package org.apache.kylin.rest.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.kylin.common.KapConfig;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.msg.Message;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.common.persistence.transaction.AclGrantEventNotifier;
import org.apache.kylin.common.persistence.transaction.AclRevokeEventNotifier;
import org.apache.kylin.common.util.JsonUtil;
import org.apache.kylin.metadata.acl.AclTCR;
import org.apache.kylin.metadata.acl.AclTCRManager;
import org.apache.kylin.metadata.acl.DependentColumn;
import org.apache.kylin.metadata.acl.SensitiveDataMask;
import org.apache.kylin.metadata.datatype.DataType;
import org.apache.kylin.metadata.model.ColumnDesc;
import org.apache.kylin.metadata.model.NTableMetadataManager;
import org.apache.kylin.metadata.model.TableDesc;
import org.apache.kylin.metadata.project.EnhancedUnitOfWork;
import org.apache.kylin.metadata.project.NProjectManager;
import org.apache.kylin.metadata.user.NKylinUserManager;
import org.apache.kylin.rest.aspect.Transaction;
import org.apache.kylin.rest.request.AccessRequest;
import org.apache.kylin.rest.request.AclTCRRequest;
import org.apache.kylin.rest.response.AclTCRResponse;
import org.apache.kylin.rest.security.MutableAclRecord;
import org.apache.kylin.rest.util.AclEvaluate;
import org.apache.kylin.rest.util.AclPermissionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.stereotype.Component;

@Component("aclTCRService")
/* loaded from: input_file:org/apache/kylin/rest/service/AclTCRService.class */
public class AclTCRService extends BasicService implements AclTCRServiceSupporter {
    private static final Logger logger = LoggerFactory.getLogger(AclTCRService.class);
    private static final String IDENTIFIER_FORMAT = "%s.%s";

    @Autowired
    private AclEvaluate aclEvaluate;

    @Autowired
    private AccessService accessService;

    @Autowired
    private ProjectService projectService;

    @Autowired
    private UserService userService;

    public void revokeAclTCR(String str, String str2, boolean z) {
        ((NProjectManager) getManager(NProjectManager.class)).listAllProjects().stream().filter(projectInstance -> {
            return projectInstance.getUuid().equals(str);
        }).findFirst().ifPresent(projectInstance2 -> {
            EnhancedUnitOfWork.doInTransactionWithCheckAndRetry(() -> {
                revokePrjAclTCR(projectInstance2.getName(), str2, z);
                return null;
            }, projectInstance2.getName());
        });
    }

    public void revokeAclTCR(String str, boolean z) {
        this.projectService.getOwnedProjects().parallelStream().forEach(str2 -> {
            EnhancedUnitOfWork.doInTransactionWithCheckAndRetry(() -> {
                revokePrjAclTCR(str2, str, z);
                return null;
            }, str2);
        });
    }

    private void revokePrjAclTCR(String str, String str2, boolean z) {
        logger.info("revoke project table, column and row acls of project={}, sid={}, principal={}", new Object[]{str, str2, Boolean.valueOf(z)});
        ((AclTCRManager) getManager(AclTCRManager.class, str)).revokeAclTCR(str2, z);
    }

    @Override // org.apache.kylin.rest.service.AclTCRServiceSupporter
    @Transaction(project = 0)
    public void unloadTable(String str, String str2) {
        ((AclTCRManager) getManager(AclTCRManager.class, str)).unloadTable(str2);
    }

    @Override // org.apache.kylin.rest.service.AclTCRServiceSupporter
    public List<AclTCRResponse> getAclTCRResponse(String str, String str2, boolean z, boolean z2) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        AclTCRManager aclTCRManager = (AclTCRManager) getManager(AclTCRManager.class, str);
        if (hasAdminPermissionInProject(str2, z, str)) {
            return getAclTCRResponse(str, aclTCRManager.getAllDbAclTable(str));
        }
        AclTCR aclTCR = aclTCRManager.getAclTCR(str2, z);
        return Objects.isNull(aclTCR) ? Lists.newArrayList() : Objects.isNull(aclTCR.getTable()) ? getAclTCRResponse(str, aclTCRManager.getAllDbAclTable(str)) : z2 ? tagTableNum(getAclTCRResponse(str, aclTCRManager.getDbAclTable(str, aclTCR)), getDbTblColNum(str)) : getAllTablesAclTCRResponse(str, aclTCRManager.getDbAclTable(str, aclTCR));
    }

    @Override // org.apache.kylin.rest.service.AclTCRServiceSupporter
    public boolean hasAdminPermissionInProject(String str, boolean z, String str2) throws IOException {
        if (!z) {
            return this.userGroupService.isAdminGroup(str) || AclPermissionUtil.isSpecificPermissionInProject(str, str2, BasePermission.ADMINISTRATION);
        }
        if (this.userService.isGlobalAdmin(str)) {
            return true;
        }
        Set<String> groupsOfExecuteUser = this.accessService.getGroupsOfExecuteUser(str);
        MutableAclRecord projectAcl = AclPermissionUtil.getProjectAcl(str2);
        return AclPermissionUtil.isSpecificPermissionInProject(str, AclPermissionUtil.filterGroupsInProject(groupsOfExecuteUser, projectAcl), BasePermission.ADMINISTRATION, projectAcl);
    }

    public void updateAclTCR(String str, String str2, boolean z, List<AclTCRRequest> list) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        checkAclTCRRequest(str, list, str2, z, true);
        EnhancedUnitOfWork.doInTransactionWithCheckAndRetry(() -> {
            updateAclTCR(str, str2, z, transformRequests(str, list));
            return null;
        }, str);
    }

    public void mergeAclTCR(String str, String str2, boolean z, List<AclTCRRequest> list) throws IOException {
        this.aclEvaluate.checkProjectAdminPermission(str);
        checkAclTCRRequest(str, list, str2, z, false);
        NTableMetadataManager nTableMetadataManager = NTableMetadataManager.getInstance(KylinConfig.getInstanceFromEnv(), str);
        AclTCR aclTCR = ((AclTCRManager) getManager(AclTCRManager.class, str)).getAclTCR(str2, z);
        if (aclTCR == null) {
            aclTCR = new AclTCR();
        }
        checkACLTCRRequestRowAuthValid(nTableMetadataManager, list, (AclTCR.Table) Optional.ofNullable(aclTCR.getTable()).orElse(new AclTCR.Table()));
        EnhancedUnitOfWork.doInTransactionWithCheckAndRetry(() -> {
            updateAclTCR(str, str2, z, mergeRequests(str, str2, z, list));
            return null;
        }, str);
    }

