package org.camunda.bpm.admin.impl.web;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Iterator;
import java.util.ServiceLoader;
import javax.servlet.ServletException;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Providers;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Groups;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.engine.rest.dto.identity.UserDto;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.engine.rest.exception.RestException;
import org.camunda.bpm.engine.rest.impl.UserRestServiceImpl;
import org.camunda.bpm.engine.rest.spi.ProcessEngineProvider;
import org.camunda.bpm.engine.rest.util.ProvidersUtil;
import org.camunda.bpm.webapp.impl.security.SecurityActions;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/camunda-webapp-2.9.2-SP.7-classes.jar:org/camunda/bpm/admin/impl/web/SetupResource.class
 */
@Path("/setup/{engine}")
/* loaded from: input_file:BOOT-INF/lib/camunda-webapp-7.10.0-classes.jar:org/camunda/bpm/admin/impl/web/SetupResource.class */
public class SetupResource {

    @Context
    protected Providers providers;

    @Path("/user/create")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public void createInitialUser(@PathParam("engine") final String str, final UserDto userDto) throws IOException, ServletException {
        final ProcessEngine lookupProcessEngine = lookupProcessEngine(str);
        if (lookupProcessEngine == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Process Engine '" + str + "' does not exist.");
        }
        SecurityActions.runWithoutAuthentication(new SecurityActions.SecurityAction<Void>() { // from class: org.camunda.bpm.admin.impl.web.SetupResource.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.camunda.bpm.webapp.impl.security.SecurityActions.SecurityAction
            public Void execute() {
                SetupResource.this.createInitialUserInternal(str, userDto, lookupProcessEngine);
                return null;
            }
        }, lookupProcessEngine);
    }

    protected void createInitialUserInternal(String str, UserDto userDto, ProcessEngine processEngine) {
        ObjectMapper objectMapper = getObjectMapper();
        ensureSetupAvailable(processEngine);
        new UserRestServiceImpl(str, objectMapper).createUser(userDto);
        ensureCamundaAdminGroupExists(processEngine);
        processEngine.getIdentityService().createMembership(userDto.getProfile().getId(), Groups.CAMUNDA_ADMIN);
    }

    protected ObjectMapper getObjectMapper() {
        if (this.providers != null) {
            return (ObjectMapper) ProvidersUtil.resolveFromContext(this.providers, ObjectMapper.class, MediaType.APPLICATION_JSON_TYPE, getClass());
        }
        return null;
    }

    protected void ensureCamundaAdminGroupExists(ProcessEngine processEngine) {
        IdentityService identityService = processEngine.getIdentityService();
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        if (identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
            Group newGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
            newGroup.setName("camunda BPM Administrators");
            newGroup.setType(Groups.GROUP_TYPE_SYSTEM);
            identityService.saveGroup(newGroup);
        }
        for (Resources resources : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resources).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId(Groups.CAMUNDA_ADMIN);
                authorizationEntity.setResource(resources);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                authorizationService.saveAuthorization(authorizationEntity);
            }
        }
    }

    protected void ensureSetupAvailable(ProcessEngine processEngine) {
        if (processEngine.getIdentityService().isReadOnly() || processEngine.getIdentityService().createUserQuery().memberOfGroup(Groups.CAMUNDA_ADMIN).count() > 0) {
            throw new InvalidRequestException(Response.Status.FORBIDDEN, "Setup action not available");
        }
    }

    protected ProcessEngine lookupProcessEngine(String str) {
        Iterator it = ServiceLoader.load(ProcessEngineProvider.class).iterator();
        if (it.hasNext()) {
            return ((ProcessEngineProvider) it.next()).getProcessEngine(str);
        }
        throw new RestException(Response.Status.BAD_REQUEST, "Could not find an implementation of the " + ProcessEngineProvider.class + "- SPI");
    }
}
