package org.elasticsearch.xpack.security.action.interceptor;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.logging.LoggerMessageFormat;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.xpack.security.authz.AuthorizationService;
import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.xpack.security.user.User;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.class */
abstract class FieldAndDocumentLevelSecurityRequestInterceptor<Request> extends AbstractComponent implements RequestInterceptor<Request> {
    private final ThreadContext threadContext;
    private final XPackLicenseState licenseState;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FieldAndDocumentLevelSecurityRequestInterceptor(Settings settings, ThreadContext threadContext, XPackLicenseState xPackLicenseState) {
        super(settings);
        this.threadContext = threadContext;
        this.licenseState = xPackLicenseState;
    }

    @Override // org.elasticsearch.xpack.security.action.interceptor.RequestInterceptor
    public void intercept(Request request, User user) {
        List singletonList;
        if (this.licenseState.isDocumentAndFieldLevelSecurityAllowed()) {
            if (request instanceof CompositeIndicesRequest) {
                singletonList = ((CompositeIndicesRequest) request).subRequests();
            } else {
                if (!(request instanceof IndicesRequest)) {
                    throw new IllegalArgumentException(LoggerMessageFormat.format("expected a request of type [{}] or [{}] but got [{}] instead", new Object[]{CompositeIndicesRequest.class, IndicesRequest.class, request.getClass()}));
                }
                singletonList = Collections.singletonList((IndicesRequest) request);
            }
            IndicesAccessControl indicesAccessControl = (IndicesAccessControl) this.threadContext.getTransient(AuthorizationService.INDICES_PERMISSIONS_KEY);
            Iterator it = singletonList.iterator();
            while (it.hasNext()) {
                for (String str : ((IndicesRequest) it.next()).indices()) {
                    IndicesAccessControl.IndexAccessControl indexPermissions = indicesAccessControl.getIndexPermissions(str);
                    if (indexPermissions != null) {
                        boolean hasFieldLevelSecurity = indexPermissions.getFieldPermissions().hasFieldLevelSecurity();
                        boolean z = indexPermissions.getQueries() != null;
                        if (hasFieldLevelSecurity || z) {
                            if (hasFieldLevelSecurity || z) {
                                this.logger.trace("intercepted request for index [{}] with field level access controls [{}] document level access controls [{}]. disabling conflicting features", str, Boolean.valueOf(hasFieldLevelSecurity), Boolean.valueOf(z));
                            }
                            disableFeatures(request, hasFieldLevelSecurity, z);
                            return;
                        }
                    }
                    this.logger.trace("intercepted request for index [{}] without field or document level access controls", str);
                }
            }
        }
    }

    protected abstract void disableFeatures(Request request, boolean z, boolean z2);
}
