package org.openmetadata.service.jdbi3;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.csv.CSVPrinter;
import org.apache.commons.csv.CSVRecord;
import org.jdbi.v3.sqlobject.transaction.Transaction;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.csv.CsvUtil;
import org.openmetadata.csv.EntityCsv;
import org.openmetadata.schema.api.teams.CreateTeam;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.entity.teams.Team;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.services.connections.metadata.AuthProvider;
import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.schema.type.Include;
import org.openmetadata.schema.type.Relationship;
import org.openmetadata.schema.type.csv.CsvDocumentation;
import org.openmetadata.schema.type.csv.CsvErrorType;
import org.openmetadata.schema.type.csv.CsvFile;
import org.openmetadata.schema.type.csv.CsvHeader;
import org.openmetadata.schema.type.csv.CsvImportResult;
import org.openmetadata.schema.utils.EntityInterfaceUtil;
import org.openmetadata.service.Entity;
import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.exception.EntityNotFoundException;
import org.openmetadata.service.jdbi3.CollectionDAO;
import org.openmetadata.service.jdbi3.EntityRepository;
import org.openmetadata.service.resources.teams.UserResource;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.secrets.SecretsManagerFactory;
import org.openmetadata.service.security.JwtFilter;
import org.openmetadata.service.security.SecurityUtil;
import org.openmetadata.service.security.auth.BotTokenCache;
import org.openmetadata.service.security.policyevaluator.SubjectContext;
import org.openmetadata.service.util.EntityUtil;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.UserUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/jdbi3/UserRepository.class */
public class UserRepository extends EntityRepository<User> {
    private static final Logger LOG = LoggerFactory.getLogger(UserRepository.class);
    static final String ROLES_FIELD = "roles";
    static final String TEAMS_FIELD = "teams";
    public static final String AUTH_MECHANISM_FIELD = "authenticationMechanism";
    static final String USER_PATCH_FIELDS = "profile,roles,teams,authenticationMechanism,isEmailVerified,personas,defaultPersona";
    static final String USER_UPDATE_FIELDS = "profile,roles,teams,authenticationMechanism,isEmailVerified,personas,defaultPersona";
    private volatile EntityReference organization;

    /* loaded from: input_file:org/openmetadata/service/jdbi3/UserRepository$UserCsv.class */
    public static class UserCsv extends EntityCsv<User> {
        public static final CsvDocumentation DOCUMENTATION = getCsvDocumentation(Entity.USER);
        public static final List<CsvHeader> HEADERS = DOCUMENTATION.getHeaders();
        public final Team team;

        UserCsv(Team team, String str) {
            super(Entity.USER, HEADERS, str);
            this.team = team;
        }

        @Override // org.openmetadata.csv.EntityCsv
        protected void createEntity(CSVPrinter cSVPrinter, List<CSVRecord> list) throws IOException {
            CSVRecord nextRecord = getNextRecord(cSVPrinter, list);
            User withRoles = new User().withName(nextRecord.get(0)).withDisplayName(nextRecord.get(1)).withDescription(nextRecord.get(2)).withEmail(nextRecord.get(3)).withTimezone(nextRecord.get(4)).withIsAdmin(getBoolean(cSVPrinter, nextRecord, 5)).withTeams(getTeams(cSVPrinter, nextRecord, nextRecord.get(0))).withRoles(getEntityReferences(cSVPrinter, nextRecord, 7, Entity.ROLE));
            if (this.processRecord) {
                createUserEntity(cSVPrinter, nextRecord, withRoles);
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.openmetadata.csv.EntityCsv
        public void addRecord(CsvFile csvFile, User user) {
            ArrayList arrayList = new ArrayList();
            CsvUtil.addField(arrayList, user.getName());
            CsvUtil.addField(arrayList, user.getDisplayName());
            CsvUtil.addField(arrayList, user.getDescription());
            CsvUtil.addField(arrayList, user.getEmail());
            CsvUtil.addField(arrayList, user.getTimezone());
            CsvUtil.addField(arrayList, user.getIsAdmin());
            CsvUtil.addField(arrayList, ((EntityReference) user.getTeams().get(0)).getFullyQualifiedName());
            CsvUtil.addEntityReferences(arrayList, user.getRoles());
            addRecord(csvFile, arrayList);
        }

