package org.openmetadata.service.jdbi3;

import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.entity.policies.Policy;
import org.openmetadata.schema.entity.policies.accessControl.Rule;
import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.schema.type.MetadataOperation;
import org.openmetadata.schema.type.Relationship;
import org.openmetadata.service.Entity;
import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.jdbi3.EntityRepository;
import org.openmetadata.service.resources.policies.PolicyResource;
import org.openmetadata.service.security.auth.BotTokenCache;
import org.openmetadata.service.security.policyevaluator.CompiledRule;
import org.openmetadata.service.security.policyevaluator.OperationContext;
import org.openmetadata.service.util.EntityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/jdbi3/PolicyRepository.class */
public class PolicyRepository extends EntityRepository<Policy> {
    private static final Logger LOG = LoggerFactory.getLogger(PolicyRepository.class);
    public static final String ENABLED = "enabled";

    /* loaded from: input_file:org/openmetadata/service/jdbi3/PolicyRepository$PolicyUpdater.class */
    public class PolicyUpdater extends EntityRepository<Policy>.EntityUpdater {
        public PolicyUpdater(Policy policy, Policy policy2, EntityRepository.Operation operation) {
            super(policy, policy2, operation);
        }

        @Override // org.openmetadata.service.jdbi3.EntityRepository.EntityUpdater
        public void entitySpecificUpdate() {
            recordChange(PolicyRepository.ENABLED, this.original.getEnabled(), this.updated.getEnabled());
            updateRules(this.original.getRules(), this.updated.getRules());
        }

        private void updateRules(List<Rule> list, List<Rule> list2) {
            recordListChange("rules", list, list2, new ArrayList(), new ArrayList(), EntityUtil.ruleMatch);
            for (Rule rule : list2) {
                Rule orElse = list.stream().filter(rule2 -> {
                    return EntityUtil.ruleMatch.test(rule2, rule);
                }).findAny().orElse(null);
                if (orElse != null) {
                    updateRuleDescription(orElse, rule);
                    updateRuleEffect(orElse, rule);
                    updateRuleOperations(orElse, rule);
                    updateRuleResources(orElse, rule);
                    updateRuleCondition(orElse, rule);
                }
            }
        }

        private void updateRuleDescription(Rule rule, Rule rule2) {
            recordChange(EntityUtil.getRuleField(rule, "description"), rule.getDescription(), rule2.getDescription());
        }

        private void updateRuleEffect(Rule rule, Rule rule2) {
            recordChange(EntityUtil.getRuleField(rule, "effect"), rule.getEffect(), rule2.getEffect());
        }

        private void updateRuleOperations(Rule rule, Rule rule2) {
            recordChange(EntityUtil.getRuleField(rule, "operations"), rule.getOperations(), rule2.getOperations());
        }

        private void updateRuleResources(Rule rule, Rule rule2) {
            recordChange(EntityUtil.getRuleField(rule, "resources"), rule.getResources(), rule2.getResources());
        }

        private void updateRuleCondition(Rule rule, Rule rule2) {
            recordChange(EntityUtil.getRuleField(rule, "condition"), rule.getCondition(), rule2.getCondition());
        }
    }

    public PolicyRepository(CollectionDAO collectionDAO) {
        super(PolicyResource.COLLECTION_PATH, Entity.POLICY, Policy.class, collectionDAO.policyDAO(), collectionDAO, BotTokenCache.EMPTY_STRING, BotTokenCache.EMPTY_STRING);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public Policy setFields(Policy policy, EntityUtil.Fields fields) {
        policy.setTeams(fields.contains("teams") ? getTeams(policy) : policy.getTeams());
        return policy.withRoles(fields.contains("roles") ? getRoles(policy) : policy.getRoles());
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public Policy clearFields(Policy policy, EntityUtil.Fields fields) {
        policy.setTeams(fields.contains("teams") ? policy.getTeams() : null);
        return policy.withRoles(fields.contains("roles") ? policy.getRoles() : null);
    }

    private List<EntityReference> getTeams(Policy policy) {
        return findFrom(policy.getId(), Entity.POLICY, Relationship.HAS, "team");
    }

    private List<EntityReference> getRoles(Policy policy) {
        return findFrom(policy.getId(), Entity.POLICY, Relationship.HAS, Entity.ROLE);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void prepare(Policy policy) {
        validateRules(policy);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void storeEntity(Policy policy, boolean z) {
        store(policy, z);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void storeRelationships(Policy policy) {
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public PolicyUpdater getUpdater(Policy policy, Policy policy2, EntityRepository.Operation operation) {
        return new PolicyUpdater(policy, policy2, operation);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void preDelete(Policy policy) {
        if (Boolean.FALSE.equals(policy.getAllowDelete())) {
            throw new IllegalArgumentException(CatalogExceptionMessage.systemEntityDeleteNotAllowed(policy.getName(), Entity.POLICY));
        }
    }

    public void validateRules(Policy policy) {
        List<Rule> rules = policy.getRules();
        if (CommonUtil.listOrEmpty(rules).isEmpty()) {
            throw new IllegalArgumentException(CatalogExceptionMessage.EMPTY_RULES_IN_POLICY);
        }
        for (Rule rule : rules) {
            CompiledRule.validateExpression(rule.getCondition(), Boolean.class);
            rule.getResources().sort(String.CASE_INSENSITIVE_ORDER);
            rule.getOperations().sort(Comparator.comparing((v0) -> {
                return v0.value();
            }));
            rule.setResources(filterRedundantResources(rule.getResources()));
            rule.setOperations(filterRedundantOperations(rule.getOperations()));
        }
        rules.sort(Comparator.comparing((v0) -> {
            return v0.getName();
        }));
    }

    public static List<String> filterRedundantResources(List<String> list) {
        Stream<String> stream = list.stream();
        String str = Entity.ALL_RESOURCES;
        return stream.anyMatch(str::equalsIgnoreCase) ? List.of(Entity.ALL_RESOURCES) : list;
    }

    public static List<MetadataOperation> filterRedundantOperations(List<MetadataOperation> list) {
        if (list.stream().anyMatch(metadataOperation -> {
            return metadataOperation.equals(MetadataOperation.VIEW_ALL);
        })) {
            list = (List) list.stream().filter(metadataOperation2 -> {
                return metadataOperation2.equals(MetadataOperation.VIEW_ALL) || !OperationContext.isViewOperation(metadataOperation2);
            }).collect(Collectors.toList());
        }
        if (list.stream().anyMatch(metadataOperation3 -> {
            return metadataOperation3.equals(MetadataOperation.EDIT_ALL);
        })) {
            list = (List) list.stream().filter(metadataOperation4 -> {
                return metadataOperation4.equals(MetadataOperation.EDIT_ALL) || !OperationContext.isEditOperation(metadataOperation4);
            }).collect(Collectors.toList());
        }
        return list;
    }
}
