package io.unitycatalog.server.service;

import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.server.annotation.Delete;
import com.linecorp.armeria.server.annotation.ExceptionHandler;
import com.linecorp.armeria.server.annotation.Get;
import com.linecorp.armeria.server.annotation.Param;
import com.linecorp.armeria.server.annotation.Post;
import io.unitycatalog.server.auth.UnityCatalogAuthorizer;
import io.unitycatalog.server.auth.annotation.AuthorizeExpression;
import io.unitycatalog.server.auth.annotation.AuthorizeKey;
import io.unitycatalog.server.auth.annotation.AuthorizeKeys;
import io.unitycatalog.server.auth.decorator.UnityAccessEvaluator;
import io.unitycatalog.server.exception.GlobalExceptionHandler;
import io.unitycatalog.server.model.CreateTable;
import io.unitycatalog.server.model.ListTablesResponse;
import io.unitycatalog.server.model.SchemaInfo;
import io.unitycatalog.server.model.SecurableType;
import io.unitycatalog.server.model.TableInfo;
import io.unitycatalog.server.persist.CatalogRepository;
import io.unitycatalog.server.persist.MetastoreRepository;
import io.unitycatalog.server.persist.SchemaRepository;
import io.unitycatalog.server.persist.TableRepository;
import io.unitycatalog.server.persist.model.Privileges;
import io.unitycatalog.server.utils.IdentityUtils;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;

@ExceptionHandler(GlobalExceptionHandler.class)
/* loaded from: input_file:io/unitycatalog/server/service/TableService.class */
public class TableService {
    private static final TableRepository TABLE_REPOSITORY;
    private static final SchemaRepository SCHEMA_REPOSITORY;
    private static final CatalogRepository CATALOG_REPOSITORY;
    private final UnityCatalogAuthorizer authorizer;
    private final UnityAccessEvaluator evaluator;
    static final /* synthetic */ boolean $assertionsDisabled;

    public TableService(UnityCatalogAuthorizer unityCatalogAuthorizer) {
        this.authorizer = unityCatalogAuthorizer;
        this.evaluator = new UnityAccessEvaluator(unityCatalogAuthorizer);
    }

    @Post("")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("    (#authorizeAny(#principal, #catalog, OWNER, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n    (#authorizeAny(#principal, #catalog, OWNER, USE_CATALOG) && #authorizeAll(#principal, #schema, USE_SCHEMA, CREATE_TABLE))\n")
    public HttpResponse createTable(@AuthorizeKeys({@AuthorizeKey(value = SecurableType.SCHEMA, key = "schema_name"), @AuthorizeKey(value = SecurableType.CATALOG, key = "catalog_name")}) CreateTable createTable) {
        if (!$assertionsDisabled && createTable == null) {
            throw new AssertionError();
        }
        TableInfo createTable2 = TABLE_REPOSITORY.createTable(createTable);
        initializeAuthorizations(createTable2);
        return HttpResponse.ofJson(createTable2);
    }

    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, OWNER) && #authorize(#principal, #catalog, USE_CATALOG)) ||\n(#authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG) && #authorizeAny(#principal, #table, OWNER, SELECT))\n")
    @Get("/{full_name}")
    public HttpResponse getTable(@AuthorizeKey(SecurableType.TABLE) @Param("full_name") String str) {
        if ($assertionsDisabled || str != null) {
            return HttpResponse.ofJson(TABLE_REPOSITORY.getTable(str));
        }
        throw new AssertionError();
    }

    @AuthorizeExpression("#defer")
    @Get("")
    public HttpResponse listTables(@Param("catalog_name") String str, @Param("schema_name") String str2, @Param("max_results") Optional<Integer> optional, @Param("page_token") Optional<String> optional2, @Param("omit_properties") Optional<Boolean> optional3, @Param("omit_columns") Optional<Boolean> optional4) {
        ListTablesResponse listTables = TABLE_REPOSITORY.listTables(str, str2, optional, optional2, optional3.orElse(false), optional4.orElse(false));
        filterTables("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, OWNER) && #authorize(#principal, #catalog, USE_CATALOG)) ||\n(#authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG) && #authorizeAny(#principal, #table, OWNER, SELECT))\n", listTables.getTables());
        return HttpResponse.ofJson(listTables);
    }

    @Delete("/{full_name}")
    @AuthorizeExpression("#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, OWNER) && #authorize(#principal, #catalog, USE_CATALOG)) ||\n(#authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #table, OWNER))\n")
    public HttpResponse deleteTable(@AuthorizeKey(SecurableType.TABLE) @Param("full_name") String str) {
        TableInfo table = TABLE_REPOSITORY.getTable(str);
        TABLE_REPOSITORY.deleteTable(str);
        removeAuthorizations(table);
        return HttpResponse.of(HttpStatus.OK);
    }

    public void filterTables(String str, List<TableInfo> list) {
        this.evaluator.filter(IdentityUtils.findPrincipalId(), str, list, tableInfo -> {
            return Map.of(SecurableType.METASTORE, MetastoreRepository.getInstance().getMetastoreId(), SecurableType.CATALOG, UUID.fromString(CATALOG_REPOSITORY.getCatalog(tableInfo.getCatalogName()).getId()), SecurableType.SCHEMA, UUID.fromString(SCHEMA_REPOSITORY.getSchema(tableInfo.getCatalogName() + "." + tableInfo.getSchemaName()).getSchemaId()), SecurableType.TABLE, UUID.fromString(tableInfo.getTableId()));
        });
    }

    private void initializeAuthorizations(TableInfo tableInfo) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(tableInfo.getCatalogName() + "." + tableInfo.getSchemaName());
        this.authorizer.grantAuthorization(IdentityUtils.findPrincipalId(), UUID.fromString(tableInfo.getTableId()), Privileges.OWNER);
        this.authorizer.addHierarchyChild(UUID.fromString(schema.getSchemaId()), UUID.fromString(tableInfo.getTableId()));
    }

    private void removeAuthorizations(TableInfo tableInfo) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(tableInfo.getCatalogName() + "." + tableInfo.getSchemaName());
        this.authorizer.clearAuthorizationsForResource(UUID.fromString(tableInfo.getTableId()));
        this.authorizer.removeHierarchyChild(UUID.fromString(schema.getSchemaId()), UUID.fromString(tableInfo.getTableId()));
    }

    static {
        $assertionsDisabled = !TableService.class.desiredAssertionStatus();
        TABLE_REPOSITORY = TableRepository.getInstance();
        SCHEMA_REPOSITORY = SchemaRepository.getInstance();
        CATALOG_REPOSITORY = CatalogRepository.getInstance();
    }
}
