package org.opencastproject.adminui.endpoint;

import com.entwinemedia.fn.Fn;
import com.entwinemedia.fn.Stream;
import com.entwinemedia.fn.StreamOp;
import com.entwinemedia.fn.data.Opt;
import com.entwinemedia.fn.data.json.Field;
import com.entwinemedia.fn.data.json.JObject;
import com.entwinemedia.fn.data.json.JValue;
import com.entwinemedia.fn.data.json.Jsons;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.opencastproject.adminui.endpoint.ServicesEndpoint;
import org.opencastproject.adminui.util.TextFilter;
import org.opencastproject.authorization.xacml.manager.api.AclService;
import org.opencastproject.authorization.xacml.manager.api.AclServiceException;
import org.opencastproject.authorization.xacml.manager.api.AclServiceFactory;
import org.opencastproject.authorization.xacml.manager.api.ManagedAcl;
import org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl;
import org.opencastproject.index.service.util.RestUtils;
import org.opencastproject.matterhorn.search.SearchQuery;
import org.opencastproject.matterhorn.search.SortCriterion;
import org.opencastproject.security.api.AccessControlEntry;
import org.opencastproject.security.api.AccessControlList;
import org.opencastproject.security.api.AccessControlParser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleDirectoryService;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.RestUtil;
import org.opencastproject.util.data.Option;
import org.opencastproject.util.doc.rest.RestParameter;
import org.opencastproject.util.doc.rest.RestQuery;
import org.opencastproject.util.doc.rest.RestResponse;
import org.opencastproject.util.doc.rest.RestService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
@RestService(name = "acl", title = "Acl service", abstractText = "Provides operations for acl", notes = {"This service offers the default acl CRUD Operations for the admin UI.", "<strong>Important:</strong> <em>This service is for exclusive use by the module admin-ui. Its API might change anytime without prior notice. Any dependencies other than the admin UI will be strictly ignored. DO NOT use this for integration of third-party applications.<em>"})
/* loaded from: input_file:org/opencastproject/adminui/endpoint/AclEndpoint.class */
public class AclEndpoint {
    private AclServiceFactory aclServiceFactory;
    private SecurityService securityService;
    private RoleDirectoryService roleDirectoryService;
    private final Fn<AccessControlEntry, JValue> fullAccessControlEntry = new Fn<AccessControlEntry, JValue>() { // from class: org.opencastproject.adminui.endpoint.AclEndpoint.3
        public JValue apply(AccessControlEntry accessControlEntry) {
            return AclEndpoint.this.full(accessControlEntry);
        }
    };
    private final Fn<ManagedAcl, JValue> fullManagedAcl = new Fn<ManagedAcl, JValue>() { // from class: org.opencastproject.adminui.endpoint.AclEndpoint.4
        public JValue apply(ManagedAcl managedAcl) {
            return AclEndpoint.this.full(managedAcl);
        }
    };
    private static final Logger logger = LoggerFactory.getLogger(AclEndpoint.class);
    private static final Fn<String, AccessControlList> parseAcl = new Fn<String, AccessControlList>() { // from class: org.opencastproject.adminui.endpoint.AclEndpoint.2
        public AccessControlList apply(String str) {
            try {
                return AccessControlParser.parseAcl(str);
            } catch (Exception e) {
                AclEndpoint.logger.warn("Unable to parse ACL");
                throw new WebApplicationException(Response.Status.BAD_REQUEST);
            }
        }
    };

    public void setAclServiceFactory(AclServiceFactory aclServiceFactory) {
        this.aclServiceFactory = aclServiceFactory;
    }

    public void setRoleDirectoryService(RoleDirectoryService roleDirectoryService) {
        this.roleDirectoryService = roleDirectoryService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    protected void activate(ComponentContext componentContext) {
        logger.info("Activate the Admin ui - Acl facade endpoint");
    }

    private AclService aclService() {
        return this.aclServiceFactory.serviceFor(this.securityService.getOrganization());
    }

