package org.apache.cassandra.cql3.statements;

import org.apache.cassandra.audit.AuditLogContext;
import org.apache.cassandra.audit.AuditLogEntryType;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.DCPermissions;
import org.apache.cassandra.auth.IRoleManager;
import org.apache.cassandra.auth.Permission;
import org.apache.cassandra.auth.RoleOptions;
import org.apache.cassandra.auth.RoleResource;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.RoleName;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.transport.messages.ResultMessage;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;

/* loaded from: input_file:cassandra-all-4.0.1.jar:org/apache/cassandra/cql3/statements/AlterRoleStatement.class */
public class AlterRoleStatement extends AuthenticationStatement {
    private final RoleResource role;
    private final RoleOptions opts;
    final DCPermissions dcPermissions;

    public AlterRoleStatement(RoleName roleName, RoleOptions roleOptions) {
        this(roleName, roleOptions, null);
    }

    public AlterRoleStatement(RoleName roleName, RoleOptions roleOptions, DCPermissions dCPermissions) {
        this.role = RoleResource.role(roleName.getName());
        this.opts = roleOptions;
        this.dcPermissions = dCPermissions;
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public void validate(ClientState clientState) throws RequestValidationException {
        this.opts.validate();
        if (this.dcPermissions != null) {
            this.dcPermissions.validate();
        }
        if (this.opts.isEmpty() && this.dcPermissions == null) {
            throw new InvalidRequestException("ALTER [ROLE|USER] can't be empty");
        }
        clientState.ensureNotAnonymous();
        if (!DatabaseDescriptor.getRoleManager().isExistingRole(this.role)) {
            throw new InvalidRequestException(String.format("%s doesn't exist", this.role.getRoleName()));
        }
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public void authorize(ClientState clientState) throws UnauthorizedException {
        AuthenticatedUser user = clientState.getUser();
        boolean isSuper = user.isSuper();
        if (this.opts.getSuperuser().isPresent() && user.getRoles().contains(this.role)) {
            throw new UnauthorizedException("You aren't allowed to alter your own superuser status or that of a role granted to you");
        }
        if (this.opts.getSuperuser().isPresent() && !isSuper) {
            throw new UnauthorizedException("Only superusers are allowed to alter superuser status");
        }
        if (isSuper) {
            return;
        }
        if (!user.getName().equals(this.role.getRoleName())) {
            super.checkPermission(clientState, Permission.ALTER, this.role);
            return;
        }
        for (IRoleManager.Option option : this.opts.getOptions().keySet()) {
            if (!DatabaseDescriptor.getRoleManager().alterableOptions().contains(option)) {
                throw new UnauthorizedException(String.format("You aren't allowed to alter %s", option));
            }
        }
    }

    @Override // org.apache.cassandra.cql3.statements.AuthenticationStatement
    public ResultMessage execute(ClientState clientState) throws RequestValidationException, RequestExecutionException {
        if (!this.opts.isEmpty()) {
            DatabaseDescriptor.getRoleManager().alterRole(clientState.getUser(), this.role, this.opts);
        }
        if (this.dcPermissions == null) {
            return null;
        }
        DatabaseDescriptor.getNetworkAuthorizer().setRoleDatacenters(this.role, this.dcPermissions);
        return null;
    }

    public String toString() {
        return ToStringBuilder.reflectionToString(this, ToStringStyle.SHORT_PREFIX_STYLE);
    }

    @Override // org.apache.cassandra.cql3.CQLStatement
    public AuditLogContext getAuditLogContext() {
        return new AuditLogContext(AuditLogEntryType.ALTER_ROLE);
    }
}
