package org.opencastproject.authorization.xacml.manager.endpoint;

import java.util.Iterator;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.assetmanager.api.AssetManager;
import org.opencastproject.authorization.xacml.manager.api.AclService;
import org.opencastproject.authorization.xacml.manager.api.AclServiceException;
import org.opencastproject.authorization.xacml.manager.api.AclServiceFactory;
import org.opencastproject.authorization.xacml.manager.api.ManagedAcl;
import org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl;
import org.opencastproject.authorization.xacml.manager.impl.Util;
import org.opencastproject.security.api.AccessControlList;
import org.opencastproject.security.api.AccessControlParser;
import org.opencastproject.security.api.AccessControlUtil;
import org.opencastproject.security.api.AuthorizationService;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.series.api.SeriesService;
import org.opencastproject.util.Jsons;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.RestUtil;
import org.opencastproject.util.data.Either;
import org.opencastproject.util.data.Function;
import org.opencastproject.util.data.Monadics;
import org.opencastproject.util.data.Option;
import org.opencastproject.util.data.Predicate;
import org.opencastproject.util.data.functions.Functions;
import org.opencastproject.util.data.functions.Options;
import org.opencastproject.util.doc.rest.RestParameter;
import org.opencastproject.util.doc.rest.RestQuery;
import org.opencastproject.util.doc.rest.RestResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opencastproject/authorization/xacml/manager/endpoint/AbstractAclServiceRestEndpoint.class */
public abstract class AbstractAclServiceRestEndpoint {
    private static final Logger logger = LoggerFactory.getLogger(AbstractAclServiceRestEndpoint.class);
    private static final AccessControlList EMPTY_ACL = AccessControlUtil.acl(new Either[0]);
    private static final Jsons.Obj fromSeries = Jsons.obj(new Jsons.Prop[]{Jsons.p("isFromSeries", true)});
    private static final Jsons.Obj fromEpisode = Jsons.obj(new Jsons.Prop[]{Jsons.p("isFromSeries", false)});
    private static final Function<String, AccessControlList> parseAcl = new Function<String, AccessControlList>() { // from class: org.opencastproject.authorization.xacml.manager.endpoint.AbstractAclServiceRestEndpoint.2
        public AccessControlList apply(String str) {
            try {
                return AccessControlParser.parseAcl(str);
            } catch (Exception e) {
                AbstractAclServiceRestEndpoint.logger.warn("Unable to parse ACL");
                throw new WebApplicationException(Response.Status.BAD_REQUEST);
            }
        }
    };

    protected abstract AclServiceFactory getAclServiceFactory();

    protected abstract String getEndpointBaseUrl();

    protected abstract SecurityService getSecurityService();

    protected abstract AuthorizationService getAuthorizationService();

    protected abstract AssetManager getAssetManager();

    protected abstract SeriesService getSeriesService();

    private static Option<ManagedAcl> matchAcls(AclService aclService, final AccessControlList accessControlList) {
        return Monadics.mlist(aclService.getAcls()).find(new Predicate<ManagedAcl>() { // from class: org.opencastproject.authorization.xacml.manager.endpoint.AbstractAclServiceRestEndpoint.1
            public Boolean apply(ManagedAcl managedAcl) {
                return Boolean.valueOf(AccessControlUtil.equals(accessControlList, managedAcl.getAcl()));
            }
        });
    }

    @GET
    @Path("/acl/{aclId}")
    @Produces({"application/json"})
    @RestQuery(name = "getacl", description = "Return the ACL by the given id", returnDescription = "Return the ACL by the given id", pathParameters = {@RestParameter(name = "aclId", isRequired = true, description = "The ACL identifier", type = RestParameter.Type.INTEGER)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been returned"), @RestResponse(responseCode = 404, description = "The ACL has not been found"), @RestResponse(responseCode = 500, description = "Error during returning the ACL")})
    public String getAcl(@PathParam("aclId") long j) throws NotFoundException {
        Option<ManagedAcl> acl = aclService().getAcl(j);
        if (!acl.isNone()) {
            return JsonConv.full((ManagedAcl) acl.get()).toJson();
        }
        logger.info("No ACL with id '{}' could be found", Long.valueOf(j));
        throw new NotFoundException();
    }