        private List<User> listUsers(TeamRepository teamRepository, UserRepository userRepository, String str, List<User> list, EntityUtil.Fields fields) {
            List<User> listAll = userRepository.listAll(fields, new ListFilter(Include.NON_DELETED).addQueryParam("team", str));
            if (!CommonUtil.nullOrEmpty(listAll)) {
                list.addAll(listAll);
            }
            Iterator<Team> it = teamRepository.listAll(EntityUtil.Fields.EMPTY_FIELDS, new ListFilter(Include.NON_DELETED).addQueryParam("parentTeam", str)).iterator();
            while (it.hasNext()) {
                listUsers(teamRepository, userRepository, it.next().getName(), list, fields);
            }
            return list;
        }

        public String exportCsv() throws IOException {
            UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
            return exportCsv(listUsers((TeamRepository) Entity.getEntityRepository("team"), userRepository, this.team.getName(), new ArrayList(), userRepository.getFields("roles,teams")));
        }

        private List<EntityReference> getTeams(CSVPrinter cSVPrinter, CSVRecord cSVRecord, String str) throws IOException {
            List<EntityReference> entityReferences = getEntityReferences(cSVPrinter, cSVRecord, 6, "team");
            for (EntityReference entityReference : CommonUtil.listOrEmpty(entityReferences)) {
                if (!entityReference.getName().equals(this.team.getName()) && !SubjectContext.isInTeam(this.team.getName(), entityReference)) {
                    importFailure(cSVPrinter, invalidTeam(6, this.team.getName(), str, entityReference.getName()), cSVRecord);
                    this.processRecord = false;
                }
            }
            return entityReferences;
        }

        public static String invalidTeam(int i, String str, String str2, String str3) {
            return String.format(EntityCsv.FIELD_ERROR_MSG, CsvErrorType.INVALID_FIELD, Integer.valueOf(i + 1), String.format("Team %s of user %s is not under %s team hierarchy", str3, str2, str));
        }
    }

    /* loaded from: input_file:org/openmetadata/service/jdbi3/UserRepository$UserUpdater.class */
    public class UserUpdater extends EntityRepository<User>.EntityUpdater {
        public UserUpdater(User user, User user2, EntityRepository.Operation operation) {
            super(user, user2, operation);
        }

        @Override // org.openmetadata.service.jdbi3.EntityRepository.EntityUpdater
        @Transaction
        public void entitySpecificUpdate() {
            updateRoles(this.original, this.updated);
            updateTeams(this.original, this.updated);
            updatePersonas(this.original, this.updated);
            recordChange("defaultPersona", this.original.getDefaultPersona(), this.updated.getDefaultPersona(), true);
            recordChange("profile", this.original.getProfile(), this.updated.getProfile(), true);
            recordChange("timezone", this.original.getTimezone(), this.updated.getTimezone());
            recordChange(JwtFilter.BOT_CLAIM, this.original.getIsBot(), this.updated.getIsBot());
            recordChange("isAdmin", this.original.getIsAdmin(), this.updated.getIsAdmin());
            recordChange("email", this.original.getEmail(), this.updated.getEmail());
            recordChange("isEmailVerified", this.original.getIsEmailVerified(), this.updated.getIsEmailVerified());
            updateAuthenticationMechanism(this.original, this.updated);
        }

        private void updateRoles(User user, User user2) {
            UserRepository.this.deleteFrom(user.getId(), Entity.USER, Relationship.HAS, Entity.ROLE);
            UserRepository.this.assignRoles(user2, user2.getRoles());
            List listOrEmpty = CommonUtil.listOrEmpty(user.getRoles());
            List listOrEmpty2 = CommonUtil.listOrEmpty(user2.getRoles());
            listOrEmpty.sort(EntityUtil.compareEntityReference);
            listOrEmpty2.sort(EntityUtil.compareEntityReference);
            recordListChange("roles", listOrEmpty, listOrEmpty2, new ArrayList(), new ArrayList(), EntityUtil.entityReferenceMatch);
        }

        private void updateTeams(User user, User user2) {
            UserRepository.this.deleteTo(user.getId(), Entity.USER, Relationship.HAS, "team");
            UserRepository.this.assignTeams(user2, user2.getTeams());
            List listOrEmpty = CommonUtil.listOrEmpty(user.getTeams());
            List listOrEmpty2 = CommonUtil.listOrEmpty(user2.getTeams());
            listOrEmpty.sort(EntityUtil.compareEntityReference);
            listOrEmpty2.sort(EntityUtil.compareEntityReference);
            recordListChange(UserRepository.TEAMS_FIELD, listOrEmpty, listOrEmpty2, new ArrayList(), new ArrayList(), EntityUtil.entityReferenceMatch);
        }

