package otoroshi.controllers.adminapi;

import akka.http.scaladsl.util.FastFuture$;
import org.joda.time.DateTime;
import org.mindrot.jbcrypt.BCrypt;
import otoroshi.actions.ApiAction;
import otoroshi.actions.ApiActionContext;
import otoroshi.env.Env;
import otoroshi.events.AdminApiEvent;
import otoroshi.events.AdminApiEvent$;
import otoroshi.events.Alerts$;
import otoroshi.events.Audit$;
import otoroshi.events.SessionDiscardedAlert;
import otoroshi.events.SessionDiscardedAlert$;
import otoroshi.events.SessionsDiscardedAlert;
import otoroshi.events.SessionsDiscardedAlert$;
import otoroshi.events.U2FAdminDeletedAlert;
import otoroshi.events.U2FAdminDeletedAlert$;
import otoroshi.events.WebAuthnAdminDeletedAlert;
import otoroshi.events.WebAuthnAdminDeletedAlert$;
import otoroshi.models.BackOfficeUser;
import otoroshi.models.BackOfficeUser$;
import otoroshi.models.BackOfficeUserDataStore;
import otoroshi.models.EntityLocation;
import otoroshi.models.EntityLocation$;
import otoroshi.models.EntityLocationSupport;
import otoroshi.models.GlobalConfig;
import otoroshi.models.OtoroshiAdminType$SimpleAdmin$;
import otoroshi.models.OtoroshiAdminType$WebAuthnAdmin$;
import otoroshi.models.PrivateAppsUser;
import otoroshi.models.PrivateAppsUserDataStore;
import otoroshi.models.RightsChecker$SuperAdminOnly$;
import otoroshi.models.RightsChecker$TenantAdminOnly$;
import otoroshi.models.SimpleOtoroshiAdmin;
import otoroshi.models.SimpleOtoroshiAdmin$;
import otoroshi.models.TeamAccess;
import otoroshi.models.TeamAccess$;
import otoroshi.models.TeamId$;
import otoroshi.models.TenantAccess;
import otoroshi.models.TenantAccess$;
import otoroshi.models.UserRight;
import otoroshi.models.UserRights;
import otoroshi.models.UserRights$;
import otoroshi.models.WebAuthnOtoroshiAdmin;
import otoroshi.models.WebAuthnOtoroshiAdmin$;
import otoroshi.security.IdGenerator$;
import otoroshi.utils.controllers.AdminApiHelper;
import otoroshi.utils.controllers.ApiError;
import otoroshi.utils.controllers.SendAuditAndAlert;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterFuture$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.http.Writeable$;
import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsLookupResult$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import play.api.mvc.AbstractController;
import play.api.mvc.Action;
import play.api.mvc.AnyContent;
import play.api.mvc.ControllerComponents;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import scala.Function0;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.Tuple4;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.TraversableLike;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;

