package org.sonar.server.permission.index;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.util.Objects;
import java.util.Optional;
import org.elasticsearch.index.query.BoolQueryBuilder;
import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.sonar.api.ce.ComputeEngineSide;
import org.sonar.api.server.ServerSide;
import org.sonar.server.es.IndexType;
import org.sonar.server.es.NewIndex;
import org.sonar.server.user.UserSession;

@ServerSide
@ComputeEngineSide
/* loaded from: input_file:org/sonar/server/permission/index/AuthorizationTypeSupport.class */
public class AuthorizationTypeSupport {
    private static final String TYPE_AUTHORIZATION = "authorization";
    public static final String FIELD_GROUP_IDS = "groupIds";
    public static final String FIELD_USER_IDS = "userIds";
    public static final String FIELD_UPDATED_AT = "updatedAt";
    public static final String FIELD_ALLOW_ANYONE = "allowAnyone";
    private final UserSession userSession;

    public AuthorizationTypeSupport(UserSession userSession) {
        this.userSession = userSession;
    }

    public static IndexType getAuthorizationIndexType(IndexType indexType) {
        Objects.requireNonNull(indexType);
        Objects.requireNonNull(indexType.getIndex());
        Preconditions.checkArgument(!TYPE_AUTHORIZATION.equals(indexType.getType()), "Authorization types do not have authorization on their own.");
        return new IndexType(indexType.getIndex(), TYPE_AUTHORIZATION);
    }

    public static NewIndex.NewIndexType enableProjectAuthorization(NewIndex.NewIndexType newIndexType) {
        newIndexType.setAttribute("_parent", ImmutableMap.of("type", TYPE_AUTHORIZATION));
        newIndexType.setAttribute("_routing", ImmutableMap.of("required", true));
        NewIndex.NewIndexType createType = newIndexType.getIndex().createType(TYPE_AUTHORIZATION);
        createType.setAttribute("_routing", ImmutableMap.of("required", true));
        createType.createDateTimeField("updatedAt");
        createType.createLongField(FIELD_GROUP_IDS);
        createType.createLongField(FIELD_USER_IDS);
        createType.createBooleanField(FIELD_ALLOW_ANYONE);
        createType.setEnableSource(false);
        return newIndexType;
    }

    public QueryBuilder createQueryFilter() {
        if (this.userSession.isRoot()) {
            return QueryBuilders.matchAllQuery();
        }
        Integer userId = this.userSession.getUserId();
        BoolQueryBuilder boolQuery = QueryBuilders.boolQuery();
        boolQuery.should(QueryBuilders.termQuery(FIELD_ALLOW_ANYONE, true));
        Optional.ofNullable(userId).map((v0) -> {
            return v0.longValue();
        }).ifPresent(l -> {
            boolQuery.should(QueryBuilders.termQuery(FIELD_USER_IDS, l));
        });
        this.userSession.getGroups().stream().map((v0) -> {
            return v0.getId();
        }).forEach(num -> {
            boolQuery.should(QueryBuilders.termQuery(FIELD_GROUP_IDS, num));
        });
        return QueryBuilders.hasParentQuery(TYPE_AUTHORIZATION, QueryBuilders.boolQuery().filter(boolQuery));
    }
}
