package org.apache.kylin.rest.service;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.exception.KylinException;
import org.apache.kylin.common.exception.ServerErrorCode;
import org.apache.kylin.common.msg.Message;
import org.apache.kylin.common.msg.MsgPicker;
import org.apache.kylin.common.persistence.ResourceStore;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.metadata.user.NKylinUserManager;
import org.apache.kylin.metadata.usergroup.NUserGroupManager;
import org.apache.kylin.metadata.usergroup.UserGroup;
import org.apache.kylin.rest.aspect.Transaction;
import org.apache.kylin.rest.response.UserGroupResponseKI;
import org.apache.kylin.rest.util.AclEvaluate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

@Component("nUserGroupService")
/* loaded from: input_file:org/apache/kylin/rest/service/NUserGroupService.class */
public class NUserGroupService implements IUserGroupService {
    public static final Logger logger = LoggerFactory.getLogger(NUserGroupService.class);

    @Autowired
    @Qualifier("accessService")
    private AccessService accessService;

    @Autowired
    AclEvaluate aclEvaluate;

    @Autowired
    @Qualifier("userService")
    UserService userService;

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<String> getAllUserGroups() {
        return getUserGroupManager().getAllGroupNames();
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<ManagedUser> getGroupMembersByName(String str) throws IOException {
        List<ManagedUser> listUsers = this.userService.listUsers();
        listUsers.removeIf(managedUser -> {
            return !managedUser.getAuthorities().contains(new SimpleGrantedAuthority(str));
        });
        return listUsers;
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    @Transaction
    public void addGroup(String str) {
        this.aclEvaluate.checkIsGlobalAdmin();
        getUserGroupManager().add(str);
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    @Transaction
    public void deleteGroup(String str) throws IOException {
        this.aclEvaluate.checkIsGlobalAdmin();
        checkGroupCanBeDeleted(str);
        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(str);
        this.userService.listUsers(false).stream().filter(managedUser -> {
            return managedUser.getAuthorities().parallelStream().anyMatch(simpleGrantedAuthority2 -> {
                return simpleGrantedAuthority2.equals(simpleGrantedAuthority);
            });
        }).forEach(managedUser2 -> {
            managedUser2.removeAuthorities(str);
            this.userService.updateUser(managedUser2);
        });
        this.accessService.revokeProjectPermission(str, "group");
        getUserGroupManager().delete(str);
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    @Transaction
    public void modifyGroupUsers(String str, List<String> list) throws IOException {
        this.aclEvaluate.checkIsGlobalAdmin();
        checkGroupNameExist(str);
        List list2 = (List) getGroupMembersByName(str).stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toList());
        ArrayList newArrayList = Lists.newArrayList(list);
        ArrayList newArrayList2 = Lists.newArrayList(list2);
        newArrayList.removeAll(list2);
        newArrayList2.removeAll(list);
        Message msg = MsgPicker.getMsg();
        String currentUserName = this.aclEvaluate.getCurrentUserName();
        ArrayList<String> newArrayList3 = Lists.newArrayList();
        newArrayList3.addAll(newArrayList);
        newArrayList3.addAll(newArrayList2);
        List<String> listSuperAdminUsers = this.userService.listSuperAdminUsers();
        for (String str2 : newArrayList3) {
            if (!CollectionUtils.isEmpty(listSuperAdminUsers) && ((List) listSuperAdminUsers.stream().filter(str3 -> {
                return str3.equalsIgnoreCase(str2);
            }).collect(Collectors.toList())).size() > 0) {
                throw new KylinException(ServerErrorCode.PERMISSION_DENIED, MsgPicker.getMsg().getChangeGlobaladmin());
            }
            if (StringUtils.equalsIgnoreCase(currentUserName, str2)) {
                throw new KylinException(ServerErrorCode.FAILED_UPDATE_USER, msg.getSelfEditForbidden());
            }
        }
        Iterator it = newArrayList.iterator();
        while (it.hasNext()) {
            UserDetails userDetails = (ManagedUser) this.userService.loadUserByUsername((String) it.next());
            userDetails.addAuthorities(str);
            this.userService.updateUser(userDetails);
        }
        Iterator it2 = newArrayList2.iterator();
        while (it2.hasNext()) {
            UserDetails userDetails2 = (ManagedUser) this.userService.loadUserByUsername((String) it2.next());
            userDetails2.removeAuthorities(str);
            this.userService.updateUser(userDetails2);
        }
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<String> listAllAuthorities() {
        this.aclEvaluate.checkIsGlobalAdmin();
        return getAllUserGroups();
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<String> getAuthoritiesFilterByGroupName(String str) {
        this.aclEvaluate.checkIsGlobalAdmin();
        return StringUtils.isEmpty(str) ? getAllUserGroups() : (List) getAllUserGroups().stream().filter(str2 -> {
            return StringUtils.containsIgnoreCase(str2, str);
        }).collect(Collectors.toList());
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<UserGroup> listUserGroups() {
        return getUserGroupManager().getAllGroups();
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<UserGroup> getUserGroupsFilterByGroupName(String str) {
        this.aclEvaluate.checkIsGlobalAdmin();
        return StringUtils.isEmpty(str) ? listUserGroups() : getUserGroupManager().getAllGroups(str2 -> {
            String[] split = StringUtils.split(str2, "/");
            return StringUtils.containsIgnoreCase(split[split.length - 1], str);
        });
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public String getGroupNameByUuid(String str) {
        for (UserGroup userGroup : getUserGroupManager().getAllGroups()) {
            if (StringUtils.equalsIgnoreCase(str, userGroup.getUuid())) {
                return userGroup.getGroupName();
            }
        }
        throw new KylinException(ServerErrorCode.USERGROUP_NOT_EXIST, String.format(Locale.ROOT, MsgPicker.getMsg().getGroupUuidNotExist(), str));
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public String getUuidByGroupName(String str) {
        if (StringUtils.isEmpty(str)) {
            throw new KylinException(ServerErrorCode.USERGROUP_NOT_EXIST, String.format(Locale.ROOT, MsgPicker.getMsg().getUserGroupNotExist(), str));
        }
        Optional findFirst = getUserGroupManager().getAllGroups(str2 -> {
            return StringUtils.endsWithIgnoreCase(str2, str);
        }).stream().filter(userGroup -> {
            return StringUtils.equalsIgnoreCase(userGroup.getGroupName(), str);
        }).findFirst();
        if (findFirst.isPresent()) {
            return ((UserGroup) findFirst.get()).getUuid();
        }
        throw new KylinException(ServerErrorCode.USERGROUP_NOT_EXIST, String.format(Locale.ROOT, MsgPicker.getMsg().getUserGroupNotExist(), str));
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public boolean exists(String str) {
        return getUserGroupManager().exists(str);
    }

