package org.elasticsearch.xpack.core.security.authz.permission;

import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import org.apache.lucene.util.automaton.Automaton;
import org.elasticsearch.cluster.metadata.IndexAbstraction;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilegeDescriptor;
import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilege;
import org.elasticsearch.xpack.core.security.support.Automatons;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/permission/LimitedRole.class */
public final class LimitedRole extends Role {
    private final Role limitedBy;

    LimitedRole(ClusterPermission clusterPermission, IndicesPermission indicesPermission, ApplicationPermission applicationPermission, RunAsPermission runAsPermission, Role role) {
        super(((Role) Objects.requireNonNull(role, "limiting role is required")).names(), clusterPermission, indicesPermission, applicationPermission, runAsPermission);
        this.limitedBy = role;
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public ClusterPermission cluster() {
        throw new UnsupportedOperationException("cannot retrieve cluster permission on limited role");
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public IndicesPermission indices() {
        throw new UnsupportedOperationException("cannot retrieve indices permission on limited role");
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public ApplicationPermission application() {
        throw new UnsupportedOperationException("cannot retrieve application permission on limited role");
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public RunAsPermission runAs() {
        throw new UnsupportedOperationException("cannot retrieve cluster permission on limited role");
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public IndicesAccessControl authorize(String str, Set<String> set, Map<String, IndexAbstraction> map, FieldPermissionsCache fieldPermissionsCache) {
        return super.authorize(str, set, map, fieldPermissionsCache).limitIndicesAccessControl(this.limitedBy.authorize(str, set, map, fieldPermissionsCache));
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public Predicate<IndexAbstraction> allowedIndicesMatcher(String str) {
        return super.indices().allowedIndicesMatcher(str).and(this.limitedBy.indices().allowedIndicesMatcher(str));
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public Automaton allowedActionsMatcher(String str) {
        return Automatons.intersectAndMinimize(super.allowedActionsMatcher(str), this.limitedBy.allowedActionsMatcher(str));
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public boolean checkIndicesAction(String str) {
        return super.checkIndicesAction(str) && this.limitedBy.checkIndicesAction(str);
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public ResourcePrivilegesMap checkIndicesPrivileges(Set<String> set, boolean z, Set<String> set2) {
        return ResourcePrivilegesMap.intersection(super.indices().checkResourcePrivileges(set, z, set2), this.limitedBy.indices().checkResourcePrivileges(set, z, set2));
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public boolean checkClusterAction(String str, TransportRequest transportRequest, Authentication authentication) {
        return super.checkClusterAction(str, transportRequest, authentication) && this.limitedBy.checkClusterAction(str, transportRequest, authentication);
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public boolean grants(ClusterPrivilege clusterPrivilege) {
        return super.grants(clusterPrivilege) && this.limitedBy.grants(clusterPrivilege);
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public ResourcePrivilegesMap checkApplicationResourcePrivileges(String str, Set<String> set, Set<String> set2, Collection<ApplicationPrivilegeDescriptor> collection) {
        return ResourcePrivilegesMap.intersection(super.application().checkResourcePrivileges(str, set, set2, collection), this.limitedBy.application().checkResourcePrivileges(str, set, set2, collection));
    }

    @Override // org.elasticsearch.xpack.core.security.authz.permission.Role
    public boolean checkRunAs(String str) {
        return super.checkRunAs(str) && this.limitedBy.checkRunAs(str);
    }

    public static LimitedRole createLimitedRole(Role role, Role role2) {
        Objects.requireNonNull(role2, "limited by role is required to create limited role");
        return new LimitedRole(role.cluster(), role.indices(), role.application(), role.runAs(), role2);
    }
}
