package com.bazaarvoice.emodb.auth.role;

import com.bazaarvoice.emodb.auth.permissions.PermissionIDs;
import com.bazaarvoice.emodb.auth.permissions.PermissionManager;
import com.bazaarvoice.emodb.auth.permissions.PermissionUpdateRequest;
import com.bazaarvoice.emodb.common.api.Names;
import com.bazaarvoice.emodb.common.uuid.TimeUUIDs;
import com.bazaarvoice.emodb.sor.api.AuditBuilder;
import com.bazaarvoice.emodb.sor.api.Coordinate;
import com.bazaarvoice.emodb.sor.api.DataStore;
import com.bazaarvoice.emodb.sor.api.Intrinsic;
import com.bazaarvoice.emodb.sor.api.ReadConsistency;
import com.bazaarvoice.emodb.sor.api.TableOptionsBuilder;
import com.bazaarvoice.emodb.sor.api.WriteConsistency;
import com.bazaarvoice.emodb.sor.delta.Deltas;
import com.bazaarvoice.emodb.sor.delta.MapDeltaBuilder;
import com.clearspring.analytics.stream.frequency.CountMinSketch;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSortedSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.Spliterators;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import javax.annotation.Nullable;

/* loaded from: input_file:com/bazaarvoice/emodb/auth/role/TableRoleManagerDAO.class */
public class TableRoleManagerDAO implements RoleManager {
    private static final String NO_GROUP_NAME = "_";
    private static final String NAME_ATTR = "name";
    private static final String DESCRIPTION_ATTR = "description";
    private static final String IDS_ATTR = "ids";
    private final DataStore _dataStore;
    private final String _roleTableName;
    private final String _groupTableName;
    private final String _placement;
    private final PermissionManager _permissionManager;
    private volatile boolean _tablesValidated;

    public TableRoleManagerDAO(DataStore dataStore, String str, String str2, String str3, PermissionManager permissionManager) {
        this._dataStore = (DataStore) Preconditions.checkNotNull(dataStore, "dataStore");
        this._roleTableName = (String) Preconditions.checkNotNull(str, "roleTableName");
        this._groupTableName = (String) Preconditions.checkNotNull(str2, "groupTableName");
        Preconditions.checkArgument(!str.equals(str2), "Role and group tables must be unique");
        this._placement = (String) Preconditions.checkNotNull(str3, "placement");
        this._permissionManager = (PermissionManager) Preconditions.checkNotNull(permissionManager, "permissionManager");
    }

    private String checkGroup(@Nullable String str) {
        Preconditions.checkArgument(str == null || Names.isLegalRoleGroupName(str), "Group cannot be named %s", str);
        return str == null ? NO_GROUP_NAME : str;
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public Role getRole(RoleIdentifier roleIdentifier) {
        Preconditions.checkNotNull(roleIdentifier, "id");
        checkGroup(roleIdentifier.getGroup());
        validateTables();
        return convertRecordToRole(this._dataStore.get(this._roleTableName, roleIdentifier.toString(), ReadConsistency.STRONG));
    }