/* compiled from: UsersController.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005=e\u0001B\r\u001b\u0001\u0005B\u0001b\r\u0001\u0003\u0002\u0003\u0006I\u0001\u000e\u0005\nu\u0001\u0011\t\u0011)A\u0005wyB\u0001\u0002\u0011\u0001\u0003\u0002\u0003\u0006Y!\u0011\u0005\u0006\r\u0002!\ta\u0012\u0005\t\u001d\u0002A)\u0019!C\u0002\u001f\"9\u0001\f\u0001b\u0001\n\u0013I\u0006B\u00021\u0001A\u0003%!\fC\u0003b\u0001\u0011\u0005!\rC\u0003j\u0001\u0011\u0005!\u000eC\u0003y\u0001\u0011\u0005!\rC\u0003z\u0001\u0011\u0005!\rC\u0003{\u0001\u0011\u00051\u0010C\u0003~\u0001\u0011\u0005!\rC\u0003\u007f\u0001\u0011\u0005q\u0010C\u0004\u0002H\u0001!\t!!\u0013\t\u000f\u0005u\u0003\u0001\"\u0001\u0002`!9\u0011\u0011\r\u0001\u0005\u0002\u0005\r\u0004bBA5\u0001\u0011\u0005\u00111\u000e\u0005\b\u0003_\u0002A\u0011AA9\u0011\u001d\t)\b\u0001C\u0001\u0003oBq!a\u001f\u0001\t\u0003\ti\b\u0003\u0004\u0002\u0002\u0002!\tA\u0019\u0005\b\u0003\u0007\u0003A\u0011AAC\u0011\u001d\t9\t\u0001C\u0001\u0003\u0013\u0013q\"V:feN\u001cuN\u001c;s_2dWM\u001d\u0006\u00037q\t\u0001\"\u00193nS:\f\u0007/\u001b\u0006\u0003;y\t1bY8oiJ|G\u000e\\3sg*\tq$\u0001\u0005pi>\u0014xn\u001d5j\u0007\u0001\u00192\u0001\u0001\u0012-!\t\u0019#&D\u0001%\u0015\t)c%A\u0002nm\u000eT!a\n\u0015\u0002\u0007\u0005\u0004\u0018NC\u0001*\u0003\u0011\u0001H.Y=\n\u0005-\"#AE!cgR\u0014\u0018m\u0019;D_:$(o\u001c7mKJ\u0004\"!L\u0019\u000e\u00039R!!H\u0018\u000b\u0005Ar\u0012!B;uS2\u001c\u0018B\u0001\u001a/\u00059\tE-\\5o\u0003BL\u0007*\u001a7qKJ\f\u0011\"\u00119j\u0003\u000e$\u0018n\u001c8\u0011\u0005UBT\"\u0001\u001c\u000b\u0005]r\u0012aB1di&|gn]\u0005\u0003sY\u0012\u0011\"\u00119j\u0003\u000e$\u0018n\u001c8\u0002\u0005\r\u001c\u0007CA\u0012=\u0013\tiDE\u0001\u000bD_:$(o\u001c7mKJ\u001cu.\u001c9p]\u0016tGo]\u0005\u0003\u007f)\nAcY8oiJ|G\u000e\\3s\u0007>l\u0007o\u001c8f]R\u001c\u0018aA3omB\u0011!\tR\u0007\u0002\u0007*\u0011\u0001IH\u0005\u0003\u000b\u000e\u00131!\u00128w\u0003\u0019a\u0014N\\5u}Q\u0019\u0001\nT'\u0015\u0005%[\u0005C\u0001&\u0001\u001b\u0005Q\u0002\"\u0002!\u0005\u0001\b\t\u0005\"B\u001a\u0005\u0001\u0004!\u0004\"\u0002\u001e\u0005\u0001\u0004Y\u0014AA3d+\u0005\u0001\u0006CA)W\u001b\u0005\u0011&BA*U\u0003)\u0019wN\\2veJ,g\u000e\u001e\u0006\u0002+\u0006)1oY1mC&\u0011qK\u0015\u0002\u0011\u000bb,7-\u001e;j_:\u001cuN\u001c;fqR\f!CZ1lK\n\u000b7m[(gM&\u001cW-V:feV\t!\f\u0005\u0002\\=6\tAL\u0003\u0002^=\u00051Qn\u001c3fYNL!a\u0018/\u0003\u001d\t\u000b7m[(gM&\u001cW-V:fe\u0006\u0019b-Y6f\u0005\u0006\u001c7n\u00144gS\u000e,Wk]3sA\u0005A1/Z:tS>t7\u000fF\u0001d!\r\u0019CMZ\u0005\u0003K\u0012\u0012a!Q2uS>t\u0007CA\u0012h\u0013\tAGE\u0001\u0006B]f\u001cuN\u001c;f]R\fa\u0002Z5tG\u0006\u0014HmU3tg&|g\u000e\u0006\u0002dW\")A.\u0003a\u0001[\u0006\u0011\u0011\u000e\u001a\t\u0003]Vt!a\\:\u0011\u0005A$V\"A9\u000b\u0005I\u0004\u0013A\u0002\u001fs_>$h(\u0003\u0002u)\u00061\u0001K]3eK\u001aL!A^<\u0003\rM#(/\u001b8h\u0015\t!H+\u0001\neSN\u001c\u0017M\u001d3BY2\u001cVm]:j_:\u001c\u0018a\u00059sSZ\fG/Z!qaN\u001cVm]:j_:\u001c\u0018!\u00073jg\u000e\f'\u000f\u001a)sSZ\fG/Z!qaN\u001cVm]:j_:$\"a\u0019?\t\u000b1d\u0001\u0019A7\u0002;\u0011L7oY1sI\u0006cG\u000e\u0015:jm\u0006$X-\u00119qgN+7o]5p]N\f!c\u00195fG.tUm^+tKJ\u0014\u0016n\u001a5ugR1\u0011\u0011AA\u000e\u0003{!B!a\u0001\u0002\u0010A)\u0011+!\u0002\u0002\n%\u0019\u0011q\u0001*\u0003\r\u0019+H/\u001e:f!\r\u0019\u00131B\u0005\u0004\u0003\u001b!#A\u0002*fgVdG\u000f\u0003\u0005\u0002\u00129!\t\u0019AA\n\u0003\u00051\u0007CBA\u000b\u0003/\t\u0019!D\u0001U\u0013\r\tI\u0002\u0016\u0002\ty\tLh.Y7f}!9\u0011Q\u0004\bA\u0002\u0005}\u0011aA2uqB\"\u0011\u0011EA\u0016!\u0015)\u00141EA\u0014\u0013\r\t)C\u000e\u0002\u0011\u0003BL\u0017i\u0019;j_:\u001cuN\u001c;fqR\u0004B!!\u000b\u0002,1\u0001A\u0001DA\u0017\u00037\t\t\u0011!A\u0003\u0002\u0005=\"aA0%cE!\u0011\u0011GA\u001c!\u0011\t)\"a\r\n\u0007\u0005UBKA\u0004O_RD\u0017N\\4\u0011\t\u0005U\u0011\u0011H\u0005\u0004\u0003w!&aA!os\"9\u0011q\b\bA\u0002\u0005\u0005\u0013A\u0002:jO\"$8\u000fE\u0002\\\u0003\u0007J1!!\u0012]\u0005))6/\u001a:SS\u001eDGo]\u0001\u0014e\u0016<\u0017n\u001d;feNKW\u000e\u001d7f\u0003\u0012l\u0017N\\\u000b\u0003\u0003\u0017\u0002Ba\t3\u0002NA!\u0011qJA-\u001b\t\t\tF\u0003\u0003\u0002T\u0005U\u0013\u0001\u00026t_:T1!a\u0016'\u0003\u0011a\u0017NY:\n\t\u0005m\u0013\u0011\u000b\u0002\b\u0015N4\u0016\r\\;f\u00031\u0019\u0018.\u001c9mK\u0006#W.\u001b8t+\u0005\u0019\u0017a\u00033fY\u0016$X-\u00113nS:$2aYA3\u0011\u0019\t9'\u0005a\u0001[\u0006AQo]3s]\u0006lW-A\u0005gS:$\u0017\tZ7j]R\u00191-!\u001c\t\r\u0005\u001d$\u00031\u0001n\u0003-)\b\u000fZ1uK\u0006#W.\u001b8\u0015\t\u0005-\u00131\u000f\u0005\u0007\u0003O\u001a\u0002\u0019A7\u0002#\u0019Lg\u000eZ,fE\u0006+H\u000f\u001b8BI6Lg\u000eF\u0002d\u0003sBa!a\u001a\u0015\u0001\u0004i\u0017aE;qI\u0006$XmV3c\u0003V$\bN\\!e[&tG\u0003BA&\u0003\u007fBa!a\u001a\u0016\u0001\u0004i\u0017AD<fE\u0006+H\u000f\u001b8BI6Lgn]\u0001\u0016e\u0016<\u0017n\u001d;fe^+'-Q;uQ:\fE-\\5o)\t\tY%A\nxK\n\fU\u000f\u001e5o\t\u0016dW\r^3BI6Lg\u000eF\u0003d\u0003\u0017\u000bi\t\u0003\u0004\u0002ha\u0001\r!\u001c\u0005\u0006Yb\u0001\r!\u001c")
/* loaded from: input_file:otoroshi/controllers/adminapi/UsersController.class */
public class UsersController extends AbstractController implements AdminApiHelper {
    private ExecutionContext ec;
    private final ApiAction ApiAction;
    private final Env env;
    private final BackOfficeUser fakeBackOfficeUser;
    private volatile boolean bitmap$0;

    @Override // otoroshi.utils.controllers.AdminApiHelper
    public void sendAudit(String str, String str2, JsObject jsObject, ApiActionContext<?> apiActionContext, Env env) {
        sendAudit(str, str2, jsObject, apiActionContext, env);
    }

