package io.datarouter.auth.web.web;

import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.config.DatarouterAuthenticationConfig;
import io.datarouter.auth.role.Role;
import io.datarouter.auth.role.RoleManager;
import io.datarouter.auth.service.DatarouterUserHistoryService;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUser;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserDao;
import io.datarouter.auth.storage.user.permissionrequest.DatarouterPermissionRequestDao;
import io.datarouter.auth.storage.user.permissionrequest.PermissionRequest;
import io.datarouter.auth.web.service.PermissionRequestService;
import io.datarouter.auth.web.service.PermissionRequestUserInfo;
import io.datarouter.email.email.DatarouterHtmlEmailService;
import io.datarouter.email.html.J2HtmlDatarouterEmailBuilder;
import io.datarouter.email.type.DatarouterEmailTypes;
import io.datarouter.scanner.Scanner;
import io.datarouter.storage.config.properties.AdminEmail;
import io.datarouter.storage.config.properties.ServiceName;
import io.datarouter.storage.config.setting.DatarouterEmailSubscriberSettings;
import io.datarouter.storage.servertype.ServerTypeDetector;
import io.datarouter.types.MilliTime;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.GlobalRedirectMav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.handler.types.Param;
import io.datarouter.web.html.form.HtmlForm;
import io.datarouter.web.html.form.HtmlFormCheckboxTable;
import io.datarouter.web.html.form.HtmlFormTextArea;
import io.datarouter.web.html.form.HtmlFormTimezoneSelect;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4FormHtml;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory;
import j2html.TagCreator;
import j2html.tags.DomContent;
import j2html.tags.specialized.DivTag;
import j2html.tags.specialized.TableTag;
import j2html.tags.specialized.TrTag;
import jakarta.inject.Inject;
import java.time.ZoneId;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/auth/web/web/DatarouterPermissionRequestHandler.class */
public class DatarouterPermissionRequestHandler extends BaseHandler {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterPermissionRequestHandler.class);
    private static final String P_REASON = "reason";
    private static final String P_REQUESTED_ROLES = "requestedRoles";
    private static final String P_DENIED_URL = "deniedUrl";
    private static final String P_ALLOWED_ROLES = "allowedRoles";
    private static final String P_SPECIFICS = "specifics";
    private static final String P_VALIDATION_ERROR = "validationError";
    private static final String EMAIL_TITLE = "Permission Request";
    private static final String FORM_ID = "permissionRequestForm";
    private static final String ROLE_TABLE_ID = "roleTable";

    @Inject
    private Bootstrap4PageFactory bootstrap4PageFactory;

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterPermissionRequestDao datarouterPermissionRequestDao;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private DatarouterHtmlEmailService htmlEmailService;

    @Inject
    private DatarouterAuthPaths paths;

    @Inject
    private DatarouterUserHistoryService userHistoryService;

    @Inject
    private DatarouterEmailTypes.PermissionRequestEmailType permissionRequestEmailType;

    @Inject
    private ServiceName serviceName;

    @Inject
    private ServerTypeDetector serverTypeDetector;

    @Inject
    private AdminEmail adminEmail;

    @Inject
    private DatarouterEmailSubscriberSettings subscribersSettings;

    @Inject
    private PermissionRequestUserInfo.PermissionRequestUserInfoSupplier userInfoSupplier;

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private RoleManager roleManager;

    @Inject
    private PermissionRequestService permissionRequestService;

