package com.bazaarvoice.emodb.auth.permissions;

import com.bazaarvoice.emodb.common.uuid.TimeUUIDs;
import com.bazaarvoice.emodb.sor.api.AuditBuilder;
import com.bazaarvoice.emodb.sor.api.DataStore;
import com.bazaarvoice.emodb.sor.api.Intrinsic;
import com.bazaarvoice.emodb.sor.api.ReadConsistency;
import com.bazaarvoice.emodb.sor.api.TableOptionsBuilder;
import com.bazaarvoice.emodb.sor.api.WriteConsistency;
import com.bazaarvoice.emodb.sor.delta.Delta;
import com.bazaarvoice.emodb.sor.delta.Deltas;
import com.bazaarvoice.emodb.sor.delta.MapDeltaBuilder;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.Spliterators;
import java.util.stream.StreamSupport;
import javax.annotation.Nullable;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.InvalidPermissionStringException;
import org.apache.shiro.authz.permission.PermissionResolver;

/* loaded from: input_file:com/bazaarvoice/emodb/auth/permissions/TablePermissionManagerDAO.class */
public class TablePermissionManagerDAO implements PermissionManager {
    private final PermissionResolver _permissionResolver;
    private final DataStore _dataStore;
    private final String _tableName;
    private final String _placement;
    private volatile boolean _tableValidated;

    public TablePermissionManagerDAO(PermissionResolver permissionResolver, DataStore dataStore, String str, String str2) {
        this._permissionResolver = (PermissionResolver) Preconditions.checkNotNull(permissionResolver, "permissionResolver");
        this._dataStore = (DataStore) Preconditions.checkNotNull(dataStore, "dataStore");
        this._tableName = (String) Preconditions.checkNotNull(str, "tableName");
        this._placement = (String) Preconditions.checkNotNull(str2, "placement");
    }

    @Override // com.bazaarvoice.emodb.auth.permissions.PermissionReader
    public Set<Permission> getPermissions(String str) {
        Preconditions.checkNotNull(str, "id");
        validateTable();
        return extractPermissionsFromRecord(this._dataStore.get(this._tableName, str, ReadConsistency.STRONG));
    }

    private Set<Permission> extractPermissionsFromRecord(Map<String, Object> map) {
        HashSet newHashSet = Sets.newHashSet();
        for (String str : map.keySet()) {
            if (str.startsWith("perm_")) {
                newHashSet.add(this._permissionResolver.resolvePermission(str.substring(5)));
            }
        }
        return newHashSet;
    }

    @Override // com.bazaarvoice.emodb.auth.permissions.PermissionManager
    public void updatePermissions(String str, PermissionUpdateRequest permissionUpdateRequest) {
        Preconditions.checkNotNull(str, "id");
        Preconditions.checkNotNull(permissionUpdateRequest, "request");
        validateTable();
        Delta createDelta = createDelta(permissionUpdateRequest);
        if (createDelta == null) {
            return;
        }
        this._dataStore.update(this._tableName, str, TimeUUIDs.newUUID(), createDelta, new AuditBuilder().setLocalHost().setComment("update permissions").build(), WriteConsistency.GLOBAL);
    }

    @Nullable
    private Delta createDelta(PermissionUpdateRequest permissionUpdateRequest) {
        MapDeltaBuilder mapBuilder = Deltas.mapBuilder();
        boolean z = false;
        Iterator<String> it2 = permissionUpdateRequest.getPermitted().iterator();
        while (it2.hasNext()) {
            mapBuilder.put("perm_" + validated(it2.next()), 1);
            z = true;
        }
        Iterator<String> it3 = permissionUpdateRequest.getRevoked().iterator();
        while (it3.hasNext()) {
            mapBuilder.remove("perm_" + validated(it3.next()));
            z = true;
        }
        if (permissionUpdateRequest.isRevokeRest()) {
            mapBuilder.removeRest();
            z = true;
        }
        if (z) {
            return mapBuilder.build();
        }
        return null;
    }

    private String validated(String str) throws InvalidPermissionStringException {
        this._permissionResolver.resolvePermission(str);
        return str;
    }

    @Override // com.bazaarvoice.emodb.auth.permissions.PermissionManager
    public void revokePermissions(String str) {
        Preconditions.checkNotNull(str, "id");
        validateTable();
        this._dataStore.update(this._tableName, str, TimeUUIDs.newUUID(), Deltas.delete(), new AuditBuilder().setLocalHost().setComment("delete permissions").build(), WriteConsistency.GLOBAL);
    }

    @Override // com.bazaarvoice.emodb.auth.permissions.PermissionManager
    public Iterable<Map.Entry<String, Set<Permission>>> getAll() {
        validateTable();
        return () -> {
            return StreamSupport.stream(Spliterators.spliteratorUnknownSize(this._dataStore.scan(this._tableName, null, Long.MAX_VALUE, ReadConsistency.STRONG), 0), false).map(map -> {
                return Maps.immutableEntry(Intrinsic.getId(map), extractPermissionsFromRecord(map));
            }).iterator();
        };
    }

    @Override // com.bazaarvoice.emodb.auth.permissions.PermissionReader
    public PermissionResolver getPermissionResolver() {
        return this._permissionResolver;
    }

    private void validateTable() {
        if (this._tableValidated) {
            return;
        }
        synchronized (this) {
            if (!this._dataStore.getTableExists(this._tableName)) {
                this._dataStore.createTable(this._tableName, new TableOptionsBuilder().setPlacement(this._placement).build(), ImmutableMap.of(), new AuditBuilder().setLocalHost().setComment("create permissions table").build());
            }
            this._tableValidated = true;
        }
    }
}