    @Override // otoroshi.utils.controllers.AdminApiHelper
    public void sendAuditAndAlert(String str, String str2, String str3, JsObject jsObject, ApiActionContext<?> apiActionContext, Env env) {
        sendAuditAndAlert(str, str2, str3, jsObject, apiActionContext, env);
    }

    @Override // otoroshi.utils.controllers.AdminApiHelper
    public void sendAuditAndAlert(SendAuditAndAlert sendAuditAndAlert, Env env) {
        sendAuditAndAlert(sendAuditAndAlert, env);
    }

    @Override // otoroshi.utils.controllers.AdminApiHelper
    public <Entity, Error> Future<Either<ApiError<Error>, Seq<Entity>>> fetchWithPaginationAndFiltering(ApiActionContext<?> apiActionContext, Option<String> option, Function1<Entity, JsValue> function1, SendAuditAndAlert sendAuditAndAlert, Function0<Future<Either<ApiError<Error>, Seq<Entity>>>> function0, Env env, ExecutionContext executionContext) {
        Future<Either<ApiError<Error>, Seq<Entity>>> fetchWithPaginationAndFiltering;
        fetchWithPaginationAndFiltering = fetchWithPaginationAndFiltering(apiActionContext, option, function1, sendAuditAndAlert, function0, env, executionContext);
        return fetchWithPaginationAndFiltering;
    }

    @Override // otoroshi.utils.controllers.AdminApiHelper
    public <Entity, Error> Future<Result> fetchWithPaginationAndFilteringAsResult(ApiActionContext<?> apiActionContext, Option<String> option, Function1<Entity, JsValue> function1, SendAuditAndAlert sendAuditAndAlert, Function0<Future<Either<ApiError<Error>, Seq<Entity>>>> function0, Env env, ExecutionContext executionContext) {
        Future<Result> fetchWithPaginationAndFilteringAsResult;
        fetchWithPaginationAndFilteringAsResult = fetchWithPaginationAndFilteringAsResult(apiActionContext, option, function1, sendAuditAndAlert, function0, env, executionContext);
        return fetchWithPaginationAndFilteringAsResult;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [otoroshi.controllers.adminapi.UsersController] */
    private ExecutionContext ec$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.ec = this.env.otoroshiExecutionContext();
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.ec;
    }

    public ExecutionContext ec() {
        return !this.bitmap$0 ? ec$lzycompute() : this.ec;
    }

    private BackOfficeUser fakeBackOfficeUser() {
        return this.fakeBackOfficeUser;
    }

    public Action<AnyContent> sessions() {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.fetchWithPaginationAndFilteringAsResult(apiActionContext, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("filter.")), backOfficeUser -> {
                return backOfficeUser.toJson();
            }, new SendAuditAndAlert("ACCESS_ADMIN_SESSIONS", "User accessed admin session", None$.MODULE$, Json$.MODULE$.obj(Nil$.MODULE$), apiActionContext), () -> {
                implicits$BetterFuture$ implicits_betterfuture_ = implicits$BetterFuture$.MODULE$;
                implicits$ implicits_ = implicits$.MODULE$;
                BackOfficeUserDataStore backOfficeUserDataStore = this.env.datastores().backOfficeUserDataStore();
                return implicits_betterfuture_.fright$extension(implicits_.BetterFuture(backOfficeUserDataStore.findAll(backOfficeUserDataStore.findAll$default$1(), this.ec(), this.env).map(seq -> {
                    return (Seq) seq.filter(entityLocationSupport -> {
                        return BoxesRunTime.boxToBoolean($anonfun$sessions$5(this, apiActionContext, entityLocationSupport));
                    });
                }, this.ec())), this.ec());
            }, this.env, this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> discardSession(String str) {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().globalConfigDataStore().singleton(this.ec(), this.env).filter(globalConfig -> {
                return BoxesRunTime.boxToBoolean($anonfun$discardSession$2(globalConfig));
            }, this.ec()).flatMap(globalConfig2 -> {
                return this.env.datastores().backOfficeUserDataStore().findById(str, this.ec(), this.env).flatMap(option -> {
                    boolean z = false;
                    if (None$.MODULE$.equals(option)) {
                        return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("Session not found !", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                    }
                    if (option instanceof Some) {
                        z = true;
                        if (!apiActionContext.canUserWrite((BackOfficeUser) ((Some) option).value(), this.env)) {
                            return apiActionContext.fforbidden();
                        }
                    }
                    if (z) {
                        return this.env.datastores().backOfficeUserDataStore().discardSession(str, this.ec(), this.env).map(obj -> {
                            return $anonfun$discardSession$5(this, apiActionContext, str, BoxesRunTime.unboxToLong(obj));
                        }, this.ec());
                    }
                    throw new MatchError(option);
                }, this.ec());
            }, this.ec()).recover(new UsersController$$anonfun$$nestedInanonfun$discardSession$1$1(this), this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> discardAllSessions() {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$SuperAdminOnly$.MODULE$, this.env.datastores().globalConfigDataStore().singleton(this.ec(), this.env).filter(globalConfig -> {
                return BoxesRunTime.boxToBoolean($anonfun$discardAllSessions$2(globalConfig));
            }, this.ec()).flatMap(globalConfig2 -> {
                return this.env.datastores().backOfficeUserDataStore().discardAllSessions(this.ec(), this.env).map(obj -> {
                    return $anonfun$discardAllSessions$4(this, apiActionContext, BoxesRunTime.unboxToLong(obj));
                }, this.ec());
            }, this.ec()).recover(new UsersController$$anonfun$$nestedInanonfun$discardAllSessions$1$1(this), this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> privateAppsSessions() {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.fetchWithPaginationAndFilteringAsResult(apiActionContext, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("filter.")), privateAppsUser -> {
                return privateAppsUser.toJson();
            }, new SendAuditAndAlert("ACCESS_PRIVATE_APPS_SESSIONS", "User accessed private apps session", None$.MODULE$, Json$.MODULE$.obj(Nil$.MODULE$), apiActionContext), () -> {
                implicits$BetterFuture$ implicits_betterfuture_ = implicits$BetterFuture$.MODULE$;
                implicits$ implicits_ = implicits$.MODULE$;
                PrivateAppsUserDataStore privateAppsUserDataStore = this.env.datastores().privateAppsUserDataStore();
                return implicits_betterfuture_.fright$extension(implicits_.BetterFuture(privateAppsUserDataStore.findAll(privateAppsUserDataStore.findAll$default$1(), this.ec(), this.env).map(seq -> {
                    return (Seq) seq.filter(entityLocationSupport -> {
                        return BoxesRunTime.boxToBoolean($anonfun$privateAppsSessions$5(this, apiActionContext, entityLocationSupport));
                    });
                }, this.ec())), this.ec());
            }, this.env, this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> discardPrivateAppsSession(String str) {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().globalConfigDataStore().singleton(this.ec(), this.env).filter(globalConfig -> {
                return BoxesRunTime.boxToBoolean($anonfun$discardPrivateAppsSession$2(globalConfig));
            }, this.ec()).flatMap(globalConfig2 -> {
                return this.env.datastores().privateAppsUserDataStore().findById(str, this.ec(), this.env).flatMap(option -> {
                    boolean z = false;
                    if (None$.MODULE$.equals(option)) {
                        return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("Session not found", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                    }
                    if (option instanceof Some) {
                        z = true;
                        if (!apiActionContext.canUserWrite((PrivateAppsUser) ((Some) option).value(), this.env)) {
                            return apiActionContext.fforbidden();
                        }
                    }
                    if (z) {
                        return this.env.datastores().privateAppsUserDataStore().delete(str, this.ec(), this.env).map(obj -> {
                            return $anonfun$discardPrivateAppsSession$5(this, apiActionContext, str, BoxesRunTime.unboxToBoolean(obj));
                        }, this.ec());
                    }
                    throw new MatchError(option);
                }, this.ec());
            }, this.ec()).recover(new UsersController$$anonfun$$nestedInanonfun$discardPrivateAppsSession$1$1(this), this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> discardAllPrivateAppsSessions() {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$SuperAdminOnly$.MODULE$, this.env.datastores().globalConfigDataStore().singleton(this.ec(), this.env).filter(globalConfig -> {
                return BoxesRunTime.boxToBoolean($anonfun$discardAllPrivateAppsSessions$2(globalConfig));
            }, this.ec()).flatMap(globalConfig2 -> {
                return this.env.datastores().privateAppsUserDataStore().deleteAll(this.ec(), this.env).map(obj -> {
                    return $anonfun$discardAllPrivateAppsSessions$4(this, apiActionContext, BoxesRunTime.unboxToLong(obj));
                }, this.ec());
            }, this.ec()).recover(new UsersController$$anonfun$$nestedInanonfun$discardAllPrivateAppsSessions$1$1(this), this.ec()), this.ec(), this.env);
        });
    }