    @BaseHandler.Handler(defaultHandler = true)
    public Mav showForm(Optional<String> optional, Optional<String> optional2, @Param("validationError") Optional<String> optional3) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        PermissionRequest permissionRequest = (PermissionRequest) this.datarouterPermissionRequestDao.scanOpenPermissionRequestsForUser(currentUser.getId()).findMax(Comparator.comparing(permissionRequest2 -> {
            return permissionRequest2.getKey().getRequestTime();
        })).orElse(null);
        String join = this.paths.permissionRequest.declineAll.join("/");
        DivTag divTag = new DivTag();
        if (permissionRequest != null) {
            divTag = TagCreator.div(new DomContent[]{TagCreator.p("You already have an open permission request for " + this.serviceName.get() + ". You may submit another request to replace it."), TagCreator.p("Time Requested: " + String.valueOf(permissionRequest.getKey().getRequestTime())), TagCreator.p(new DomContent[]{TagCreator.b("Request Text:\n")}), TagCreator.pre(permissionRequest.getRequestText()).withStyle("margin-left: 2em;"), TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"Click ", TagCreator.a("here").withHref(join), " to decline it."})})});
        }
        DivTag divTag2 = new DivTag();
        if (optional.isPresent() && optional2.isPresent()) {
            divTag2 = TagCreator.div(new DomContent[]{TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"You made a request to: %s. This action requires one of these roles: ".formatted(optional.get()), TagCreator.b(optional2.get() + ".")})})});
        }
        DivTag with = TagCreator.div().with(TagCreator.h1("Permission Request: " + this.serviceName.get())).with(divTag).with(divTag2).with(TagCreator.p(new DomContent[]{TagCreator.b("Request the least amount of permissions necessary for your role.")}));
        String str = (String) currentUser.getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(null);
        HtmlForm withAction = ((HtmlForm) new HtmlForm(HtmlForm.HtmlFormMethod.POST).withId(FORM_ID)).withAction("?submitAction=submit");
        ((HtmlFormTextArea) ((HtmlFormTextArea) ((HtmlFormTextArea) withAction.addTextAreaField().withLabel(String.format("Why your role necessitates these permissions in %s:", this.serviceName.get()))).withName(P_REASON)).withPlaceholder("explain reason here")).required();
        HtmlFormCheckboxTable htmlFormCheckboxTable = (HtmlFormCheckboxTable) ((HtmlFormCheckboxTable) ((HtmlFormCheckboxTable) withAction.addCheckboxTableField().withId(ROLE_TABLE_ID)).withLabel("Available Roles to Request")).withColumns(List.of(new HtmlFormCheckboxTable.Column("role", "Role"), new HtmlFormCheckboxTable.Column("description", "Description"))).withRows(Scanner.of(this.roleManager.getAllRoles()).map(role -> {
            boolean contains = currentUser.getRolesIgnoreSaml().contains(role);
            return new HtmlFormCheckboxTable.Row(role.getPersistentString(), List.of(role.getPersistentString(), role.getDescription()), contains, contains);
        }).sort(Comparator.comparing((v0) -> {
            return v0.name();
        })).list()).required();
        withAction.addHiddenField(P_REQUESTED_ROLES, "");
        withAction.addHiddenField(P_DENIED_URL, optional.orElse(null));
        withAction.addHiddenField(P_ALLOWED_ROLES, optional2.orElse(null));
        withAction.addHiddenField("timezone", str);
        withAction.addButton().withLabel("Submit");
        DivTag div = TagCreator.div();
        if (optional3.isPresent()) {
            div = (DivTag) div.with(TagCreator.div(optional3.get()).withClass("alert alert-danger").attr("role", "alert"));
        }
        return this.bootstrap4PageFactory.startBuilder(this.request).withTitle("Datarouter - Permission Request").withContent(TagCreator.div().with(with).with(div.with(TagCreator.div(new DomContent[]{Bootstrap4FormHtml.render(withAction)})).withClasses(new String[]{"card card-body bg-light control-group"})).withClass("container-fluid")).withScript(TagCreator.script(HtmlFormTimezoneSelect.HIDDEN_TIMEZONE_JS)).withScript(TagCreator.script(htmlFormCheckboxTable.getCollectValuesJs(FORM_ID, ROLE_TABLE_ID, P_REQUESTED_ROLES))).buildMav();
    }

    @BaseHandler.Handler
    public String getUserTimezone() {
        return (String) getCurrentUser().getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(null);
    }

    @BaseHandler.Handler
    public void setTimezone(String str) {
        DatarouterUser currentUser = getCurrentUser();
        currentUser.setZoneId(ZoneId.of(str));
        this.datarouterUserDao.put(currentUser);
    }

    @BaseHandler.Handler
    private Mav submit(@Param("reason") String str, @Param("requestedRoles") String str2, @Param("deniedUrl") Optional<String> optional, @Param("allowedRoles") Optional<String> optional2, @Param("timezone") Optional<String> optional3) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        if (StringTool.isEmptyOrWhitespace(str)) {
            return new InContextRedirectMav(this.request, this.paths.permissionRequest, Map.of(P_VALIDATION_ERROR, "Reason is required."));
        }
        String trim = str.trim();
        if (StringTool.isEmpty(str2)) {
            return new InContextRedirectMav(this.request, this.paths.permissionRequest, Map.of(P_VALIDATION_ERROR, "At least one requested role is required."));
        }
        String str3 = "Request Reason: \"%s\"\nRequested Roles: %s.".formatted(trim, str2) + ((String) optional.map(str4 -> {
            return "\nAttempted request to: " + str4 + ".";
        }).orElse("")) + ((String) optional2.map(str5 -> {
            return "\nAllowed Roles: " + str5 + ".";
        }).orElse(""));
        DatarouterUser currentUser = getCurrentUser();
        optional3.map(ZoneId::of).ifPresent(zoneId -> {
            currentUser.setZoneId(zoneId);
            this.datarouterUserDao.put(currentUser);
        });
        this.datarouterPermissionRequestDao.createPermissionRequest(new PermissionRequest(currentUser.getId(), MilliTime.now(), str3, (PermissionRequest.DatarouterPermissionRequestResolution) null, (MilliTime) null));
        Scanner of = Scanner.of(str2.split(","));
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        sendRequestEmail(currentUser, trim, str3, this.roleManager.getAdditionalPermissionRequestEmailRecipients(currentUser, new HashSet(of.map(roleManager::findRoleFromPersistentString).map(optional4 -> {
            return (Role) optional4.orElseThrow(() -> {
                return new IllegalArgumentException("Permission request made with unknown role(s): " + str2);
            });
        }).list())));
        return this.datarouterUserService.getUserRolesWithSamlGroups(currentUser).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : new InContextRedirectMav(this.request, this.paths.permissionRequest);
    }

