package org.apache.iotdb.db.queryengine.plan.relational.security;

import java.util.Iterator;
import java.util.Objects;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.exception.auth.AccessDeniedException;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.exception.sql.SemanticException;
import org.apache.iotdb.db.queryengine.plan.relational.metadata.QualifiedObjectName;
import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.RelationalAuthorStatement;
import org.apache.iotdb.db.queryengine.plan.relational.type.AuthorRType;
import org.apache.iotdb.db.schemaengine.schemaregion.mtree.impl.pbtree.schemafile.SchemaFileConfig;
import org.apache.iotdb.db.schemaengine.table.InformationSchemaUtils;
import org.apache.iotdb.db.storageengine.dataregion.wal.buffer.WALInfoEntry;

/* loaded from: input_file:org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl.class */
public class AccessControlImpl implements AccessControl {
    private final ITableAuthChecker authChecker;

    /* renamed from: org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/iotdb/db/queryengine/plan/relational/security/AccessControlImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType = new int[AuthorRType.values().length];

        static {
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.CREATE_USER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.DROP_USER.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.UPDATE_USER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.LIST_USER_PRIV.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.LIST_USER.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.CREATE_ROLE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.DROP_ROLE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_USER_ROLE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_USER_ROLE.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.LIST_ROLE.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.LIST_ROLE_PRIV.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_ROLE_ANY.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_USER_ANY.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_ROLE_ANY.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_USER_ANY.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_ROLE_ALL.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_ROLE_ALL.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_USER_ALL.ordinal()] = 18;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_USER_ALL.ordinal()] = 19;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_USER_DB.ordinal()] = 20;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_ROLE_DB.ordinal()] = 21;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_USER_DB.ordinal()] = 22;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_ROLE_DB.ordinal()] = 23;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_USER_TB.ordinal()] = 24;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_ROLE_TB.ordinal()] = 25;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_USER_TB.ordinal()] = 26;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_ROLE_TB.ordinal()] = 27;
            } catch (NoSuchFieldError e27) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_USER_SYS.ordinal()] = 28;
            } catch (NoSuchFieldError e28) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.GRANT_ROLE_SYS.ordinal()] = 29;
            } catch (NoSuchFieldError e29) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_USER_SYS.ordinal()] = 30;
            } catch (NoSuchFieldError e30) {
            }
            try {
                $SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[AuthorRType.REVOKE_ROLE_SYS.ordinal()] = 31;
            } catch (NoSuchFieldError e31) {
            }
        }
    }