    public Future<Result> checkNewUserRights(ApiActionContext<?> apiActionContext, UserRights userRights, Function0<Future<Result>> function0) {
        boolean z;
        if (!apiActionContext.userIsSuperAdmin(this.env) && userRights.superAdmin(this.env)) {
            return (Future) FastFuture$.MODULE$.successful().apply(Forbidden().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("you can't set superadmin rights to an admin", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
        }
        boolean z2 = false;
        Right right = null;
        Either<String, Option<BackOfficeUser>> backOfficeUser = apiActionContext.backOfficeUser(this.env);
        if (!(backOfficeUser instanceof Left)) {
            if (backOfficeUser instanceof Right) {
                z2 = true;
                right = (Right) backOfficeUser;
                if (None$.MODULE$.equals((Option) right.value())) {
                    z = true;
                }
            }
            if (z2) {
                Some some = (Option) right.value();
                if (some instanceof Some) {
                    BackOfficeUser backOfficeUser2 = (BackOfficeUser) some.value();
                    Seq seq = (Seq) backOfficeUser2.rights().rights().map(userRight -> {
                        return userRight.tenant();
                    }, Seq$.MODULE$.canBuildFrom());
                    Seq seq2 = (Seq) userRights.rights().map(userRight2 -> {
                        return userRight2.tenant();
                    }, Seq$.MODULE$.canBuildFrom());
                    boolean contains = ((SeqLike) seq.map(tenantAccess -> {
                        return tenantAccess.value();
                    }, Seq$.MODULE$.canBuildFrom())).contains("*");
                    boolean exists = seq2.exists(tenantAccess2 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$checkNewUserRights$4(seq, tenantAccess2));
                    });
                    boolean exists2 = backOfficeUser2.rights().rights().exists(userRight3 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$checkNewUserRights$5(backOfficeUser2, userRight3));
                    });
                    z = contains ? !exists2 : (exists || exists2) ? false : true;
                }
            }
            throw new MatchError(backOfficeUser);
        }
        z = true;
        return z ? (Future) function0.apply() : (Future) FastFuture$.MODULE$.successful().apply(Forbidden().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("you can't set superadmin rights to an admin", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
    }