        private void updatePersonas(User user, User user2) {
            UserRepository.this.deleteTo(user.getId(), Entity.USER, Relationship.APPLIED_TO, Entity.PERSONA);
            UserRepository.this.assignPersonas(user2, user2.getPersonas());
            List listOrEmpty = CommonUtil.listOrEmpty(user.getPersonas());
            List listOrEmpty2 = CommonUtil.listOrEmpty(user2.getPersonas());
            listOrEmpty.sort(EntityUtil.compareEntityReference);
            listOrEmpty2.sort(EntityUtil.compareEntityReference);
            recordListChange("personas", listOrEmpty, listOrEmpty2, new ArrayList(), new ArrayList(), EntityUtil.entityReferenceMatch);
        }

        private void updateAuthenticationMechanism(User user, User user2) {
            AuthenticationMechanism authenticationMechanism = user.getAuthenticationMechanism();
            AuthenticationMechanism authenticationMechanism2 = user2.getAuthenticationMechanism();
            if (authenticationMechanism == null && authenticationMechanism2 != null) {
                recordChange("authenticationMechanism", user.getAuthenticationMechanism(), "new-encrypted-value");
            } else {
                if (authenticationMechanism == null || authenticationMechanism2 == null || JsonUtils.areEquals(authenticationMechanism, authenticationMechanism2)) {
                    return;
                }
                recordChange("authenticationMechanism", "old-encrypted-value", "new-encrypted-value");
            }
        }
    }

    public UserRepository() {
        super(UserResource.COLLECTION_PATH, Entity.USER, User.class, Entity.getCollectionDAO().userDAO(), "profile,roles,teams,authenticationMechanism,isEmailVerified,personas,defaultPersona", "profile,roles,teams,authenticationMechanism,isEmailVerified,personas,defaultPersona");
        this.quoteFqn = true;
        this.supportsSearch = true;
    }

    private EntityReference getOrganization() {
        if (this.organization == null) {
            this.organization = Entity.getEntityReferenceByName("team", Entity.ORGANIZATION_NAME, Include.ALL);
        }
        return this.organization;
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void setFullyQualifiedName(User user) {
        user.setFullyQualifiedName(EntityInterfaceUtil.quoteName(user.getName().toLowerCase()));
    }

    public final EntityUtil.Fields getFieldsWithUserAuth(String str) {
        Set<String> allowedFieldsCopy = getAllowedFieldsCopy();
        if (str == null || !str.equals("*")) {
            return new EntityUtil.Fields(allowedFieldsCopy, str);
        }
        allowedFieldsCopy.add("authenticationMechanism");
        return new EntityUtil.Fields(allowedFieldsCopy);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public User getByName(UriInfo uriInfo, String str, EntityUtil.Fields fields) {
        return super.getByName(uriInfo, EntityInterfaceUtil.quoteName(str), fields);
    }

    public User getByEmail(UriInfo uriInfo, String str, EntityUtil.Fields fields) {
        String findUserByEmail = ((CollectionDAO.UserDAO) this.dao).findUserByEmail(str);
        if (findUserByEmail == null) {
            throw EntityNotFoundException.byMessage(CatalogExceptionMessage.entityNotFound(Entity.USER, str));
        }
        return withHref(uriInfo, setFieldsInternal((User) JsonUtils.readValue(findUserByEmail, User.class), fields));
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void prepare(User user, boolean z) {
        validateTeams(user);
        validateRoles(user.getRoles());
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void restorePatchAttributes(User user, User user2) {
        super.restorePatchAttributes(user, user2);
        user2.withInheritedRoles(user.getInheritedRoles()).withAuthenticationMechanism(user.getAuthenticationMechanism());
    }