    private void checkAclTCRRequestDataBaseValid(AclTCRRequest aclTCRRequest, Set<String> set) {
        Message msg = MsgPicker.getMsg();
        if (StringUtils.isEmpty(aclTCRRequest.getDatabaseName())) {
            throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, msg.getEmptyDatabaseName());
        }
        aclTCRRequest.setDatabaseName(aclTCRRequest.getDatabaseName().toUpperCase(Locale.ROOT));
        if (set.contains(aclTCRRequest.getDatabaseName())) {
            throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getDatabaseParameterDuplicate(), aclTCRRequest.getDatabaseName()));
        }
        set.add(aclTCRRequest.getDatabaseName());
        if (CollectionUtils.isEmpty(aclTCRRequest.getTables())) {
            throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, msg.getEmptyTableList());
        }
    }

    private void checkAclTCRRequestTableValid(NTableMetadataManager nTableMetadataManager, AclTCRRequest aclTCRRequest, AclTCRRequest.Table table, Set<String> set, boolean z) {
        Message msg = MsgPicker.getMsg();
        if (StringUtils.isEmpty(table.getTableName())) {
            throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, msg.getEmptyTableName());
        }
        table.setTableName(table.getTableName().toUpperCase(Locale.ROOT));
        String format = String.format(Locale.ROOT, IDENTIFIER_FORMAT, aclTCRRequest.getDatabaseName(), table.getTableName());
        if (set.contains(format)) {
            throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getTableParameterDuplicate(), format));
        }
        set.add(format);
        if (z) {
            if (table.getRows() == null) {
                throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, msg.getEmptyRowList());
            }
            table.getRows().forEach(row -> {
                checkRow(msg, row);
            });
            TableDesc tableDesc = nTableMetadataManager.getTableDesc(format);
            if (CollectionUtils.isEmpty(table.getColumns()) && tableDesc.getColumns() != null && tableDesc.getColumns().length > 0) {
                throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, msg.getEmptyColumnList());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkRow(Message message, AclTCRRequest.Row row) {
        if (StringUtils.isEmpty(row.getColumnName())) {
            throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, message.getEmptyColumnName());
        }
        if (CollectionUtils.isEmpty(row.getItems())) {
            throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, message.getEmptyItems());
        }
    }

    private void checkAClTCRRequestParameterValid(NTableMetadataManager nTableMetadataManager, Set<String> set, Set<String> set2, Set<String> set3, List<AclTCRRequest> list, boolean z) {
        Message msg = MsgPicker.getMsg();
        HashSet newHashSet = Sets.newHashSet();
        HashSet newHashSet2 = Sets.newHashSet();
        HashSet newHashSet3 = Sets.newHashSet();
        list.forEach(aclTCRRequest -> {
            checkAclTCRRequestDataBaseValid(aclTCRRequest, newHashSet);
            aclTCRRequest.getTables().forEach(table -> {
                checkAclTCRRequestTableValid(nTableMetadataManager, aclTCRRequest, table, newHashSet2, z);
                String format = String.format(Locale.ROOT, IDENTIFIER_FORMAT, aclTCRRequest.getDatabaseName(), table.getTableName());
                if (table.getColumns() == null) {
                    return;
                }
                table.getColumns().forEach(column -> {
                    String format2 = String.format(Locale.ROOT, IDENTIFIER_FORMAT, format, column.getColumnName());
                    if (StringUtils.isEmpty(column.getColumnName())) {
                        throw new KylinException(ServerErrorCode.EMPTY_PARAMETER, msg.getEmptyColumnName());
                    }
                    column.setColumnName(column.getColumnName().toUpperCase(Locale.ROOT));
                    if (newHashSet3.contains(format2)) {
                        throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getColumnParameterDuplicate(), format2));
                    }
                    newHashSet3.add(format2);
                });
            });
        });
        if (z) {
            Collection removeAll = CollectionUtils.removeAll(set, newHashSet);
            if (!removeAll.isEmpty()) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getDatabaseParameterMissing(), StringUtils.join(removeAll, ",")));
            }
            Collection removeAll2 = CollectionUtils.removeAll(set2, newHashSet2);
            if (!removeAll2.isEmpty()) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getTableParameterMissing(), StringUtils.join(removeAll2, ",")));
            }
            Collection removeAll3 = CollectionUtils.removeAll(set3, newHashSet3);
            if (!removeAll3.isEmpty()) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getColumnParameterMissing(), StringUtils.join(removeAll3, ",")));
            }
        }
    }

    private void checkAClTCRExist(Set<String> set, Set<String> set2, Set<String> set3, List<AclTCRRequest> list) {
        Message msg = MsgPicker.getMsg();
        list.forEach(aclTCRRequest -> {
            if (!set.contains(aclTCRRequest.getDatabaseName())) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getDatabaseNotExist(), aclTCRRequest.getDatabaseName()));
            }
            aclTCRRequest.getTables().forEach(table -> {
                String format = String.format(Locale.ROOT, IDENTIFIER_FORMAT, aclTCRRequest.getDatabaseName(), table.getTableName());
                if (!set2.contains(format)) {
                    throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getTableNotFound(), format));
                }
                ((Stream) Optional.ofNullable(table.getRows()).map((v0) -> {
                    return v0.stream();
                }).orElseGet(Stream::empty)).forEach(row -> {
                    String format2 = String.format(Locale.ROOT, IDENTIFIER_FORMAT, format, row.getColumnName());
                    if (!set3.contains(format2)) {
                        throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getColumnNotExist(), format2));
                    }
                });
                ((Stream) Optional.ofNullable(table.getColumns()).map((v0) -> {
                    return v0.stream();
                }).orElseGet(Stream::empty)).forEach(column -> {
                    String format2 = String.format(Locale.ROOT, IDENTIFIER_FORMAT, format, column.getColumnName());
                    if (!set3.contains(format2)) {
                        throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, msg.getColumnNotExist(), format2));
                    }
                });
            });
        });
    }

    private void checkAclTCRRequest(String str, List<AclTCRRequest> list, String str2, boolean z, boolean z2) throws IOException {
        HashSet newHashSet = Sets.newHashSet();
        HashSet newHashSet2 = Sets.newHashSet();
        HashSet newHashSet3 = Sets.newHashSet();
        NTableMetadataManager nTableMetadataManager = NTableMetadataManager.getInstance(KylinConfig.getInstanceFromEnv(), str);
        nTableMetadataManager.listAllTables().forEach(tableDesc -> {
            String database = tableDesc.getDatabase();
            newHashSet.add(database);
            newHashSet2.add(tableDesc.getIdentity());
            Arrays.stream(tableDesc.getColumns()).forEach(columnDesc -> {
                newHashSet3.add(String.format(Locale.ROOT, IDENTIFIER_FORMAT, database, columnDesc.getIdentity()));
            });
        });
        if (hasAdminPermissionInProject(str2, z, str)) {
            throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getAdminPermissionUpdateAbandon());
        }
        checkAClTCRRequestParameterValid(nTableMetadataManager, newHashSet, newHashSet2, newHashSet3, list, z2);
        AclTCR aclTCR = ((AclTCRManager) getManager(AclTCRManager.class, str)).getAclTCR(str2, z);
        if (aclTCR == null) {
            aclTCR = new AclTCR();
        }
        checkACLTCRRequestRowAuthValid(nTableMetadataManager, list, (AclTCR.Table) Optional.ofNullable(aclTCR.getTable()).orElse(new AclTCR.Table()));
        checkAClTCRExist(newHashSet, newHashSet2, newHashSet3, list);
    }