    public Action<JsValue> registerSimpleAdmin() {
        return this.ApiAction.async(parse().json(), apiActionContext -> {
            RightsChecker$TenantAdminOnly$ rightsChecker$TenantAdminOnly$ = RightsChecker$TenantAdminOnly$.MODULE$;
            Option filterNot = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "username").asOpt(Reads$.MODULE$.StringReads()).filterNot(str -> {
                return BoxesRunTime.boxToBoolean(str.isBlank());
            });
            Option filterNot2 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "password").asOpt(Reads$.MODULE$.StringReads()).filterNot(str2 -> {
                return BoxesRunTime.boxToBoolean(str2.isBlank());
            });
            Option asOpt = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "label").asOpt(Reads$.MODULE$.StringReads());
            UserRights userRights = apiActionContext.userIsSuperAdmin(this.env) ? new UserRights(new $colon.colon(new UserRight(TenantAccess$.MODULE$.apply("*"), new $colon.colon(TeamAccess$.MODULE$.apply("*"), Nil$.MODULE$)), Nil$.MODULE$)) : new UserRights(new $colon.colon(new UserRight(TenantAccess$.MODULE$.apply(apiActionContext.currentTenant().value()), new $colon.colon(TeamAccess$.MODULE$.apply("*"), Nil$.MODULE$)), Nil$.MODULE$));
            return apiActionContext.checkRights(rightsChecker$TenantAdminOnly$, this.checkNewUserRights(apiActionContext, userRights, () -> {
                Tuple3 tuple3 = new Tuple3(filterNot, filterNot2, asOpt);
                if (tuple3 != null) {
                    Some some = (Option) tuple3._1();
                    Some some2 = (Option) tuple3._2();
                    Some some3 = (Option) tuple3._3();
                    if (some instanceof Some) {
                        String str3 = (String) some.value();
                        if (some2 instanceof Some) {
                            String str4 = (String) some2.value();
                            if (some3 instanceof Some) {
                                String str5 = (String) some3.value();
                                SimpleOtoroshiAdmin simpleOtoroshiAdmin = new SimpleOtoroshiAdmin(str3, BCrypt.hashpw(str4, BCrypt.gensalt()), str5, DateTime.now(), OtoroshiAdminType$SimpleAdmin$.MODULE$, SimpleOtoroshiAdmin$.MODULE$.apply$default$6(), (Map) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "metadata").asOpt(Reads$.MODULE$.mapReads(Reads$.MODULE$.StringReads())).getOrElse(() -> {
                                    return Predef$.MODULE$.Map().empty();
                                }), userRights, new EntityLocation(apiActionContext.currentTenant(), new $colon.colon(TeamId$.MODULE$.all(), Nil$.MODULE$)), Predef$.MODULE$.Map().empty());
                                return this.env.datastores().simpleAdminDataStore().findByUsername(str3, this.ec(), this.env).flatMap(option -> {
                                    if (option instanceof Some) {
                                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("user already exists", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                    }
                                    if (!None$.MODULE$.equals(option)) {
                                        throw new MatchError(option);
                                    }
                                    Left validateEntity = apiActionContext.validateEntity(simpleOtoroshiAdmin.json(), "simple-admin-user", this.env);
                                    if (validateEntity instanceof Left) {
                                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((JsValue) validateEntity.value(), Writes$.MODULE$.jsValueWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                    }
                                    if (validateEntity instanceof Right) {
                                        return this.env.datastores().simpleAdminDataStore().registerUser(simpleOtoroshiAdmin, this.ec(), this.env).map(obj -> {
                                            return $anonfun$registerSimpleAdmin$7(this, str3, BoxesRunTime.unboxToBoolean(obj));
                                        }, this.ec());
                                    }
                                    throw new MatchError(validateEntity);
                                }, this.ec());
                            }
                        }
                    }
                }
                return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("no username or token provided", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
            }), this.ec(), this.env);
        });
    }

    public Action<AnyContent> simpleAdmins() {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.fetchWithPaginationAndFilteringAsResult(apiActionContext, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("filter.")), jsValue -> {
                return jsValue;
            }, new SendAuditAndAlert("ACCESS_SIMPLE_ADMINS", "User accessed simple admins", None$.MODULE$, Json$.MODULE$.obj(Nil$.MODULE$), apiActionContext), () -> {
                return implicits$BetterFuture$.MODULE$.fright$extension(implicits$.MODULE$.BetterFuture(this.env.datastores().simpleAdminDataStore().findAll(this.ec(), this.env).map(seq -> {
                    return (Seq) ((TraversableLike) seq.filter(entityLocationSupport -> {
                        return BoxesRunTime.boxToBoolean($anonfun$simpleAdmins$5(this, apiActionContext, entityLocationSupport));
                    })).map(simpleOtoroshiAdmin -> {
                        return simpleOtoroshiAdmin.json();
                    }, Seq$.MODULE$.canBuildFrom());
                }, this.ec())), this.ec());
            }, this.env, this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> deleteAdmin(String str) {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().simpleAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                boolean z = false;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("User not found !", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                if (option instanceof Some) {
                    z = true;
                    if (!apiActionContext.canUserWrite((SimpleOtoroshiAdmin) ((Some) option).value(), this.env)) {
                        return apiActionContext.fforbidden();
                    }
                }
                if (z) {
                    return this.env.datastores().simpleAdminDataStore().deleteUser(str, this.ec(), this.env).map(obj -> {
                        return $anonfun$deleteAdmin$3(this, apiActionContext, str, BoxesRunTime.unboxToLong(obj));
                    }, this.ec());
                }
                throw new MatchError(option);
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> findAdmin(String str) {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().simpleAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                boolean z = false;
                Some some = null;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("user not found", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                if (option instanceof Some) {
                    z = true;
                    some = (Some) option;
                    if (!apiActionContext.canUserRead((SimpleOtoroshiAdmin) some.value(), this.env)) {
                        return apiActionContext.fforbidden();
                    }
                }
                if (z) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Ok().apply(((SimpleOtoroshiAdmin) some.value()).json(), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                throw new MatchError(option);
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<JsValue> updateAdmin(String str) {
        return this.ApiAction.async(parse().json(), apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().simpleAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                boolean z = false;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("user not found", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                if (option instanceof Some) {
                    z = true;
                    if (!apiActionContext.canUserWrite((SimpleOtoroshiAdmin) ((Some) option).value(), this.env)) {
                        return apiActionContext.fforbidden();
                    }
                }
                if (!z) {
                    throw new MatchError(option);
                }
                JsValue jsValue = (JsValue) apiActionContext.mo7request().body();
                Left validateEntity = apiActionContext.validateEntity(jsValue, "simple-admin-user", this.env);
                if (validateEntity instanceof Left) {
                    return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((JsValue) validateEntity.value(), Writes$.MODULE$.jsValueWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                }
                if (!(validateEntity instanceof Right)) {
                    throw new MatchError(validateEntity);
                }
                SimpleOtoroshiAdmin simpleOtoroshiAdmin = (SimpleOtoroshiAdmin) SimpleOtoroshiAdmin$.MODULE$.fmt().reads(jsValue).get();
                return this.checkNewUserRights(apiActionContext, simpleOtoroshiAdmin.rights(), () -> {
                    SimpleOtoroshiAdmin copy = simpleOtoroshiAdmin.copy(str, simpleOtoroshiAdmin.copy$default$2(), simpleOtoroshiAdmin.copy$default$3(), simpleOtoroshiAdmin.copy$default$4(), simpleOtoroshiAdmin.copy$default$5(), simpleOtoroshiAdmin.copy$default$6(), simpleOtoroshiAdmin.copy$default$7(), simpleOtoroshiAdmin.copy$default$8(), simpleOtoroshiAdmin.copy$default$9(), simpleOtoroshiAdmin.copy$default$10());
                    return this.env.datastores().simpleAdminDataStore().registerUser(copy, this.ec(), this.env).map(obj -> {
                        return $anonfun$updateAdmin$4(this, copy, BoxesRunTime.unboxToBoolean(obj));
                    }, this.ec());
                });
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> findWebAuthnAdmin(String str) {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().webAuthnAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                boolean z = false;
                Some some = null;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("user not found", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                if (option instanceof Some) {
                    z = true;
                    some = (Some) option;
                    if (!apiActionContext.canUserWrite((WebAuthnOtoroshiAdmin) some.value(), this.env)) {
                        return apiActionContext.fforbidden();
                    }
                }
                if (z) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Ok().apply(((WebAuthnOtoroshiAdmin) some.value()).json(), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                throw new MatchError(option);
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<JsValue> updateWebAuthnAdmin(String str) {
        return this.ApiAction.async(parse().json(), apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().webAuthnAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                boolean z = false;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("user not found", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                if (option instanceof Some) {
                    z = true;
                    if (!apiActionContext.canUserWrite((WebAuthnOtoroshiAdmin) ((Some) option).value(), this.env)) {
                        return apiActionContext.fforbidden();
                    }
                }
                if (!z) {
                    throw new MatchError(option);
                }
                JsValue jsValue = (JsValue) apiActionContext.mo7request().body();
                Left validateEntity = apiActionContext.validateEntity(jsValue, "simple-admin-user", this.env);
                if (validateEntity instanceof Left) {
                    return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((JsValue) validateEntity.value(), Writes$.MODULE$.jsValueWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                }
                if (!(validateEntity instanceof Right)) {
                    throw new MatchError(validateEntity);
                }
                WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin = (WebAuthnOtoroshiAdmin) WebAuthnOtoroshiAdmin$.MODULE$.fmt().reads(jsValue).get();
                return this.checkNewUserRights(apiActionContext, webAuthnOtoroshiAdmin.rights(), () -> {
                    WebAuthnOtoroshiAdmin copy = webAuthnOtoroshiAdmin.copy(str, webAuthnOtoroshiAdmin.copy$default$2(), webAuthnOtoroshiAdmin.copy$default$3(), webAuthnOtoroshiAdmin.copy$default$4(), webAuthnOtoroshiAdmin.copy$default$5(), webAuthnOtoroshiAdmin.copy$default$6(), webAuthnOtoroshiAdmin.copy$default$7(), webAuthnOtoroshiAdmin.copy$default$8(), webAuthnOtoroshiAdmin.copy$default$9(), webAuthnOtoroshiAdmin.copy$default$10(), webAuthnOtoroshiAdmin.copy$default$11(), webAuthnOtoroshiAdmin.copy$default$12());
                    return this.env.datastores().webAuthnAdminDataStore().registerUser(copy, this.ec(), this.env).map(obj -> {
                        return $anonfun$updateWebAuthnAdmin$4(this, copy, BoxesRunTime.unboxToBoolean(obj));
                    }, this.ec());
                });
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<AnyContent> webAuthnAdmins() {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.fetchWithPaginationAndFilteringAsResult(apiActionContext, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("filter.")), jsValue -> {
                return jsValue;
            }, new SendAuditAndAlert("ACCESS_WEBAUTHN_ADMINS", "User accessed webauthn admins", None$.MODULE$, Json$.MODULE$.obj(Nil$.MODULE$), apiActionContext), () -> {
                return implicits$BetterFuture$.MODULE$.fright$extension(implicits$.MODULE$.BetterFuture(this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).map(seq -> {
                    return (Seq) ((TraversableLike) seq.filter(entityLocationSupport -> {
                        return BoxesRunTime.boxToBoolean($anonfun$webAuthnAdmins$5(this, apiActionContext, entityLocationSupport));
                    })).map(webAuthnOtoroshiAdmin -> {
                        return webAuthnOtoroshiAdmin.json();
                    }, Seq$.MODULE$.canBuildFrom());
                }, this.ec())), this.ec());
            }, this.env, this.ec()), this.ec(), this.env);
        });
    }