    @BaseHandler.Handler
    private Mav createCustomPermissionRequest(@Param("reason") String str, @Param("specifics") String str2) {
        if (StringTool.isEmptyOrWhitespace(str)) {
            return new InContextRedirectMav(this.request, this.paths.permissionRequest, Map.of(P_VALIDATION_ERROR, "Reason is required."));
        }
        if (StringTool.isEmptyOrWhitespace(str2)) {
            return new InContextRedirectMav(this.request, this.paths.permissionRequest, Map.of(P_VALIDATION_ERROR, "Specifics are required."));
        }
        String trim = str.trim();
        String trim2 = str2.trim();
        DatarouterUser currentUser = getCurrentUser();
        this.datarouterPermissionRequestDao.createPermissionRequest(new PermissionRequest(currentUser.getId(), MilliTime.now(), trim2, (PermissionRequest.DatarouterPermissionRequestResolution) null, (MilliTime) null));
        sendRequestEmail(currentUser, trim, trim2, Collections.emptySet());
        return this.datarouterUserService.getUserRolesWithSamlGroups(currentUser).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : new InContextRedirectMav(this.request, this.paths.permissionRequest);
    }

    @BaseHandler.Handler
    private Mav declineAll(Optional<Long> optional, Optional<String> optional2) {
        PermissionRequestService.DeclinePermissionRequestDto declinePermissionRequests = declinePermissionRequests(optional.orElse(getCurrentUser().getId()).toString());
        return !declinePermissionRequests.success() ? new MessageMav(declinePermissionRequests.message()) : optional2.isEmpty() ? this.datarouterUserService.getUserRolesWithSamlGroups(getCurrentUser()).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : new InContextRedirectMav(this.request, this.paths.permissionRequest) : new GlobalRedirectMav(optional2.get());
    }

    @BaseHandler.Handler
    private PermissionRequestService.DeclinePermissionRequestDto declinePermissionRequests(String str) {
        long parseLong = Long.parseLong(str);
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new PermissionRequestService.DeclinePermissionRequestDto(false, noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        return this.permissionRequestService.declinePermissionRequests(parseLong == currentUser.getId().longValue() ? currentUser : this.datarouterUserService.getUserById(Long.valueOf(parseLong), true), currentUser);
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserService.getAndValidateCurrentUser(getSessionInfo().getRequiredSession());
    }

    private void sendRequestEmail(DatarouterUser datarouterUser, String str, String str2, Set<String> set) {
        String username = datarouterUser.getUsername();
        String build = this.htmlEmailService.startLinkBuilder().withLocalPath(this.paths.admin.editUser.toSlashedString()).withParam("userId", String.valueOf(datarouterUser.getId())).build();
        J2HtmlDatarouterEmailBuilder admin = this.htmlEmailService.startEmailBuilder().withSubject(this.userHistoryService.getPermissionRequestEmailSubject(datarouterUser)).withTitle(EMAIL_TITLE).withTitleHref(build).withContent(TagCreator.div(new DomContent[]{(TableTag) TagCreator.table(new DomContent[]{TagCreator.tbody().with(createLabelValueTr("Service", TagCreator.text(this.serviceName.get())).with(this.userInfoSupplier.get().getUserInformation(datarouterUser))).with(createLabelValueTr("Reason", TagCreator.text(str))).condWith(StringTool.notEmpty(str2), createLabelValueTr("Specifics", TagCreator.text(str2)))}).withStyle("border-spacing: 0; white-space: pre-wrap;"), TagCreator.p(new DomContent[]{TagCreator.a("Edit user profile").withHref(build)})})).from(username).to(username).to(set).to(this.permissionRequestEmailType, this.serverTypeDetector.mightBeProduction()).toAdmin(this.serverTypeDetector.mightBeDevelopment());
        if (((Boolean) this.subscribersSettings.includeSubscribers.get()).booleanValue()) {
            admin.toSubscribers();
        }
        this.htmlEmailService.trySendJ2Html(admin);
    }

    public static TrTag createLabelValueTr(String str, DomContent... domContentArr) {
        return TagCreator.tr(new DomContent[]{TagCreator.td(new DomContent[]{TagCreator.b(str + " ")}).withStyle("text-align: right"), TagCreator.td().with(domContentArr).withStyle("padding-left: 8px")}).withStyle("vertical-align: top");
    }

    private String noDatarouterAuthentication() {
        logger.warn("{} went to non-DR permission request page.", getSessionInfo().getRequiredSession().getUsername());
        return "This is only available when using datarouter authentication. Please email " + this.adminEmail.get() + " for assistance.";
    }
}
