package org.opencastproject.adminui.endpoint;

import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import java.io.IOException;
import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.adminui.endpoint.ServicesEndpoint;
import org.opencastproject.adminui.util.TextFilter;
import org.opencastproject.index.service.util.RestUtils;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.UnauthorizedException;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserDirectoryService;
import org.opencastproject.security.impl.jpa.JpaOrganization;
import org.opencastproject.security.impl.jpa.JpaRole;
import org.opencastproject.security.impl.jpa.JpaUser;
import org.opencastproject.userdirectory.JpaUserAndRoleProvider;
import org.opencastproject.userdirectory.JpaUserReferenceProvider;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.RestUtil;
import org.opencastproject.util.SmartIterator;
import org.opencastproject.util.UrlSupport;
import org.opencastproject.util.data.Tuple;
import org.opencastproject.util.doc.rest.RestParameter;
import org.opencastproject.util.doc.rest.RestQuery;
import org.opencastproject.util.doc.rest.RestResponse;
import org.opencastproject.util.doc.rest.RestService;
import org.opencastproject.util.requests.SortCriterion;
import org.opencastproject.workflow.api.WorkflowDatabaseException;
import org.opencastproject.workflow.api.WorkflowService;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
@RestService(name = "users", title = "User service", abstractText = "Provides operations for users", notes = {"This service offers the default users CRUD Operations for the admin UI.", "<strong>Important:</strong> <em>This service is for exclusive use by the module admin-ui. Its API might change anytime without prior notice. Any dependencies other than the admin UI will be strictly ignored. DO NOT use this for integration of third-party applications.<em>"})
@Component(immediate = true, service = {UsersEndpoint.class}, property = {"service.description=Admin UI - Users facade Endpoint", "opencast.service.type=org.opencastproject.adminui.endpoint.UsersEndpoint", "opencast.service.path=/admin-ng/users"})
/* loaded from: input_file:org/opencastproject/adminui/endpoint/UsersEndpoint.class */
public class UsersEndpoint {
    protected UserDirectoryService userDirectoryService;
    private JpaUserAndRoleProvider jpaUserAndRoleProvider;
    private JpaUserReferenceProvider jpaUserReferenceProvider;
    private SecurityService securityService;
    private WorkflowService workflowService;
    private String endpointBaseUrl;
    private static final Logger logger = LoggerFactory.getLogger(UsersEndpoint.class);
    private static final Type listType = new TypeToken<ArrayList<JsonRole>>() { // from class: org.opencastproject.adminui.endpoint.UsersEndpoint.1
    }.getType();
    private static final Gson gson = new Gson();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opencastproject/adminui/endpoint/UsersEndpoint$JsonRole.class */
    public class JsonRole {
        private String name;
        private String type;

        JsonRole(String str, Role.Type type) {
            this.name = str;
            this.type = type.toString();
        }

        public String getName() {
            return this.name;
        }

        public Role.Type getType() {
            return Role.Type.valueOf(this.type);
        }
    }

    @Reference
    public void setUserDirectoryService(UserDirectoryService userDirectoryService) {
        this.userDirectoryService = userDirectoryService;
    }

    @Reference
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Reference
    public void setJpaUserReferenceProvider(JpaUserReferenceProvider jpaUserReferenceProvider) {
        this.jpaUserReferenceProvider = jpaUserReferenceProvider;
    }

    @Reference
    public void setJpaUserAndRoleProvider(JpaUserAndRoleProvider jpaUserAndRoleProvider) {
        this.jpaUserAndRoleProvider = jpaUserAndRoleProvider;
    }

    @Reference
    public void setWorkflowService(WorkflowService workflowService) {
        this.workflowService = workflowService;
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        logger.info("Activate the Admin ui - Users facade endpoint");
        Tuple endpointUrl = RestUtil.getEndpointUrl(componentContext);
        this.endpointBaseUrl = UrlSupport.concat((String) endpointUrl.getA(), (String) endpointUrl.getB());
    }

