package org.graylog2.migrations.V20200803120800_GrantsMigrations;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Named;
import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog.grn.GRNType;
import org.graylog.grn.GRNTypes;
import org.graylog.plugins.views.search.rest.ViewsRestPermissions;
import org.graylog.plugins.views.search.views.ViewResolverDecoder;
import org.graylog.plugins.views.search.views.ViewService;
import org.graylog.security.Capability;
import org.graylog.security.DBGrantService;
import org.graylog2.migrations.V20200803120800_GrantsMigrations.GrantsMetaMigration;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.shared.users.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/migrations/V20200803120800_GrantsMigrations/UserPermissionsToGrantsMigration.class */
public class UserPermissionsToGrantsMigration {
    private static final Logger LOG = LoggerFactory.getLogger(UserPermissionsToGrantsMigration.class);
    private final UserService userService;
    private final DBGrantService dbGrantService;
    private final GRNRegistry grnRegistry;
    private final ViewService viewService;
    private final String rootUsername;

    public UserPermissionsToGrantsMigration(UserService userService, DBGrantService dBGrantService, GRNRegistry gRNRegistry, ViewService viewService, @Named("root_username") String str) {
        this.userService = userService;
        this.dbGrantService = dBGrantService;
        this.grnRegistry = gRNRegistry;
        this.viewService = viewService;
        this.rootUsername = str;
    }

    public void upgrade() {
        for (User user : this.userService.loadAll()) {
            Map<String, Set<String>> migratableEntities = getMigratableEntities(ImmutableSet.copyOf(user.getPermissions()));
            if (!migratableEntities.isEmpty()) {
                migrateUserPermissions(user, migratableEntities);
            }
        }
    }

    private Optional<GRNType> getViewGRNType(String str) {
        return this.viewService.get(str).map(viewDTO -> {
            GRNType gRNType;
            switch (viewDTO.type()) {
                case SEARCH:
                    gRNType = GRNTypes.SEARCH;
                    break;
                case DASHBOARD:
                    gRNType = GRNTypes.DASHBOARD;
                    break;
                default:
                    throw new IllegalStateException("Unexpected value: " + viewDTO.type());
            }
            return gRNType;
        });
    }

    private void migrateUserPermissions(User user, Map<String, Set<String>> map) {
        map.forEach((str, set) -> {
            GrantsMetaMigration.GRNTypeCapability gRNTypeCapability = GrantsMetaMigration.MIGRATION_MAP.get(set);
            if (gRNTypeCapability == null) {
                LOG.info("Skipping non-migratable entity <{}>. Permissions <{}> cannot be converted to a grant capability", str, set);
                return;
            }
            Capability capability = gRNTypeCapability.capability;
            GRN grn = set.stream().anyMatch(str -> {
                return str.contains(ViewsRestPermissions.VIEW_READ);
            }) ? (GRN) getViewGRNType(str).map(gRNType -> {
                return gRNType.toGRN(str);
            }).orElse(null) : ((GRNType) Objects.requireNonNull(gRNTypeCapability.grnType, "grnType cannot be null - this is a bug")).toGRN(str);
            if (grn != null) {
                this.dbGrantService.ensure(this.grnRegistry.ofUser(user), capability, grn, this.rootUsername);
            }
            List<String> permissions = user.getPermissions();
            permissions.removeAll((Collection) set.stream().map(str2 -> {
                return str2 + ViewResolverDecoder.SEPARATOR + str;
            }).collect(Collectors.toSet()));
            user.setPermissions(permissions);
            try {
                this.userService.save(user);
            } catch (ValidationException e) {
                LOG.error("Failed to update permssions on user <{}>", user.getName(), e);
            }
            LOG.info("Migrating entity <{}> permissions <{}> to <{}> grant for user <{}>", new Object[]{grn, set, capability, user.getName()});
        });
    }

    private Map<String, Set<String>> getMigratableEntities(Set<String> set) {
        HashMap hashMap = new HashMap();
        set.stream().map(GrantsMetaMigration.MigrationWildcardPermission::new).filter(migrationWildcardPermission -> {
            return migrationWildcardPermission.getParts().size() == 3 && migrationWildcardPermission.getParts().stream().allMatch(set2 -> {
                return set2.size() == 1;
            });
        }).forEach(migrationWildcardPermission2 -> {
            String subPart = migrationWildcardPermission2.subPart(0);
            String str = migrationWildcardPermission2.subPart(0) + ViewResolverDecoder.SEPARATOR + migrationWildcardPermission2.subPart(1);
            String subPart2 = migrationWildcardPermission2.subPart(2);
            if (GrantsMetaMigration.MIGRATION_MAP.keySet().stream().flatMap((v0) -> {
                return v0.stream();
            }).anyMatch(str2 -> {
                return str2.startsWith(subPart + ViewResolverDecoder.SEPARATOR);
            })) {
                if (hashMap.containsKey(subPart2)) {
                    ((Set) hashMap.get(subPart2)).add(str);
                } else {
                    hashMap.put(subPart2, Sets.newHashSet(new String[]{str}));
                }
            }
        });
        return hashMap;
    }
}