    @GET
    @Path("acls.json")
    @Produces({"application/json"})
    @RestQuery(name = "allaclasjson", description = "Returns a list of acls", returnDescription = "Returns a JSON representation of the list of acls available the current user's organization", restParameters = {@RestParameter(name = "filter", isRequired = false, description = "The filter used for the query. They should be formated like that: 'filter1:value1,filter2:value2'", type = RestParameter.Type.STRING), @RestParameter(name = "sort", isRequired = false, description = "The sort order. May include any of the following: NAME. Add '_DESC' to reverse the sort order (e.g. NAME_DESC).", type = RestParameter.Type.STRING), @RestParameter(defaultValue = "100", description = "The maximum number of items to return per page.", isRequired = false, name = "limit", type = RestParameter.Type.STRING), @RestParameter(defaultValue = "0", description = "The page number.", isRequired = false, name = "offset", type = RestParameter.Type.STRING)}, responses = {@RestResponse(responseCode = 200, description = "The list of ACL's has successfully been returned")})
    public Response getAclsAsJson(@QueryParam("filter") String str, @QueryParam("sort") String str2, @QueryParam("offset") int i, @QueryParam("limit") int i2) throws IOException {
        if (i2 < 1) {
            i2 = 100;
        }
        Opt nul = Opt.nul(StringUtils.trimToNull(str2));
        Option none = Option.none();
        Option none2 = Option.none();
        Map parseFilter = RestUtils.parseFilter(str);
        for (String str3 : parseFilter.keySet()) {
            String str4 = (String) parseFilter.get(str3);
            if ("Name".equals(str3)) {
                none = Option.some(str4);
            } else if ("textFilter".equals(str3) && StringUtils.isNotBlank(str4)) {
                none2 = Option.some(str4);
            }
        }
        ArrayList arrayList = new ArrayList();
        for (ManagedAcl managedAcl : aclService().getAcls()) {
            if (!none.isSome() || ((String) none.get()).equals(managedAcl.getName())) {
                if (!none2.isSome() || TextFilter.match((String) none2.get(), managedAcl.getName())) {
                    arrayList.add(managedAcl);
                }
            }
        }
        int size = arrayList.size();
        if (nul.isSome()) {
            final Set parseSortQueryParameter = RestUtils.parseSortQueryParameter((String) nul.get());
            Collections.sort(arrayList, new Comparator<ManagedAcl>() { // from class: org.opencastproject.adminui.endpoint.AclEndpoint.1
                @Override // java.util.Comparator
                public int compare(ManagedAcl managedAcl2, ManagedAcl managedAcl3) {
                    Iterator it = parseSortQueryParameter.iterator();
                    if (!it.hasNext()) {
                        return 0;
                    }
                    SortCriterion sortCriterion = (SortCriterion) it.next();
                    SearchQuery.Order order = sortCriterion.getOrder();
                    String fieldName = sortCriterion.getFieldName();
                    boolean z = -1;
                    switch (fieldName.hashCode()) {
                        case 3373707:
                            if (fieldName.equals(ServicesEndpoint.Service.NAME_NAME)) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            return order.equals(SearchQuery.Order.Descending) ? ObjectUtils.compare(managedAcl3.getName(), managedAcl2.getName()) : ObjectUtils.compare(managedAcl2.getName(), managedAcl3.getName());
                        default:
                            AclEndpoint.logger.info("Unkown sort type: {}", sortCriterion.getFieldName());
                            return 0;
                    }
                }
            });
        }
        return RestUtils.okJsonList(Stream.$(arrayList).drop(i).apply(i2 > 0 ? StreamOp.id().take(i2) : StreamOp.id()).map(this.fullManagedAcl).toList(), i, i2, size);
    }

    @GET
    @Path("roles.json")
    @Produces({"application/json"})
    @RestQuery(name = "getRoles", description = "Returns a list of roles", returnDescription = "Returns a JSON representation of the roles with the given parameters under the current user's organization.", restParameters = {@RestParameter(name = "query", isRequired = false, description = "The query.", type = RestParameter.Type.STRING), @RestParameter(name = "target", isRequired = false, description = "The target of the roles.", type = RestParameter.Type.STRING), @RestParameter(name = "limit", defaultValue = "100", description = "The maximum number of items to return per page.", isRequired = false, type = RestParameter.Type.STRING), @RestParameter(name = "offset", defaultValue = "0", description = "The page number.", isRequired = false, type = RestParameter.Type.STRING)}, responses = {@RestResponse(responseCode = 200, description = "The list of roles.")})
    public Response getRoles(@QueryParam("query") String str, @QueryParam("target") String str2, @QueryParam("offset") int i, @QueryParam("limit") int i2) {
        String str3 = StringUtils.isNotBlank(str) ? str.trim() + "%" : "%";
        Role.Target target = Role.Target.ALL;
        if (StringUtils.isNotBlank(str2)) {
            try {
                target = Role.Target.valueOf(str2.trim());
            } catch (Exception e) {
                logger.warn("Invalid target filter value {}", str2);
            }
        }
        List<Role> findRoles = this.roleDirectoryService.findRoles(str3, target, i, i2);
        JSONArray jSONArray = new JSONArray();
        for (Role role : findRoles) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(ServicesEndpoint.Service.NAME_NAME, role.getName());
            jSONObject.put("type", role.getType().toString());
            jSONObject.put("description", role.getDescription());
            jSONObject.put("organization", role.getOrganizationId());
            jSONArray.add(jSONObject);
        }
        return Response.ok(jSONArray.toJSONString()).build();
    }

