package io.unitycatalog.server.service;

import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.server.annotation.Delete;
import com.linecorp.armeria.server.annotation.ExceptionHandler;
import com.linecorp.armeria.server.annotation.Get;
import com.linecorp.armeria.server.annotation.Param;
import com.linecorp.armeria.server.annotation.Post;
import io.unitycatalog.server.auth.UnityCatalogAuthorizer;
import io.unitycatalog.server.auth.annotation.AuthorizeExpression;
import io.unitycatalog.server.auth.annotation.AuthorizeKey;
import io.unitycatalog.server.auth.annotation.AuthorizeKeys;
import io.unitycatalog.server.auth.decorator.UnityAccessEvaluator;
import io.unitycatalog.server.exception.GlobalExceptionHandler;
import io.unitycatalog.server.model.CreateFunctionRequest;
import io.unitycatalog.server.model.FunctionInfo;
import io.unitycatalog.server.model.ListFunctionsResponse;
import io.unitycatalog.server.model.SchemaInfo;
import io.unitycatalog.server.model.SecurableType;
import io.unitycatalog.server.persist.CatalogRepository;
import io.unitycatalog.server.persist.FunctionRepository;
import io.unitycatalog.server.persist.MetastoreRepository;
import io.unitycatalog.server.persist.SchemaRepository;
import io.unitycatalog.server.persist.model.Privileges;
import io.unitycatalog.server.utils.IdentityUtils;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;

@ExceptionHandler(GlobalExceptionHandler.class)
/* loaded from: input_file:io/unitycatalog/server/service/FunctionService.class */
public class FunctionService {
    private static final FunctionRepository FUNCTION_REPOSITORY = FunctionRepository.getInstance();
    private static final SchemaRepository SCHEMA_REPOSITORY = SchemaRepository.getInstance();
    private static final CatalogRepository CATALOG_REPOSITORY = CatalogRepository.getInstance();
    private final UnityCatalogAuthorizer authorizer;
    private final UnityAccessEvaluator evaluator;

    public FunctionService(UnityCatalogAuthorizer unityCatalogAuthorizer) {
        this.authorizer = unityCatalogAuthorizer;
        this.evaluator = new UnityAccessEvaluator(unityCatalogAuthorizer);
    }

    @Post("")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorizeAny(#principal, #catalog, OWNER, USE_CATALOG) && #authorizeAny(#principal, #schema, OWNER, USE_SCHEMA)\n")
    public HttpResponse createFunction(@AuthorizeKeys({@AuthorizeKey(value = SecurableType.CATALOG, key = "function_info.catalog_name"), @AuthorizeKey(value = SecurableType.SCHEMA, key = "function_info.schema_name")}) CreateFunctionRequest createFunctionRequest) {
        FunctionInfo createFunction = FUNCTION_REPOSITORY.createFunction(createFunctionRequest);
        initializeAuthorizations(createFunction);
        return HttpResponse.ofJson(createFunction);
    }

    @AuthorizeExpression("#defer")
    @Get("")
    public HttpResponse listFunctions(@Param("catalog_name") String str, @Param("schema_name") String str2, @Param("max_results") Optional<Integer> optional, @Param("page_token") Optional<String> optional2) {
        ListFunctionsResponse listFunctions = FUNCTION_REPOSITORY.listFunctions(str, str2, optional, optional2);
        filterFunctions("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, OWNER) && #authorize(#principal, #catalog, USE_CATALOG)) ||\n(#authorize(#principal, #schema, USE_SCHEMA) && #authorizeAny(#principal, #catalog, USE_CATALOG) && #authorizeAny(#principal, #function, OWNER, EXECUTE))\n", listFunctions.getFunctions());
        return HttpResponse.ofJson(listFunctions);
    }

    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n#authorize(#principal, #catalog, OWNER) ||\n(#authorize(#principal, #schema, OWNER) && #authorizeAny(#principal, #catalog, USE_CATALOG)) ||\n(#authorize(#principal, #catalog, USE_CATALOG) && #authorize(#principal, #schema, USE_SCHEMA) && #authorizeAny(#principal, #function, OWNER, EXECUTE))\n")
    @Get("/{name}")
    public HttpResponse getFunction(@AuthorizeKey(SecurableType.FUNCTION) @Param("name") String str) {
        return HttpResponse.ofJson(FUNCTION_REPOSITORY.getFunction(str));
    }

    @Delete("/{name}")
    @AuthorizeKey(SecurableType.METASTORE)
    @AuthorizeExpression("#authorize(#principal, #metastore, OWNER) ||\n(#authorize(#principal, #function, OWNER) && #authorizeAny(#principal, #schema, OWNER, USE_SCHEMA) && #authorizeAny(#principal, #catalog, OWNER, USE_CATALOG))\n")
    public HttpResponse deleteFunction(@AuthorizeKey(SecurableType.FUNCTION) @Param("name") String str, @Param("force") Optional<Boolean> optional) {
        FunctionInfo function = FUNCTION_REPOSITORY.getFunction(str);
        FUNCTION_REPOSITORY.deleteFunction(str, optional.orElse(false));
        removeAuthorizations(function);
        return HttpResponse.of(HttpStatus.OK);
    }

    public void filterFunctions(String str, List<FunctionInfo> list) {
        this.evaluator.filter(IdentityUtils.findPrincipalId(), str, list, functionInfo -> {
            return Map.of(SecurableType.METASTORE, MetastoreRepository.getInstance().getMetastoreId(), SecurableType.CATALOG, UUID.fromString(CATALOG_REPOSITORY.getCatalog(functionInfo.getCatalogName()).getId()), SecurableType.SCHEMA, UUID.fromString(SCHEMA_REPOSITORY.getSchema(functionInfo.getCatalogName() + "." + functionInfo.getSchemaName()).getSchemaId()), SecurableType.FUNCTION, UUID.fromString(functionInfo.getFunctionId()));
        });
    }

    private void initializeAuthorizations(FunctionInfo functionInfo) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(functionInfo.getCatalogName() + "." + functionInfo.getSchemaName());
        this.authorizer.grantAuthorization(IdentityUtils.findPrincipalId(), UUID.fromString(functionInfo.getFunctionId()), Privileges.OWNER);
        this.authorizer.addHierarchyChild(UUID.fromString(schema.getSchemaId()), UUID.fromString(functionInfo.getFunctionId()));
    }

    private void removeAuthorizations(FunctionInfo functionInfo) {
        SchemaInfo schema = SCHEMA_REPOSITORY.getSchema(functionInfo.getCatalogName() + "." + functionInfo.getSchemaName());
        this.authorizer.clearAuthorizationsForResource(UUID.fromString(functionInfo.getFunctionId()));
        this.authorizer.removeHierarchyChild(UUID.fromString(schema.getSchemaId()), UUID.fromString(functionInfo.getFunctionId()));
    }
}