    @GET
    @Path("users.json")
    @Produces({"application/json"})
    @RestQuery(name = "allusers", description = "Returns a list of users", returnDescription = "Returns a JSON representation of the list of user accounts", restParameters = {@RestParameter(name = "filter", isRequired = false, description = "The filter used for the query. They should be formated like that: 'filter1:value1,filter2:value2'", type = RestParameter.Type.STRING), @RestParameter(name = "sort", isRequired = false, description = "The sort order. May include any of the following: STATUS, NAME OR LAST_UPDATED.  Add '_DESC' to reverse the sort order (e.g. STATUS_DESC).", type = RestParameter.Type.STRING), @RestParameter(defaultValue = "100", description = "The maximum number of items to return per page.", isRequired = false, name = "limit", type = RestParameter.Type.STRING), @RestParameter(defaultValue = "0", description = "The page number.", isRequired = false, name = "offset", type = RestParameter.Type.STRING)}, responses = {@RestResponse(responseCode = 200, description = "The user accounts.")})
    public Response getUsers(@QueryParam("filter") String str, @QueryParam("sort") String str2, @QueryParam("limit") int i, @QueryParam("offset") int i2) throws IOException {
        if (i < 1) {
            i = 100;
        }
        String trimToNull = StringUtils.trimToNull(str2);
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        Map parseFilter = RestUtils.parseFilter(str);
        for (String str7 : parseFilter.keySet()) {
            String str8 = (String) parseFilter.get(str7);
            if ("Name".equals(str7)) {
                str3 = str8;
            } else if ("Role".equals(str7)) {
                str4 = str8;
            } else if ("Provider".equals(str7)) {
                str5 = str8;
            } else if ("textFilter".equals(str7) && StringUtils.isNotBlank(str8)) {
                str6 = str8;
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator users = this.userDirectoryService.getUsers();
        while (users.hasNext()) {
            User user = (User) users.next();
            String str9 = str4;
            if (str3 == null || str3.equals(user.getName())) {
                if (str4 == null || !user.getRoles().stream().noneMatch(role -> {
                    return role.getName().equals(str9);
                })) {
                    if (str5 == null || str5.equals(user.getProvider())) {
                        if (str6 == null || TextFilter.match(str6, user.getUsername(), user.getName(), user.getEmail(), user.getProvider()) || TextFilter.match(str6, (String) user.getRoles().stream().map((v0) -> {
                            return v0.getName();
                        }).collect(Collectors.joining(" ")))) {
                            arrayList.add(user);
                        }
                    }
                }
            }
        }
        int size = arrayList.size();
        if (trimToNull != null) {
            Set parseSortQueryParameter = RestUtils.parseSortQueryParameter(trimToNull);
            arrayList.sort((user2, user3) -> {
                Iterator it = parseSortQueryParameter.iterator();
                if (!it.hasNext()) {
                    return 0;
                }
                SortCriterion sortCriterion = (SortCriterion) it.next();
                SortCriterion.Order order = sortCriterion.getOrder();
                String fieldName = sortCriterion.getFieldName();
                boolean z = -1;
                switch (fieldName.hashCode()) {
                    case -987494927:
                        if (fieldName.equals("provider")) {
                            z = 4;
                            break;
                        }
                        break;
                    case -265713450:
                        if (fieldName.equals("username")) {
                            z = true;
                            break;
                        }
                        break;
                    case 3373707:
                        if (fieldName.equals(ServicesEndpoint.Service.NAME_NAME)) {
                            z = false;
                            break;
                        }
                        break;
                    case 96619420:
                        if (fieldName.equals("email")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 108695229:
                        if (fieldName.equals("roles")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return order.equals(SortCriterion.Order.Descending) ? String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user3.getName()), StringUtils.trimToEmpty(user2.getName())) : String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user2.getName()), StringUtils.trimToEmpty(user3.getName()));
                    case true:
                        return order.equals(SortCriterion.Order.Descending) ? String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user3.getUsername()), StringUtils.trimToEmpty(user2.getUsername())) : String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user2.getUsername()), StringUtils.trimToEmpty(user3.getUsername()));
                    case true:
                        return order.equals(SortCriterion.Order.Descending) ? String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user3.getEmail()), StringUtils.trimToEmpty(user2.getEmail())) : String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user2.getEmail()), StringUtils.trimToEmpty(user3.getEmail()));
                    case true:
                        String str10 = (String) user2.getRoles().stream().map((v0) -> {
                            return v0.getName();
                        }).collect(Collectors.joining(","));
                        String str11 = (String) user2.getRoles().stream().map((v0) -> {
                            return v0.getName();
                        }).collect(Collectors.joining(","));
                        return order.equals(SortCriterion.Order.Descending) ? String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(str11), StringUtils.trimToEmpty(str10)) : String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(str10), StringUtils.trimToEmpty(str11));
                    case true:
                        return order.equals(SortCriterion.Order.Descending) ? String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user3.getProvider()), StringUtils.trimToEmpty(user2.getProvider())) : String.CASE_INSENSITIVE_ORDER.compare(StringUtils.trimToEmpty(user2.getProvider()), StringUtils.trimToEmpty(user3.getProvider()));
                    default:
                        logger.info("Unknown sort type: {}", sortCriterion.getFieldName());
                        return 0;
                }
            });
        }
        List applyLimitAndOffset = new SmartIterator(i, i2).applyLimitAndOffset(arrayList);
        ArrayList arrayList2 = new ArrayList();
        Iterator it = applyLimitAndOffset.iterator();
        while (it.hasNext()) {
            arrayList2.add(generateJsonUser((User) it.next()));
        }
        return Response.ok(gson.toJson(Map.of("results", arrayList2, "count", Integer.valueOf(arrayList2.size()), "offset", Integer.valueOf(i2), "limit", Integer.valueOf(i), "total", Integer.valueOf(size)))).build();
    }