    private void checkACLTCRRequestRowAuthValid(NTableMetadataManager nTableMetadataManager, List<AclTCRRequest> list, AclTCR.Table table) {
        for (AclTCRRequest aclTCRRequest : list) {
            String databaseName = aclTCRRequest.getDatabaseName();
            aclTCRRequest.getTables().stream().forEach(table2 -> {
                checkRowAuthHelper(nTableMetadataManager, databaseName, table2, table);
            });
        }
    }

    private void checkRowAuthHelper(NTableMetadataManager nTableMetadataManager, String str, AclTCRRequest.Table table, AclTCR.Table table2) {
        boolean z = (table.getRows() == null && table.getLikeRows() == null) ? false : true;
        boolean z2 = table.getRowFilter() != null && CollectionUtils.isNotEmpty(table.getRowFilter().getFilterGroups());
        AclTCR.ColumnRow columnRow = (AclTCR.ColumnRow) table2.get(str + "." + table.getTableName());
        boolean z3 = columnRow != null ? columnRow.getRowFilter() != null : false;
        if (z && (z3 || z2)) {
            throw new KylinException(ServerErrorCode.ACL_INVALID_ROW_FIELD, MsgPicker.getMsg().getInvalidRowACLUpdate());
        }
        String tableName = table.getTableName();
        HashMap hashMap = new HashMap();
        TableDesc tableDesc = nTableMetadataManager.getTableDesc(str + "." + tableName);
        if (tableDesc == null) {
            return;
        }
        for (ColumnDesc columnDesc : tableDesc.getColumns()) {
            hashMap.put(columnDesc.getName(), columnDesc.getTypeName());
        }
        ((Stream) Optional.ofNullable(table.getLikeRows()).map((v0) -> {
            return v0.stream();
        }).orElseGet(Stream::empty)).forEach(row -> {
            validateLikeColumnType(row.getColumnName(), hashMap);
        });
        if (z2) {
            int intValue = ((Integer) table.getRowFilter().getFilterGroups().stream().map((v0) -> {
                return v0.getFilters();
            }).map((v0) -> {
                return v0.size();
            }).reduce(0, (v0, v1) -> {
                return Integer.sum(v0, v1);
            })).intValue();
            int rowFilterLimit = KylinConfig.getInstanceFromEnv().getRowFilterLimit();
            if (intValue > rowFilterLimit) {
                throw new KylinException(ServerErrorCode.ACL_INVALID_ROW_FIELD, String.format(Locale.ROOT, MsgPicker.getMsg().getRowFilterExceedLimit(), Integer.valueOf(intValue), Integer.valueOf(rowFilterLimit)));
            }
            table.getRowFilter().getFilterGroups().stream().map((v0) -> {
                return v0.getFilters();
            }).forEach(list -> {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    AclTCRRequest.Filter filter = (AclTCRRequest.Filter) it.next();
                    int size = ((List) Optional.ofNullable(filter.getInItems()).orElse(Lists.newArrayList())).size() + ((List) Optional.ofNullable(filter.getLikeItems()).orElse(Lists.newArrayList())).size();
                    if (size > rowFilterLimit) {
                        throw new KylinException(ServerErrorCode.ACL_INVALID_ROW_FIELD, String.format(Locale.ROOT, MsgPicker.getMsg().getRowFilterItemExceedLimit(), filter.getColumnName(), Integer.valueOf(size), Integer.valueOf(rowFilterLimit)));
                    }
                    if (!CollectionUtils.isEmpty(filter.getLikeItems())) {
                        validateLikeColumnType(filter.getColumnName(), hashMap);
                    }
                }
            });
        }
    }

    private void validateLikeColumnType(String str, Map<String, String> map) {
        String str2 = map.get(str);
        if (str2 == null) {
            throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, MsgPicker.getMsg().getColumnNotExist(), str));
        }
        if (!str2.startsWith("varchar") && !str2.equals("string") && !str2.startsWith("char")) {
            throw new KylinException(ServerErrorCode.ACL_INVALID_COLUMN_DATA_TYPE, MsgPicker.getMsg().getRowAclNotStringType());
        }
    }

    public void updateAclTCR(String str, List<AccessRequest> list) {
        boolean isProjectInternalDefaultPermissionGranted = KapConfig.getInstanceFromEnv().isProjectInternalDefaultPermissionGranted();
        ((NProjectManager) getManager(NProjectManager.class)).listAllProjects().stream().filter(projectInstance -> {
            return projectInstance.getUuid().equals(str);
        }).findFirst().ifPresent(projectInstance2 -> {
            EnhancedUnitOfWork.doInTransactionWithCheckAndRetry(() -> {
                list.stream().filter(accessRequest -> {
                    return StringUtils.isNotEmpty(accessRequest.getSid());
                }).forEach(accessRequest2 -> {
                    AclTCR aclTCR = new AclTCR();
                    if (!isProjectInternalDefaultPermissionGranted && !AclPermissionUtil.isProjectAdminPermission(accessRequest2.getPermission())) {
                        aclTCR.setTable(new AclTCR.Table());
                    }
                    updateAclTCR(projectInstance2.getName(), accessRequest2.getSid(), accessRequest2.isPrincipal(), aclTCR);
                });
                return null;
            }, projectInstance2.getName());
        });
    }

    private void updateAclTCR(String str, String str2, boolean z, AclTCR aclTCR) {
        checkDependentColumnUpdate(aclTCR, (AclTCRManager) getManager(AclTCRManager.class, str), str2, z);
        ((AclTCRManager) getManager(AclTCRManager.class, str)).updateAclTCR(aclTCR, str2, z);
    }

