package dev.dsf.fhir.webservice.secure;

import dev.dsf.fhir.authorization.AuthorizationRule;
import dev.dsf.fhir.help.ResponseGenerator;
import dev.dsf.fhir.history.filter.HistoryIdentityFilter;
import dev.dsf.fhir.search.parameters.BundleIdentifier;
import dev.dsf.fhir.service.ReferenceResolver;
import dev.dsf.fhir.webservice.specification.RootService;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.Objects;
import java.util.Optional;
import org.hl7.fhir.r4.model.Bundle;
import org.hl7.fhir.r4.model.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/fhir/webservice/secure/RootServiceSecure.class */
public class RootServiceSecure extends AbstractServiceSecure<RootService> implements RootService {
    private static final Logger logger = LoggerFactory.getLogger(AbstractResourceServiceSecure.class);
    private final AuthorizationRule<Resource> authorizationRule;

    public RootServiceSecure(RootService rootService, String str, ResponseGenerator responseGenerator, ReferenceResolver referenceResolver, AuthorizationRule<Resource> authorizationRule) {
        super(rootService, str, responseGenerator, referenceResolver);
        this.authorizationRule = authorizationRule;
    }

    @Override // dev.dsf.fhir.webservice.secure.AbstractServiceSecure, dev.dsf.fhir.webservice.base.AbstractDelegatingBasicService
    public void afterPropertiesSet() throws Exception {
        super.afterPropertiesSet();
        Objects.requireNonNull(this.authorizationRule, "authorizationRule");
    }

    @Override // dev.dsf.fhir.webservice.specification.RootService
    public Response root(UriInfo uriInfo, HttpHeaders httpHeaders) {
        logCurrentIdentity();
        return ((RootService) this.delegate).root(uriInfo, httpHeaders);
    }

    @Override // dev.dsf.fhir.webservice.specification.RootService
    public Response handleBundle(Bundle bundle, UriInfo uriInfo, HttpHeaders httpHeaders) {
        logCurrentIdentity();
        Optional<String> reasonHandleBundleAllowed = reasonHandleBundleAllowed(bundle);
        if (reasonHandleBundleAllowed.isEmpty()) {
            audit.info("Handling of transaction and batch bundles denied for identity '{}'", getCurrentIdentity().getName());
            return forbidden(BundleIdentifier.RESOURCE_COLUMN);
        }
        audit.info("Handling of transaction or batch bundle allowed for identity '{}': {}", getCurrentIdentity().getName(), reasonHandleBundleAllowed.get());
        return ((RootService) this.delegate).handleBundle(bundle, uriInfo, httpHeaders);
    }

    private Optional<String> reasonHandleBundleAllowed(Bundle bundle) {
        if (Bundle.BundleType.BATCH.equals(bundle.getType()) || Bundle.BundleType.TRANSACTION.equals(bundle.getType())) {
            logger.info("Handling of batch or transaction bundles generaly allowed for all, entries will be individualy evaluated");
            return Optional.of("Allowed for all, entries individualy evaluated");
        }
        logger.warn("Handling bundle denied, not a batch or transaction bundle");
        return Optional.empty();
    }

    @Override // dev.dsf.fhir.webservice.specification.RootService
    public Response history(UriInfo uriInfo, HttpHeaders httpHeaders) {
        logCurrentIdentity();
        Optional<String> reasonHistoryAllowed = this.authorizationRule.reasonHistoryAllowed(getCurrentIdentity());
        if (reasonHistoryAllowed.isEmpty()) {
            audit.info("Root History denied for user '{}'", getCurrentIdentity().getName());
            return forbidden(HistoryIdentityFilter.RESOURCE_TABLE);
        }
        audit.info("Root History allowed for user '{}': {}", getCurrentIdentity().getName(), reasonHistoryAllowed.get());
        return ((RootService) this.delegate).history(uriInfo, httpHeaders);
    }
}