    @POST
    @Path("/")
    @RestQuery(name = "createUser", description = "Create a new  user", returnDescription = "The location of the new ressource", restParameters = {@RestParameter(description = "The username.", isRequired = true, name = "username", type = RestParameter.Type.STRING), @RestParameter(description = "The password.", isRequired = true, name = "password", type = RestParameter.Type.STRING), @RestParameter(description = "The name.", isRequired = false, name = ServicesEndpoint.Service.NAME_NAME, type = RestParameter.Type.STRING), @RestParameter(description = "The email.", isRequired = false, name = "email", type = RestParameter.Type.STRING), @RestParameter(name = "roles", type = RestParameter.Type.STRING, isRequired = false, description = "The user roles as a json array, e.g. <br>[{'name': 'ROLE_ADMIN', 'type': 'INTERNAL'}, {'name': 'ROLE_XY', 'type': 'INTERNAL'}]")}, responses = {@RestResponse(responseCode = 201, description = "User has been created."), @RestResponse(responseCode = 403, description = "Not enough permissions to create a user with a admin role."), @RestResponse(responseCode = 409, description = "An user with this username already exist.")})
    public Response createUser(@FormParam("username") String str, @FormParam("password") String str2, @FormParam("name") String str3, @FormParam("email") String str4, @FormParam("roles") String str5) {
        if (StringUtils.isBlank(str)) {
            return Response.status(400).entity("Missing username").build();
        }
        if (StringUtils.isBlank(str2)) {
            return Response.status(400).entity("Missing password").build();
        }
        if (this.jpaUserAndRoleProvider.loadUser(str) != null) {
            return Response.status(409).build();
        }
        JpaOrganization organization = this.securityService.getOrganization();
        try {
            Set<JpaRole> parseJsonRoles = parseJsonRoles(str5);
            if (parseJsonRoles == null) {
                parseJsonRoles = new HashSet();
                parseJsonRoles.add(new JpaRole(organization.getAnonymousRole(), organization));
            }
            JpaUser jpaUser = new JpaUser(str, str2, organization, str3, str4, this.jpaUserAndRoleProvider.getName(), true, parseJsonRoles);
            try {
                this.jpaUserAndRoleProvider.addUser(jpaUser);
                return Response.created(UrlSupport.uri(new Object[]{this.endpointBaseUrl, jpaUser.getUsername() + ".json"})).build();
            } catch (UnauthorizedException e) {
                return Response.status(403).build();
            }
        } catch (IllegalArgumentException e2) {
            logger.debug("Received invalid JSON for roles", e2);
            return Response.status(400).entity("Invalid JSON for roles").build();
        }
    }

    @GET
    @Path("{username}.json")
    @RestQuery(name = "getUser", description = "Get an user", returnDescription = "Status ok", pathParameters = {@RestParameter(name = "username", type = RestParameter.Type.STRING, isRequired = true, description = "The username")}, responses = {@RestResponse(responseCode = 200, description = "User has been found."), @RestResponse(responseCode = 404, description = "User not found.")})
    public Response getUser(@PathParam("username") String str) {
        User loadUser = this.userDirectoryService.loadUser(str);
        return loadUser == null ? Response.status(404).build() : Response.ok(gson.toJson(generateJsonUser(loadUser))).build();
    }