    private List<AclTCRResponse.Column> getColumns(String str, String str2, AclTCR.ColumnRow columnRow, boolean z, AclTCR.ColumnRow columnRow2) {
        if (Objects.isNull(columnRow) || Objects.isNull(columnRow.getColumn())) {
            return Lists.newArrayList();
        }
        boolean isNull = Objects.isNull(columnRow2);
        Map hashMap = isNull ? new HashMap() : columnRow2.getColumnSensitiveDataMaskMap();
        Map hashMap2 = isNull ? new HashMap() : columnRow2.getDependentColMap();
        Map<String, DataType> tableColumnTypeMap = getTableColumnTypeMap(str, str2);
        return (List) columnRow.getColumn().stream().map(str3 -> {
            AclTCRResponse.Column column = new AclTCRResponse.Column();
            column.setColumnName(str3);
            column.setAuthorized(false);
            column.setDatatype(((DataType) tableColumnTypeMap.get(str3)).toString());
            if (z && (isNull || Objects.isNull(columnRow2.getColumn()))) {
                column.setAuthorized(true);
            } else if (!isNull && Objects.nonNull(columnRow2.getColumn())) {
                column.setAuthorized(columnRow2.getColumn().contains(str3));
            }
            if (hashMap.get(str3) != null) {
                column.setDataMaskType(((SensitiveDataMask) hashMap.get(str3)).getType());
            }
            if (hashMap2.get(column.getColumnName()) != null) {
                column.setDependentColumns((Collection) hashMap2.get(column.getColumnName()));
            }
            return column;
        }).collect(Collectors.toList());
    }

    private List<AclTCRResponse.Table> getTables(String str, String str2, AclTCR.Table table, AclTCR.Table table2) {
        if (Objects.isNull(table)) {
            return Lists.newArrayList();
        }
        boolean nonNull = Objects.nonNull(table2);
        return (List) table.entrySet().stream().map(entry -> {
            AclTCRResponse.Table table3 = new AclTCRResponse.Table();
            table3.setTableName((String) entry.getKey());
            table3.setAuthorized(false);
            AclTCR.ColumnRow columnRow = null;
            if (nonNull) {
                table3.setAuthorized(table2.containsKey(entry.getKey()));
                columnRow = (AclTCR.ColumnRow) table2.get(entry.getKey());
            }
            List<AclTCRResponse.Column> columns = getColumns(str, String.format(Locale.ROOT, IDENTIFIER_FORMAT, str2, entry.getKey()), (AclTCR.ColumnRow) entry.getValue(), table3.isAuthorized(), columnRow);
            table3.setTotalColumnNum(columns.size());
            table3.setAuthorizedColumnNum(columns.stream().filter((v0) -> {
                return v0.isAuthorized();
            }).mapToInt(column -> {
                return 1;
            }).sum());
            table3.setColumns(columns);
            if (Objects.isNull(columnRow)) {
                table3.setRows(Lists.newArrayList());
                table3.setLikeRows(Lists.newArrayList());
            } else {
                table3.setRows(columnRow.getRow() == null ? Lists.newArrayList() : transformResponseRow(columnRow.getRow()));
                table3.setLikeRows(columnRow.getLikeRow() == null ? Lists.newArrayList() : transformResponseRow(columnRow.getLikeRow()));
                if (columnRow.getRowFilter() == null) {
                    table3.setRowFilter(transformResponseFromOld(columnRow.getRow(), columnRow.getLikeRow()));
                } else {
                    table3.setRowFilter(transformResponseRowFilter(columnRow.getRowFilter()));
                }
            }
            return table3;
        }).collect(Collectors.toList());
    }

    private AclTCRResponse.RowFilter transformResponseFromOld(AclTCR.Row row, AclTCR.Row row2) {
        AclTCRResponse.RowFilter rowFilter = new AclTCRResponse.RowFilter();
        AclTCR.Row row3 = (AclTCR.Row) Optional.ofNullable(row).orElse(new AclTCR.Row());
        AclTCR.Row row4 = (AclTCR.Row) Optional.ofNullable(row2).orElse(new AclTCR.Row());
        if (row3.isEmpty() && row4.isEmpty()) {
            return rowFilter;
        }
        HashSet<String> newHashSet = Sets.newHashSet();
        newHashSet.addAll(row3.keySet());
        newHashSet.addAll(row4.keySet());
        ArrayList newArrayList = Lists.newArrayList();
        for (String str : newHashSet) {
            AclTCRResponse.FilterGroup filterGroup = new AclTCRResponse.FilterGroup();
            filterGroup.setGroup(false);
            AclTCRResponse.Filter filter = new AclTCRResponse.Filter();
            filter.setColumnName(str);
            filter.setInItems(row3.get(str) != null ? Lists.newArrayList((Iterable) row3.get(str)) : Lists.newArrayList());
            filter.setLikeItems(row4.get(str) != null ? Lists.newArrayList((Iterable) row4.get(str)) : Lists.newArrayList());
            filterGroup.setFilters(Lists.newArrayList(new AclTCRResponse.Filter[]{filter}));
            newArrayList.add(filterGroup);
        }
        rowFilter.setFilterGroups(newArrayList);
        return rowFilter;
    }

    private List<AclTCRResponse> getAllTablesAclTCRResponse(String str, SortedMap<String, AclTCR.Table> sortedMap) {
        return (List) ((AclTCRManager) getManager(AclTCRManager.class, str)).getAllDbAclTable(str).entrySet().stream().map(entry -> {
            AclTCRResponse aclTCRResponse = new AclTCRResponse();
            aclTCRResponse.setDatabaseName((String) entry.getKey());
            aclTCRResponse.setAuthorizedTableNum(Objects.isNull(sortedMap.get(entry.getKey())) ? 0 : ((AclTCR.Table) sortedMap.get(entry.getKey())).size());
            aclTCRResponse.setTotalTableNum(((AclTCR.Table) entry.getValue()).size());
            aclTCRResponse.setTables(getTables(str, (String) entry.getKey(), (AclTCR.Table) entry.getValue(), (AclTCR.Table) sortedMap.get(entry.getKey())));
            return aclTCRResponse;
        }).collect(Collectors.toList());
    }

