package io.cdap.cdap.data2.datafabric.dataset.service;

import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.inject.name.Named;
import io.cdap.cdap.proto.DatasetModuleMeta;
import io.cdap.cdap.proto.DatasetTypeMeta;
import io.cdap.cdap.proto.id.DatasetModuleId;
import io.cdap.cdap.proto.id.DatasetTypeId;
import io.cdap.cdap.proto.id.EntityId;
import io.cdap.cdap.proto.id.NamespaceId;
import io.cdap.cdap.proto.security.Action;
import io.cdap.cdap.proto.security.Principal;
import io.cdap.cdap.security.authorization.AuthorizationUtil;
import io.cdap.cdap.security.spi.authentication.AuthenticationContext;
import io.cdap.cdap.security.spi.authorization.AuthorizationEnforcer;
import io.cdap.http.BodyConsumer;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;

/* loaded from: input_file:io/cdap/cdap/data2/datafabric/dataset/service/AuthorizationDatasetTypeService.class */
public class AuthorizationDatasetTypeService extends AbstractIdleService implements DatasetTypeService {
    private final DatasetTypeService delegate;
    private final AuthorizationEnforcer authorizationEnforcer;
    private final AuthenticationContext authenticationContext;

    @Inject
    public AuthorizationDatasetTypeService(@Named("noAuthDatasetTypeService") DatasetTypeService datasetTypeService, AuthorizationEnforcer authorizationEnforcer, AuthenticationContext authenticationContext) {
        this.delegate = datasetTypeService;
        this.authorizationEnforcer = authorizationEnforcer;
        this.authenticationContext = authenticationContext;
    }

    protected void startUp() throws Exception {
        this.delegate.startAndWait();
    }

    protected void shutDown() throws Exception {
        this.delegate.stopAndWait();
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public List<DatasetModuleMeta> listModules(final NamespaceId namespaceId) throws Exception {
        return AuthorizationUtil.isVisible(this.delegate.listModules(namespaceId), this.authorizationEnforcer, this.authenticationContext.getPrincipal(), new Function<DatasetModuleMeta, EntityId>() { // from class: io.cdap.cdap.data2.datafabric.dataset.service.AuthorizationDatasetTypeService.1
            public EntityId apply(DatasetModuleMeta datasetModuleMeta) {
                return namespaceId.datasetModule(datasetModuleMeta.getName());
            }
        }, (Predicate) null);
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public DatasetModuleMeta getModule(DatasetModuleId datasetModuleId) throws Exception {
        if (!NamespaceId.SYSTEM.equals(datasetModuleId.getNamespaceId())) {
            AuthorizationUtil.ensureOnePrivilege(datasetModuleId, EnumSet.allOf(Action.class), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        }
        return this.delegate.getModule(datasetModuleId);
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public BodyConsumer addModule(DatasetModuleId datasetModuleId, String str, boolean z) throws Exception {
        this.authorizationEnforcer.enforce(datasetModuleId, this.authenticationContext.getPrincipal(), Action.ADMIN);
        return this.delegate.addModule(datasetModuleId, str, z);
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public void delete(DatasetModuleId datasetModuleId) throws Exception {
        this.authorizationEnforcer.enforce(datasetModuleId, this.authenticationContext.getPrincipal(), Action.ADMIN);
        this.delegate.delete(datasetModuleId);
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public void deleteAll(NamespaceId namespaceId) throws Exception {
        Principal principal = this.authenticationContext.getPrincipal();
        Iterator<DatasetModuleMeta> it = this.delegate.listModules(namespaceId).iterator();
        while (it.hasNext()) {
            this.authorizationEnforcer.enforce(namespaceId.datasetModule(it.next().getName()), principal, Action.ADMIN);
        }
        this.delegate.deleteAll(namespaceId);
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public List<DatasetTypeMeta> listTypes(final NamespaceId namespaceId) throws Exception {
        return AuthorizationUtil.isVisible(this.delegate.listTypes(namespaceId), this.authorizationEnforcer, this.authenticationContext.getPrincipal(), new Function<DatasetTypeMeta, EntityId>() { // from class: io.cdap.cdap.data2.datafabric.dataset.service.AuthorizationDatasetTypeService.2
            public EntityId apply(DatasetTypeMeta datasetTypeMeta) {
                return namespaceId.datasetType(datasetTypeMeta.getName());
            }
        }, (Predicate) null);
    }

    @Override // io.cdap.cdap.data2.datafabric.dataset.service.DatasetTypeService
    public DatasetTypeMeta getType(DatasetTypeId datasetTypeId) throws Exception {
        if (!NamespaceId.SYSTEM.equals(datasetTypeId.getNamespaceId())) {
            AuthorizationUtil.ensureOnePrivilege(datasetTypeId, EnumSet.allOf(Action.class), this.authorizationEnforcer, this.authenticationContext.getPrincipal());
        }
        return this.delegate.getType(datasetTypeId);
    }
}
