package org.apache.cassandra.cql3.statements;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.cassandra.audit.AuditLogContext;
import org.apache.cassandra.audit.AuditLogEntryType;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.PermissionDetails;
import org.apache.cassandra.auth.Resources;
import org.apache.cassandra.auth.RoleResource;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.ColumnIdentifier;
import org.apache.cassandra.cql3.ColumnSpecification;
import org.apache.cassandra.cql3.ResultSet;
import org.apache.cassandra.cql3.RoleName;
import org.apache.cassandra.db.marshal.UTF8Type;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.transport.messages.ResultMessage;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;

/* loaded from: input_file:cassandra-all-4.0.1.jar:org/apache/cassandra/cql3/statements/ListPermissionsStatement.class */
public class ListPermissionsStatement extends AuthorizationStatement {
    private static final String KS = "system_auth";
    private static final String CF = "permissions";
    private static final List<ColumnSpecification> metadata;
    protected final Set<Permission> permissions;
    protected IResource resource;
    protected final boolean recursive;
    private final RoleResource grantee;

    public ListPermissionsStatement(Set<Permission> set, IResource iResource, RoleName roleName, boolean z) {
        this.permissions = set;
        this.resource = iResource;
        this.recursive = z;
        this.grantee = roleName.hasName() ? RoleResource.role(roleName.getName()) : null;
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public void validate(ClientState clientState) throws RequestValidationException {
        clientState.ensureNotAnonymous();
        if (this.resource != null) {
            this.resource = maybeCorrectResource(this.resource, clientState);
            if (!this.resource.exists()) {
                throw new InvalidRequestException(String.format("%s doesn't exist", this.resource));
            }
        }
        if (this.grantee != null && !DatabaseDescriptor.getRoleManager().isExistingRole(this.grantee)) {
            throw new InvalidRequestException(String.format("%s doesn't exist", this.grantee));
        }
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public void authorize(ClientState clientState) {
    }

    @Override // org.apache.cassandra.cql3.statements.AuthorizationStatement
    public ResultMessage execute(ClientState clientState) throws RequestValidationException, RequestExecutionException {
        ArrayList arrayList = new ArrayList();
        if (this.resource == null || !this.recursive) {
            arrayList.addAll(list(clientState, this.resource));
        } else {
            Iterator<? extends IResource> it = Resources.chain(this.resource).iterator();
            while (it.hasNext()) {
                arrayList.addAll(list(clientState, it.next()));
            }
        }
        Collections.sort(arrayList);
        return resultMessage(arrayList);
    }

    private Set<PermissionDetails> list(ClientState clientState, IResource iResource) throws RequestValidationException, RequestExecutionException {
        try {
            return DatabaseDescriptor.getAuthorizer().list(clientState.getUser(), this.permissions, iResource, this.grantee);
        } catch (UnsupportedOperationException e) {
            throw new InvalidRequestException(e.getMessage());
        }
    }

    private ResultMessage resultMessage(List<PermissionDetails> list) {
        if (list.isEmpty()) {
            return new ResultMessage.Void();
        }
        ResultSet resultSet = new ResultSet(new ResultSet.ResultMetadata(metadata));
        for (PermissionDetails permissionDetails : list) {
            resultSet.addColumnValue(UTF8Type.instance.decompose(permissionDetails.grantee));
            resultSet.addColumnValue(UTF8Type.instance.decompose(permissionDetails.grantee));
            resultSet.addColumnValue(UTF8Type.instance.decompose(permissionDetails.resource.toString()));
            resultSet.addColumnValue(UTF8Type.instance.decompose(permissionDetails.permission.toString()));
        }
        return new ResultMessage.Rows(resultSet);
    }

    @Override // org.apache.cassandra.cql3.statements.AuthorizationStatement
    public String toString() {
        return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public AuditLogContext getAuditLogContext() {
        return new AuditLogContext(AuditLogEntryType.LIST_PERMISSIONS);
    }

    static {
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(new ColumnSpecification("system_auth", CF, new ColumnIdentifier("role", true), UTF8Type.instance));
        arrayList.add(new ColumnSpecification("system_auth", CF, new ColumnIdentifier("username", true), UTF8Type.instance));
        arrayList.add(new ColumnSpecification("system_auth", CF, new ColumnIdentifier("resource", true), UTF8Type.instance));
        arrayList.add(new ColumnSpecification("system_auth", CF, new ColumnIdentifier("permission", true), UTF8Type.instance));
        metadata = Collections.unmodifiableList(arrayList);
    }
}