    public Action<JsValue> registerWebAuthnAdmin() {
        return this.ApiAction.async(parse().json(), apiActionContext -> {
            RightsChecker$TenantAdminOnly$ rightsChecker$TenantAdminOnly$ = RightsChecker$TenantAdminOnly$.MODULE$;
            Option asOpt = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "username").asOpt(Reads$.MODULE$.StringReads());
            Option asOpt2 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "password").asOpt(Reads$.MODULE$.StringReads());
            Option asOpt3 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "label").asOpt(Reads$.MODULE$.StringReads());
            Option asOpt4 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "credential").asOpt(Reads$.MODULE$.JsValueReads());
            Option asOpt5 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "handle").asOpt(Reads$.MODULE$.StringReads());
            UserRights readFromObject = UserRights$.MODULE$.readFromObject((JsValue) apiActionContext.mo7request().body());
            return apiActionContext.checkRights(rightsChecker$TenantAdminOnly$, this.checkNewUserRights(apiActionContext, readFromObject, () -> {
                Tuple4 tuple4 = new Tuple4(asOpt, asOpt2, asOpt3, asOpt5);
                if (tuple4 != null) {
                    Some some = (Option) tuple4._1();
                    Some some2 = (Option) tuple4._2();
                    Some some3 = (Option) tuple4._3();
                    Some some4 = (Option) tuple4._4();
                    if (some instanceof Some) {
                        String str = (String) some.value();
                        if (some2 instanceof Some) {
                            String str2 = (String) some2.value();
                            if (some3 instanceof Some) {
                                String str3 = (String) some3.value();
                                if (some4 instanceof Some) {
                                    String str4 = (String) some4.value();
                                    WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin = new WebAuthnOtoroshiAdmin(str, BCrypt.hashpw(str2, BCrypt.gensalt()), str3, str4, (Map) asOpt4.map(jsValue -> {
                                        return Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(JsLookup$.MODULE$.$bslash$extension1(JsLookupResult$.MODULE$.jsLookupResultToJsLookup(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "keyId")), "id").as(Reads$.MODULE$.StringReads())), jsValue)}));
                                    }).getOrElse(() -> {
                                        return Predef$.MODULE$.Map().empty();
                                    }), DateTime.now(), OtoroshiAdminType$WebAuthnAdmin$.MODULE$, WebAuthnOtoroshiAdmin$.MODULE$.apply$default$8(), (Map) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) apiActionContext.mo7request().body()), "metadata").asOpt(Reads$.MODULE$.mapReads(Reads$.MODULE$.StringReads())).getOrElse(() -> {
                                        return Predef$.MODULE$.Map().empty();
                                    }), readFromObject, new EntityLocation(apiActionContext.currentTenant(), new $colon.colon(TeamId$.MODULE$.all(), Nil$.MODULE$)), Predef$.MODULE$.Map().empty());
                                    return this.env.datastores().webAuthnAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                                        if (option instanceof Some) {
                                            return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("user already exists", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                        }
                                        if (!None$.MODULE$.equals(option)) {
                                            throw new MatchError(option);
                                        }
                                        Left validateEntity = apiActionContext.validateEntity(webAuthnOtoroshiAdmin.json(), "simple-admin-user", this.env);
                                        if (validateEntity instanceof Left) {
                                            return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((JsValue) validateEntity.value(), Writes$.MODULE$.jsValueWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                        }
                                        if (validateEntity instanceof Right) {
                                            return this.env.datastores().webAuthnAdminDataStore().registerUser(webAuthnOtoroshiAdmin, this.ec(), this.env).map(obj -> {
                                                return $anonfun$registerWebAuthnAdmin$7(this, str, BoxesRunTime.unboxToBoolean(obj));
                                            }, this.ec());
                                        }
                                        throw new MatchError(validateEntity);
                                    }, this.ec());
                                }
                            }
                        }
                    }
                }
                return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("no username or token provided", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
            }), this.ec(), this.env);
        });
    }