    private Role convertRecordToRole(Map<String, Object> map) {
        if (Intrinsic.isDeleted(map)) {
            return null;
        }
        RoleIdentifier fromString = RoleIdentifier.fromString(Intrinsic.getId(map));
        return new Role(fromString.getGroup(), fromString.getId(), (String) map.get("name"), (String) map.get(DESCRIPTION_ATTR));
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public List<Role> getRolesByGroup(@Nullable String str) {
        List list;
        String checkGroup = checkGroup(str);
        List<Role> list2 = null;
        validateTables();
        Map<String, Object> map = this._dataStore.get(this._groupTableName, checkGroup);
        if (!Intrinsic.isDeleted(map) && (list = (List) map.get(IDS_ATTR)) != null && !list.isEmpty()) {
            list2 = (List) StreamSupport.stream(Spliterators.spliteratorUnknownSize(this._dataStore.multiGet((List) list.stream().map(str2 -> {
                return Coordinate.of(this._roleTableName, new RoleIdentifier(str, str2).toString());
            }).collect(Collectors.toList()), ReadConsistency.STRONG), 0), false).map(this::convertRecordToRole).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
        }
        return list2 != null ? list2 : ImmutableList.of();
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public Iterator<Role> getAll() {
        validateTables();
        return StreamSupport.stream(Spliterators.spliteratorUnknownSize(this._dataStore.scan(this._roleTableName, null, CountMinSketch.PRIME_MODULUS, ReadConsistency.STRONG), 0), false).map(this::convertRecordToRole).iterator();
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public Set<String> getPermissionsForRole(RoleIdentifier roleIdentifier) {
        Preconditions.checkNotNull(roleIdentifier, "id");
        return ImmutableSortedSet.copyOf(this._permissionManager.getPermissions(PermissionIDs.forRole(roleIdentifier)).stream().map((v0) -> {
            return Objects.toString(v0);
        }).iterator());
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public Role createRole(RoleIdentifier roleIdentifier, RoleUpdateRequest roleUpdateRequest) {
        Preconditions.checkNotNull(roleIdentifier, "id");
        Preconditions.checkArgument(Names.isLegalRoleName(roleIdentifier.getId()), "Role cannot have ID %s", roleIdentifier.getId());
        String checkGroup = checkGroup(roleIdentifier.getGroup());
        if (getRole(roleIdentifier) != null) {
            throw new RoleExistsException(roleIdentifier.getGroup(), roleIdentifier.getId());
        }
        UUID newUUID = TimeUUIDs.newUUID();
        this._dataStore.update(this._groupTableName, checkGroup, newUUID, Deltas.mapBuilder().update(IDS_ATTR, Deltas.setBuilder().add(roleIdentifier.getId()).build()).build(), new AuditBuilder().setLocalHost().setComment("Create role " + roleIdentifier).build(), WriteConsistency.GLOBAL);
        this._dataStore.update(this._roleTableName, roleIdentifier.toString(), newUUID, Deltas.mapBuilder().put("name", roleUpdateRequest.getName()).put(DESCRIPTION_ATTR, roleUpdateRequest.getDescription()).build(), new AuditBuilder().setLocalHost().setComment("Create role " + roleIdentifier).build(), WriteConsistency.GLOBAL);
        if (roleUpdateRequest.getPermissionUpdate() != null) {
            ImmutableList copyOf = ImmutableList.copyOf(roleUpdateRequest.getPermissionUpdate().getPermitted());
            if (!copyOf.isEmpty()) {
                this._permissionManager.updatePermissions(PermissionIDs.forRole(roleIdentifier), new PermissionUpdateRequest().permit(copyOf));
            }
        }
        return new Role(roleIdentifier.getGroup(), roleIdentifier.getId(), roleUpdateRequest.getName(), roleUpdateRequest.getDescription());
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public void updateRole(RoleIdentifier roleIdentifier, RoleUpdateRequest roleUpdateRequest) {
        if (getRole(roleIdentifier) == null) {
            throw new RoleNotFoundException(roleIdentifier.getGroup(), roleIdentifier.getId());
        }
        if (roleUpdateRequest.isNamePresent() || roleUpdateRequest.isDescriptionPresent()) {
            MapDeltaBuilder mapBuilder = Deltas.mapBuilder();
            if (roleUpdateRequest.isNamePresent()) {
                mapBuilder.put("name", roleUpdateRequest.getName());
            }
            if (roleUpdateRequest.isDescriptionPresent()) {
                mapBuilder.put(DESCRIPTION_ATTR, roleUpdateRequest.getDescription());
            }
            this._dataStore.update(this._roleTableName, roleIdentifier.toString(), TimeUUIDs.newUUID(), mapBuilder.build(), new AuditBuilder().setLocalHost().setComment("Update role " + roleIdentifier).build(), WriteConsistency.GLOBAL);
        }
        if (roleUpdateRequest.getPermissionUpdate() != null) {
            this._permissionManager.updatePermissions(PermissionIDs.forRole(roleIdentifier), roleUpdateRequest.getPermissionUpdate());
        }
    }

    @Override // com.bazaarvoice.emodb.auth.role.RoleManager
    public void deleteRole(RoleIdentifier roleIdentifier) {
        Role role = getRole(roleIdentifier);
        if (role == null) {
            return;
        }
        this._permissionManager.revokePermissions(PermissionIDs.forRole(roleIdentifier));
        UUID newUUID = TimeUUIDs.newUUID();
        String checkGroup = checkGroup(role.getGroup());
        this._dataStore.update(this._roleTableName, roleIdentifier.toString(), newUUID, Deltas.delete(), new AuditBuilder().setLocalHost().setComment("Delete role " + roleIdentifier).build(), WriteConsistency.GLOBAL);
        this._dataStore.update(this._groupTableName, checkGroup, newUUID, Deltas.mapBuilder().update(IDS_ATTR, Deltas.setBuilder().remove(role.getId()).deleteIfEmpty().build()).deleteIfEmpty().build(), new AuditBuilder().setLocalHost().setComment("Delete role " + roleIdentifier).build(), WriteConsistency.GLOBAL);
    }

    private void validateTables() {
        if (this._tablesValidated) {
            return;
        }
        synchronized (this) {
            if (!this._dataStore.getTableExists(this._roleTableName)) {
                this._dataStore.createTable(this._roleTableName, new TableOptionsBuilder().setPlacement(this._placement).build(), ImmutableMap.of(), new AuditBuilder().setLocalHost().setComment("create role table").build());
            }
            if (!this._dataStore.getTableExists(this._groupTableName)) {
                this._dataStore.createTable(this._groupTableName, new TableOptionsBuilder().setPlacement(this._placement).build(), ImmutableMap.of(), new AuditBuilder().setLocalHost().setComment("create role group table").build());
            }
            this._tablesValidated = true;
        }
    }
}
