package org.apache.doris.nereids.rules.analysis;

import org.apache.doris.catalog.DatabaseIf;
import org.apache.doris.catalog.TableIf;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.datasource.CatalogIf;
import org.apache.doris.mysql.privilege.PrivPredicate;
import org.apache.doris.nereids.exceptions.AnalysisException;
import org.apache.doris.nereids.pattern.PatternDescriptor;
import org.apache.doris.nereids.rules.Rule;
import org.apache.doris.nereids.rules.RuleType;
import org.apache.doris.nereids.trees.plans.Plan;
import org.apache.doris.nereids.trees.plans.algebra.CatalogRelation;
import org.apache.doris.nereids.trees.plans.logical.LogicalRelation;
import org.apache.doris.qe.ConnectContext;

/* loaded from: input_file:org/apache/doris/nereids/rules/analysis/UserAuthentication.class */
public class UserAuthentication extends OneAnalysisRuleFactory {
    @Override // org.apache.doris.nereids.rules.OneRuleFactory
    public Rule build() {
        PatternDescriptor<LogicalRelation> logicalRelation = logicalRelation();
        Class<CatalogRelation> cls = CatalogRelation.class;
        CatalogRelation.class.getClass();
        return logicalRelation.when((v1) -> {
            return r1.isInstance(v1);
        }).thenApply(matchingContext -> {
            return checkPermission((CatalogRelation) matchingContext.root, matchingContext.connectContext);
        }).toRule(RuleType.RELATION_AUTHENTICATION);
    }

    private Plan checkPermission(CatalogRelation catalogRelation, ConnectContext connectContext) {
        TableIf table;
        if (connectContext.getSessionVariable().isPlayNereidsDump() || (table = catalogRelation.getTable()) == null) {
            return null;
        }
        String name = table.getName();
        DatabaseIf database = table.getDatabase();
        if (database == null) {
            return null;
        }
        String fullName = database.getFullName();
        CatalogIf catalog = database.getCatalog();
        if (catalog == null) {
            return null;
        }
        String name2 = catalog.getName();
        if (connectContext.getEnv().getAccessManager().checkTblPriv(connectContext, name2, fullName, name, PrivPredicate.SELECT)) {
            return null;
        }
        throw new AnalysisException(ErrorCode.ERR_TABLEACCESS_DENIED_ERROR.formatErrorMsg("SELECT", ConnectContext.get().getQualifiedUser(), ConnectContext.get().getRemoteIP(), name2 + ": " + fullName + ": " + name));
    }
}
