package uk.gov.gchq.gaffer.graph.hook;

import com.fasterxml.jackson.annotation.JsonGetter;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonSetter;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import uk.gov.gchq.gaffer.commonutil.CollectionUtil;
import uk.gov.gchq.gaffer.commonutil.exception.UnauthorisedException;
import uk.gov.gchq.gaffer.operation.Operation;
import uk.gov.gchq.gaffer.operation.OperationChain;
import uk.gov.gchq.gaffer.store.Context;
import uk.gov.gchq.gaffer.user.User;

/* loaded from: input_file:uk/gov/gchq/gaffer/graph/hook/OperationAuthoriser.class */
public class OperationAuthoriser implements GraphHook {
    private final Set<String> allAuths = new HashSet();
    private final Map<Class<?>, Set<String>> auths = new HashMap();

    @Override // uk.gov.gchq.gaffer.graph.hook.GraphHook
    public void preExecute(OperationChain<?> operationChain, Context context) {
        if (null != operationChain) {
            Iterator<Operation> it = operationChain.getOperations().iterator();
            while (it.hasNext()) {
                authorise(it.next(), context.getUser());
            }
            authorise(operationChain, context.getUser());
        }
    }

    @Override // uk.gov.gchq.gaffer.graph.hook.GraphHook
    public <T> T postExecute(T t, OperationChain<?> operationChain, Context context) {
        return t;
    }

    @Override // uk.gov.gchq.gaffer.graph.hook.GraphHook
    public <T> T onFailure(T t, OperationChain<?> operationChain, Context context, Exception exc) {
        return t;
    }

    public void addAuths(Class<? extends Operation> cls, String... strArr) {
        Collections.addAll(this.auths.computeIfAbsent(cls, cls2 -> {
            return new HashSet();
        }), strArr);
        Collections.addAll(this.allAuths, strArr);
    }

    public Map<Class<?>, Set<String>> getAuths() {
        return Collections.unmodifiableMap(this.auths);
    }

    public void setAuths(Map<Class<?>, Set<String>> map) {
        this.auths.clear();
        this.allAuths.clear();
        if (null != map) {
            this.auths.putAll(map);
            Iterator<Set<String>> it = map.values().iterator();
            while (it.hasNext()) {
                this.allAuths.addAll(it.next());
            }
        }
    }

    @JsonGetter("auths")
    public Map<String, Set<String>> getAuthsAsStrings() {
        return Collections.unmodifiableMap(CollectionUtil.toMapWithStringKeys(this.auths));
    }

    @JsonSetter("auths")
    public void setAuthsFromStrings(Map<String, Set<String>> map) throws ClassNotFoundException {
        setAuths(CollectionUtil.toMapWithClassKeys(map));
    }

    @JsonIgnore
    public Set<String> getAllAuths() {
        return Collections.unmodifiableSet(this.allAuths);
    }

    protected void authorise(Operation operation, User user) {
        if (null != operation) {
            if (operation instanceof OperationChain) {
                ((OperationChain) operation).getOperations().forEach(operation2 -> {
                    authorise(operation2, user);
                });
            }
            Class<?> cls = operation.getClass();
            Set<String> opAuths = user.getOpAuths();
            boolean z = true;
            Iterator<Map.Entry<Class<?>, Set<String>>> it = this.auths.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry<Class<?>, Set<String>> next = it.next();
                if (next.getKey().isAssignableFrom(cls) && !opAuths.containsAll(next.getValue())) {
                    z = false;
                    break;
                }
            }
            if (!z) {
                throw new UnauthorisedException("User does not have permission to run operation: " + operation.getClass().getName());
            }
        }
    }
}
