package org.elasticsearch.shield.action.interceptor;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.logging.support.LoggerMessageFormat;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authz.InternalAuthorizationService;
import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.transport.TransportRequest;

/* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.class */
public abstract class FieldAndDocumentLevelSecurityRequestInterceptor<Request> extends AbstractComponent implements RequestInterceptor<Request> {
    public FieldAndDocumentLevelSecurityRequestInterceptor(Settings settings) {
        super(settings);
    }

    @Override // org.elasticsearch.shield.action.interceptor.RequestInterceptor
    public void intercept(Request request, User user) {
        List singletonList;
        if (request instanceof CompositeIndicesRequest) {
            singletonList = ((CompositeIndicesRequest) request).subRequests();
        } else {
            if (!(request instanceof IndicesRequest)) {
                throw new IllegalArgumentException(LoggerMessageFormat.format("Expected a request of type [{}] or [{}] but got [{}] instead", new Object[]{CompositeIndicesRequest.class, IndicesRequest.class, request.getClass()}));
            }
            singletonList = Collections.singletonList((IndicesRequest) request);
        }
        IndicesAccessControl indicesAccessControl = (IndicesAccessControl) ((TransportRequest) request).getFromContext(InternalAuthorizationService.INDICES_PERMISSIONS_KEY);
        Iterator it = singletonList.iterator();
        while (it.hasNext()) {
            for (String str : ((IndicesRequest) it.next()).indices()) {
                IndicesAccessControl.IndexAccessControl indexPermissions = indicesAccessControl.getIndexPermissions(str);
                if (indexPermissions != null) {
                    boolean z = indexPermissions.getFields() != null;
                    boolean z2 = indexPermissions.getQueries() != null;
                    if (z || z2) {
                        this.logger.debug("intercepted request for index [{}] with field level or document level security enabled, disabling features", new Object[]{str});
                        disableFeatures(request);
                        return;
                    }
                }
                this.logger.trace("intercepted request for index [{}] with neither field level or document level security not enabled, doing nothing", new Object[]{str});
            }
        }
    }

    protected abstract void disableFeatures(Request request);
}
