package org.lealone.sql.ddl;

import java.util.ArrayList;
import java.util.Iterator;
import org.lealone.common.exceptions.DbException;
import org.lealone.db.Database;
import org.lealone.db.DbObject;
import org.lealone.db.auth.Right;
import org.lealone.db.auth.RightOwner;
import org.lealone.db.auth.Role;
import org.lealone.db.lock.DbObjectLock;
import org.lealone.db.schema.Schema;
import org.lealone.db.service.Service;
import org.lealone.db.session.ServerSession;
import org.lealone.db.table.Table;

/* loaded from: input_file:org/lealone/sql/ddl/GrantRevoke.class */
public class GrantRevoke extends AuthStatement {
    private final ArrayList<DbObject> dbObjects;
    private int operationType;
    private int rightMask;
    private ArrayList<String> roleNames;
    private Schema schema;
    private RightOwner grantee;

    public GrantRevoke(ServerSession serverSession) {
        super(serverSession);
        this.dbObjects = new ArrayList<>();
    }

    @Override // org.lealone.sql.StatementBase
    public int getType() {
        return this.operationType;
    }

    public void setOperationType(int i) {
        this.operationType = i;
    }

    public void addRight(int i) {
        this.rightMask |= i;
    }

    public void addRoleName(String str) {
        if (this.roleNames == null) {
            this.roleNames = new ArrayList<>();
        }
        this.roleNames.add(str);
    }

    public void setGranteeName(String str) {
        Database database = this.session.getDatabase();
        this.grantee = database.findUser(this.session, str);
        if (this.grantee == null) {
            this.grantee = database.findRole(this.session, str);
            if (this.grantee == null) {
                throw DbException.get(90071, str);
            }
        }
    }

    public void addTable(Table table) {
        this.dbObjects.add(table);
    }

    public void addService(Service service) {
        this.dbObjects.add(service);
    }

    public void setSchema(Schema schema) {
        this.schema = schema;
    }

    public boolean isRoleMode() {
        return this.roleNames != null;
    }

    public boolean isRightMode() {
        return this.rightMask != 0;
    }

    @Override // org.lealone.sql.StatementBase
    public int update() {
        this.session.getUser().checkAdmin();
        Database database = this.session.getDatabase();
        DbObjectLock tryExclusiveAuthLock = database.tryExclusiveAuthLock(this.session);
        if (tryExclusiveAuthLock == null) {
            return -1;
        }
        if (this.roleNames == null) {
            if (this.operationType == 70) {
                grantRight(tryExclusiveAuthLock);
                return 0;
            }
            if (this.operationType == 71) {
                revokeRight(tryExclusiveAuthLock);
                return 0;
            }
            DbException.throwInternalError("type=" + this.operationType);
            return 0;
        }
        Iterator<String> it = this.roleNames.iterator();
        while (it.hasNext()) {
            String next = it.next();
            Role findRole = database.findRole(this.session, next);
            if (findRole == null) {
                throw DbException.get(90070, next);
            }
            if (this.operationType == 70) {
                grantRole(findRole, tryExclusiveAuthLock);
            } else if (this.operationType == 71) {
                revokeRole(findRole, tryExclusiveAuthLock);
            } else {
                DbException.throwInternalError("type=" + this.operationType);
            }
        }
        return 0;
    }

    private void grantRight(DbObjectLock dbObjectLock) {
        if (this.schema != null) {
            grantRight(this.schema, dbObjectLock);
        }
        Iterator<DbObject> it = this.dbObjects.iterator();
        while (it.hasNext()) {
            grantRight(it.next(), dbObjectLock);
        }
    }

    private void grantRight(DbObject dbObject, DbObjectLock dbObjectLock) {
        Database database = this.session.getDatabase();
        Right rightForObject = this.grantee.getRightForObject(dbObject);
        if (rightForObject != null) {
            rightForObject.setRightMask(rightForObject.getRightMask() | this.rightMask);
            database.updateMeta(this.session, rightForObject);
        } else {
            Right right = new Right(database, getObjectId(), this.grantee, this.rightMask, dbObject);
            this.grantee.grantRight(dbObject, right);
            database.addDatabaseObject(this.session, right, dbObjectLock);
        }
    }

    private void grantRole(Role role, DbObjectLock dbObjectLock) {
        if (role == this.grantee || !this.grantee.isRoleGranted(role)) {
            if ((this.grantee instanceof Role) && role.isRoleGranted(this.grantee)) {
                throw DbException.get(90074, role.getSQL());
            }
            Database database = this.session.getDatabase();
            Right right = new Right(database, getObjectId(), this.grantee, role);
            database.addDatabaseObject(this.session, right, dbObjectLock);
            this.grantee.grantRole(role, right);
        }
    }

    private void revokeRight(DbObjectLock dbObjectLock) {
        if (this.schema != null) {
            revokeRight(this.schema, dbObjectLock);
        }
        Iterator<DbObject> it = this.dbObjects.iterator();
        while (it.hasNext()) {
            revokeRight(it.next(), dbObjectLock);
        }
    }

    private void revokeRight(DbObject dbObject, DbObjectLock dbObjectLock) {
        Right rightForObject = this.grantee.getRightForObject(dbObject);
        if (rightForObject == null) {
            return;
        }
        int rightMask = rightForObject.getRightMask() & (this.rightMask ^ (-1));
        Database database = this.session.getDatabase();
        if (rightMask == 0) {
            database.removeDatabaseObject(this.session, rightForObject, dbObjectLock);
        } else {
            rightForObject.setRightMask(rightMask);
            database.updateMeta(this.session, rightForObject);
        }
    }

    private void revokeRole(Role role, DbObjectLock dbObjectLock) {
        Right rightForRole = this.grantee.getRightForRole(role);
        if (rightForRole == null) {
            return;
        }
        this.session.getDatabase().removeDatabaseObject(this.session, rightForRole, dbObjectLock);
    }
}
