package org.craftercms.engine.search;

import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.craftercms.engine.service.context.SiteContext;
import org.craftercms.search.elasticsearch.impl.AbstractElasticsearchWrapper;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.index.query.BoolQueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/craftercms/engine/search/SiteAwareElasticsearchService.class */
public class SiteAwareElasticsearchService extends AbstractElasticsearchWrapper {
    private static final Logger logger = LoggerFactory.getLogger(SiteAwareElasticsearchService.class);
    private static final String DEFAULT_ROLE_FIELD_NAME = "authorizedRoles.item.role";
    protected String indexIdFormat;
    protected String roleFieldName;

    public SiteAwareElasticsearchService(RestHighLevelClient restHighLevelClient, String str) {
        super(restHighLevelClient);
        this.roleFieldName = DEFAULT_ROLE_FIELD_NAME;
        this.indexIdFormat = str;
    }

    public void setRoleFieldName(String str) {
        this.roleFieldName = str;
    }

    protected void updateIndex(SearchRequest searchRequest) {
        SiteContext current = SiteContext.getCurrent();
        if (current == null) {
            throw new IllegalStateException("Current site context not found");
        }
        searchRequest.indices(new String[]{String.format(this.indexIdFormat, current.getSiteName())});
    }

    protected void updateFilters(SearchRequest searchRequest) {
        super.updateFilters(searchRequest);
        BoolQueryBuilder query = searchRequest.source().query();
        Authentication authentication = null;
        SecurityContext context = SecurityContextHolder.getContext();
        if (context != null) {
            authentication = context.getAuthentication();
        }
        BoolQueryBuilder should = QueryBuilders.boolQuery().should(QueryBuilders.boolQuery().mustNot(QueryBuilders.existsQuery(this.roleFieldName))).should(QueryBuilders.matchQuery(this.roleFieldName, "anonymous"));
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken) || !CollectionUtils.isNotEmpty(authentication.getAuthorities())) {
            logger.debug("Filtering search to show only public items");
        } else {
            logger.debug("Filtering search results for roles: {}", authentication.getAuthorities());
            should.should(QueryBuilders.matchQuery(this.roleFieldName, authentication.getAuthorities().stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining(" "))));
        }
        query.filter(QueryBuilders.boolQuery().must(should));
    }
}