    private List<EntityReference> getInheritedRoles(User user) {
        return Boolean.TRUE.equals(user.getIsBot()) ? Collections.emptyList() : SubjectContext.getRolesForTeams(getTeams(user));
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void storeEntity(User user, boolean z) {
        List roles = user.getRoles();
        List teams = user.getTeams();
        user.withRoles((List) null).withTeams((List) null).withInheritedRoles((List) null);
        SecretsManager secretsManager = SecretsManagerFactory.getSecretsManager();
        if (secretsManager != null && Boolean.TRUE.equals(user.getIsBot())) {
            secretsManager.encryptAuthenticationMechanism(user.getName(), user.getAuthenticationMechanism());
        }
        store(user, z);
        user.withRoles(roles).withTeams(teams);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void storeRelationships(User user) {
        assignRoles(user, user.getRoles());
        assignTeams(user, user.getTeams());
        assignDefaultPersona(user, user.getDefaultPersona());
        assignPersonas(user, user.getPersonas());
        user.setInheritedRoles(getInheritedRoles(user));
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void setInheritedFields(User user, EntityUtil.Fields fields) {
        if (fields.contains("domain") && user.getDomain() == null) {
            List<EntityReference> teams = !fields.contains(TEAMS_FIELD) ? getTeams(user) : user.getTeams();
            if (CommonUtil.nullOrEmpty(teams)) {
                return;
            }
            inheritDomain(user, fields, (Team) Entity.getEntity("team", teams.get(0).getId(), "domain", Include.ALL));
        }
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public UserUpdater getUpdater(User user, User user2, EntityRepository.Operation operation) {
        return new UserUpdater(user, user2, operation);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void setFields(User user, EntityUtil.Fields fields) {
        user.setTeams(fields.contains(TEAMS_FIELD) ? getTeams(user) : user.getTeams());
        user.setOwns(fields.contains("owns") ? getOwns(user) : user.getOwns());
        user.setFollows(fields.contains("follows") ? getFollows(user) : user.getFollows());
        user.setRoles(fields.contains("roles") ? getRoles(user) : user.getRoles());
        user.setPersonas(fields.contains("personas") ? getPersonas(user) : user.getPersonas());
        user.setDefaultPersona(fields.contains("defaultPersonas") ? getDefaultPersona(user) : user.getDefaultPersona());
        user.withInheritedRoles(fields.contains("roles") ? getInheritedRoles(user) : user.getInheritedRoles());
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void clearFields(User user, EntityUtil.Fields fields) {
        user.setProfile(fields.contains("profile") ? user.getProfile() : null);
        user.setTeams(fields.contains(TEAMS_FIELD) ? user.getTeams() : null);
        user.setOwns(fields.contains("owns") ? user.getOwns() : null);
        user.setFollows(fields.contains("follows") ? user.getFollows() : null);
        user.setRoles(fields.contains("roles") ? user.getRoles() : null);
        user.setAuthenticationMechanism(fields.contains("authenticationMechanism") ? user.getAuthenticationMechanism() : null);
        user.withInheritedRoles(fields.contains("roles") ? user.getInheritedRoles() : null);
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public String exportToCsv(String str, String str2) throws IOException {
        return new UserCsv(this.daoCollection.teamDAO().findEntityByName(str), str2).exportCsv();
    }

    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public CsvImportResult importFromCsv(String str, String str2, boolean z, String str3) throws IOException {
        return new UserCsv(this.daoCollection.teamDAO().findEntityByName(str), str3).importCsv(str2, z);
    }

    public boolean isTeamJoinable(String str) {
        return this.daoCollection.teamDAO().findEntityById(UUID.fromString(str), Include.NON_DELETED).getIsJoinable().booleanValue();
    }

    public void validateTeams(User user) {
        List<EntityReference> teams = user.getTeams();
        if (teams == null) {
            user.setTeams(new ArrayList(List.of(getOrganization())));
            return;
        }
        for (EntityReference entityReference : teams) {
            EntityUtil.copy(Entity.getEntityReferenceById("team", entityReference.getId(), Include.ALL), entityReference);
        }
        teams.sort(EntityUtil.compareEntityReference);
    }

    public void validateTeamAddition(UUID uuid, UUID uuid2) {
        User find = find(uuid, Include.NON_DELETED);
        Optional<EntityReference> findFirst = getTeams(find).stream().filter(entityReference -> {
            return entityReference.getId().equals(uuid2);
        }).findFirst();
        if (findFirst.isPresent()) {
            throw new IllegalArgumentException(CatalogExceptionMessage.userAlreadyPartOfTeam(find.getName(), findFirst.get().getDisplayName()));
        }
    }

    public boolean checkEmailAlreadyExists(String str) {
        return this.daoCollection.userDAO().checkEmailExists(str) > 0;
    }

    public void initializeUsers(OpenMetadataApplicationConfig openMetadataApplicationConfig) {
        AuthProvider provider = openMetadataApplicationConfig.getAuthenticationConfiguration().getProvider();
        HashSet hashSet = new HashSet(openMetadataApplicationConfig.getAuthorizerConfiguration().getAdminPrincipals());
        String domain = SecurityUtil.getDomain(openMetadataApplicationConfig);
        UserUtil.addUsers(provider, hashSet, domain, true);
        UserUtil.addUsers(provider, new HashSet(openMetadataApplicationConfig.getAuthorizerConfiguration().getTestPrincipals()), domain, null);
    }

