package de.adorsys.ledgers.middleware.rest.resource;

import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.ScaUserDataTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserCredentialsTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserRoleTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserTO;
import de.adorsys.ledgers.middleware.api.exception.InsufficientPermissionMiddlewareException;
import de.adorsys.ledgers.middleware.api.exception.UserAlreadyExistsMiddlewareException;
import de.adorsys.ledgers.middleware.api.exception.UserNotFoundMiddlewareException;
import de.adorsys.ledgers.middleware.api.service.MiddlewareOnlineBankingService;
import de.adorsys.ledgers.middleware.api.service.MiddlewareUserManagementService;
import de.adorsys.ledgers.middleware.rest.annotation.MiddlewareUserResource;
import de.adorsys.ledgers.middleware.rest.exception.ConflictRestException;
import de.adorsys.ledgers.middleware.rest.exception.ForbiddenRestException;
import de.adorsys.ledgers.middleware.rest.exception.NotFoundRestException;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import java.util.Collections;
import java.util.List;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.util.UriComponentsBuilder;

@Api(tags = {"LDG007 - User Management (STAFF access)"}, description = "Provides endpoint for registering, authorizing and managing users by staff management")
@RequestMapping({"/staff-access/users"})
@RestController
@MiddlewareUserResource
/* loaded from: input_file:de/adorsys/ledgers/middleware/rest/resource/UserMgmtStaffResource.class */
public class UserMgmtStaffResource {
    private final MiddlewareOnlineBankingService onlineBankingService;
    private final MiddlewareUserManagementService middlewareUserService;
    private final AccessTokenTO accessToken;
    private static final String USER_NOT_IN_BRANCH = "User is not your branch";
    private static final String USER_CANNOT_REGISTER_IN_BRANCH = "User cannot register for this branch. The branch is occupied by other user";

    public UserMgmtStaffResource(MiddlewareOnlineBankingService middlewareOnlineBankingService, MiddlewareUserManagementService middlewareUserManagementService, AccessTokenTO accessTokenTO) {
        this.onlineBankingService = middlewareOnlineBankingService;
        this.middlewareUserService = middlewareUserManagementService;
        this.accessToken = accessTokenTO;
    }

    @ApiResponses({@ApiResponse(code = 200, response = UserTO.class, message = "The user data record without the pin."), @ApiResponse(code = 409, message = "Conflict. A record with the given email or login already exists.")})
    @PostMapping({"/register"})
    @ApiOperation(tags = {"LDG006 - Unprotected Endpoints"}, value = "Register", notes = "Registers a new user for a given branch.")
    public ResponseEntity<UserTO> register(@RequestParam String str, @RequestBody UserTO userTO) throws ConflictRestException {
        try {
            if (this.middlewareUserService.countUsersByBranch(str) > 0) {
                throw new ForbiddenRestException(USER_CANNOT_REGISTER_IN_BRANCH);
            }
            userTO.setBranch(str);
            userTO.setUserRoles(Collections.singletonList(UserRoleTO.STAFF));
            UserTO create = this.middlewareUserService.create(userTO);
            create.setPin((String) null);
            return ResponseEntity.ok(create);
        } catch (UserAlreadyExistsMiddlewareException e) {
            throw new ConflictRestException(e.getMessage()).withDevMessage(e.getMessage());
        }
    }

    @ApiResponses({@ApiResponse(code = 200, response = SCALoginResponseTO.class, message = "Success. LoginToken contained in the returned response object."), @ApiResponse(code = 401, message = "Wrong authentication credential."), @ApiResponse(code = 403, message = "Authenticated but user does not have the requested role.")})
    @PostMapping({"/login"})
    @ApiOperation(tags = {"LDG006 - Unprotected Endpoints"}, value = "Login", notes = "Initiates the user login process. Returns a login response object describing how to proceed.")
    public ResponseEntity<SCALoginResponseTO> login(@RequestBody UserCredentialsTO userCredentialsTO) throws NotFoundRestException, ForbiddenRestException {
        try {
            return ResponseEntity.ok(this.onlineBankingService.authorise(userCredentialsTO.getLogin(), userCredentialsTO.getPin(), UserRoleTO.STAFF));
        } catch (UserNotFoundMiddlewareException e) {
            throw new NotFoundRestException(e.getMessage()).withDevMessage(e.getMessage());
        } catch (InsufficientPermissionMiddlewareException e2) {
            throw new ForbiddenRestException(e2.getMessage()).withDevMessage(e2.getMessage());
        }
    }

