package org.elasticsearch.xpack.security.rest.action.user;

import java.io.IOException;
import java.util.List;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.client.internal.node.NodeClient;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.core.RestApiVersion;
import org.elasticsearch.core.Tuple;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.rest.Scope;
import org.elasticsearch.rest.ServerlessScope;
import org.elasticsearch.rest.action.RestBuilderListener;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentType;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesRequestBuilder;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesRequestBuilderFactory;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler;

@ServerlessScope(Scope.PUBLIC)
/* loaded from: input_file:org/elasticsearch/xpack/security/rest/action/user/RestHasPrivilegesAction.class */
public class RestHasPrivilegesAction extends SecurityBaseRestHandler {
    private final SecurityContext securityContext;
    private final HasPrivilegesRequestBuilderFactory builderFactory;

    public RestHasPrivilegesAction(Settings settings, SecurityContext securityContext, XPackLicenseState xPackLicenseState, HasPrivilegesRequestBuilderFactory hasPrivilegesRequestBuilderFactory) {
        super(settings, xPackLicenseState);
        this.securityContext = securityContext;
        this.builderFactory = hasPrivilegesRequestBuilderFactory;
    }

    public List<RestHandler.Route> routes() {
        return List.of(RestHandler.Route.builder(RestRequest.Method.GET, "/_security/user/{username}/_has_privileges").replaces(RestRequest.Method.GET, "/_xpack/security/user/{username}/_has_privileges", RestApiVersion.V_7).build(), RestHandler.Route.builder(RestRequest.Method.POST, "/_security/user/{username}/_has_privileges").replaces(RestRequest.Method.POST, "/_xpack/security/user/{username}/_has_privileges", RestApiVersion.V_7).build(), RestHandler.Route.builder(RestRequest.Method.GET, "/_security/user/_has_privileges").replaces(RestRequest.Method.GET, "/_xpack/security/user/_has_privileges", RestApiVersion.V_7).build(), RestHandler.Route.builder(RestRequest.Method.POST, "/_security/user/_has_privileges").replaces(RestRequest.Method.POST, "/_xpack/security/user/_has_privileges", RestApiVersion.V_7).build());
    }

    public String getName() {
        return "security_has_privileges_action";
    }

    @Override // org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler
    public BaseRestHandler.RestChannelConsumer innerPrepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        Tuple contentOrSourceParam = restRequest.contentOrSourceParam();
        String username = getUsername(restRequest);
        if (username == null) {
            return restChannel -> {
                throw new ElasticsearchSecurityException("there is no authenticated user", new Object[0]);
            };
        }
        HasPrivilegesRequestBuilder source = this.builderFactory.create(nodeClient, restRequest.hasParam("pathRestricted")).source(username, (BytesReference) contentOrSourceParam.v2(), (XContentType) contentOrSourceParam.v1());
        return restChannel2 -> {
            source.execute(new RestBuilderListener<HasPrivilegesResponse>(restChannel2) { // from class: org.elasticsearch.xpack.security.rest.action.user.RestHasPrivilegesAction.1
                public RestResponse buildResponse(HasPrivilegesResponse hasPrivilegesResponse, XContentBuilder xContentBuilder) throws Exception {
                    hasPrivilegesResponse.toXContent(xContentBuilder, ToXContent.EMPTY_PARAMS);
                    return new RestResponse(RestStatus.OK, xContentBuilder);
                }
            });
        };
    }

    private String getUsername(RestRequest restRequest) {
        String param = restRequest.param("username");
        if (param != null) {
            return param;
        }
        User user = this.securityContext.getUser();
        if (user == null) {
            return null;
        }
        return user.principal();
    }
}