    private List<AclTCRResponse> getAclTCRResponse(String str, SortedMap<String, AclTCR.Table> sortedMap) {
        return (List) sortedMap.entrySet().stream().map(entry -> {
            AclTCRResponse aclTCRResponse = new AclTCRResponse();
            aclTCRResponse.setDatabaseName((String) entry.getKey());
            aclTCRResponse.setAuthorizedTableNum(((AclTCR.Table) entry.getValue()).size());
            aclTCRResponse.setTotalTableNum(((AclTCR.Table) entry.getValue()).size());
            aclTCRResponse.setTables((List) ((AclTCR.Table) entry.getValue()).entrySet().stream().map(entry -> {
                Map hashMap = entry.getValue() == null ? new HashMap() : ((AclTCR.ColumnRow) entry.getValue()).getColumnSensitiveDataMaskMap();
                Map hashMap2 = entry.getValue() == null ? new HashMap() : ((AclTCR.ColumnRow) entry.getValue()).getDependentColMap();
                Map<String, DataType> tableColumnTypeMap = getTableColumnTypeMap(str, String.format(Locale.ROOT, IDENTIFIER_FORMAT, entry.getKey(), entry.getKey()));
                AclTCRResponse.Table table = new AclTCRResponse.Table();
                table.setTableName((String) entry.getKey());
                table.setAuthorized(true);
                table.setTotalColumnNum(((AclTCR.ColumnRow) entry.getValue()).getColumn().size());
                table.setAuthorizedColumnNum(((AclTCR.ColumnRow) entry.getValue()).getColumn().size());
                table.setColumns((List) ((AclTCR.ColumnRow) entry.getValue()).getColumn().stream().map(str2 -> {
                    AclTCRResponse.Column column = new AclTCRResponse.Column();
                    column.setColumnName(str2);
                    column.setDatatype(((DataType) tableColumnTypeMap.get(str2)).toString());
                    column.setAuthorized(true);
                    if (hashMap.get(str2) != null) {
                        column.setDataMaskType(((SensitiveDataMask) hashMap.get(str2)).getType());
                    }
                    if (hashMap2.get(column.getColumnName()) != null) {
                        column.setDependentColumns((Collection) hashMap2.get(column.getColumnName()));
                    }
                    return column;
                }).collect(Collectors.toList()));
                table.setRows(transformResponseRow(((AclTCR.ColumnRow) entry.getValue()).getRow()));
                table.setLikeRows(transformResponseRow(((AclTCR.ColumnRow) entry.getValue()).getLikeRow()));
                if (((AclTCR.ColumnRow) entry.getValue()).getRowFilter() == null) {
                    table.setRowFilter(transformResponseFromOld(((AclTCR.ColumnRow) entry.getValue()).getRow(), ((AclTCR.ColumnRow) entry.getValue()).getLikeRow()));
                } else {
                    table.setRowFilter(transformResponseRowFilter(((AclTCR.ColumnRow) entry.getValue()).getRowFilter()));
                }
                return table;
            }).collect(Collectors.toList()));
            return aclTCRResponse;
        }).collect(Collectors.toList());
    }

    private List<AclTCRResponse.Row> transformResponseRow(AclTCR.Row row) {
        return MapUtils.isEmpty(row) ? Lists.newArrayList() : (List) row.entrySet().stream().filter(entry -> {
            return Objects.nonNull(entry.getValue());
        }).map(entry2 -> {
            AclTCRResponse.Row row2 = new AclTCRResponse.Row();
            row2.setColumnName((String) entry2.getKey());
            row2.setItems(Lists.newArrayList((Iterable) entry2.getValue()));
            return row2;
        }).collect(Collectors.toList());
    }

    private AclTCRResponse.RowFilter transformResponseRowFilter(List<AclTCR.FilterGroup> list) {
        AclTCRResponse.RowFilter rowFilter = new AclTCRResponse.RowFilter();
        if (CollectionUtils.isEmpty(list)) {
            return rowFilter;
        }
        rowFilter.setType(list.get(0).getType().toString());
        list.forEach(filterGroup -> {
            AclTCR.Filters filters = filterGroup.getFilters();
            AclTCRResponse.FilterGroup filterGroup = new AclTCRResponse.FilterGroup();
            filterGroup.setGroup(filterGroup.isGroup());
            if (filters != null && filters.size() > 0) {
                filterGroup.setType(((AclTCR.FilterItems) filters.values().iterator().next()).getType().toString());
                ArrayList newArrayList = Lists.newArrayList();
                for (Map.Entry entry : filters.entrySet()) {
                    AclTCRResponse.Filter filter = new AclTCRResponse.Filter();
                    filter.setColumnName((String) entry.getKey());
                    AclTCR.FilterItems filterItems = (AclTCR.FilterItems) entry.getValue();
                    filter.setInItems(Lists.newArrayList(filterItems.getInItems()));
                    filter.setLikeItems(Lists.newArrayList(filterItems.getLikeItems()));
                    newArrayList.add(filter);
                }
                filterGroup.setFilters(newArrayList);
            }
            rowFilter.getFilterGroups().add(filterGroup);
        });
        return rowFilter;
    }

    private List<AclTCRResponse> tagTableNum(List<AclTCRResponse> list, Map<String, Map<String, Integer>> map) {
        list.forEach(aclTCRResponse -> {
            aclTCRResponse.setTotalTableNum(((Map) map.get(aclTCRResponse.getDatabaseName())).size());
            aclTCRResponse.getTables().forEach(table -> {
                table.setTotalColumnNum(((Integer) ((Map) map.get(aclTCRResponse.getDatabaseName())).get(table.getTableName())).intValue());
            });
        });
        return list;
    }

    private void slim(String str, AclTCR aclTCR) {
        if (aclTCR == null || aclTCR.getTable() == null) {
            return;
        }
        aclTCR.getTable().forEach((str2, columnRow) -> {
            if (Objects.isNull(columnRow)) {
                return;
            }
            if (Objects.nonNull(columnRow.getColumn()) && ((Stream) Optional.ofNullable(((NTableMetadataManager) getManager(NTableMetadataManager.class, str)).getTableDesc(str2).getColumns()).map((v0) -> {
                return Arrays.stream(v0);
            }).orElseGet(Stream::empty)).map((v0) -> {
                return v0.getName();
            }).allMatch(str2 -> {
                return columnRow.getColumn().contains(str2) && columnRow.getColumnSensitiveDataMask() == null && columnRow.getDependentColumns() == null;
            })) {
                columnRow.setColumn((AclTCR.Column) null);
            }
            if (columnRow.isAllRowGranted() && Objects.isNull(columnRow.getColumn())) {
                aclTCR.getTable().put(str2, (Object) null);
            }
        });
        if (((NTableMetadataManager) getManager(NTableMetadataManager.class, str)).listAllTables().stream().map((v0) -> {
            return v0.getIdentity();
        }).allMatch(str3 -> {
            return aclTCR.getTable().containsKey(str3);
        }) && aclTCR.getTable().entrySet().stream().allMatch(entry -> {
            return Objects.isNull(entry.getValue());
        })) {
            aclTCR.setTable((AclTCR.Table) null);
        }
    }

    private AclTCR transformRequests(String str, List<AclTCRRequest> list) {
        AclTCR aclTCR = new AclTCR();
        AclTCR.Table table = new AclTCR.Table();
        checkAclRequestParam(str, list);
        list.stream().filter(aclTCRRequest -> {
            return StringUtils.isNotEmpty(aclTCRRequest.getDatabaseName());
        }).forEach(aclTCRRequest2 -> {
            aclTCRRequest2.getTables().stream().filter(table2 -> {
                return table2.isAuthorized() && StringUtils.isNotEmpty(table2.getTableName());
            }).forEach(table3 -> {
                setColumnRow(table, aclTCRRequest2, table3);
            });
        });
        if (list.stream().allMatch(aclTCRRequest3 -> {
            return ((Stream) Optional.ofNullable(aclTCRRequest3.getTables()).map((v0) -> {
                return v0.stream();
            }).orElseGet(Stream::empty)).allMatch((v0) -> {
                return v0.isAuthorized();
            });
        })) {
            ((NTableMetadataManager) getManager(NTableMetadataManager.class, str)).listAllTables().stream().filter(tableDesc -> {
                return !table.containsKey(tableDesc.getIdentity());
            }).map((v0) -> {
                return v0.getIdentity();
            }).forEach(str2 -> {
            });
        }
        aclTCR.setTable(table);
        slim(str, aclTCR);
        checkDependentColumnUpdate(aclTCR);
        return aclTCR;
    }

