package org.apache.ranger.authorization.spark.authorizer;

import java.util.Collection;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.spark.sql.SparkSession;
import scala.Array$;
import scala.Enumeration;
import scala.Predef$;
import scala.Serializable;
import scala.StringContext;
import scala.collection.IterableLike;
import scala.collection.JavaConverters$;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ClassTag$;
import scala.runtime.AbstractFunction1;
import scala.runtime.BoxedUnit;

/* compiled from: RangerSparkAuthorizer.scala */
/* loaded from: input_file:org/apache/ranger/authorization/spark/authorizer/RangerSparkAuthorizer$$anonfun$checkPrivileges$1.class */
public final class RangerSparkAuthorizer$$anonfun$checkPrivileges$1 extends AbstractFunction1<RangerSparkAccessRequest, BoxedUnit> implements Serializable {
    public static final long serialVersionUID = 0;
    private final SparkSession spark$1;
    private final Enumeration.Value opType$1;
    public final String user$1;
    private final RangerSparkAuditHandler auditHandler$1;

    public final void apply(RangerSparkAccessRequest rangerSparkAccessRequest) {
        RangerSparkResource resource = rangerSparkAccessRequest.getResource();
        String owner = RangerSparkAuthorizer$.MODULE$.getOwner(this.spark$1, resource, rangerSparkAccessRequest.getSparkAccessType(), this.user$1);
        if (StringUtils.isNotBlank(owner)) {
            resource.setOwnerUser(owner);
        }
        Enumeration.Value sparkAccessType = rangerSparkAccessRequest.getSparkAccessType();
        Enumeration.Value ALL = SparkAccessType$.MODULE$.ALL();
        if (sparkAccessType != null ? sparkAccessType.equals(ALL) : ALL == null) {
            Enumeration.Value value = this.opType$1;
            Enumeration.Value C_CREATE_INDEX = SparkOperationType$.MODULE$.C_CREATE_INDEX();
            if (value != null ? !value.equals(C_CREATE_INDEX) : C_CREATE_INDEX != null) {
                Enumeration.Value value2 = this.opType$1;
                Enumeration.Value C_DROP_INDEX = SparkOperationType$.MODULE$.C_DROP_INDEX();
                if (value2 != null ? !value2.equals(C_DROP_INDEX) : C_DROP_INDEX != null) {
                    Enumeration.Value value3 = this.opType$1;
                    Enumeration.Value C_REG_INDEX = SparkOperationType$.MODULE$.C_REG_INDEX();
                    if (value3 != null) {
                    }
                }
            }
            if (!rangerSparkAccessRequest.getUser().equals(resource.getOwnerUser())) {
                throw new SparkAccessControlException(new StringBuilder().append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Permission denied: only the owner of"})).s(Nil$.MODULE$)).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" the table [", "] can run the create/drop index command"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{resource.getAsString()}))).toString());
            }
            return;
        }
        Enumeration.Value objectType = resource.getObjectType();
        Enumeration.Value COLUMN = SparkObjectType$.MODULE$.COLUMN();
        if (objectType != null ? objectType.equals(COLUMN) : COLUMN == null) {
            if (StringUtils.contains(resource.getColumn(), ",")) {
                resource.setServiceDef(RangerSparkAuthorizer$.MODULE$.sparkPlugin().getServiceDef());
                Collection<RangerAccessResult> isAccessAllowed = RangerSparkAuthorizer$.MODULE$.sparkPlugin().isAccessAllowed((Collection<RangerAccessRequest>) JavaConverters$.MODULE$.seqAsJavaListConverter(Predef$.MODULE$.refArrayOps((Object[]) Predef$.MODULE$.refArrayOps((Object[]) Predef$.MODULE$.refArrayOps(resource.getColumn().split(",")).filter(new RangerSparkAuthorizer$$anonfun$checkPrivileges$1$$anonfun$1(this))).map(new RangerSparkAuthorizer$$anonfun$checkPrivileges$1$$anonfun$2(this, resource, owner, rangerSparkAccessRequest), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(RangerAccessRequest.class)))).toList()).asJava(), (RangerAccessResultProcessor) this.auditHandler$1);
                if (isAccessAllowed != null) {
                    ((IterableLike) JavaConverters$.MODULE$.collectionAsScalaIterableConverter(isAccessAllowed).asScala()).foreach(new RangerSparkAuthorizer$$anonfun$checkPrivileges$1$$anonfun$apply$2(this, resource, rangerSparkAccessRequest));
                    return;
                }
                return;
            }
        }
        RangerAccessResult isAccessAllowed2 = RangerSparkAuthorizer$.MODULE$.sparkPlugin().isAccessAllowed((RangerAccessRequest) rangerSparkAccessRequest, (RangerAccessResultProcessor) this.auditHandler$1);
        if (isAccessAllowed2 != null && !isAccessAllowed2.getIsAllowed()) {
            throw new SparkAccessControlException(new StringBuilder().append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Permission denied: user [", "] does not"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{this.user$1}))).append(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{" have [", "] privilege on [", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{rangerSparkAccessRequest.getSparkAccessType(), resource.getAsString()}))).toString());
        }
    }

    public final /* bridge */ /* synthetic */ Object apply(Object obj) {
        apply((RangerSparkAccessRequest) obj);
        return BoxedUnit.UNIT;
    }

    public RangerSparkAuthorizer$$anonfun$checkPrivileges$1(SparkSession sparkSession, Enumeration.Value value, String str, RangerSparkAuditHandler rangerSparkAuditHandler) {
        this.spark$1 = sparkSession;
        this.opType$1 = value;
        this.user$1 = str;
        this.auditHandler$1 = rangerSparkAuditHandler;
    }
}
