package org.molgenis.data.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.molgenis.data.DataService;
import org.molgenis.data.Fetch;
import org.molgenis.data.Query;
import org.molgenis.data.Sort;
import org.molgenis.data.security.auth.Role;
import org.molgenis.data.security.auth.RoleMetadata;
import org.molgenis.data.support.QueryImpl;
import org.molgenis.security.core.SidUtils;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/molgenis/data/security/DataserviceRoleHierarchy.class */
public class DataserviceRoleHierarchy implements RoleHierarchy {
    private static final Logger LOG = LoggerFactory.getLogger(DataserviceRoleHierarchy.class);
    private static final int PAGE_SIZE = 1000;
    private final DataService dataService;

    public DataserviceRoleHierarchy(DataService dataService) {
        this.dataService = (DataService) Objects.requireNonNull(dataService);
    }

    public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities(Collection<? extends GrantedAuthority> collection) {
        return (Collection) RunAsSystemAspect.runAsSystem(() -> {
            if (collection == null || collection.isEmpty()) {
                return AuthorityUtils.NO_AUTHORITIES;
            }
            ImmutableSet immutableSet = (Set) collection.stream().map((v0) -> {
                return v0.getAuthority();
            }).filter(str -> {
                return str.startsWith("ROLE_");
            }).map(str2 -> {
                return str2.substring("ROLE_".length());
            }).collect(Collectors.toSet());
            Multimap<String, String> allRoleInclusions = getAllRoleInclusions();
            ImmutableSet immutableSet2 = immutableSet;
            while (!immutableSet2.isEmpty()) {
                immutableSet2 = ImmutableSet.copyOf(Sets.difference((Set) immutableSet2.stream().flatMap(str3 -> {
                    return allRoleInclusions.get(str3).stream();
                }).collect(Collectors.toSet()), immutableSet));
                immutableSet.addAll(immutableSet2);
            }
            Set set = (Set) immutableSet.stream().map(SidUtils::createRoleAuthority).map(SimpleGrantedAuthority::new).collect(Collectors.toSet());
            LOG.debug("getReachableGrantedAuthorities() - From the roles {} one can reach {} in zero or more steps.", collection, set);
            return set;
        });
    }

    private Multimap<String, String> getAllRoleInclusions() {
        ImmutableMultimap.Builder builder = ImmutableMultimap.builder();
        for (Role role : getAllRoles()) {
            Iterator<Role> it = role.getIncludes().iterator();
            while (it.hasNext()) {
                builder.put(role.getName(), it.next().getName());
            }
        }
        return builder.build();
    }

    private List<Role> getAllRoles() {
        ImmutableList.Builder builder = new ImmutableList.Builder();
        int i = 0;
        List<Role> rolesBatch = getRolesBatch(0);
        while (true) {
            List<Role> list = rolesBatch;
            if (list.size() != PAGE_SIZE) {
                builder.addAll(list);
                return builder.build();
            }
            builder.addAll(list);
            i++;
            rolesBatch = getRolesBatch(i);
        }
    }

    private List<Role> getRolesBatch(int i) {
        Query query = QueryImpl.query();
        Fetch fetch = new Fetch();
        Fetch fetch2 = new Fetch();
        fetch2.field("id");
        fetch2.field("name");
        fetch.field("id").field("name").field(RoleMetadata.INCLUDES, fetch2);
        query.fetch(fetch);
        query.pageSize(PAGE_SIZE);
        query.offset(i);
        query.sort(new Sort("name"));
        return (List) this.dataService.findAll(RoleMetadata.ROLE, query, Role.class).collect(Collectors.toList());
    }
}