    private AclTCR mergeRequests(String str, String str2, boolean z, List<AclTCRRequest> list) {
        checkAclRequestParam(str, list);
        AclTCRManager aclTCRManager = (AclTCRManager) getManager(AclTCRManager.class, str);
        AclTCR aclTCR = aclTCRManager.getAclTCR(str2, z);
        if (aclTCR == null) {
            aclTCR = new AclTCR();
        }
        SortedMap allDbAclTable = aclTCRManager.getAllDbAclTable(str);
        AclTCR.Table initTableAcl = initTableAcl(aclTCR, allDbAclTable);
        for (AclTCRRequest aclTCRRequest : list) {
            String databaseName = aclTCRRequest.getDatabaseName();
            List<AclTCRRequest.Table> tables = aclTCRRequest.getTables();
            if (tables != null) {
                for (AclTCRRequest.Table table : tables) {
                    String format = String.format(Locale.ROOT, IDENTIFIER_FORMAT, databaseName, table.getTableName());
                    if (table.isAuthorized()) {
                        AclTCR.ColumnRow columnRow = (AclTCR.ColumnRow) initTableAcl.get(format);
                        if (columnRow == null) {
                            columnRow = new AclTCR.ColumnRow();
                            columnRow.setColumn(((AclTCR.ColumnRow) ((AclTCR.Table) allDbAclTable.get(databaseName)).get(table.getTableName())).getColumn());
                        }
                        updateColumnAcl(columnRow, table.getColumns());
                        if (table.getRowFilter() != null) {
                            table.setRows(Lists.newArrayList());
                            table.setLikeRows(Lists.newArrayList());
                        }
                        updateRowAcl(columnRow, table.getRows(), table.getLikeRows());
                        updateRowFilter(columnRow, table.getRowFilter());
                        initTableAcl.put(format, columnRow);
                    } else {
                        initTableAcl.remove(String.format(Locale.ROOT, IDENTIFIER_FORMAT, databaseName, table.getTableName()));
                    }
                }
            }
        }
        aclTCR.setTable(initTableAcl);
        slim(str, aclTCR);
        checkDependentColumnUpdate(aclTCR);
        checkRowAcl(aclTCR);
        return aclTCR;
    }

    private AclTCR.Table initTableAcl(AclTCR aclTCR, Map<String, AclTCR.Table> map) {
        AclTCR.Table table = aclTCR.getTable();
        if (table == null) {
            table = new AclTCR.Table();
            for (Map.Entry<String, AclTCR.Table> entry : map.entrySet()) {
                for (Map.Entry entry2 : entry.getValue().entrySet()) {
                    table.put(String.format(Locale.ROOT, IDENTIFIER_FORMAT, entry.getKey(), entry2.getKey()), entry2.getValue());
                }
            }
            aclTCR.setTable(table);
        }
        return table;
    }

    private void updateColumnAcl(AclTCR.ColumnRow columnRow, List<AclTCRRequest.Column> list) {
        if (list == null) {
            return;
        }
        HashSet hashSet = new HashSet((Collection) Optional.ofNullable(columnRow.getColumnSensitiveDataMask()).orElse(new ArrayList()));
        HashSet hashSet2 = new HashSet((Collection) Optional.ofNullable(columnRow.getDependentColumns()).orElse(new ArrayList()));
        for (AclTCRRequest.Column column : list) {
            hashSet.removeIf(sensitiveDataMask -> {
                return sensitiveDataMask.getColumn().equals(column.getColumnName());
            });
            hashSet2.removeIf(dependentColumn -> {
                return dependentColumn.getColumn().equals(column.getColumnName());
            });
            if (column.isAuthorized()) {
                if (columnRow.getColumn() != null) {
                    columnRow.getColumn().add(column.getColumnName());
                }
                if (column.getDataMaskType() != null) {
                    hashSet.add(new SensitiveDataMask(column.getColumnName(), column.getDataMaskType()));
                }
                if (column.getDependentColumns() != null) {
                    for (AclTCRRequest.DependentColumnData dependentColumnData : column.getDependentColumns()) {
                        hashSet2.add(new DependentColumn(column.getColumnName(), dependentColumnData.getColumnIdentity(), dependentColumnData.getValues()));
                    }
                }
            } else {
                columnRow.getColumn().remove(column.getColumnName());
            }
        }
        columnRow.setColumnSensitiveDataMask(new ArrayList(hashSet));
        columnRow.setDependentColumns(new ArrayList(hashSet2));
    }

    private void updateRowAcl(AclTCR.ColumnRow columnRow, List<AclTCRRequest.Row> list, List<AclTCRRequest.Row> list2) {
        if (list != null) {
            columnRow.setRow(rowConverter(list));
        }
        if (list2 != null) {
            columnRow.setLikeRow(rowConverter(list2));
        }
    }

    private void updateRowFilter(AclTCR.ColumnRow columnRow, AclTCRRequest.RowFilter rowFilter) {
        if (rowFilter != null) {
            columnRow.setRowFilter(rowFilterConverter(rowFilter));
        }
    }

    private void setColumnRow(AclTCR.Table table, AclTCRRequest aclTCRRequest, AclTCRRequest.Table table2) {
        AclTCR.Column column;
        String format = String.format(Locale.ROOT, IDENTIFIER_FORMAT, aclTCRRequest.getDatabaseName(), table2.getTableName());
        AclTCR.ColumnRow columnRow = new AclTCR.ColumnRow();
        if (((Stream) Optional.ofNullable(table2.getColumns()).map((v0) -> {
            return v0.stream();
        }).orElseGet(Stream::empty)).allMatch(column2 -> {
            return column2.isAuthorized() && column2.getDataMaskType() == null && column2.getDependentColumns() == null;
        })) {
            column = null;
        } else {
            column = new AclTCR.Column();
            column.addAll((Collection) ((Stream) Optional.ofNullable(table2.getColumns()).map((v0) -> {
                return v0.stream();
            }).orElseGet(Stream::empty)).filter((v0) -> {
                return v0.isAuthorized();
            }).map((v0) -> {
                return v0.getColumnName();
            }).collect(Collectors.toSet()));
        }
        columnRow.setColumn(column);
        LinkedList linkedList = new LinkedList();
        for (AclTCRRequest.Column column3 : table2.getColumns()) {
            if (column3.getDataMaskType() != null) {
                linkedList.add(new SensitiveDataMask(column3.getColumnName(), column3.getDataMaskType()));
            }
        }
        columnRow.setColumnSensitiveDataMask(linkedList);
        LinkedList linkedList2 = new LinkedList();
        for (AclTCRRequest.Column column4 : table2.getColumns()) {
            if (column4.getDependentColumns() != null) {
                for (AclTCRRequest.DependentColumnData dependentColumnData : column4.getDependentColumns()) {
                    linkedList2.add(new DependentColumn(column4.getColumnName(), dependentColumnData.getColumnIdentity(), dependentColumnData.getValues()));
                }
            }
        }
        columnRow.setDependentColumns(linkedList2);
        columnRow.setRow(rowConverter(table2.getRows()));
        columnRow.setLikeRow(rowConverter(table2.getLikeRows()));
        table.put(format, columnRow);
    }

