package org.apache.kylin.rest.service;

import com.google.common.base.Preconditions;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.exception.code.ErrorCodeServer;
import org.apache.kylin.common.msg.Message;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.common.persistence.JsonSerializer;
import org.apache.kylin.common.persistence.Serializer;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.metadata.user.NKylinUserManager;
import org.apache.kylin.rest.aspect.Transaction;
import org.apache.kylin.rest.exception.InternalErrorException;
import org.apache.kylin.rest.security.AclPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:org/apache/kylin/rest/service/KylinUserService.class */
public class KylinUserService implements UserService {
    public static final String DIR_PREFIX = "/user/";

    @Autowired
    @Qualifier("userAclService")
    protected UserAclService userAclService;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(KylinUserService.class);
    public static final Serializer<ManagedUser> SERIALIZER = new JsonSerializer(ManagedUser.class);

    @Transaction
    public void createUser(UserDetails userDetails) {
        if (getKylinUserManager().exists(userDetails.getUsername())) {
            throw new KylinException(ServerErrorCode.DUPLICATE_USER_NAME, String.format(Locale.ROOT, MsgPicker.getMsg().getUserExists(), userDetails.getUsername()));
        }
        updateUser(userDetails);
    }

    @Transaction
    public void updateUser(UserDetails userDetails) {
        Preconditions.checkState(userDetails instanceof ManagedUser, "User {} is not ManagedUser", new Object[]{userDetails});
        ManagedUser managedUser = (ManagedUser) userDetails;
        if (!managedUser.getAuthorities().contains(new SimpleGrantedAuthority("ALL_USERS"))) {
            throw new KylinException(ServerErrorCode.PERMISSION_DENIED, MsgPicker.getMsg().getInvalidRemoveUserFromAllUser());
        }
        getKylinUserManager().update(managedUser);
        this.userAclService.updateUserAclPermission(userDetails, AclPermission.DATA_QUERY);
        log.trace("update user : {}", userDetails.getUsername());
    }

    @Transaction
    public void deleteUser(String str) {
        List<String> listSuperAdminUsers = listSuperAdminUsers();
        if (!CollectionUtils.isEmpty(listSuperAdminUsers) && !((List) listSuperAdminUsers.stream().filter(str2 -> {
            return str2.equalsIgnoreCase(str);
        }).collect(Collectors.toList())).isEmpty()) {
            throw new InternalErrorException("User " + str + " is not allowed to be deleted.");
        }
        this.userAclService.deleteUserAcl(str);
        getKylinUserManager().delete(str);
        log.trace("delete user : {}", str);
    }

    public void changePassword(String str, String str2) {
        throw new UnsupportedOperationException();
    }

    public boolean userExists(String str) {
        log.trace("judge user exist: {}", str);
        return getKylinUserManager().exists(str);
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        Message msg = MsgPicker.getMsg();
        try {
            ManagedUser managedUser = getKylinUserManager().get(str);
            if (managedUser == null) {
                throw new UsernameNotFoundException(String.format(Locale.ROOT, msg.getUserNotFound(), str));
            }
            log.trace("load user : {}", str);
            return managedUser;
        } catch (IllegalArgumentException e) {
            log.error("exception: ", e);
            throw new UsernameNotFoundException(ErrorCodeServer.USER_LOGIN_FAILED.getMsg(new Object[0]));
        }
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<ManagedUser> listUsers() {
        return getKylinUserManager().list();
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<ManagedUser> listUsers(boolean z) {
        return getKylinUserManager().list(z);
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<String> listAdminUsers() {
        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
        return (List) listUsers().stream().filter(managedUser -> {
            return managedUser.getAuthorities().contains(simpleGrantedAuthority);
        }).map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toList());
    }

    @Override // org.apache.kylin.rest.service.UserService
    public boolean isGlobalAdmin(String str) {
        try {
            return isGlobalAdmin(loadUserByUsername(str));
        } catch (Exception e) {
            logger.debug("Cat not load user by username {}", str, e);
            return false;
        }
    }

    @Override // org.apache.kylin.rest.service.UserService
    public boolean isGlobalAdmin(UserDetails userDetails) {
        if (Objects.isNull(userDetails)) {
            return false;
        }
        return userDetails.getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equals("ROLE_ADMIN");
        });
    }

    @Override // org.apache.kylin.rest.service.UserService
    public boolean containsGlobalAdmin(Set<String> set) {
        return set.stream().anyMatch(this::isGlobalAdmin);
    }

    @Override // org.apache.kylin.rest.service.UserService
    public Set<String> retainsNormalUser(Set<String> set) {
        return (Set) set.stream().filter(str -> {
            return !isGlobalAdmin(str);
        }).collect(Collectors.toSet());
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<String> listNormalUsers() {
        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
        return (List) listUsers().stream().filter(managedUser -> {
            return !managedUser.getAuthorities().contains(simpleGrantedAuthority);
        }).map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toList());
    }

    @Override // org.apache.kylin.rest.service.UserService
    public List<String> listSuperAdminUsers() {
        return Collections.singletonList("ADMIN");
    }

    @Override // org.apache.kylin.rest.service.UserService
    public void completeUserInfo(ManagedUser managedUser) {
    }

    public static String getId(String str) {
        return DIR_PREFIX + str;
    }

    protected NKylinUserManager getKylinUserManager() {
        return NKylinUserManager.getInstance(KylinConfig.getInstanceFromEnv());
    }
}