    public Action<AnyContent> webAuthnDeleteAdmin(String str, String str2) {
        return this.ApiAction.async(apiActionContext -> {
            return apiActionContext.checkRights(RightsChecker$TenantAdminOnly$.MODULE$, this.env.datastores().webAuthnAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                boolean z = false;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("User not found !", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }
                if (option instanceof Some) {
                    z = true;
                    if (!apiActionContext.canUserWrite((WebAuthnOtoroshiAdmin) ((Some) option).value(), this.env)) {
                        return apiActionContext.fforbidden();
                    }
                }
                if (z) {
                    return this.env.datastores().webAuthnAdminDataStore().deleteUser(str, this.ec(), this.env).map(obj -> {
                        return $anonfun$webAuthnDeleteAdmin$3(this, apiActionContext, str, str2, BoxesRunTime.unboxToLong(obj));
                    }, this.ec());
                }
                throw new MatchError(option);
            }, this.ec()), this.ec(), this.env);
        });
    }

    public static final /* synthetic */ boolean $anonfun$sessions$5(UsersController usersController, ApiActionContext apiActionContext, EntityLocationSupport entityLocationSupport) {
        return apiActionContext.canUserRead(entityLocationSupport, usersController.env);
    }

    public static final /* synthetic */ boolean $anonfun$discardSession$2(GlobalConfig globalConfig) {
        return !globalConfig.apiReadOnly();
    }

    public static final /* synthetic */ Result $anonfun$discardSession$5(UsersController usersController, ApiActionContext apiActionContext, String str, long j) {
        AdminApiEvent adminApiEvent = new AdminApiEvent(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), new Some(apiActionContext.apiKey()), None$.MODULE$, "DISCARD_SESSION", "Admin discarded an Admin session", apiActionContext.from(usersController.env), apiActionContext.ua(), Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("sessionId"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), AdminApiEvent$.MODULE$.apply$default$10());
        Audit$.MODULE$.send(adminApiEvent, usersController.env);
        Alerts$.MODULE$.send(new SessionDiscardedAlert(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), usersController.fakeBackOfficeUser(), adminApiEvent, apiActionContext.from(usersController.env), apiActionContext.ua(), SessionDiscardedAlert$.MODULE$.apply$default$7()), usersController.env);
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("done"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(true), Writes$.MODULE$.BooleanWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$discardAllSessions$2(GlobalConfig globalConfig) {
        return !globalConfig.apiReadOnly();
    }

    public static final /* synthetic */ Result $anonfun$discardAllSessions$4(UsersController usersController, ApiActionContext apiActionContext, long j) {
        AdminApiEvent adminApiEvent = new AdminApiEvent(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), new Some(apiActionContext.apiKey()), None$.MODULE$, "DISCARD_SESSIONS", "Admin discarded Admin sessions", apiActionContext.from(usersController.env), apiActionContext.ua(), Json$.MODULE$.obj(Nil$.MODULE$), AdminApiEvent$.MODULE$.apply$default$10());
        Audit$.MODULE$.send(adminApiEvent, usersController.env);
        Alerts$.MODULE$.send(new SessionsDiscardedAlert(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), usersController.fakeBackOfficeUser(), adminApiEvent, apiActionContext.from(usersController.env), apiActionContext.ua(), SessionsDiscardedAlert$.MODULE$.apply$default$7()), usersController.env);
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("done"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(true), Writes$.MODULE$.BooleanWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$privateAppsSessions$5(UsersController usersController, ApiActionContext apiActionContext, EntityLocationSupport entityLocationSupport) {
        return apiActionContext.canUserRead(entityLocationSupport, usersController.env);
    }

    public static final /* synthetic */ boolean $anonfun$discardPrivateAppsSession$2(GlobalConfig globalConfig) {
        return !globalConfig.apiReadOnly();
    }

    public static final /* synthetic */ Result $anonfun$discardPrivateAppsSession$5(UsersController usersController, ApiActionContext apiActionContext, String str, boolean z) {
        AdminApiEvent adminApiEvent = new AdminApiEvent(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), new Some(apiActionContext.apiKey()), None$.MODULE$, "DISCARD_PRIVATE_APPS_SESSION", "Admin discarded a private app session", apiActionContext.from(usersController.env), apiActionContext.ua(), Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("sessionId"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), AdminApiEvent$.MODULE$.apply$default$10());
        Audit$.MODULE$.send(adminApiEvent, usersController.env);
        Alerts$.MODULE$.send(new SessionDiscardedAlert(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), usersController.fakeBackOfficeUser(), adminApiEvent, apiActionContext.from(usersController.env), apiActionContext.ua(), SessionDiscardedAlert$.MODULE$.apply$default$7()), usersController.env);
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("done"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(true), Writes$.MODULE$.BooleanWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$discardAllPrivateAppsSessions$2(GlobalConfig globalConfig) {
        return !globalConfig.apiReadOnly();
    }