    private List<AclTCR.FilterGroup> rowFilterConverter(AclTCRRequest.RowFilter rowFilter) {
        ArrayList<AclTCR.FilterGroup> newArrayList = Lists.newArrayList();
        if (rowFilter == null || rowFilter.getFilterGroups() == null) {
            return newArrayList;
        }
        HashMap newHashMap = Maps.newHashMap();
        AclTCR.OperatorType stringToEnum = AclTCR.OperatorType.stringToEnum(rowFilter.getType());
        rowFilter.getFilterGroups().stream().forEach(filterGroup -> {
            AclTCR.FilterGroup filterGroup = new AclTCR.FilterGroup();
            filterGroup.setType(stringToEnum);
            filterGroup.setGroup(filterGroup.isGroup());
            AclTCR.OperatorType stringToEnum2 = AclTCR.OperatorType.stringToEnum(filterGroup.getType());
            AclTCR.Filters filters = new AclTCR.Filters();
            if (filterGroup.isGroup()) {
                ((Map) filterGroup.getFilters().stream().map(filter -> {
                    return new AbstractMap.SimpleEntry(filter.getColumnName(), new AclTCR.FilterItems(Sets.newTreeSet(filter.getInItems()), Sets.newTreeSet(filter.getLikeItems()), stringToEnum2));
                }).collect(Collectors.toMap((v0) -> {
                    return v0.getKey();
                }, (v0) -> {
                    return v0.getValue();
                }, (filterItems, filterItems2) -> {
                    return AclTCR.FilterItems.merge(filterItems, filterItems2);
                }))).forEach((str, filterItems3) -> {
                });
            } else {
                AclTCRRequest.Filter filter2 = filterGroup.getFilters().get(0);
                AclTCR.FilterItems filterItems4 = new AclTCR.FilterItems(Sets.newTreeSet(filter2.getInItems()), Sets.newTreeSet(filter2.getLikeItems()), stringToEnum2);
                if (!newHashMap.containsKey(filter2.getColumnName())) {
                    filters.put(filter2.getColumnName(), filterItems4);
                }
                newHashMap.merge(filter2.getColumnName(), filterItems4, (filterItems5, filterItems6) -> {
                    return AclTCR.FilterItems.merge(filterItems5, filterItems6);
                });
            }
            if (filters.isEmpty()) {
                return;
            }
            filterGroup.setFilters(filters);
            newArrayList.add(filterGroup);
        });
        for (AclTCR.FilterGroup filterGroup2 : newArrayList) {
            if (!filterGroup2.isGroup()) {
                String str = (String) filterGroup2.getFilters().keySet().iterator().next();
                filterGroup2.getFilters().put(str, newHashMap.get(str));
            }
        }
        return newArrayList;
    }

    private AclTCR.Row rowConverter(List<AclTCRRequest.Row> list) {
        AclTCR.Row row;
        if (((Stream) Optional.ofNullable(list).map((v0) -> {
            return v0.stream();
        }).orElseGet(Stream::empty)).allMatch(row2 -> {
            return CollectionUtils.isEmpty(row2.getItems());
        })) {
            row = null;
        } else {
            row = new AclTCR.Row();
            ((Map) list.stream().filter(row3 -> {
                return CollectionUtils.isNotEmpty(row3.getItems());
            }).map(row4 -> {
                return new AbstractMap.SimpleEntry(row4.getColumnName(), Sets.newHashSet(row4.getItems()));
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }, (set, set2) -> {
                set.addAll(set2);
                return set;
            }))).forEach((str, set3) -> {
                AclTCR.RealRow realRow = new AclTCR.RealRow();
                realRow.addAll(set3);
                row.put(str, realRow);
            });
        }
        return row;
    }

    private void checkDependentColumnUpdate(AclTCR aclTCR, AclTCRManager aclTCRManager, String str, boolean z) {
        if (z) {
            List<AclTCR> aclTCRs = aclTCRManager.getAclTCRs(str, this.userGroupService.listUserGroups(str));
            aclTCRs.add(aclTCR);
            checkDependentColumnUpdate(aclTCRs);
        }
    }

    private void checkDependentColumnUpdate(AclTCR aclTCR) {
        checkDependentColumnUpdate(Lists.newArrayList(new AclTCR[]{aclTCR}));
    }

    private void checkRowAcl(AclTCR aclTCR) {
        checkRowAcl(Lists.newArrayList(new AclTCR[]{aclTCR}));
    }

    private void checkDependentColumnUpdate(List<AclTCR> list) {
        Set<String> set = (Set) list.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(aclTCR -> {
            return aclTCR.getTable() != null;
        }).flatMap(aclTCR2 -> {
            return aclTCR2.getTable().values().stream();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(columnRow -> {
            return columnRow.getDependentColumns() != null;
        }).flatMap(columnRow2 -> {
            return columnRow2.getDependentColumns().stream();
        }).map((v0) -> {
            return v0.getDependentColumnIdentity();
        }).collect(Collectors.toSet());
        Set set2 = (Set) list.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getTable();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.entrySet();
        }).flatMap((v0) -> {
            return v0.stream();
        }).filter(entry -> {
            return entry.getValue() != null;
        }).filter(entry2 -> {
            return ((AclTCR.ColumnRow) entry2.getValue()).getDependentColumns() != null;
        }).map(entry3 -> {
            return (Set) ((AclTCR.ColumnRow) entry3.getValue()).getDependentColumns().stream().filter(dependentColumn -> {
                return set.contains(((String) entry3.getKey()) + "." + dependentColumn.getColumn());
            }).map((v0) -> {
                return v0.getColumn();
            }).collect(Collectors.toSet());
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
        if (!set2.isEmpty()) {
            throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, MsgPicker.getMsg().getNotSupportNestedDependentCol(), String.join(", ", set2)));
        }
        for (String str : set) {
            if (list.stream().noneMatch(aclTCR3 -> {
                return aclTCR3.isColumnAuthorized(str);
            })) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, MsgPicker.getMsg().getInvalidColumnAccess(), str));
            }
        }
    }

