package com.facebook.presto.hive;

import com.facebook.presto.hive.metastore.HiveMetastore;
import com.facebook.presto.hive.metastore.HivePrivilege;
import com.facebook.presto.spi.SchemaTableName;
import com.facebook.presto.spi.security.AccessDeniedException;
import com.facebook.presto.spi.security.ConnectorAccessControl;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.security.Privilege;
import com.google.common.collect.ImmutableSet;
import java.util.Objects;
import javax.inject.Inject;

/* loaded from: input_file:com/facebook/presto/hive/SqlStandardAccessControl.class */
public class SqlStandardAccessControl implements ConnectorAccessControl {
    private static final String ADMIN_ROLE_NAME = "admin";
    private static final String INFORMATION_SCHEMA_NAME = "information_schema";
    private final String connectorId;
    private final HiveMetastore metastore;
    private final boolean allowDropTable;
    private final boolean allowRenameTable;

    @Inject
    public SqlStandardAccessControl(HiveConnectorId hiveConnectorId, HiveMetastore hiveMetastore, HiveClientConfig hiveClientConfig) {
        this.connectorId = ((HiveConnectorId) Objects.requireNonNull(hiveConnectorId, "connectorId is null")).toString();
        this.metastore = (HiveMetastore) Objects.requireNonNull(hiveMetastore, "metastore is null");
        Objects.requireNonNull(hiveClientConfig, "hiveClientConfig is null");
        this.allowDropTable = hiveClientConfig.getAllowDropTable();
        this.allowRenameTable = hiveClientConfig.getAllowRenameTable();
    }

    public void checkCanCreateTable(Identity identity, SchemaTableName schemaTableName) {
        if (checkDatabasePermission(identity, schemaTableName.getSchemaName(), HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyCreateTable(schemaTableName.toString());
    }

    public void checkCanDropTable(Identity identity, SchemaTableName schemaTableName) {
        if (this.allowDropTable && checkTablePermission(identity, schemaTableName, HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyDropTable(schemaTableName.toString());
    }

    public void checkCanRenameTable(Identity identity, SchemaTableName schemaTableName, SchemaTableName schemaTableName2) {
        if (this.allowRenameTable && checkTablePermission(identity, schemaTableName, HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyRenameTable(schemaTableName.toString(), schemaTableName2.toString());
    }

    public void checkCanAddColumn(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyAddColumn(schemaTableName.toString());
    }

    public void checkCanRenameColumn(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyRenameColumn(schemaTableName.toString());
    }

    public void checkCanSelectFromTable(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.SELECT)) {
            return;
        }
        AccessDeniedException.denySelectTable(schemaTableName.toString());
    }

    public void checkCanInsertIntoTable(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.INSERT)) {
            return;
        }
        AccessDeniedException.denyInsertTable(schemaTableName.toString());
    }

    public void checkCanDeleteFromTable(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.DELETE)) {
            return;
        }
        AccessDeniedException.denyDeleteTable(schemaTableName.toString());
    }

    public void checkCanCreateView(Identity identity, SchemaTableName schemaTableName) {
        if (checkDatabasePermission(identity, schemaTableName.getSchemaName(), HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyCreateView(schemaTableName.toString());
    }

    public void checkCanDropView(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.OWNERSHIP)) {
            return;
        }
        AccessDeniedException.denyDropView(schemaTableName.toString());
    }

    public void checkCanSelectFromView(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.SELECT)) {
            return;
        }
        AccessDeniedException.denySelectView(schemaTableName.toString());
    }

    public void checkCanCreateViewWithSelectFromTable(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.SELECT, HivePrivilege.GRANT)) {
            return;
        }
        AccessDeniedException.denySelectTable(schemaTableName.toString());
    }

    public void checkCanCreateViewWithSelectFromView(Identity identity, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.SELECT, HivePrivilege.GRANT)) {
            return;
        }
        AccessDeniedException.denySelectView(schemaTableName.toString());
    }

    public void checkCanSetCatalogSessionProperty(Identity identity, String str) {
        if (this.metastore.getRoles(identity.getUser()).contains(ADMIN_ROLE_NAME)) {
            return;
        }
        AccessDeniedException.denySetCatalogSessionProperty(this.connectorId, str);
    }

    public void checkCanGrantTablePrivilege(Identity identity, Privilege privilege, SchemaTableName schemaTableName) {
        if (checkTablePermission(identity, schemaTableName, HivePrivilege.OWNERSHIP)) {
            return;
        }
        HivePrivilege hivePrivilege = HivePrivilege.toHivePrivilege(privilege);
        if (hivePrivilege == null || !this.metastore.hasPrivilegeWithGrantOptionOnTable(identity.getUser(), schemaTableName.getSchemaName(), schemaTableName.getTableName(), hivePrivilege)) {
            AccessDeniedException.denyGrantTablePrivilege(privilege.name(), schemaTableName.toString());
        }
    }

    private boolean checkDatabasePermission(Identity identity, String str, HivePrivilege... hivePrivilegeArr) {
        return this.metastore.getDatabasePrivileges(identity.getUser(), str).containsAll(ImmutableSet.copyOf(hivePrivilegeArr));
    }

    private boolean checkTablePermission(Identity identity, SchemaTableName schemaTableName, HivePrivilege... hivePrivilegeArr) {
        if (INFORMATION_SCHEMA_NAME.equals(schemaTableName.getSchemaName())) {
            return true;
        }
        return this.metastore.getTablePrivileges(identity.getUser(), schemaTableName.getSchemaName(), schemaTableName.getTableName()).containsAll(ImmutableSet.copyOf(hivePrivilegeArr));
    }
}
