package org.openmetadata.service.resources.permissions;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import lombok.NonNull;
import org.openmetadata.schema.type.MetadataOperation;
import org.openmetadata.schema.type.ResourcePermission;
import org.openmetadata.service.Entity;
import org.openmetadata.service.jdbi3.CollectionDAO;
import org.openmetadata.service.resources.Collection;
import org.openmetadata.service.security.Authorizer;
import org.openmetadata.service.security.policyevaluator.OperationContext;
import org.openmetadata.service.security.policyevaluator.PolicyEvaluator;
import org.openmetadata.service.security.policyevaluator.ResourceContext;
import org.openmetadata.service.util.EntityUtil;
import org.openmetadata.service.util.ResultList;

@Path("/v1/permissions")
@Produces({"application/json"})
@Collection(name = "permissions")
@Tag(name = "Permissions", description = "APIs related to getting access permission for a User.")
/* loaded from: input_file:org/openmetadata/service/resources/permissions/PermissionsResource.class */
public class PermissionsResource {
    private final Authorizer authorizer;

    /* loaded from: input_file:org/openmetadata/service/resources/permissions/PermissionsResource$ResourcePermissionList.class */
    static class ResourcePermissionList extends ResultList<ResourcePermission> {
        ResourcePermissionList() {
        }
    }

    public PermissionsResource(CollectionDAO collectionDAO, @NonNull Authorizer authorizer) {
        if (authorizer == null) {
            throw new NullPointerException("authorizer is marked non-null but is null");
        }
        this.authorizer = authorizer;
    }

    @GET
    @Operation(operationId = "getResourcePermissions", summary = "Get permissions for logged in user", responses = {@ApiResponse(responseCode = "200", description = "Permissions for logged in user", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ResourcePermissionList.class))})})
    public ResultList<ResourcePermission> getPermissions(@Context SecurityContext securityContext, @Parameter(description = "Permission for user specified in this query param. If not specified, the user is defaulted to the logged in user", schema = @Schema(type = "string", example = "john")) @QueryParam("user") String str) {
        return new ResultList<>(this.authorizer.listPermissions(securityContext, str));
    }

    @GET
    @Path("/{resource}")
    @Operation(operationId = "getResourceTypePermission", summary = "Get permissions a given resource/entity type for logged in user", responses = {@ApiResponse(responseCode = "200", description = "Permissions for logged in user", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ResourcePermissionList.class))})})
    public ResourcePermission getPermission(@Context SecurityContext securityContext, @Parameter(description = "Permission for user specified in this query param. If not specified, the user is defaulted to the logged in user", schema = @Schema(type = "string", example = "john")) @QueryParam("user") String str, @Parameter(description = "Type of the resource", schema = @Schema(type = "String")) @PathParam("resource") String str2) {
        return this.authorizer.getPermission(securityContext, str, str2);
    }

    @GET
    @Path("/{resource}/{id}")
    @Operation(operationId = "getResourcePermission", summary = "Get permissions for a given entity for a logged in user", responses = {@ApiResponse(responseCode = "200", description = "Permissions for logged in user", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ResourcePermissionList.class))})})
    public ResourcePermission getPermission(@Context SecurityContext securityContext, @Parameter(description = "Permission for user specified in this query param. If not specified, the user is defaulted to the logged in user", schema = @Schema(type = "string", example = "john")) @QueryParam("user") String str, @Parameter(description = "Type of the resource", schema = @Schema(type = "String")) @PathParam("resource") String str2, @Parameter(description = "Id of the entity", schema = @Schema(type = "UUID")) @PathParam("id") UUID uuid) {
        return this.authorizer.getPermission(securityContext, str, new ResourceContext(str2, uuid, (String) null));
    }

    @GET
    @Path("/{resource}/name/{name}")
    @Operation(operationId = "getResourcePermissionByName", summary = "Get permissions for a given entity name for a logged in user", responses = {@ApiResponse(responseCode = "200", description = "Permissions for logged in user", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ResourcePermissionList.class))})})
    public ResourcePermission getPermission(@Context SecurityContext securityContext, @Parameter(description = "Permission for user specified in this query param. If not specified, the user is defaulted to the logged in user", schema = @Schema(type = "string", example = "john")) @QueryParam("user") String str, @Parameter(description = "Type of the resource", schema = @Schema(type = "String")) @PathParam("resource") String str2, @Parameter(description = "Name of the entity", schema = @Schema(type = "String")) @PathParam("name") String str3) {
        return this.authorizer.getPermission(securityContext, str, new ResourceContext(str2, (UUID) null, str3));
    }

    @GET
    @Path("/policies")
    @Operation(operationId = "getPermissionsForPolicies", summary = "Get permissions for a set of policies", responses = {@ApiResponse(responseCode = "200", description = "Permissions for a set of policies", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = ResourcePermissionList.class))})})
    public ResultList<ResourcePermission> getPermissionForPolicies(@Context SecurityContext securityContext, @Parameter(description = "List of policy of ids", schema = @Schema(type = "UUID")) @QueryParam("ids") List<UUID> list) {
        OperationContext operationContext = new OperationContext(Entity.POLICY, MetadataOperation.VIEW_ALL);
        Iterator<UUID> it = list.iterator();
        while (it.hasNext()) {
            this.authorizer.authorize(securityContext, operationContext, new ResourceContext(Entity.POLICY, it.next(), (String) null));
        }
        return new ResultList<>(PolicyEvaluator.listPermission(EntityUtil.populateEntityReferencesById(list, Entity.POLICY)));
    }
}