    @Path("{username}.json")
    @PUT
    @RestQuery(name = "updateUser", description = "Update an user", returnDescription = "Status ok", restParameters = {@RestParameter(description = "The password.", isRequired = false, name = "password", type = RestParameter.Type.STRING), @RestParameter(description = "The name.", isRequired = false, name = ServicesEndpoint.Service.NAME_NAME, type = RestParameter.Type.STRING), @RestParameter(description = "The email.", isRequired = false, name = "email", type = RestParameter.Type.STRING), @RestParameter(name = "roles", type = RestParameter.Type.STRING, isRequired = false, description = "The user roles as a json array")}, pathParameters = {@RestParameter(name = "username", type = RestParameter.Type.STRING, isRequired = true, description = "The username")}, responses = {@RestResponse(responseCode = 200, description = "User has been updated."), @RestResponse(responseCode = 403, description = "Not enough permissions to update a user with admin role."), @RestResponse(responseCode = 400, description = "Invalid data provided.")})
    public Response updateUser(@PathParam("username") String str, @FormParam("password") String str2, @FormParam("name") String str3, @FormParam("email") String str4, @FormParam("roles") String str5) {
        User loadUser = this.jpaUserAndRoleProvider.loadUser(str);
        if (loadUser == null) {
            return createUser(str, str2, str3, str4, str5);
        }
        try {
            Set<JpaRole> parseJsonRoles = parseJsonRoles(str5);
            JpaOrganization organization = this.securityService.getOrganization();
            if (parseJsonRoles == null) {
                parseJsonRoles = new HashSet();
                for (Role role : loadUser.getRoles()) {
                    parseJsonRoles.add(new JpaRole(role.getName(), organization, role.getDescription(), role.getType()));
                }
            }
            try {
                this.jpaUserAndRoleProvider.updateUser(new JpaUser(str, str2, organization, str3, str4, this.jpaUserAndRoleProvider.getName(), true, parseJsonRoles));
                this.userDirectoryService.invalidate(str);
                return Response.status(200).build();
            } catch (NotFoundException e) {
                return Response.serverError().build();
            } catch (UnauthorizedException e2) {
                return Response.status(Response.Status.FORBIDDEN).build();
            }
        } catch (IllegalArgumentException e3) {
            logger.debug("Received invalid JSON for roles", e3);
            return Response.status(400).build();
        }
    }

    @Path("{username}.json")
    @DELETE
    @RestQuery(name = "deleteUser", description = "Deleter a new  user", returnDescription = "Status ok", pathParameters = {@RestParameter(name = "username", type = RestParameter.Type.STRING, isRequired = true, description = "The username")}, responses = {@RestResponse(responseCode = 200, description = "User has been deleted."), @RestResponse(responseCode = 403, description = "Not enough permissions to delete a user with admin role."), @RestResponse(responseCode = 404, description = "User not found.")})
    public Response deleteUser(@PathParam("username") String str) throws NotFoundException {
        Organization organization = this.securityService.getOrganization();
        boolean z = false;
        boolean z2 = false;
        try {
            if (this.workflowService.userHasActiveWorkflows(str)) {
                logger.debug("Workflow still active for user {}:", str);
                return Response.status(409).build();
            }
            try {
                try {
                    this.jpaUserReferenceProvider.deleteUser(str, organization.getId());
                } catch (NotFoundException e) {
                    z = true;
                }
                try {
                    this.jpaUserAndRoleProvider.deleteUser(str, organization.getId());
                } catch (NotFoundException e2) {
                    z2 = true;
                }
                if (z2 && z) {
                    throw new NotFoundException();
                }
                this.userDirectoryService.invalidate(str);
                logger.debug("User {} removed.", str);
                return Response.status(200).build();
            } catch (Exception e3) {
                logger.error("Error during deletion of user {}: {}", str, e3);
                return Response.status(500).build();
            } catch (UnauthorizedException e4) {
                return Response.status(403).build();
            } catch (NotFoundException e5) {
                logger.debug("User {} not found.", str);
                return Response.status(404).build();
            }
        } catch (WorkflowDatabaseException e6) {
            logger.error("Error during deletion of user {}: {}", str, e6);
            return Response.status(500).build();
        }
    }

    private Set<JpaRole> parseJsonRoles(String str) throws IllegalArgumentException {
        try {
            List<JsonRole> list = (List) gson.fromJson(str, listType);
            if (list == null) {
                return null;
            }
            JpaOrganization organization = this.securityService.getOrganization();
            HashSet hashSet = new HashSet();
            for (JsonRole jsonRole : list) {
                try {
                    hashSet.add(new JpaRole(jsonRole.getName(), organization, (String) null, jsonRole.getType()));
                } catch (NullPointerException e) {
                    throw new IllegalArgumentException(e);
                }
            }
            return hashSet;
        } catch (JsonSyntaxException e2) {
            throw new IllegalArgumentException((Throwable) e2);
        }
    }

    private Map<String, Object> generateJsonUser(User user) {
        HashMap hashMap = new HashMap();
        hashMap.put("username", user.getUsername());
        hashMap.put("manageable", Boolean.valueOf(user.isManageable()));
        hashMap.put(ServicesEndpoint.Service.NAME_NAME, user.getName());
        hashMap.put("email", user.getEmail());
        hashMap.put("provider", user.getProvider());
        hashMap.put("roles", user.getRoles().stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).map(role -> {
            return new JsonRole(role.getName(), role.getType());
        }).collect(Collectors.toList()));
        return hashMap;
    }
}