    private List<EntityReference> getOwns(User user) {
        List<CollectionDAO.EntityRelationshipRecord> findTo = this.daoCollection.relationshipDAO().findTo(user.getId(), Entity.USER, Relationship.OWNS.ordinal());
        Iterator<EntityReference> it = (user.getTeams() == null ? getTeams(user) : user.getTeams()).iterator();
        while (it.hasNext()) {
            findTo.addAll(this.daoCollection.relationshipDAO().findTo(it.next().getId(), "team", Relationship.OWNS.ordinal()));
        }
        return EntityUtil.getEntityReferences(findTo);
    }

    private List<EntityReference> getFollows(User user) {
        return findTo(user.getId(), Entity.USER, Relationship.FOLLOWS, null);
    }

    private List<EntityReference> getTeamChildren(UUID uuid) {
        return uuid.equals(getOrganization().getId()) ? EntityUtil.populateEntityReferencesById(EntityUtil.strToIds(this.daoCollection.teamDAO().listTeamsUnderOrganization(uuid)), "team") : findTo(uuid, "team", Relationship.PARENT_OF, "team");
    }

    public List<EntityReference> getGroupTeams(UriInfo uriInfo, String str) {
        return getGroupTeams(getTeams(getByName(uriInfo, str, EntityUtil.Fields.EMPTY_FIELDS, Include.ALL, true)));
    }

    private List<EntityReference> getGroupTeams(List<EntityReference> list) {
        HashSet hashSet = new HashSet();
        for (EntityReference entityReference : list) {
            Team team = (Team) Entity.getEntity(entityReference, BotTokenCache.EMPTY_STRING, Include.ALL);
            if (CreateTeam.TeamType.GROUP.equals(team.getTeamType())) {
                hashSet.add(entityReference);
            } else {
                hashSet.addAll(getGroupTeams(getTeamChildren(team.getId())));
            }
        }
        return new ArrayList(hashSet);
    }

    private List<EntityReference> getRoles(User user) {
        return findTo(user.getId(), Entity.USER, Relationship.HAS, Entity.ROLE);
    }

    public List<EntityReference> getTeams(User user) {
        List<EntityReference> list = (List) CommonUtil.listOrEmpty(findFrom(user.getId(), Entity.USER, Relationship.HAS, "team")).stream().filter(entityReference -> {
            return !entityReference.getDeleted().booleanValue();
        }).collect(Collectors.toList());
        return CommonUtil.listOrEmpty(list).isEmpty() ? new ArrayList(List.of(getOrganization())) : list;
    }

    public List<EntityReference> getPersonas(User user) {
        return findFrom(user.getId(), Entity.USER, Relationship.APPLIED_TO, Entity.PERSONA);
    }

    public EntityReference getDefaultPersona(User user) {
        return getToEntityRef(user.getId(), Relationship.DEFAULTS_TO, Entity.PERSONA, false);
    }

    private void assignRoles(User user, List<EntityReference> list) {
        Iterator it = CommonUtil.listOrEmpty(list).iterator();
        while (it.hasNext()) {
            addRelationship(user.getId(), ((EntityReference) it.next()).getId(), Entity.USER, Entity.ROLE, Relationship.HAS);
        }
    }

    private void assignTeams(User user, List<EntityReference> list) {
        List<EntityReference> listOrEmpty = CommonUtil.listOrEmpty(list);
        for (EntityReference entityReference : listOrEmpty) {
            if (!entityReference.getId().equals(getOrganization().getId())) {
                addRelationship(entityReference.getId(), user.getId(), "team", Entity.USER, Relationship.HAS);
            }
        }
        if (listOrEmpty.size() > 1) {
            user.setTeams((List) listOrEmpty.stream().filter(entityReference2 -> {
                return !entityReference2.getId().equals(getOrganization().getId());
            }).collect(Collectors.toList()));
        }
    }

    private void assignPersonas(User user, List<EntityReference> list) {
        Iterator it = CommonUtil.listOrEmpty(list).iterator();
        while (it.hasNext()) {
            addRelationship(((EntityReference) it.next()).getId(), user.getId(), Entity.PERSONA, Entity.USER, Relationship.APPLIED_TO);
        }
    }

    private void assignDefaultPersona(User user, EntityReference entityReference) {
        if (entityReference != null) {
            addRelationship(entityReference.getId(), user.getId(), Entity.PERSONA, Entity.USER, Relationship.DEFAULTS_TO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openmetadata.service.jdbi3.EntityRepository
    public void postDelete(User user) {
        if (Boolean.TRUE.equals(user.getIsBot())) {
            BotTokenCache.invalidateToken(user.getName());
        }
    }
}
