package org.openmetadata.service.security.policyevaluator;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.openmetadata.schema.Function;
import org.openmetadata.schema.type.TagLabel;
import org.openmetadata.service.resources.tags.TagLabelCache;
import org.openmetadata.service.security.policyevaluator.SubjectContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/security/policyevaluator/RuleEvaluator.class */
public class RuleEvaluator {
    private static final Logger LOG = LoggerFactory.getLogger(RuleEvaluator.class);
    private final SubjectContext.PolicyContext policyContext;
    private final SubjectContext subjectContext;
    private final ResourceContextInterface resourceContext;
    private final boolean expressionValidation;

    public RuleEvaluator() {
        this.policyContext = null;
        this.subjectContext = null;
        this.resourceContext = null;
        this.expressionValidation = true;
    }

    public RuleEvaluator(SubjectContext.PolicyContext policyContext, SubjectContext subjectContext, ResourceContextInterface resourceContextInterface) {
        this.policyContext = policyContext;
        this.subjectContext = subjectContext;
        this.resourceContext = resourceContextInterface;
        this.expressionValidation = false;
    }

    @Function(name = "noOwner", input = "none", description = "Returns true if the entity being accessed has no owner", examples = {"noOwner()", "!noOwner", "noOwner() || isOwner()"})
    public boolean noOwner() throws IOException {
        return (this.expressionValidation || this.resourceContext == null || this.resourceContext.getOwner() != null) ? false : true;
    }

    @Function(name = "isOwner", input = "none", description = "Returns true if the logged in user is the owner of the entity being accessed", examples = {"isOwner()", "!isOwner", "noOwner() || isOwner()"})
    public boolean isOwner() throws IOException {
        if (this.expressionValidation || this.subjectContext == null || this.resourceContext == null) {
            return false;
        }
        return this.subjectContext.isOwner(this.resourceContext.getOwner());
    }

    @Function(name = "matchAllTags", input = "List of comma separated tag or glossary fully qualified names", description = "Returns true if the entity being accessed has all the tags given as input", examples = {"matchAllTags('PersonalData.Personal', 'Tier.Tier1', 'Business Glossary.Clothing')"})
    public boolean matchAllTags(String... strArr) throws IOException {
        if (this.expressionValidation) {
            for (String str : strArr) {
                TagLabelCache.getInstance().getTag(str);
            }
            return false;
        }
        if (this.resourceContext == null) {
            return false;
        }
        List<TagLabel> tags = this.resourceContext.getTags();
        LOG.debug("matchAllTags {} resourceTags {}", Arrays.toString(strArr), Arrays.toString(tags.toArray()));
        for (String str2 : strArr) {
            if (tags.stream().filter(tagLabel -> {
                return tagLabel.getTagFQN().equals(str2);
            }).findAny().orElse(null) == null) {
                return false;
            }
        }
        return true;
    }

    @Function(name = "matchAnyTag", input = "List of comma separated tag or glossary fully qualified names", description = "Returns true if the entity being accessed has at least one of the tags given as input", examples = {"matchAnyTag('PersonalData.Personal', 'Tier.Tier1', 'Business Glossary.Clothing')"})
    public boolean matchAnyTag(String... strArr) throws IOException {
        if (this.expressionValidation) {
            for (String str : strArr) {
                TagLabelCache.getInstance().getTag(str);
            }
            return false;
        }
        if (this.resourceContext == null) {
            return false;
        }
        List<TagLabel> tags = this.resourceContext.getTags();
        LOG.debug("matchAnyTag {} resourceTags {}", Arrays.toString(strArr), Arrays.toString(tags.toArray()));
        for (String str2 : strArr) {
            if (tags.stream().filter(tagLabel -> {
                return tagLabel.getTagFQN().equals(str2);
            }).findAny().orElse(null) != null) {
                return true;
            }
        }
        return false;
    }

    @Function(name = "matchTeam", input = "None", description = "Returns true if the user and the resource belongs to the team hierarchy where this policy isattached. This allows restricting permissions to a resource to the members of the team hierarchy.", examples = {"matchTeam()"})
    public boolean matchTeam() throws IOException {
        return (this.expressionValidation || this.resourceContext == null || this.resourceContext.getOwner() == null || this.policyContext == null || !this.policyContext.getEntityType().equals("team") || !this.subjectContext.isTeamAsset(this.policyContext.getEntityName(), this.resourceContext.getOwner()) || !this.subjectContext.isUserUnderTeam(this.policyContext.getEntityName())) ? false : true;
    }

    @Function(name = "inAnyTeam", input = "List of comma separated team names", description = "Returns true if the user belongs under the hierarchy of any of the teams in the given team list.", examples = {"inAnyTeam('marketing')"})
    public boolean inAnyTeam(String... strArr) {
        if (this.expressionValidation) {
            for (String str : strArr) {
                SubjectCache.getInstance().getTeamByName(str);
            }
            return false;
        }
        if (this.subjectContext == null) {
            return false;
        }
        for (String str2 : strArr) {
            if (this.subjectContext.isUserUnderTeam(str2)) {
                LOG.debug("inAnyTeam - User {} is under the team {}", this.subjectContext.getUser().getName(), str2);
                return true;
            }
            LOG.debug("inAnyTeam - User {} is not under the team {}", this.subjectContext.getUser().getName(), str2);
        }
        return false;
    }

    @Function(name = "hasAnyRole", input = "List of comma separated roles", description = "Returns true if the user (either direct or inherited from the parent teams) has one or more roles from the list.", examples = {"hasAnyRole('DataSteward', 'DataEngineer')"})
    public boolean hasAnyRole(String... strArr) {
        if (this.expressionValidation) {
            for (String str : strArr) {
                RoleCache.getInstance().getRole(str);
            }
            return false;
        }
        if (this.subjectContext == null) {
            return false;
        }
        for (String str2 : strArr) {
            if (this.subjectContext.hasAnyRole(str2)) {
                LOG.debug("hasAnyRole - User {} has the role {}", this.subjectContext.getUser().getName(), str2);
                return true;
            }
        }
        return false;
    }
}