    @Path("{id}")
    @DELETE
    @RestQuery(name = "deleteacl", description = "Delete an ACL", returnDescription = "Delete an ACL", pathParameters = {@RestParameter(name = "id", isRequired = true, description = "The ACL identifier", type = RestParameter.Type.INTEGER)}, responses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been deleted"), @RestResponse(responseCode = 404, description = "The ACL has not been found"), @RestResponse(responseCode = 409, description = "The ACL could not be deleted, there are still references on it")})
    public Response deleteAcl(@PathParam("id") long j) throws NotFoundException {
        try {
            return !aclService().deleteAcl(j) ? RestUtil.R.conflict() : RestUtil.R.noContent();
        } catch (AclServiceException e) {
            logger.warn("Error deleting manged acl with id '{}': {}", Long.valueOf(j), e);
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @Path("")
    @POST
    @Produces({"application/json"})
    @RestQuery(name = "createacl", description = "Create an ACL", returnDescription = "Create an ACL", restParameters = {@RestParameter(name = ServicesEndpoint.Service.NAME_NAME, isRequired = true, description = "The ACL name", type = RestParameter.Type.STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = RestParameter.Type.STRING)}, responses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been added"), @RestResponse(responseCode = 409, description = "An ACL with the same name already exists"), @RestResponse(responseCode = 400, description = "Unable to parse the ACL")})
    public Response createAcl(@FormParam("name") String str, @FormParam("acl") String str2) {
        Opt opt = aclService().createAcl((AccessControlList) parseAcl.apply(str2), str).toOpt();
        if (!opt.isNone()) {
            return RestUtils.okJson(full((ManagedAcl) opt.get()));
        }
        logger.info("An ACL with the same name '{}' already exists", str);
        throw new WebApplicationException(Response.Status.CONFLICT);
    }

    @Path("{id}")
    @Produces({"application/json"})
    @PUT
    @RestQuery(name = "updateacl", description = "Update an ACL", returnDescription = "Update an ACL", pathParameters = {@RestParameter(name = "id", isRequired = true, description = "The ACL identifier", type = RestParameter.Type.INTEGER)}, restParameters = {@RestParameter(name = ServicesEndpoint.Service.NAME_NAME, isRequired = true, description = "The ACL name", type = RestParameter.Type.STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = RestParameter.Type.STRING)}, responses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been updated"), @RestResponse(responseCode = 404, description = "The ACL has not been found"), @RestResponse(responseCode = 400, description = "Unable to parse the ACL")})
    public Response updateAcl(@PathParam("id") long j, @FormParam("name") String str, @FormParam("acl") String str2) throws NotFoundException {
        Organization organization = this.securityService.getOrganization();
        ManagedAclImpl managedAclImpl = new ManagedAclImpl(Long.valueOf(j), str, organization.getId(), (AccessControlList) parseAcl.apply(str2));
        if (aclService().updateAcl(managedAclImpl)) {
            return RestUtils.okJson(full((ManagedAcl) managedAclImpl));
        }
        logger.info("No ACL with id '{}' could be found under organization '{}'", Long.valueOf(j), organization.getId());
        throw new NotFoundException();
    }

    @GET
    @Path("{id}")
    @Produces({"application/json"})
    @RestQuery(name = "getacl", description = "Return the ACL by the given id", returnDescription = "Return the ACL by the given id", pathParameters = {@RestParameter(name = "id", isRequired = true, description = "The ACL identifier", type = RestParameter.Type.INTEGER)}, responses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been returned"), @RestResponse(responseCode = 404, description = "The ACL has not been found")})
    public Response getAcl(@PathParam("id") long j) throws NotFoundException {
        Iterator it = aclService().getAcl(j).iterator();
        if (it.hasNext()) {
            return RestUtils.okJson(full((ManagedAcl) it.next()));
        }
        logger.info("No ACL with id '{}' could by found", Long.valueOf(j));
        throw new NotFoundException();
    }

    public JObject full(AccessControlEntry accessControlEntry) {
        return Jsons.obj(new Field[]{Jsons.f("role", Jsons.v(accessControlEntry.getRole())), Jsons.f("action", Jsons.v(accessControlEntry.getAction())), Jsons.f("allow", Jsons.v(Boolean.valueOf(accessControlEntry.isAllow())))});
    }

    public JObject full(AccessControlList accessControlList) {
        return Jsons.obj(new Field[]{Jsons.f("ace", Jsons.arr(Stream.$(accessControlList.getEntries()).map(this.fullAccessControlEntry)))});
    }

    public JObject full(ManagedAcl managedAcl) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Jsons.f("id", Jsons.v(managedAcl.getId())));
        arrayList.add(Jsons.f(ServicesEndpoint.Service.NAME_NAME, Jsons.v(managedAcl.getName())));
        arrayList.add(Jsons.f("organizationId", Jsons.v(managedAcl.getOrganizationId())));
        arrayList.add(Jsons.f("acl", full(managedAcl.getAcl())));
        return Jsons.obj(arrayList);
    }
}
