package org.elasticsearch.xpack.security.action.user;

import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.injection.guice.Inject;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.action.user.GetUserPrivilegesRequest;
import org.elasticsearch.xpack.core.security.action.user.GetUserPrivilegesResponse;
import org.elasticsearch.xpack.core.security.authc.Subject;
import org.elasticsearch.xpack.security.authz.AuthorizationService;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/user/TransportGetUserPrivilegesAction.class */
public class TransportGetUserPrivilegesAction extends HandledTransportAction<GetUserPrivilegesRequest, GetUserPrivilegesResponse> {
    private final AuthorizationService authorizationService;
    private final SecurityContext securityContext;

    @Inject
    public TransportGetUserPrivilegesAction(TransportService transportService, ActionFilters actionFilters, AuthorizationService authorizationService, SecurityContext securityContext) {
        super("cluster:admin/xpack/security/user/list_privileges", transportService, actionFilters, GetUserPrivilegesRequest::new, EsExecutors.DIRECT_EXECUTOR_SERVICE);
        this.authorizationService = authorizationService;
        this.securityContext = securityContext;
    }

    protected void doExecute(Task task, GetUserPrivilegesRequest getUserPrivilegesRequest, ActionListener<GetUserPrivilegesResponse> actionListener) {
        this.securityContext.requireUser();
        Subject effectiveSubject = this.securityContext.getAuthentication().getEffectiveSubject();
        if (effectiveSubject.getUser().principal().equals(getUserPrivilegesRequest.username())) {
            this.authorizationService.retrieveUserPrivileges(effectiveSubject, this.securityContext.getAuthorizationInfoFromContext(), actionListener);
        } else {
            actionListener.onFailure(new IllegalArgumentException("users may only list the privileges of their own account"));
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (GetUserPrivilegesRequest) actionRequest, (ActionListener<GetUserPrivilegesResponse>) actionListener);
    }
}