    public static final /* synthetic */ Result $anonfun$discardAllPrivateAppsSessions$4(UsersController usersController, ApiActionContext apiActionContext, long j) {
        AdminApiEvent adminApiEvent = new AdminApiEvent(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), new Some(apiActionContext.apiKey()), None$.MODULE$, "DISCARD_PRIVATE_APPS_SESSIONS", "Admin discarded private apps sessions", apiActionContext.from(usersController.env), apiActionContext.ua(), Json$.MODULE$.obj(Nil$.MODULE$), AdminApiEvent$.MODULE$.apply$default$10());
        Audit$.MODULE$.send(adminApiEvent, usersController.env);
        Alerts$.MODULE$.send(new SessionsDiscardedAlert(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), usersController.fakeBackOfficeUser(), adminApiEvent, apiActionContext.from(usersController.env), apiActionContext.ua(), SessionsDiscardedAlert$.MODULE$.apply$default$7()), usersController.env);
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("done"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(true), Writes$.MODULE$.BooleanWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$checkNewUserRights$4(Seq seq, TenantAccess tenantAccess) {
        return !seq.contains(tenantAccess);
    }

    public static final /* synthetic */ boolean $anonfun$checkNewUserRights$6(UserRight userRight, UserRight userRight2) {
        String value = userRight2.tenant().value();
        String value2 = userRight.tenant().value();
        return value != null ? value.equals(value2) : value2 == null;
    }

    public static final /* synthetic */ boolean $anonfun$checkNewUserRights$8(Seq seq, TeamAccess teamAccess) {
        return !seq.contains(teamAccess);
    }

    public static final /* synthetic */ boolean $anonfun$checkNewUserRights$5(BackOfficeUser backOfficeUser, UserRight userRight) {
        Some find = backOfficeUser.rights().rights().find(userRight2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkNewUserRights$6(userRight, userRight2));
        });
        if (None$.MODULE$.equals(find)) {
            return false;
        }
        if (!(find instanceof Some)) {
            throw new MatchError(find);
        }
        UserRight userRight3 = (UserRight) find.value();
        Seq<TeamAccess> teams = userRight3.teams();
        Seq<TeamAccess> teams2 = userRight.teams();
        if (((SeqLike) userRight3.teams().map(teamAccess -> {
            return teamAccess.value();
        }, Seq$.MODULE$.canBuildFrom())).contains("*")) {
            return false;
        }
        return teams2.exists(teamAccess2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkNewUserRights$8(teams, teamAccess2));
        });
    }

    public static final /* synthetic */ Result $anonfun$registerSimpleAdmin$7(UsersController usersController, String str, boolean z) {
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$simpleAdmins$5(UsersController usersController, ApiActionContext apiActionContext, EntityLocationSupport entityLocationSupport) {
        return apiActionContext.canUserRead(entityLocationSupport, usersController.env);
    }

    public static final /* synthetic */ Result $anonfun$deleteAdmin$3(UsersController usersController, ApiActionContext apiActionContext, String str, long j) {
        AdminApiEvent adminApiEvent = new AdminApiEvent(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), new Some(apiActionContext.apiKey()), None$.MODULE$, "DELETE_ADMIN", "Admin deleted an Admin", apiActionContext.from(usersController.env), apiActionContext.ua(), Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), AdminApiEvent$.MODULE$.apply$default$10());
        Audit$.MODULE$.send(adminApiEvent, usersController.env);
        Alerts$.MODULE$.send(new U2FAdminDeletedAlert(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), usersController.fakeBackOfficeUser(), adminApiEvent, apiActionContext.from(usersController.env), apiActionContext.ua(), U2FAdminDeletedAlert$.MODULE$.apply$default$7()), usersController.env);
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("done"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(true), Writes$.MODULE$.BooleanWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ Result $anonfun$updateAdmin$4(UsersController usersController, SimpleOtoroshiAdmin simpleOtoroshiAdmin, boolean z) {
        return usersController.Ok().apply(simpleOtoroshiAdmin.json(), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ Result $anonfun$updateWebAuthnAdmin$4(UsersController usersController, WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin, boolean z) {
        return usersController.Ok().apply(webAuthnOtoroshiAdmin.json(), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$webAuthnAdmins$5(UsersController usersController, ApiActionContext apiActionContext, EntityLocationSupport entityLocationSupport) {
        return apiActionContext.canUserRead(entityLocationSupport, usersController.env);
    }

    public static final /* synthetic */ Result $anonfun$registerWebAuthnAdmin$7(UsersController usersController, String str, boolean z) {
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ Result $anonfun$webAuthnDeleteAdmin$3(UsersController usersController, ApiActionContext apiActionContext, String str, String str2, long j) {
        AdminApiEvent adminApiEvent = new AdminApiEvent(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), new Some(apiActionContext.apiKey()), None$.MODULE$, "DELETE_WEBAUTHN_ADMIN", "Admin deleted a WebAuthn Admin", apiActionContext.from(usersController.env), apiActionContext.ua(), Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("id"), Json$.MODULE$.toJsFieldJsValueWrapper(str2, Writes$.MODULE$.StringWrites()))})), AdminApiEvent$.MODULE$.apply$default$10());
        Audit$.MODULE$.send(adminApiEvent, usersController.env);
        Alerts$.MODULE$.send(new WebAuthnAdminDeletedAlert(usersController.env.snowflakeGenerator().nextIdStr(), usersController.env.env(), usersController.fakeBackOfficeUser(), adminApiEvent, apiActionContext.from(usersController.env), apiActionContext.ua(), WebAuthnAdminDeletedAlert$.MODULE$.apply$default$7()), usersController.env);
        return usersController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("done"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(true), Writes$.MODULE$.BooleanWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public UsersController(ApiAction apiAction, ControllerComponents controllerComponents, Env env) {
        super(controllerComponents);
        this.ApiAction = apiAction;
        this.env = env;
        AdminApiHelper.$init$(this);
        String str = IdGenerator$.MODULE$.token();
        JsObject obj = Json$.MODULE$.obj(Nil$.MODULE$);
        Seq seq = Nil$.MODULE$;
        Map empty = Predef$.MODULE$.Map().empty();
        UserRights superAdmin = UserRights$.MODULE$.superAdmin();
        EntityLocation entityLocation = new EntityLocation(EntityLocation$.MODULE$.apply$default$1(), EntityLocation$.MODULE$.apply$default$2());
        this.fakeBackOfficeUser = new BackOfficeUser(str, "fake user", "fake.user@otoroshi.io", obj, BackOfficeUser$.MODULE$.apply$default$5(), "none", false, BackOfficeUser$.MODULE$.apply$default$8(), BackOfficeUser$.MODULE$.apply$default$9(), BackOfficeUser$.MODULE$.apply$default$10(), seq, empty, superAdmin, Predef$.MODULE$.Map().empty(), entityLocation);
    }
}