    @Path("/acl/extend")
    @POST
    @Produces({"application/json"})
    @RestQuery(name = "extendacl", description = "Return the given ACL with a new role and action in JSON format", returnDescription = "Return the ACL with the new role and action in JSON format", restParameters = {@RestParameter(name = "acl", isRequired = true, description = "The access control list", type = RestParameter.Type.STRING), @RestParameter(name = JsonConv.KEY_ACTION, isRequired = true, description = "The action for the ACL", type = RestParameter.Type.STRING), @RestParameter(name = JsonConv.KEY_ROLE, isRequired = true, description = "The role for the ACL", type = RestParameter.Type.STRING), @RestParameter(name = JsonConv.KEY_ALLOW, isRequired = true, description = "The allow status for the ACL", type = RestParameter.Type.BOOLEAN)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been returned"), @RestResponse(responseCode = 400, description = "The ACL, action or role was invalid or empty"), @RestResponse(responseCode = 500, description = "Error during returning the ACL")})
    public String extendAcl(@FormParam("acl") String str, @FormParam("action") String str2, @FormParam("role") String str3, @FormParam("allow") boolean z) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2) || StringUtils.isBlank(str3)) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        return JsonConv.full(AccessControlUtil.extendAcl((AccessControlList) parseAcl.apply(str), str3, str2, z)).toJson();
    }

    @Path("/acl/reduce")
    @POST
    @Produces({"application/json"})
    @RestQuery(name = "reduceacl", description = "Return the given ACL without a role and action in JSON format", returnDescription = "Return the ACL without the role and action in JSON format", restParameters = {@RestParameter(name = "acl", isRequired = true, description = "The access control list", type = RestParameter.Type.STRING), @RestParameter(name = JsonConv.KEY_ACTION, isRequired = true, description = "The action for the ACL", type = RestParameter.Type.STRING), @RestParameter(name = JsonConv.KEY_ROLE, isRequired = true, description = "The role for the ACL", type = RestParameter.Type.STRING)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been returned"), @RestResponse(responseCode = 400, description = "The ACL, role or action was invalid or empty"), @RestResponse(responseCode = 500, description = "Error during returning the ACL")})
    public String reduceAcl(@FormParam("acl") String str, @FormParam("action") String str2, @FormParam("role") String str3) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2) || StringUtils.isBlank(str3)) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        return JsonConv.full(AccessControlUtil.reduceAcl((AccessControlList) parseAcl.apply(str), str3, str2)).toJson();
    }

    @GET
    @Path("/acl/acls.json")
    @Produces({"application/json"})
    @RestQuery(name = "getacls", description = "Lists the ACL's as JSON", returnDescription = "The list of ACL's as JSON", reponses = {@RestResponse(responseCode = 200, description = "The list of ACL's has successfully been returned"), @RestResponse(responseCode = 500, description = "Error during returning the list of ACL's")})
    public String getAcls() {
        return Jsons.arr(Monadics.mlist(aclService().getAcls()).map(Functions.co(JsonConv.fullManagedAcl))).toJson();
    }

    @Path("/acl")
    @POST
    @Produces({"application/json"})
    @RestQuery(name = "createacl", description = "Create an ACL", returnDescription = "Create an ACL", restParameters = {@RestParameter(name = JsonConv.KEY_NAME, isRequired = true, description = "The ACL name", type = RestParameter.Type.STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = RestParameter.Type.STRING)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been added"), @RestResponse(responseCode = 409, description = "An ACL with the same name already exists"), @RestResponse(responseCode = 400, description = "Unable to parse the ACL"), @RestResponse(responseCode = 500, description = "Error during adding the ACL")})
    public String createAcl(@FormParam("name") String str, @FormParam("acl") String str2) {
        Option<ManagedAcl> createAcl = aclService().createAcl((AccessControlList) parseAcl.apply(str2), str);
        if (!createAcl.isNone()) {
            return JsonConv.full((ManagedAcl) createAcl.get()).toJson();
        }
        logger.info("An ACL with the same name '{}' already exists", str);
        throw new WebApplicationException(Response.Status.CONFLICT);
    }

    @Path("/acl/{aclId}")
    @Produces({"application/json"})
    @PUT
    @RestQuery(name = "updateacl", description = "Update an ACL", returnDescription = "Update an ACL", pathParameters = {@RestParameter(name = "aclId", isRequired = true, description = "The ACL identifier", type = RestParameter.Type.INTEGER)}, restParameters = {@RestParameter(name = JsonConv.KEY_NAME, isRequired = true, description = "The ACL name", type = RestParameter.Type.STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = RestParameter.Type.STRING)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been updated"), @RestResponse(responseCode = 404, description = "The ACL has not been found"), @RestResponse(responseCode = 400, description = "Unable to parse the ACL"), @RestResponse(responseCode = 500, description = "Error during updating the ACL")})
    public String updateAcl(@PathParam("aclId") long j, @FormParam("name") String str, @FormParam("acl") String str2) throws NotFoundException {
        Organization organization = getSecurityService().getOrganization();
        ManagedAclImpl managedAclImpl = new ManagedAclImpl(Long.valueOf(j), str, organization.getId(), (AccessControlList) parseAcl.apply(str2));
        if (aclService().updateAcl(managedAclImpl)) {
            return JsonConv.full(managedAclImpl).toJson();
        }
        logger.info("No ACL with id '{}' could be found under organization '{}'", Long.valueOf(j), organization.getId());
        throw new NotFoundException();
    }

