package org.apache.dolphinscheduler.api.permission;

import com.baomidou.mybatisplus.core.conditions.Wrapper;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.dolphinscheduler.common.enums.AuthorizationType;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.dao.entity.User;
import org.apache.dolphinscheduler.dao.mapper.AccessTokenMapper;
import org.apache.dolphinscheduler.dao.mapper.AlertGroupMapper;
import org.apache.dolphinscheduler.dao.mapper.AlertPluginInstanceMapper;
import org.apache.dolphinscheduler.dao.mapper.DataSourceMapper;
import org.apache.dolphinscheduler.dao.mapper.EnvironmentMapper;
import org.apache.dolphinscheduler.dao.mapper.K8sNamespaceMapper;
import org.apache.dolphinscheduler.dao.mapper.ProjectMapper;
import org.apache.dolphinscheduler.dao.mapper.QueueMapper;
import org.apache.dolphinscheduler.dao.mapper.ResourceMapper;
import org.apache.dolphinscheduler.dao.mapper.ResourceUserMapper;
import org.apache.dolphinscheduler.dao.mapper.TaskGroupMapper;
import org.apache.dolphinscheduler.dao.mapper.TenantMapper;
import org.apache.dolphinscheduler.dao.mapper.UdfFuncMapper;
import org.apache.dolphinscheduler.dao.mapper.WorkerGroupMapper;
import org.apache.dolphinscheduler.service.process.ProcessService;
import org.slf4j.Logger;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl.class */
public class ResourcePermissionCheckServiceImpl implements ResourcePermissionCheckService<Object>, ApplicationContextAware {

    @Autowired
    private ProcessService processService;
    public static final Map<AuthorizationType, ResourceAcquisitionAndPermissionCheck<?>> RESOURCE_LIST_MAP = new ConcurrentHashMap();

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$AccessTokenList.class */
    public static class AccessTokenList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final AccessTokenMapper accessTokenMapper;

        public AccessTokenList(AccessTokenMapper accessTokenMapper) {
            this.accessTokenMapper = accessTokenMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.ACCESS_TOKEN);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.accessTokenMapper.listAuthorizedAccessToken(i, (List) null).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$AlertGroupResourceList.class */
    public static class AlertGroupResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final AlertGroupMapper alertGroupMapper;

        public AlertGroupResourceList(AlertGroupMapper alertGroupMapper) {
            this.alertGroupMapper = alertGroupMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.ALERT_GROUP);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.alertGroupMapper.queryAllGroupList().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$AlertPluginInstanceResourceList.class */
    public static class AlertPluginInstanceResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final AlertPluginInstanceMapper alertPluginInstanceMapper;

        public AlertPluginInstanceResourceList(AlertPluginInstanceMapper alertPluginInstanceMapper) {
            this.alertPluginInstanceMapper = alertPluginInstanceMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.ALERT_PLUGIN_INSTANCE);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return Collections.emptySet();
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$DataSourceResourceList.class */
    public static class DataSourceResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final DataSourceMapper dataSourceMapper;

        public DataSourceResourceList(DataSourceMapper dataSourceMapper) {
            this.dataSourceMapper = dataSourceMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.DATASOURCE);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return true;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.dataSourceMapper.listAuthorizedDataSource(i, (Object[]) null).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$EnvironmentResourceList.class */
    public static class EnvironmentResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final EnvironmentMapper environmentMapper;

        public EnvironmentResourceList(EnvironmentMapper environmentMapper) {
            this.environmentMapper = environmentMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.ENVIRONMENT);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return true;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.environmentMapper.queryAllEnvironmentList().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$FilePermissionCheck.class */
    public static class FilePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final ResourceMapper resourceMapper;
        private final ResourceUserMapper resourceUserMapper;

        public FilePermissionCheck(ResourceMapper resourceMapper, ResourceUserMapper resourceUserMapper) {
            this.resourceMapper = resourceMapper;
            this.resourceUserMapper = resourceUserMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Arrays.asList(AuthorizationType.RESOURCE_FILE_ID, AuthorizationType.UDF_FILE);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            List arrayList;
            if (i == 0) {
                arrayList = new ArrayList();
            } else {
                List queryResourcesIdListByUserIdAndPerm = this.resourceUserMapper.queryResourcesIdListByUserIdAndPerm(i, 0);
                arrayList = CollectionUtils.isEmpty(queryResourcesIdListByUserIdAndPerm) ? new ArrayList() : this.resourceMapper.queryResourceListById(queryResourcesIdListByUserIdAndPerm);
            }
            arrayList.addAll(this.resourceMapper.queryResourceListAuthored(i, -1));
            return (Set) arrayList.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return true;
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$K8sNamespaceResourceList.class */
    public static class K8sNamespaceResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final K8sNamespaceMapper k8sNamespaceMapper;

        public K8sNamespaceResourceList(K8sNamespaceMapper k8sNamespaceMapper) {
            this.k8sNamespaceMapper = k8sNamespaceMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.K8S_NAMESPACE);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.k8sNamespaceMapper.queryAuthedNamespaceListByUserId(Integer.valueOf(i)).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$ProjectsResourcePermissionCheck.class */
    public static class ProjectsResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final ProjectMapper projectMapper;

