package org.graylog.plugins.views.search;

import jakarta.inject.Inject;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.graylog.plugins.views.search.db.SearchDbService;
import org.graylog.plugins.views.search.errors.PermissionException;
import org.graylog.plugins.views.search.permissions.SearchPermissions;
import org.graylog.plugins.views.search.permissions.SearchUser;
import org.graylog.plugins.views.search.views.ViewDTO;
import org.graylog.plugins.views.search.views.ViewResolver;
import org.graylog.plugins.views.search.views.ViewService;

/* loaded from: input_file:org/graylog/plugins/views/search/SearchDomain.class */
public class SearchDomain {
    private final SearchDbService dbService;
    private final SearchExecutionGuard executionGuard;
    private final ViewService viewService;
    private final Map<String, ViewResolver> viewResolvers;

    @Inject
    public SearchDomain(SearchDbService searchDbService, SearchExecutionGuard searchExecutionGuard, ViewService viewService, Map<String, ViewResolver> map) {
        this.dbService = searchDbService;
        this.executionGuard = searchExecutionGuard;
        this.viewService = viewService;
        this.viewResolvers = map;
    }

    public Optional<Search> getForUser(String str, SearchUser searchUser) {
        Optional<Search> optional = this.dbService.get(str);
        optional.ifPresent(search -> {
            checkPermission(searchUser, search);
        });
        return optional;
    }

    private void checkPermission(SearchUser searchUser, Search search) {
        Objects.requireNonNull(searchUser);
        if (!hasReadPermissionFor(searchUser, (v1) -> {
            return r2.canReadView(v1);
        }, search)) {
            throw new PermissionException("User " + searchUser.username() + " does not have permission to load search " + search.id());
        }
    }

    public List<Search> getAllForUser(SearchPermissions searchPermissions, Predicate<ViewDTO> predicate) {
        return (List) this.dbService.streamAll().filter(search -> {
            return hasReadPermissionFor(searchPermissions, predicate, search);
        }).collect(Collectors.toList());
    }

    public Search saveForUser(Search search, SearchUser searchUser) {
        SearchExecutionGuard searchExecutionGuard = this.executionGuard;
        Objects.requireNonNull(searchUser);
        searchExecutionGuard.check(search, searchUser::canReadStream);
        Optional ofNullable = Optional.ofNullable(search.id());
        SearchDbService searchDbService = this.dbService;
        Objects.requireNonNull(searchDbService);
        Optional flatMap = ofNullable.flatMap(searchDbService::get);
        if (!searchUser.isAdmin()) {
            Objects.requireNonNull(searchUser);
            if (!((Boolean) flatMap.map(searchUser::owns).orElse(true)).booleanValue()) {
                throw new PermissionException("Unable to update search with id <" + search.id() + ">, already exists and user is not permitted to overwrite it.");
            }
        }
        return this.dbService.save(search.withOwner(searchUser.username()));
    }

    private boolean hasReadPermissionFor(SearchPermissions searchPermissions, Predicate<ViewDTO> predicate, Search search) {
        if (searchPermissions.owns(search)) {
            return true;
        }
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.viewService.forSearch(search.id()));
        hashSet.addAll((Collection) this.viewResolvers.values().stream().flatMap(viewResolver -> {
            return viewResolver.getBySearchId(search.id()).stream();
        }).collect(Collectors.toSet()));
        if (hashSet.isEmpty()) {
            return false;
        }
        return hashSet.stream().anyMatch(predicate);
    }
}