    public ResourceStore getStore() {
        return ResourceStore.getKylinMetaStore(KylinConfig.getInstanceFromEnv());
    }

    private void checkGroupNameExist(String str) {
        if (!getAllUserGroups().contains(str)) {
            throw new KylinException(ServerErrorCode.INVALID_PARAMETER, String.format(Locale.ROOT, MsgPicker.getMsg().getUserGroupNotExist(), str));
        }
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public Map<String, List<String>> getUserAndUserGroup() throws IOException {
        HashMap newHashMap = Maps.newHashMap();
        List list = (List) this.userService.getManagedUsersByFuzzMatching(null, false).stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toList());
        List<String> allUserGroups = getAllUserGroups();
        newHashMap.put("user", list);
        newHashMap.put("group", allUserGroups);
        return newHashMap;
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public Set<String> listUserGroups(String str) {
        ManagedUser managedUser = NKylinUserManager.getInstance(KylinConfig.getInstanceFromEnv()).get(str);
        return Objects.isNull(managedUser) ? Collections.emptySet() : (Set) managedUser.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).filter(this::exists).collect(Collectors.toSet());
    }

    private NUserGroupManager getUserGroupManager() {
        return NUserGroupManager.getInstance(KylinConfig.getInstanceFromEnv());
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    public List<UserGroupResponseKI> getUserGroupResponse(List<UserGroup> list) throws IOException {
        ArrayList arrayList = new ArrayList();
        List list2 = (List) list.stream().map((v0) -> {
            return v0.getGroupName();
        }).collect(Collectors.toList());
        Map map = (Map) this.userService.listUsers(false).parallelStream().filter(managedUser -> {
            return managedUser.getAuthorities().stream().anyMatch(simpleGrantedAuthority -> {
                return list2.contains(simpleGrantedAuthority.getAuthority());
            });
        }).map(managedUser2 -> {
            Stream map2 = managedUser2.getAuthorities().stream().map((v0) -> {
                return v0.getAuthority();
            });
            list2.getClass();
            return (Map) map2.filter((v1) -> {
                return r1.contains(v1);
            }).collect(Collectors.toMap(Function.identity(), str -> {
                return managedUser2.getUsername();
            }));
        }).map((v0) -> {
            return v0.entrySet();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.groupingBy((v0) -> {
            return v0.getKey();
        }, Collectors.mapping((v0) -> {
            return v0.getValue();
        }, Collectors.toSet())));
        for (UserGroup userGroup : list) {
            arrayList.add(new UserGroupResponseKI(userGroup.getUuid(), userGroup.getGroupName(), (Set) map.getOrDefault(userGroup.getGroupName(), new HashSet())));
        }
        return arrayList;
    }

    @Override // org.apache.kylin.rest.service.IUserGroupService
    @Transaction
    public void addGroups(List<String> list) {
        this.aclEvaluate.checkIsGlobalAdmin();
        getUserGroupManager().batchAdd(list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<UserGroup> getUserGroupSpecialUuid() {
        List<String> allUserGroups = getAllUserGroups();
        ArrayList arrayList = new ArrayList();
        for (String str : allUserGroups) {
            UserGroup userGroup = new UserGroup();
            userGroup.setUuid(str);
            userGroup.setGroupName(str);
            arrayList.add(userGroup);
        }
        return arrayList;
    }

    private void checkGroupCanBeDeleted(String str) {
        if (str.equals("ALL_USERS") || str.equals("ROLE_ADMIN")) {
            throw new KylinException(ServerErrorCode.INVALID_USERGROUP_NAME, "Failed to delete user group, user groups of ALL_USERS and ROLE_ADMIN cannot be deleted.");
        }
    }
}