    @Path("/acl/{aclId}")
    @DELETE
    @RestQuery(name = "deleteacl", description = "Delete an ACL", returnDescription = "Delete an ACL", pathParameters = {@RestParameter(name = "aclId", isRequired = true, description = "The ACL identifier", type = RestParameter.Type.INTEGER)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has successfully been deleted"), @RestResponse(responseCode = 404, description = "The ACL has not been found"), @RestResponse(responseCode = 409, description = "The ACL could not be deleted, there are still references on it"), @RestResponse(responseCode = 500, description = "Error during deleting the ACL")})
    public Response deleteAcl(@PathParam("aclId") long j) throws NotFoundException {
        try {
            return !aclService().deleteAcl(j) ? RestUtil.R.conflict() : RestUtil.R.noContent();
        } catch (AclServiceException e) {
            logger.warn("Error deleting manged acl with id '{}': {}", Long.valueOf(j), e);
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    @POST
    @Path("/apply/episode/{episodeId}")
    @RestQuery(name = "applyAclToEpisode", description = "Immediate application of an ACL to an episode", returnDescription = "Status code", pathParameters = {@RestParameter(name = "episodeId", isRequired = true, description = "The episode ID", type = RestParameter.Type.STRING)}, restParameters = {@RestParameter(name = "aclId", isRequired = false, description = "The ID of the ACL to apply. If missing the episode ACL will be deleted to fall back to the series ACL", type = RestParameter.Type.INTEGER)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has been successfully applied"), @RestResponse(responseCode = 404, description = "The ACL or the episode has not been found"), @RestResponse(responseCode = 500, description = "Internal error")})
    public Response applyAclToEpisode(@PathParam("episodeId") String str, @FormParam("aclId") Long l) {
        AclService aclService = aclService();
        Option map = Option.option(l).map(Util.getManagedAcl(aclService));
        if (map.isSome() && ((Option) map.get()).isNone()) {
            return RestUtil.R.notFound();
        }
        try {
            return aclService.applyAclToEpisode(str, Options.join(map)) ? RestUtil.R.ok() : RestUtil.R.notFound();
        } catch (AclServiceException e) {
            logger.error("Error applying acl to episode {}", str);
            return RestUtil.R.serverError();
        }
    }

    @POST
    @Path("/apply/series/{seriesId}")
    @RestQuery(name = "applyAclToSeries", description = "Immediate application of an ACL to a series", returnDescription = "Status code", pathParameters = {@RestParameter(name = "seriesId", isRequired = true, description = "The series ID", type = RestParameter.Type.STRING)}, restParameters = {@RestParameter(name = "aclId", isRequired = true, description = "The ID of the ACL to apply", type = RestParameter.Type.INTEGER), @RestParameter(name = "override", isRequired = false, defaultValue = "false", description = "If true the series ACL will take precedence over any existing episode ACL", type = RestParameter.Type.STRING)}, reponses = {@RestResponse(responseCode = 200, description = "The ACL has been successfully applied"), @RestResponse(responseCode = 404, description = "The ACL or the series has not been found"), @RestResponse(responseCode = 500, description = "Internal error")})
    public Response applyAclToSeries(@PathParam("seriesId") String str, @FormParam("aclId") long j, @FormParam("override") @DefaultValue("false") boolean z) {
        AclService aclService = aclService();
        Iterator it = aclService.getAcl(j).iterator();
        if (!it.hasNext()) {
            return RestUtil.R.notFound();
        }
        try {
            return aclService.applyAclToSeries(str, (ManagedAcl) it.next(), z) ? RestUtil.R.ok() : RestUtil.R.notFound();
        } catch (AclServiceException e) {
            logger.error("Error applying acl to series {}", str);
            return RestUtil.R.serverError();
        }
    }

    private AclService aclService() {
        return getAclServiceFactory().serviceFor(getSecurityService().getOrganization());
    }
}