        public ProjectsResourcePermissionCheck(ProjectMapper projectMapper) {
            this.projectMapper = projectMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.PROJECTS);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return true;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.projectMapper.listAuthorizedProjects(i, (List) null).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$QueueResourcePermissionCheck.class */
    public static class QueueResourcePermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final QueueMapper queueMapper;

        public QueueResourcePermissionCheck(QueueMapper queueMapper) {
            this.queueMapper = queueMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.QUEUE);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return i != 0 ? Collections.emptySet() : (Set) this.queueMapper.selectList((Wrapper) null).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$ResourceAcquisitionAndPermissionCheck.class */
    public interface ResourceAcquisitionAndPermissionCheck<T> {
        List<AuthorizationType> authorizationTypes();

        Set<T> listAuthorizedResource(int i, Logger logger);

        boolean permissionCheck(int i, String str, Logger logger);
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$TaskGroupPermissionCheck.class */
    public static class TaskGroupPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final TaskGroupMapper taskGroupMapper;

        public TaskGroupPermissionCheck(TaskGroupMapper taskGroupMapper) {
            this.taskGroupMapper = taskGroupMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.TASK_GROUP);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.taskGroupMapper.listAuthorizedResource(i).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return true;
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$TenantResourceList.class */
    public static class TenantResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final TenantMapper tenantMapper;

        public TenantResourceList(TenantMapper tenantMapper) {
            this.tenantMapper = tenantMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.TENANT);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.tenantMapper.queryAll().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$UdfFuncPermissionCheck.class */
    public static class UdfFuncPermissionCheck implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final UdfFuncMapper udfFuncMapper;

        public UdfFuncPermissionCheck(UdfFuncMapper udfFuncMapper) {
            this.udfFuncMapper = udfFuncMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.UDF);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.udfFuncMapper.listAuthorizedUdfByUserId(i).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return true;
        }
    }

    @Component
    /* loaded from: input_file:org/apache/dolphinscheduler/api/permission/ResourcePermissionCheckServiceImpl$WorkerGroupResourceList.class */
    public static class WorkerGroupResourceList implements ResourceAcquisitionAndPermissionCheck<Integer> {
        private final WorkerGroupMapper workerGroupMapper;

        public WorkerGroupResourceList(WorkerGroupMapper workerGroupMapper) {
            this.workerGroupMapper = workerGroupMapper;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public List<AuthorizationType> authorizationTypes() {
            return Collections.singletonList(AuthorizationType.WORKER_GROUP);
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public boolean permissionCheck(int i, String str, Logger logger) {
            return false;
        }

        @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckServiceImpl.ResourceAcquisitionAndPermissionCheck
        public Set<Integer> listAuthorizedResource(int i, Logger logger) {
            return (Set) this.workerGroupMapper.queryAllWorkerGroup().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
        }
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        for (ResourceAcquisitionAndPermissionCheck resourceAcquisitionAndPermissionCheck : applicationContext.getBeansOfType(ResourceAcquisitionAndPermissionCheck.class).values()) {
            resourceAcquisitionAndPermissionCheck.authorizationTypes().forEach(authorizationType -> {
                RESOURCE_LIST_MAP.put(authorizationType, resourceAcquisitionAndPermissionCheck);
            });
        }
    }

    @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService
    public boolean resourcePermissionCheck(Object obj, Object[] objArr, Integer num, Logger logger) {
        if (!Objects.nonNull(objArr) || objArr.length <= 0) {
            return true;
        }
        HashSet hashSet = new HashSet(Arrays.asList(objArr));
        hashSet.removeAll(RESOURCE_LIST_MAP.get(obj).listAuthorizedResource(num.intValue(), logger));
        if (CollectionUtils.isNotEmpty(hashSet)) {
            logger.warn("User does not have resource permission on associated resources, userId:{}", num);
        }
        return CollectionUtils.isEmpty(hashSet);
    }

    @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService
    public boolean operationPermissionCheck(Object obj, Object[] objArr, Integer num, String str, Logger logger) {
        User userById = this.processService.getUserById(num.intValue());
        if (userById == null) {
            logger.error("user id {} doesn't exist", num);
            return false;
        }
        if (userById.getUserType().equals(UserType.ADMIN_USER)) {
            return true;
        }
        return RESOURCE_LIST_MAP.get(obj).permissionCheck(num.intValue(), str, logger);
    }

    @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService
    public boolean functionDisabled() {
        return false;
    }

    @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService
    public void postHandle(Object obj, Integer num, List<Integer> list, Logger logger) {
        logger.debug("no post handle");
    }

    @Override // org.apache.dolphinscheduler.api.permission.ResourcePermissionCheckService
    public Set<Object> userOwnedResourceIdsAcquisition(Object obj, Integer num, Logger logger) {
        User userById = this.processService.getUserById(num.intValue());
        if (userById != null) {
            return RESOURCE_LIST_MAP.get(obj).listAuthorizedResource(userById.getUserType().equals(UserType.ADMIN_USER) ? 0 : num.intValue(), logger);
        }
        logger.error("user id {} doesn't exist", num);
        return Collections.emptySet();
    }
}
