package io.unitycatalog.server.service;

import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.server.annotation.Delete;
import com.linecorp.armeria.server.annotation.ExceptionHandler;
import com.linecorp.armeria.server.annotation.Get;
import com.linecorp.armeria.server.annotation.Param;
import com.linecorp.armeria.server.annotation.Patch;
import com.linecorp.armeria.server.annotation.Post;
import io.unitycatalog.server.auth.UnityCatalogAuthorizer;
import io.unitycatalog.server.auth.annotation.AuthorizeExpression;
import io.unitycatalog.server.auth.annotation.AuthorizeKey;
import io.unitycatalog.server.auth.annotation.AuthorizeKeys;
import io.unitycatalog.server.auth.decorator.UnityAccessEvaluator;
import io.unitycatalog.server.exception.GlobalExceptionHandler;
import io.unitycatalog.server.model.CreateModelVersion;
import io.unitycatalog.server.model.CreateRegisteredModel;
import io.unitycatalog.server.model.FinalizeModelVersion;
import io.unitycatalog.server.model.ListRegisteredModelsResponse;
import io.unitycatalog.server.model.RegisteredModelInfo;
import io.unitycatalog.server.model.SchemaInfo;
import io.unitycatalog.server.model.SecurableType;
import io.unitycatalog.server.model.UpdateModelVersion;
import io.unitycatalog.server.model.UpdateRegisteredModel;
import io.unitycatalog.server.persist.CatalogRepository;
import io.unitycatalog.server.persist.MetastoreRepository;
import io.unitycatalog.server.persist.ModelRepository;
import io.unitycatalog.server.persist.SchemaRepository;
import io.unitycatalog.server.persist.model.Privileges;
import io.unitycatalog.server.utils.IdentityUtils;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;

@ExceptionHandler(GlobalExceptionHandler.class)
/* loaded from: input_file:io/unitycatalog/server/service/ModelService.class */
public class ModelService {
    private static final ModelRepository MODEL_REPOSITORY;
    private static final SchemaRepository SCHEMA_REPOSITORY;
    private static final CatalogRepository CATALOG_REPOSITORY;
    private final UnityCatalogAuthorizer authorizer;
    private final UnityAccessEvaluator evaluator;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ModelService(UnityCatalogAuthorizer unityCatalogAuthorizer) {
        this.authorizer = unityCatalogAuthorizer;
        this.evaluator = new UnityAccessEvaluator(unityCatalogAuthorizer);
    }

    @Post("")
    @AuthorizeExpression("(#authorizeAny(#principal, #catalog, OWNER, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorizeAny(#principal, #catalog, OWNER, USE_CATALOG) && #authorizeAll(#principal, #schema, USE_SCHEMA, CREATE_MODEL)) ||\n(#authorizeAny(#principal, #catalog, OWNER, USE_CATALOG) && #authorizeAll(#principal, #schema, USE_SCHEMA, CREATE_FUNCTION))\n")
    public HttpResponse createRegisteredModel(@AuthorizeKeys({@AuthorizeKey(value = SecurableType.SCHEMA, key = "schema_name"), @AuthorizeKey(value = SecurableType.CATALOG, key = "catalog_name")}) CreateRegisteredModel createRegisteredModel) {
        if (!$assertionsDisabled && createRegisteredModel == null) {
            throw new AssertionError();
        }
        RegisteredModelInfo createRegisteredModel2 = MODEL_REPOSITORY.createRegisteredModel(createRegisteredModel);
        initializeAuthorizations(createRegisteredModel2);
        return HttpResponse.ofJson(createRegisteredModel2);
    }

    @AuthorizeExpression("#defer")
    @Get("")
    public HttpResponse listRegisteredModels(@Param("catalog_name") Optional<String> optional, @Param("schema_name") Optional<String> optional2, @Param("max_results") Optional<Integer> optional3, @Param("page_token") Optional<String> optional4) {
        ListRegisteredModelsResponse listRegisteredModels = MODEL_REPOSITORY.listRegisteredModels(optional, optional2, optional3, optional4);
        filterModels("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorizeAny(#principal, #registered_model, OWNER, EXECUTE) && #authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n", listRegisteredModels.getRegisteredModels());
        return HttpResponse.ofJson(listRegisteredModels);
    }

    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorizeAny(#principal, #registered_model, OWNER, EXECUTE) && #authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n")
    @Get("/{full_name}")
    public HttpResponse getRegisteredModel(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str) {
        if ($assertionsDisabled || str != null) {
            return HttpResponse.ofJson(MODEL_REPOSITORY.getRegisteredModel(str));
        }
        throw new AssertionError();
    }

    @Patch("/{full_name}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("(#authorize(#principal, #registered_model, OWNER) && #authorizeAny(#principal, #schema, OWNER, USE_SCHEMA) && #authorizeAny(#principal, #catalog, OWNER, USE_CATALOG))\n")
    public HttpResponse updateRegisteredModel(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, UpdateRegisteredModel updateRegisteredModel) {
        if ($assertionsDisabled || updateRegisteredModel != null) {
            return HttpResponse.ofJson(MODEL_REPOSITORY.updateRegisteredModel(updateRegisteredModel));
        }
        throw new AssertionError();
    }

    @Delete("/{full_name}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorize(#principal, #registered_model, OWNER) && #authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n")
    public HttpResponse deleteRegisteredModel(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, @Param("force") Optional<Boolean> optional) {
        RegisteredModelInfo registeredModel = MODEL_REPOSITORY.getRegisteredModel(str);
        MODEL_REPOSITORY.deleteRegisteredModel(str, optional.orElse(false).booleanValue());
        removeAuthorizations(registeredModel);
        return HttpResponse.of(HttpStatus.OK);
    }