    public AccessControlImpl(ITableAuthChecker iTableAuthChecker) {
        this.authChecker = iTableAuthChecker;
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanCreateDatabase(String str, String str2) {
        InformationSchemaUtils.checkDBNameInWrite(str2);
        this.authChecker.checkDatabasePrivilege(str, str2, TableModelPrivilege.CREATE);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanDropDatabase(String str, String str2) {
        InformationSchemaUtils.checkDBNameInWrite(str2);
        this.authChecker.checkDatabasePrivilege(str, str2, TableModelPrivilege.DROP);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanAlterDatabase(String str, String str2) {
        InformationSchemaUtils.checkDBNameInWrite(str2);
        this.authChecker.checkDatabasePrivilege(str, str2, TableModelPrivilege.ALTER);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanShowOrUseDatabase(String str, String str2) {
        if (str2.equals("information_schema")) {
            return;
        }
        this.authChecker.checkDatabaseVisibility(str, str2);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanCreateTable(String str, QualifiedObjectName qualifiedObjectName) {
        InformationSchemaUtils.checkDBNameInWrite(qualifiedObjectName.getDatabaseName());
        this.authChecker.checkTablePrivilege(str, qualifiedObjectName, TableModelPrivilege.CREATE);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanDropTable(String str, QualifiedObjectName qualifiedObjectName) {
        InformationSchemaUtils.checkDBNameInWrite(qualifiedObjectName.getDatabaseName());
        this.authChecker.checkTablePrivilege(str, qualifiedObjectName, TableModelPrivilege.DROP);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanAlterTable(String str, QualifiedObjectName qualifiedObjectName) {
        InformationSchemaUtils.checkDBNameInWrite(qualifiedObjectName.getDatabaseName());
        this.authChecker.checkTablePrivilege(str, qualifiedObjectName, TableModelPrivilege.ALTER);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanInsertIntoTable(String str, QualifiedObjectName qualifiedObjectName) {
        InformationSchemaUtils.checkDBNameInWrite(qualifiedObjectName.getDatabaseName());
        this.authChecker.checkTablePrivilege(str, qualifiedObjectName, TableModelPrivilege.INSERT);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanSelectFromTable(String str, QualifiedObjectName qualifiedObjectName) {
        if (qualifiedObjectName.getDatabaseName().equals("information_schema")) {
            checkUserIsAdmin(str);
        } else {
            this.authChecker.checkTablePrivilege(str, qualifiedObjectName, TableModelPrivilege.SELECT);
        }
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanSelectFromDatabase4Pipe(String str, String str2) {
        if (Objects.isNull(str)) {
            throw new AccessDeniedException("User not exists");
        }
        this.authChecker.checkDatabasePrivilege(str, str2, TableModelPrivilege.SELECT);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public boolean checkCanSelectFromTable4Pipe(String str, QualifiedObjectName qualifiedObjectName) {
        return Objects.nonNull(str) && this.authChecker.checkTablePrivilege4Pipe(str, qualifiedObjectName);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanDeleteFromTable(String str, QualifiedObjectName qualifiedObjectName) {
        InformationSchemaUtils.checkDBNameInWrite(qualifiedObjectName.getDatabaseName());
        this.authChecker.checkTablePrivilege(str, qualifiedObjectName, TableModelPrivilege.DELETE);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkCanShowOrDescTable(String str, QualifiedObjectName qualifiedObjectName) {
        if (qualifiedObjectName.getDatabaseName().equals("information_schema")) {
            return;
        }
        this.authChecker.checkTableVisibility(str, qualifiedObjectName);
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkUserCanRunRelationalAuthorStatement(String str, RelationalAuthorStatement relationalAuthorStatement) {
        switch (AnonymousClass1.$SwitchMap$org$apache$iotdb$db$queryengine$plan$relational$type$AuthorRType[relationalAuthorStatement.getAuthorType().ordinal()]) {
            case 1:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot create user has same name with admin user");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_USER);
                return;
            case 2:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName()) || relationalAuthorStatement.getUserName().equals(str)) {
                    throw new AccessDeniedException("Cannot drop admin user or yourself");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_USER);
                return;
            case 3:
            case 4:
                if (AuthorityChecker.SUPER_USER.equals(str) || relationalAuthorStatement.getUserName().equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_USER);
                return;
            case 5:
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_USER);
                return;
            case 6:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getRoleName())) {
                    throw new AccessDeniedException("Cannot create role has same name with admin user");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_ROLE);
                return;
            case 7:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot drop role with admin name");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_ROLE);
                return;
            case 8:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot grant role to admin");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_ROLE);
                return;
            case WALInfoEntry.FIXED_SERIALIZED_SIZE /* 9 */:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot revoke role from admin");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_ROLE);
                return;
            case 10:
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                if (relationalAuthorStatement.getUserName() == null || !relationalAuthorStatement.getUserName().equals(str)) {
                    this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_ROLE);
                    return;
                }
                return;
            case 11:
                if (AuthorityChecker.SUPER_USER.equals(str) || AuthorityChecker.checkRole(str, relationalAuthorStatement.getRoleName())) {
                    return;
                }
                this.authChecker.checkGlobalPrivilege(str, TableModelPrivilege.MANAGE_ROLE);
                return;
            case 12:
            case 13:
            case 14:
            case 15:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot grant/revoke privileges of admin user");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                Iterator<PrivilegeType> it = relationalAuthorStatement.getPrivilegeTypes().iterator();
                while (it.hasNext()) {
                    this.authChecker.checkAnyScopePrivilegeGrantOption(str, TableModelPrivilege.getTableModelType(it.next()));
                }
                return;
            case SchemaFileConfig.SEG_INDEX_DIGIT /* 16 */:
            case 17:
            case 18:
            case 19:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot grant/revoke all privileges of admin user");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                for (TableModelPrivilege tableModelPrivilege : TableModelPrivilege.values()) {
                    PrivilegeType privilegeType = tableModelPrivilege.getPrivilegeType();
                    if (privilegeType.isRelationalPrivilege()) {
                        this.authChecker.checkAnyScopePrivilegeGrantOption(str, tableModelPrivilege);
                    }
                    if (privilegeType.forRelationalSys()) {
                        this.authChecker.checkGlobalPrivilegeGrantOption(str, tableModelPrivilege);
                    }
                }
                return;
            case 20:
            case 21:
            case 22:
            case 23:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot grant/revoke privileges of admin user");
                }
                if ("information_schema".equals(relationalAuthorStatement.getDatabase())) {
                    throw new SemanticException("Cannot grant or revoke any privileges to information_schema");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                Iterator<PrivilegeType> it2 = relationalAuthorStatement.getPrivilegeTypes().iterator();
                while (it2.hasNext()) {
                    this.authChecker.checkDatabasePrivilegeGrantOption(str, relationalAuthorStatement.getDatabase(), TableModelPrivilege.getTableModelType(it2.next()));
                }
                return;
            case 24:
            case SchemaFileConfig.SEG_HEADER_SIZE /* 25 */:
            case 26:
            case 27:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot grant/revoke privileges of admin user");
                }
                if ("information_schema".equals(relationalAuthorStatement.getDatabase())) {
                    throw new SemanticException("Cannot grant or revoke any privileges to information_schema");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                Iterator<PrivilegeType> it3 = relationalAuthorStatement.getPrivilegeTypes().iterator();
                while (it3.hasNext()) {
                    this.authChecker.checkTablePrivilegeGrantOption(str, new QualifiedObjectName(relationalAuthorStatement.getDatabase(), relationalAuthorStatement.getTableName()), TableModelPrivilege.getTableModelType(it3.next()));
                }
                return;
            case 28:
            case 29:
            case 30:
            case 31:
                if (AuthorityChecker.SUPER_USER.equals(relationalAuthorStatement.getUserName())) {
                    throw new AccessDeniedException("Cannot grant/revoke privileges of admin user");
                }
                if (AuthorityChecker.SUPER_USER.equals(str)) {
                    return;
                }
                Iterator<PrivilegeType> it4 = relationalAuthorStatement.getPrivilegeTypes().iterator();
                while (it4.hasNext()) {
                    this.authChecker.checkGlobalPrivilegeGrantOption(str, TableModelPrivilege.getTableModelType(it4.next()));
                }
                return;
            default:
                return;
        }
    }

    @Override // org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl
    public void checkUserIsAdmin(String str) {
        if (!AuthorityChecker.SUPER_USER.equals(str)) {
            throw new AccessDeniedException(AuthorityChecker.ONLY_ADMIN_ALLOWED);
        }
    }
}
