package com.floragunn.searchguard.authtoken;

import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.authz.ActionAuthorization;
import com.floragunn.searchguard.authz.PrivilegesEvaluationContext;
import com.floragunn.searchguard.authz.PrivilegesEvaluationException;
import com.floragunn.searchguard.authz.PrivilegesEvaluationResult;
import com.floragunn.searchguard.authz.RoleBasedActionAuthorization;
import com.floragunn.searchguard.authz.actions.Action;
import com.floragunn.searchguard.authz.actions.Actions;
import com.floragunn.searchguard.authz.actions.ResolvedIndices;
import com.floragunn.searchguard.authz.config.ActionGroup;
import com.floragunn.searchsupport.meta.Meta;
import java.util.Set;
import org.elasticsearch.common.unit.ByteSizeValue;

/* loaded from: input_file:com/floragunn/searchguard/authtoken/RestrictedActionAuthorization.class */
public class RestrictedActionAuthorization implements ActionAuthorization {
    private final ActionAuthorization base;
    private final ActionAuthorization restrictionSgRoles;
    private final RequestedPrivileges restriction;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestrictedActionAuthorization(ActionAuthorization actionAuthorization, RequestedPrivileges requestedPrivileges, ActionGroup.FlattenedIndex flattenedIndex, Actions actions, Meta meta, Set<String> set, ByteSizeValue byteSizeValue) {
        this.base = actionAuthorization;
        this.restriction = requestedPrivileges;
        this.restrictionSgRoles = new RoleBasedActionAuthorization(requestedPrivileges.toRolesConfig(), flattenedIndex, actions, meta, set, byteSizeValue);
    }

    public PrivilegesEvaluationResult hasClusterPermission(PrivilegesEvaluationContext privilegesEvaluationContext, Action action) throws PrivilegesEvaluationException {
        PrivilegesEvaluationResult hasClusterPermission = this.restrictionSgRoles.hasClusterPermission(privilegesEvaluationContext.mappedRoles(RequestedPrivileges.RESTRICTION_ROLES), action);
        return hasClusterPermission.getStatus() != PrivilegesEvaluationResult.Status.OK ? hasClusterPermission.reason("Privilege was not requested for token") : this.base.hasClusterPermission(privilegesEvaluationContext, action);
    }

    public PrivilegesEvaluationResult hasIndexPermission(PrivilegesEvaluationContext privilegesEvaluationContext, Action action, ImmutableSet<Action> immutableSet, ResolvedIndices resolvedIndices, Action.Scope scope) throws PrivilegesEvaluationException {
        PrivilegesEvaluationResult hasIndexPermission = this.restrictionSgRoles.hasIndexPermission(privilegesEvaluationContext.mappedRoles(RequestedPrivileges.RESTRICTION_ROLES), action, immutableSet, resolvedIndices, scope);
        return hasIndexPermission.getStatus() != PrivilegesEvaluationResult.Status.OK ? hasIndexPermission.reason("Privilege was not requested for token") : this.base.hasIndexPermission(privilegesEvaluationContext, action, immutableSet, resolvedIndices, scope);
    }

    public PrivilegesEvaluationResult hasTenantPermission(PrivilegesEvaluationContext privilegesEvaluationContext, Action action, String str) throws PrivilegesEvaluationException {
        PrivilegesEvaluationResult hasTenantPermission = this.restrictionSgRoles.hasTenantPermission(privilegesEvaluationContext.mappedRoles(RequestedPrivileges.RESTRICTION_ROLES), action, str);
        return hasTenantPermission.getStatus() != PrivilegesEvaluationResult.Status.OK ? hasTenantPermission.reason("Privilege was not requested for token") : this.base.hasTenantPermission(privilegesEvaluationContext, action, str);
    }

    public String toString() {
        return "RestrictedActionAuthorization [base=" + String.valueOf(this.base) + ", restrictionSgRoles=" + String.valueOf(this.restrictionSgRoles) + ", restriction=" + String.valueOf(this.restriction) + "]";
    }
}