    private void checkRowAcl(List<AclTCR> list) {
        list.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getTable();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.entrySet();
        }).flatMap((v0) -> {
            return v0.stream();
        }).filter(entry -> {
            return entry.getValue() != null;
        }).filter(entry2 -> {
            return ((AclTCR.ColumnRow) entry2.getValue()).getRow() != null;
        }).forEach(entry3 -> {
            ((AclTCR.ColumnRow) entry3.getValue()).getRow().keySet().forEach(str -> {
                if (list.stream().noneMatch(aclTCR -> {
                    return aclTCR.isColumnAuthorized(String.format(Locale.ROOT, IDENTIFIER_FORMAT, entry3.getKey(), str));
                })) {
                    throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, MsgPicker.getMsg().getInvalidColumnAccess(), str));
                }
            });
        });
    }

    public void checkAclRequestParam(String str, List<AclTCRRequest> list) {
        NTableMetadataManager tableMetadataManager = getTableMetadataManager(str);
        list.forEach(aclTCRRequest -> {
            aclTCRRequest.getTables().stream().filter((v0) -> {
                return v0.isAuthorized();
            }).filter(table -> {
                return !((Stream) Optional.ofNullable(table.getRows()).map((v0) -> {
                    return v0.stream();
                }).orElseGet(Stream::empty)).allMatch(row -> {
                    return CollectionUtils.isEmpty(row.getItems());
                });
            }).forEach(table2 -> {
                String format = String.format(Locale.ROOT, IDENTIFIER_FORMAT, aclTCRRequest.getDatabaseName(), table2.getTableName());
                TableDesc tableDesc = tableMetadataManager.getTableDesc(format);
                table2.getRows().stream().filter(row -> {
                    return CollectionUtils.isNotEmpty(row.getItems());
                }).forEach(row2 -> {
                    if (tableDesc.findColumnByName(row2.getColumnName()).getType().isNumberFamily()) {
                        String str2 = format + "." + row2.getColumnName();
                        row2.getItems().forEach(str3 -> {
                            try {
                                Double.parseDouble(str3);
                            } catch (Exception e) {
                                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getColumnParameterInvalid(str2));
                            }
                        });
                    }
                });
            });
        });
        list.forEach(aclTCRRequest2 -> {
            aclTCRRequest2.getTables().stream().filter((v0) -> {
                return v0.isAuthorized();
            }).forEach(table -> {
                checkSensitiveDataMaskRequest(table, tableMetadataManager.getTableDesc(String.format(Locale.ROOT, IDENTIFIER_FORMAT, aclTCRRequest2.getDatabaseName(), table.getTableName())));
            });
        });
    }

    private void checkSensitiveDataMaskRequest(AclTCRRequest.Table table, TableDesc tableDesc) {
        if (table.getColumns() == null) {
            return;
        }
        for (AclTCRRequest.Column column : table.getColumns()) {
            if (column.getDataMaskType() != null && !column.isAuthorized()) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, MsgPicker.getMsg().getInvalidColumnAccess(), column.getColumnName()));
            }
            if (column.getDataMaskType() != null && !SensitiveDataMask.isValidDataType(tableDesc.findColumnByName(column.getColumnName()).getDatatype())) {
                throw new KylinException(ServerErrorCode.INVALID_PARAMETER, MsgPicker.getMsg().getInvalidSensitiveDataMaskColumnType());
            }
        }
    }

    private Map<String, Map<String, Integer>> getDbTblColNum(String str) {
        HashMap newHashMap = Maps.newHashMap();
        ((NTableMetadataManager) getManager(NTableMetadataManager.class, str)).listAllTables().forEach(tableDesc -> {
            if (!newHashMap.containsKey(tableDesc.getDatabase())) {
                newHashMap.put(tableDesc.getDatabase(), Maps.newHashMap());
            }
            ((Map) newHashMap.get(tableDesc.getDatabase())).put(tableDesc.getName(), Integer.valueOf(tableDesc.getColumnCount()));
        });
        return newHashMap;
    }

    private Map<String, DataType> getTableColumnTypeMap(String str, String str2) {
        TableDesc tableDesc = NTableMetadataManager.getInstance(KylinConfig.getInstanceFromEnv(), str).getTableDesc(str2);
        return tableDesc == null ? Maps.newHashMap() : (Map) Arrays.stream(tableDesc.getColumns()).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getType();
        }, (dataType, dataType2) -> {
            return dataType;
        }, () -> {
            return new TreeMap(String.CASE_INSENSITIVE_ORDER);
        }));
    }

    @VisibleForTesting
    public NKylinUserManager getKylinUserManager() {
        return NKylinUserManager.getInstance(getConfig());
    }

    public List<TableDesc> getAuthorizedTables(String str, String str2) {
        return getAuthorizedTables(str, str2, getKylinUserManager().getUserGroups(str2));
    }

    @VisibleForTesting
    public NTableMetadataManager getTableMetadataManager(String str) {
        Preconditions.checkNotNull(str);
        return NTableMetadataManager.getInstance(getConfig(), str);
    }

    @VisibleForTesting
    boolean canUseACLGreenChannel(String str) {
        return AclPermissionUtil.canUseACLGreenChannel(str, getCurrentUserGroups());
    }

    @VisibleForTesting
    public List<TableDesc> getAuthorizedTables(String str, String str2, Set<String> set) {
        List aclTCRs = ((AclTCRManager) getManager(AclTCRManager.class, str)).getAclTCRs(str2, set);
        return (List) getTableMetadataManager(str).listAllTables().stream().filter(tableDesc -> {
            return aclTCRs.stream().anyMatch(aclTCR -> {
                return aclTCR.isAuthorized(tableDesc.getIdentity());
            });
        }).collect(Collectors.toList());
    }

    public boolean remoteGrantACL(String str, List<AccessRequest> list) throws JsonProcessingException {
        return remoteRequest(new AclGrantEventNotifier(str, JsonUtil.writeValueAsString(list)), str);
    }

    public boolean remoteRevokeACL(String str, String str2, boolean z) {
        return remoteRequest(new AclRevokeEventNotifier(str, str2, z), str);
    }

    public void updateAclFromRemote(AclGrantEventNotifier aclGrantEventNotifier, AclRevokeEventNotifier aclRevokeEventNotifier) throws IOException {
        if (aclGrantEventNotifier != null) {
            updateAclTCR(aclGrantEventNotifier.getProjectId(), (List) JsonUtil.readValue(aclGrantEventNotifier.getRawAclTCRRequests(), new TypeReference<List<AccessRequest>>() { // from class: org.apache.kylin.rest.service.AclTCRService.1
            }));
        } else if (aclRevokeEventNotifier != null) {
            revokeAclTCR(aclRevokeEventNotifier.getProjectId(), aclRevokeEventNotifier.getSid(), aclRevokeEventNotifier.isPrincipal());
        }
    }
}
