package io.unitycatalog.server.service;

import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.server.annotation.Delete;
import com.linecorp.armeria.server.annotation.ExceptionHandler;
import com.linecorp.armeria.server.annotation.Get;
import com.linecorp.armeria.server.annotation.Param;
import com.linecorp.armeria.server.annotation.Patch;
import com.linecorp.armeria.server.annotation.Post;
import io.unitycatalog.server.auth.UnityCatalogAuthorizer;
import io.unitycatalog.server.auth.annotation.AuthorizeExpression;
import io.unitycatalog.server.auth.annotation.AuthorizeKey;
import io.unitycatalog.server.auth.decorator.UnityAccessEvaluator;
import io.unitycatalog.server.exception.GlobalExceptionHandler;
import io.unitycatalog.server.model.CatalogInfo;
import io.unitycatalog.server.model.CreateSchema;
import io.unitycatalog.server.model.ListSchemasResponse;
import io.unitycatalog.server.model.SchemaInfo;
import io.unitycatalog.server.model.SecurableType;
import io.unitycatalog.server.model.UpdateSchema;
import io.unitycatalog.server.persist.CatalogRepository;
import io.unitycatalog.server.persist.MetastoreRepository;
import io.unitycatalog.server.persist.SchemaRepository;
import io.unitycatalog.server.persist.model.Privileges;
import io.unitycatalog.server.utils.IdentityUtils;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;

@ExceptionHandler(GlobalExceptionHandler.class)
/* loaded from: input_file:io/unitycatalog/server/service/SchemaService.class */
public class SchemaService {
    private static final SchemaRepository SCHEMA_REPOSITORY = SchemaRepository.getInstance();
    private static final CatalogRepository CATALOG_REPOSITORY = CatalogRepository.getInstance();
    private final UnityCatalogAuthorizer authorizer;
    private final UnityAccessEvaluator evaluator;

    public SchemaService(UnityCatalogAuthorizer unityCatalogAuthorizer) {
        this.authorizer = unityCatalogAuthorizer;
        this.evaluator = new UnityAccessEvaluator(unityCatalogAuthorizer);
    }

    @Post("")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #catalog, OWNER) ||\n#authorizeAll(#principal, #catalog, USE_CATALOG, CREATE_SCHEMA)\n")
    public HttpResponse createSchema(@AuthorizeKey(value = SecurableType.CATALOG, key = "catalog_name") CreateSchema createSchema) {
        SchemaInfo createSchema2 = SCHEMA_REPOSITORY.createSchema(createSchema);
        createAuthorizations(createSchema2);
        return HttpResponse.ofJson(createSchema2);
    }

    @AuthorizeExpression("#defer")
    @Get("")
    public HttpResponse listSchemas(@Param("catalog_name") String str, @Param("max_results") Optional<Integer> optional, @Param("page_token") Optional<String> optional2) {
        ListSchemasResponse listSchemas = SCHEMA_REPOSITORY.listSchemas(str, optional, optional2);
        filterSchemas("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, USE_SCHEMA) && #authorizeAny(#principal, #catalog, OWNER, USE_CATALOG))\n", listSchemas.getSchemas());
        return HttpResponse.ofJson(listSchemas);
    }

    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorizeAny(#principal, #schema, OWNER, USE_SCHEMA) && #authorizeAny(#principal, #catalog, USE_CATALOG))\n")
    @Get("/{full_name}")
    public HttpResponse getSchema(@AuthorizeKey(SecurableType.SCHEMA) @Param("full_name") String str) {
        return HttpResponse.ofJson(SCHEMA_REPOSITORY.getSchema(str));
    }

    @Patch("/{full_name}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #schema, OWNER) ||\n#authorizeAll(#principal, #catalog, USE_CATALOG, USE_SCHEMA) ||\n(#authorize(#principal, #schema, USE_SCHEMA) && #authorize(#principal, #catalog, USE_CATALOG))\n")
    public HttpResponse updateSchema(@AuthorizeKey(SecurableType.SCHEMA) @Param("full_name") String str, UpdateSchema updateSchema) {
        return HttpResponse.ofJson(SCHEMA_REPOSITORY.updateSchema(str, updateSchema));
    }

    @Delete("/{full_name}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, OWNER) && #authorizeAny(#principal, #catalog, USE_CATALOG))\n")
    public HttpResponse deleteSchema(@AuthorizeKey(SecurableType.SCHEMA) @Param("full_name") String str, @Param("force") Optional<Boolean> optional) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(str);
        SCHEMA_REPOSITORY.deleteSchema(str, optional.orElse(false).booleanValue());
        removeAuthorizations(schema);
        return HttpResponse.of(HttpStatus.OK);
    }

    public void filterSchemas(String str, List<SchemaInfo> list) {
        this.evaluator.filter(IdentityUtils.findPrincipalId(), str, list, schemaInfo -> {
            return Map.of(SecurableType.METASTORE, MetastoreRepository.getInstance().getMetastoreId(), SecurableType.CATALOG, UUID.fromString(CATALOG_REPOSITORY.getCatalog(schemaInfo.getCatalogName()).getId()), SecurableType.SCHEMA, UUID.fromString(schemaInfo.getSchemaId()));
        });
    }

    private void createAuthorizations(SchemaInfo schemaInfo) {
        CatalogInfo catalog = CATALOG_REPOSITORY.getCatalog(schemaInfo.getCatalogName());
        this.authorizer.grantAuthorization(IdentityUtils.findPrincipalId(), UUID.fromString(schemaInfo.getSchemaId()), Privileges.OWNER);
        this.authorizer.addHierarchyChild(UUID.fromString(catalog.getId()), UUID.fromString(schemaInfo.getSchemaId()));
    }

    private void removeAuthorizations(SchemaInfo schemaInfo) {
        CatalogInfo catalog = CATALOG_REPOSITORY.getCatalog(schemaInfo.getCatalogName());
        this.authorizer.clearAuthorizationsForResource(UUID.fromString(schemaInfo.getSchemaId()));
        this.authorizer.removeHierarchyChildren(UUID.fromString(schemaInfo.getSchemaId()));
        this.authorizer.removeHierarchyChild(UUID.fromString(catalog.getId()), UUID.fromString(schemaInfo.getSchemaId()));
    }
}
