package org.apache.paimon.privilege;

import java.util.List;
import java.util.Map;
import org.apache.paimon.catalog.Catalog;
import org.apache.paimon.catalog.DelegateCatalog;
import org.apache.paimon.catalog.Identifier;
import org.apache.paimon.catalog.PropertyChange;
import org.apache.paimon.options.ConfigOption;
import org.apache.paimon.options.ConfigOptions;
import org.apache.paimon.options.Options;
import org.apache.paimon.schema.Schema;
import org.apache.paimon.schema.SchemaChange;
import org.apache.paimon.table.FileStoreTable;
import org.apache.paimon.table.Table;
import org.apache.paimon.utils.Preconditions;

/* loaded from: input_file:org/apache/paimon/privilege/PrivilegedCatalog.class */
public class PrivilegedCatalog extends DelegateCatalog {
    public static final ConfigOption<String> USER = ConfigOptions.key("user").stringType().defaultValue("anonymous");
    public static final ConfigOption<String> PASSWORD = ConfigOptions.key("password").stringType().defaultValue("anonymous");
    private final PrivilegeManager privilegeManager;

    public PrivilegedCatalog(Catalog catalog, PrivilegeManager privilegeManager) {
        super(catalog);
        this.privilegeManager = privilegeManager;
    }

    public static Catalog tryToCreate(Catalog catalog, Options options) {
        FileBasedPrivilegeManager fileBasedPrivilegeManager = new FileBasedPrivilegeManager(catalog.warehouse(), catalog.fileIO(), (String) options.get(USER), (String) options.get(PASSWORD));
        if (fileBasedPrivilegeManager.privilegeEnabled()) {
            catalog = new PrivilegedCatalog(catalog, fileBasedPrivilegeManager);
        }
        return catalog;
    }

    public PrivilegeManager privilegeManager() {
        return this.privilegeManager;
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void createDatabase(String str, boolean z, Map<String, String> map) throws Catalog.DatabaseAlreadyExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanCreateDatabase();
        this.wrapped.createDatabase(str, z, map);
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void dropDatabase(String str, boolean z, boolean z2) throws Catalog.DatabaseNotExistException, Catalog.DatabaseNotEmptyException {
        this.privilegeManager.getPrivilegeChecker().assertCanDropDatabase(str);
        this.wrapped.dropDatabase(str, z, z2);
        this.privilegeManager.objectDropped(str);
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void alterDatabase(String str, List<PropertyChange> list, boolean z) throws Catalog.DatabaseNotExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanAlterDatabase(str);
        super.alterDatabase(str, list, z);
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void dropTable(Identifier identifier, boolean z) throws Catalog.TableNotExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanDropTable(identifier);
        this.wrapped.dropTable(identifier, z);
        this.privilegeManager.objectDropped(identifier.getFullName());
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void createTable(Identifier identifier, Schema schema, boolean z) throws Catalog.TableAlreadyExistException, Catalog.DatabaseNotExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanCreateTable(identifier.getDatabaseName());
        this.wrapped.createTable(identifier, schema, z);
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void renameTable(Identifier identifier, Identifier identifier2, boolean z) throws Catalog.TableNotExistException, Catalog.TableAlreadyExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanAlterTable(identifier);
        this.wrapped.renameTable(identifier, identifier2, z);
        try {
            getTable(identifier2);
            this.privilegeManager.objectRenamed(identifier.getFullName(), identifier2.getFullName());
        } catch (Catalog.TableNotExistException e) {
            throw new IllegalStateException("Table " + identifier2 + " does not exist. There might be concurrent renaming. Aborting updates in privilege system.");
        }
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void alterTable(Identifier identifier, List<SchemaChange> list, boolean z) throws Catalog.TableNotExistException, Catalog.ColumnAlreadyExistException, Catalog.ColumnNotExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanAlterTable(identifier);
        this.wrapped.alterTable(identifier, list, z);
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public Table getTable(Identifier identifier) throws Catalog.TableNotExistException {
        Table table = this.wrapped.getTable(identifier);
        return table instanceof FileStoreTable ? PrivilegedFileStoreTable.wrap((FileStoreTable) table, this.privilegeManager.getPrivilegeChecker(), identifier) : table;
    }

    @Override // org.apache.paimon.catalog.DelegateCatalog, org.apache.paimon.catalog.Catalog
    public void dropPartition(Identifier identifier, Map<String, String> map) throws Catalog.TableNotExistException, Catalog.PartitionNotExistException {
        this.privilegeManager.getPrivilegeChecker().assertCanInsert(identifier);
        this.wrapped.dropPartition(identifier, map);
    }

    public void createPrivilegedUser(String str, String str2) {
        this.privilegeManager.createUser(str, str2);
    }

    public void dropPrivilegedUser(String str) {
        this.privilegeManager.dropUser(str);
    }

    public void grantPrivilegeOnCatalog(String str, PrivilegeType privilegeType) {
        Preconditions.checkArgument(privilegeType.canGrantOnCatalog(), "Privilege " + privilegeType + " can't be granted on a catalog");
        this.privilegeManager.grant(str, "", privilegeType);
    }

    public void grantPrivilegeOnDatabase(String str, String str2, PrivilegeType privilegeType) {
        Preconditions.checkArgument(privilegeType.canGrantOnDatabase(), "Privilege " + privilegeType + " can't be granted on a database");
        try {
            getDatabase(str2);
            this.privilegeManager.grant(str, str2, privilegeType);
        } catch (Catalog.DatabaseNotExistException e) {
            throw new IllegalArgumentException("Database " + str2 + " does not exist");
        }
    }

    public void grantPrivilegeOnTable(String str, Identifier identifier, PrivilegeType privilegeType) {
        Preconditions.checkArgument(privilegeType.canGrantOnTable(), "Privilege " + privilegeType + " can't be granted on a table");
        try {
            getTable(identifier);
            this.privilegeManager.grant(str, identifier.getFullName(), privilegeType);
        } catch (Catalog.TableNotExistException e) {
            throw new IllegalArgumentException("Table " + identifier + " does not exist");
        }
    }

    public int revokePrivilegeOnCatalog(String str, PrivilegeType privilegeType) {
        return this.privilegeManager.revoke(str, "", privilegeType);
    }

    public int revokePrivilegeOnDatabase(String str, String str2, PrivilegeType privilegeType) {
        return this.privilegeManager.revoke(str, str2, privilegeType);
    }

    public int revokePrivilegeOnTable(String str, Identifier identifier, PrivilegeType privilegeType) {
        return this.privilegeManager.revoke(str, identifier.getFullName(), privilegeType);
    }
}