    @ApiResponses({@ApiResponse(code = 200, response = UserTO.class, message = "Success. Created user in provided in the response."), @ApiResponse(code = 401, message = "Wrong authentication credential."), @ApiResponse(code = 403, message = "Authenticated but user does not have the requested role.")})
    @PostMapping
    @ApiOperation(value = "Create user", notes = "Create new user with the same branch as creator.", authorizations = {@Authorization("apiKey")})
    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<UserTO> createUser(@RequestBody UserTO userTO) throws NotFoundRestException, ConflictRestException {
        try {
            userTO.setBranch(this.middlewareUserService.findById(this.accessToken.getSub()).getBranch());
            userTO.getUserRoles().remove(UserRoleTO.SYSTEM);
            userTO.getUserRoles().remove(UserRoleTO.TECHNICAL);
            UserTO create = this.middlewareUserService.create(userTO);
            create.setPin((String) null);
            return ResponseEntity.ok(create);
        } catch (UserAlreadyExistsMiddlewareException e) {
            throw new ConflictRestException(e.getMessage()).withDevMessage(e.getMessage());
        } catch (UserNotFoundMiddlewareException e2) {
            throw new NotFoundRestException(e2.getMessage());
        }
    }

    @ApiResponses({@ApiResponse(code = 200, response = UserTO.class, message = "Success. Created user in provided in the response."), @ApiResponse(code = 401, message = "Wrong authentication credential."), @ApiResponse(code = 403, message = "Authenticated but user does not have the requested role.")})
    @ApiOperation(value = "Lists users by branch and role", notes = "Lists users by branch and roles.", authorizations = {@Authorization("apiKey")})
    @PreAuthorize("hasRole('STAFF')")
    @GetMapping
    public ResponseEntity<List<UserTO>> getBranchUsersByRoles(@RequestParam List<UserRoleTO> list) throws NotFoundRestException {
        try {
            return ResponseEntity.ok(this.middlewareUserService.getUsersByBranchAndRoles(this.middlewareUserService.findById(this.accessToken.getSub()).getBranch(), list));
        } catch (UserNotFoundMiddlewareException e) {
            throw new NotFoundRestException(e.getMessage());
        }
    }

    @ApiResponses({@ApiResponse(code = 200, response = UserTO.class, message = "Success. Created user in provided in the response."), @ApiResponse(code = 401, message = "Wrong authentication credential."), @ApiResponse(code = 403, message = "Authenticated but user does not have the requested role.")})
    @ApiOperation(value = "Gets user by ID if it's within the branch", notes = "Gets user by ID if it's within the branch.", authorizations = {@Authorization("apiKey")})
    @PreAuthorize("hasRole('STAFF')")
    @GetMapping({"/{userId}"})
    public ResponseEntity<UserTO> getBranchUserById(@PathVariable String str) throws NotFoundRestException {
        try {
            UserTO findById = this.middlewareUserService.findById(this.accessToken.getSub());
            UserTO findById2 = this.middlewareUserService.findById(str);
            if (findById.getBranch().equals(findById2.getBranch())) {
                return ResponseEntity.ok(findById2);
            }
            throw new ForbiddenRestException(USER_NOT_IN_BRANCH);
        } catch (UserNotFoundMiddlewareException e) {
            throw new NotFoundRestException(e.getMessage());
        }
    }

    @ApiResponses({@ApiResponse(code = 200, response = UserTO.class, message = "Success. Created user in provided in the response."), @ApiResponse(code = 401, message = "Wrong authentication credential."), @ApiResponse(code = 403, message = "Authenticated but user does not have the requested role.")})
    @PostMapping({"/{userId}/sca-data"})
    @ApiOperation(value = "Updates SCA Data for user if it's within the branch.", notes = "Updates SCA Data for user if it's within the branch.", authorizations = {@Authorization("apiKey")})
    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<Void> updateUserScaData(@PathVariable String str, @RequestBody List<ScaUserDataTO> list) {
        try {
            UserTO findById = this.middlewareUserService.findById(this.accessToken.getSub());
            UserTO findById2 = this.middlewareUserService.findById(str);
            if (!findById.getBranch().equals(findById2.getBranch())) {
                throw new ForbiddenRestException(USER_NOT_IN_BRANCH);
            }
            return ResponseEntity.created(UriComponentsBuilder.fromUriString("/staff-access/users/" + this.middlewareUserService.updateScaData(findById2.getLogin(), list).getId()).build().toUri()).build();
        } catch (UserNotFoundMiddlewareException e) {
            throw new NotFoundRestException(e.getMessage());
        }
    }
}