    @Post("/versions")
    @AuthorizeExpression("(#authorize(#principal, #registered_model, OWNER) && #authorizeAny(#principal, #schema, OWNER, USE_SCHEMA) && #authorizeAny(#principal, #catalog, OWNER, USE_CATALOG))\n")
    public HttpResponse createModelVersion(@AuthorizeKeys({@AuthorizeKey(value = SecurableType.CATALOG, key = "catalog_name"), @AuthorizeKey(value = SecurableType.SCHEMA, key = "schema_name"), @AuthorizeKey(value = SecurableType.REGISTERED_MODEL, key = "model_name")}) CreateModelVersion createModelVersion) {
        if ($assertionsDisabled || createModelVersion != null) {
            return HttpResponse.ofJson(MODEL_REPOSITORY.createModelVersion(createModelVersion));
        }
        throw new AssertionError();
    }

    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorizeAny(#principal, #registered_model, OWNER, EXECUTE) && #authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n")
    @Get("/{full_name}/versions")
    public HttpResponse listModelVersions(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, @Param("max_results") Optional<Integer> optional, @Param("page_token") Optional<String> optional2) {
        return HttpResponse.ofJson(MODEL_REPOSITORY.listModelVersions(str, optional, optional2));
    }

    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorizeAny(#principal, #registered_model, OWNER, EXECUTE) && #authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n")
    @Get("/{full_name}/versions/{version}")
    public HttpResponse getModelVersion(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, @Param("version") Long l) {
        if ($assertionsDisabled || !(str == null || l == null)) {
            return HttpResponse.ofJson(MODEL_REPOSITORY.getModelVersion(str, l.longValue()));
        }
        throw new AssertionError();
    }

    @Patch("/{full_name}/versions/{version}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("(#authorize(#principal, #registered_model, OWNER) && #authorizeAny(#principal, #schema, OWNER, USE_SCHEMA) && #authorizeAny(#principal, #catalog, OWNER, USE_CATALOG))\n")
    public HttpResponse updateModelVersion(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, UpdateModelVersion updateModelVersion) {
        if ($assertionsDisabled || updateModelVersion != null) {
            return HttpResponse.ofJson(MODEL_REPOSITORY.updateModelVersion(updateModelVersion));
        }
        throw new AssertionError();
    }

    @Delete("/{full_name}/versions/{version}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, OWNER)) ||\n(#authorize(#principal, #registered_model, OWNER) && #authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n")
    public HttpResponse deleteModelVersion(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, @Param("version") Long l) {
        MODEL_REPOSITORY.deleteModelVersion(str, l);
        return HttpResponse.of(HttpStatus.OK);
    }

    @Patch("/{full_name}/versions/{version}/finalize")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("(#authorize(#principal, #registered_model, OWNER) && #authorizeAny(#principal, #schema, OWNER, USE_SCHEMA) && #authorizeAny(#principal, #catalog, OWNER, USE_CATALOG))\n")
    public HttpResponse finalizeModelVersion(@AuthorizeKey(SecurableType.REGISTERED_MODEL) @Param("full_name") String str, FinalizeModelVersion finalizeModelVersion) {
        if ($assertionsDisabled || finalizeModelVersion != null) {
            return HttpResponse.ofJson(MODEL_REPOSITORY.finalizeModelVersion(finalizeModelVersion));
        }
        throw new AssertionError();
    }

    private void initializeAuthorizations(RegisteredModelInfo registeredModelInfo) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(registeredModelInfo.getCatalogName() + "." + registeredModelInfo.getSchemaName());
        this.authorizer.grantAuthorization(IdentityUtils.findPrincipalId(), UUID.fromString(registeredModelInfo.getId()), Privileges.OWNER);
        this.authorizer.addHierarchyChild(UUID.fromString(schema.getSchemaId()), UUID.fromString(registeredModelInfo.getId()));
    }

    public void filterModels(String str, List<RegisteredModelInfo> list) {
        this.evaluator.filter(IdentityUtils.findPrincipalId(), str, list, registeredModelInfo -> {
            return Map.of(SecurableType.METASTORE, MetastoreRepository.getInstance().getMetastoreId(), SecurableType.CATALOG, UUID.fromString(CATALOG_REPOSITORY.getCatalog(registeredModelInfo.getCatalogName()).getId()), SecurableType.SCHEMA, UUID.fromString(SCHEMA_REPOSITORY.getSchema(registeredModelInfo.getCatalogName() + "." + registeredModelInfo.getSchemaName()).getSchemaId()), SecurableType.REGISTERED_MODEL, UUID.fromString(registeredModelInfo.getId()));
        });
    }

    private void removeAuthorizations(RegisteredModelInfo registeredModelInfo) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(registeredModelInfo.getCatalogName() + "." + registeredModelInfo.getSchemaName());
        this.authorizer.clearAuthorizationsForResource(UUID.fromString(registeredModelInfo.getId()));
        this.authorizer.removeHierarchyChild(UUID.fromString(schema.getSchemaId()), UUID.fromString(registeredModelInfo.getId()));
    }

    static {
        $assertionsDisabled = !ModelService.class.desiredAssertionStatus();
        MODEL_REPOSITORY = ModelRepository.getInstance();
        SCHEMA_REPOSITORY = SchemaRepository.getInstance();
        CATALOG_REPOSITORY = CatalogRepository.getInstance();
    }
}
