package com.alibaba.nacos.plugin.auth.impl.roles;

import com.alibaba.nacos.api.model.Page;
import com.alibaba.nacos.common.utils.CollectionUtils;
import com.alibaba.nacos.plugin.auth.impl.configuration.AuthConfigs;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.PermissionPersistService;
import com.alibaba.nacos.plugin.auth.impl.persistence.RoleInfo;
import com.alibaba.nacos.plugin.auth.impl.persistence.RolePersistService;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserService;
import java.util.List;

/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/roles/NacosRoleServiceDirectImpl.class */
public class NacosRoleServiceDirectImpl extends AbstractCheckedRoleService implements NacosRoleService {
    private static final int DEFAULT_PAGE_NO = 1;
    private final AuthConfigs authConfigs;
    private final RolePersistService rolePersistService;
    private final NacosUserService userDetailsService;
    private final PermissionPersistService permissionPersistService;

    public NacosRoleServiceDirectImpl(AuthConfigs authConfigs, RolePersistService rolePersistService, NacosUserService nacosUserService, PermissionPersistService permissionPersistService) {
        super(authConfigs);
        this.authConfigs = authConfigs;
        this.rolePersistService = rolePersistService;
        this.userDetailsService = nacosUserService;
        this.permissionPersistService = permissionPersistService;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<RoleInfo> getRoles(String str) {
        Page<RoleInfo> roles;
        List<RoleInfo> list = getCachedRoleInfoMap().get(str);
        if ((!this.authConfigs.isCachingEnabled() || list == null) && (roles = getRoles(str, AuthConstants.DEFAULT_TOKEN_SECRET_KEY, DEFAULT_PAGE_NO, Integer.MAX_VALUE)) != null) {
            list = roles.getPageItems();
            if (!CollectionUtils.isEmpty(list)) {
                getCachedRoleInfoMap().put(str, list);
            }
        }
        return list;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<RoleInfo> getRoles(String str, String str2, int i, int i2) {
        Page<RoleInfo> rolesByUserNameAndRoleName = this.rolePersistService.getRolesByUserNameAndRoleName(str, str2, i, i2);
        return rolesByUserNameAndRoleName == null ? new Page<>() : rolesByUserNameAndRoleName;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<RoleInfo> getAllRoles() {
        Page<RoleInfo> rolesByUserNameAndRoleName = this.rolePersistService.getRolesByUserNameAndRoleName(AuthConstants.DEFAULT_TOKEN_SECRET_KEY, AuthConstants.DEFAULT_TOKEN_SECRET_KEY, DEFAULT_PAGE_NO, Integer.MAX_VALUE);
        if (rolesByUserNameAndRoleName == null) {
            return null;
        }
        return rolesByUserNameAndRoleName.getPageItems();
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<PermissionInfo> getPermissions(String str) {
        Page<PermissionInfo> permissions;
        List<PermissionInfo> list = getCachedPermissionInfoMap().get(str);
        if ((!this.authConfigs.isCachingEnabled() || list == null) && (permissions = getPermissions(str, DEFAULT_PAGE_NO, Integer.MAX_VALUE)) != null) {
            list = permissions.getPageItems();
            if (!CollectionUtils.isEmpty(list)) {
                getCachedPermissionInfoMap().put(str, list);
            }
        }
        return list;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<PermissionInfo> getPermissions(String str, int i, int i2) {
        Page<PermissionInfo> permissions = this.permissionPersistService.getPermissions(str, i, i2);
        return permissions == null ? new Page<>() : permissions;
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void addRole(String str, String str2) {
        if (this.userDetailsService.getUser(str2) == null) {
            throw new IllegalArgumentException("user '" + str2 + "' not found!");
        }
        if (AuthConstants.GLOBAL_ADMIN_ROLE.equals(str)) {
            throw new IllegalArgumentException("role 'ROLE_ADMIN' is not permitted to create!");
        }
        if (isUserBoundToRole(str, str2)) {
            throw new IllegalArgumentException("user '" + str2 + "' already bound to the role '" + str + "'!");
        }
        this.rolePersistService.addRole(str, str2);
        getCachedRoleSet().add(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void addAdminRole(String str) {
        if (this.userDetailsService.getUser(str) == null) {
            throw new IllegalArgumentException("user '" + str + "' not found!");
        }
        if (hasGlobalAdminRole()) {
            throw new IllegalArgumentException("role 'ROLE_ADMIN' already exist !");
        }
        this.rolePersistService.addRole(AuthConstants.GLOBAL_ADMIN_ROLE, str);
        getCachedRoleSet().add(AuthConstants.GLOBAL_ADMIN_ROLE);
        this.authConfigs.setHasGlobalAdminRole(true);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void deleteRole(String str, String str2) {
        this.rolePersistService.deleteRole(str, str2);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void deleteRole(String str) {
        this.rolePersistService.deleteRole(str);
        getCachedRoleInfoMap().remove(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void addPermission(String str, String str2, String str3) {
        if (!getCachedRoleSet().contains(str)) {
            throw new IllegalArgumentException("role " + str + " not found!");
        }
        this.permissionPersistService.addPermission(str, str2, str3);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public void deletePermission(String str, String str2, String str3) {
        this.permissionPersistService.deletePermission(str, str2, str3);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<RoleInfo> findRoles(String str, String str2, int i, int i2) {
        return this.rolePersistService.findRolesLike4Page(str, str2, i, i2);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public List<String> findRoleNames(String str) {
        return this.rolePersistService.findRolesLikeRoleName(str);
    }

    @Override // com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleService
    public Page<PermissionInfo> findPermissions(String str, int i, int i2) {
        return this.permissionPersistService.findPermissionsLike4Page(str, i, i2);
    }

    boolean isUserBoundToRole(String str, String str2) {
        Page<RoleInfo> rolesByUserNameAndRoleName = this.rolePersistService.getRolesByUserNameAndRoleName(str2, str, DEFAULT_PAGE_NO, DEFAULT_PAGE_NO);
        if (rolesByUserNameAndRoleName == null) {
            return false;
        }
        List pageItems = rolesByUserNameAndRoleName.getPageItems();
        return CollectionUtils.isNotEmpty(pageItems) && pageItems.stream().anyMatch(roleInfo -> {
            return str.equals(roleInfo.getRole());
        });
    }
}
