATABASE_NAME, "*");
        try {
            tablePattern2.analyze("default_cluster");
            newArrayList.add(tablePattern2);
        } catch (AnalysisException e2) {
            LOG.warn("should not happen", e2);
        }
        WorkloadGroupPattern workloadGroupPattern = new WorkloadGroupPattern(WorkloadGroupMgr.DEFAULT_GROUP_NAME);
        try {
            workloadGroupPattern.analyze();
        } catch (AnalysisException e3) {
            LOG.warn("should not happen", e3);
        }
        Role role = new Role(userDefaultRoleName, newArrayList, PrivBitSet.of(Privilege.SELECT_PRIV), workloadGroupPattern, PrivBitSet.of(Privilege.USAGE_PRIV));
        this.roles.put(role.getRoleName(), role);
        return role;
    }

    public Role removeDefaultRole(UserIdentity userIdentity) {
        return this.roles.remove(getUserDefaultRoleName(userIdentity));
    }

    public String getUserDefaultRoleName(UserIdentity userIdentity) {
        return userIdentity.toDefaultRoleName();
    }

    public Map<String, Role> getRoles() {
        return this.roles;
    }

    public void rectifyPrivs() {
        Iterator<Map.Entry<String, Role>> it = this.roles.entrySet().iterator();
        while (it.hasNext()) {
            it.next().getValue().rectifyPrivs();
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("Roles: ");
        Iterator<Role> it = this.roles.values().iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append("\n");
        }
        return sb.toString();
    }

    public void write(DataOutput dataOutput) throws IOException {
        Text.writeString(dataOutput, GsonUtils.GSON.toJson(this));
    }

    public static RoleManager read(DataInput dataInput) throws IOException {
        if (Env.getCurrentEnvJournalVersion() >= 116) {
            return (RoleManager) GsonUtils.GSON.fromJson(Text.readString(dataInput), RoleManager.class);
        }
        RoleManager roleManager = new RoleManager();
        roleManager.readFields(dataInput);
        return roleManager;
    }

    @Deprecated
    private void readFields(DataInput dataInput) throws IOException {
        int readInt = dataInput.readInt();
        for (int i = 0; i < readInt; i++) {
            Role read = Role.read(dataInput);
            this.roles.put(read.getRoleName(), read);
        }
    }
}
