package com.activiti.rest.editor;

import com.activiti.domain.editor.AbstractModel;
import com.activiti.domain.editor.Model;
import com.activiti.domain.editor.ModelHistory;
import com.activiti.domain.editor.ModelShareInfo;
import com.activiti.domain.editor.SharePermission;
import com.activiti.domain.idm.User;
import com.activiti.model.editor.FormSaveRepresentation;
import com.activiti.model.editor.form.FormDefinitionRepresentation;
import com.activiti.model.editor.form.FormRepresentation;
import com.activiti.security.SecurityUtils;
import com.activiti.service.editor.ModelInternalService;
import com.activiti.service.exception.BadRequestException;
import com.activiti.service.exception.InternalServerErrorException;
import com.activiti.service.exception.NotFoundException;
import com.activiti.service.exception.NotPermittedException;
import com.activiti.util.UserUtil;
import com.codahale.metrics.annotation.Timed;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/rest/form-models"})
@RestController
/* loaded from: input_file:com/activiti/rest/editor/FormResource.class */
public class FormResource extends BaseModelResource {
    private static final Logger logger = LoggerFactory.getLogger(FormResource.class);

    @Inject
    protected ModelInternalService modelService;
    protected ObjectMapper objectMapper = new ObjectMapper();

    @RequestMapping(value = {"/{formId}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Timed
    public FormRepresentation getForm(@PathVariable Long l) {
        return createFormRepresentation(getFormModel(l, true, false));
    }

    @RequestMapping(value = {"/values"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Timed
    public List<FormRepresentation> getForms(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        String[] parameterValues = httpServletRequest.getParameterValues("formId");
        if (parameterValues == null || parameterValues.length == 0) {
            throw new BadRequestException("No formIds provided in the request");
        }
        for (String str : parameterValues) {
            arrayList.add(createFormRepresentation(getFormModel(Long.valueOf(str), true, false)));
        }
        return arrayList;
    }

    @RequestMapping(value = {"/{formId}/history/{formHistoryId}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Timed
    public FormRepresentation getFormHistory(@PathVariable Long l, @PathVariable Long l2) {
        return createFormRepresentation(getFormModelHistory(l, l2, true, false));
    }

    @RequestMapping(value = {"/{formId}"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Timed
    public FormRepresentation saveForm(@PathVariable Long l, @RequestBody FormSaveRepresentation formSaveRepresentation) {
        User currentUserObject = SecurityUtils.getCurrentUserObject();
        Model formModel = getFormModel(l, true, true);
        formModel.setName(formSaveRepresentation.getFormRepresentation().getName());
        formModel.setDescription(formSaveRepresentation.getFormRepresentation().getDescription());
        try {
            FormRepresentation formRepresentation = new FormRepresentation(this.modelService.saveModel(formModel, this.objectMapper.writeValueAsString(formSaveRepresentation.getFormRepresentation().getFormDefinition()), Base64.decodeBase64(formSaveRepresentation.getFormImageBase64().replace("data:image/png;base64,", "")), formSaveRepresentation.isNewVersion(), formSaveRepresentation.getComment(), currentUserObject));
            formRepresentation.setFormDefinition(formSaveRepresentation.getFormRepresentation().getFormDefinition());
            return formRepresentation;
        } catch (Exception e) {
            logger.error("Error while processing form json", e);
            throw new InternalServerErrorException("Form could not be saved " + l);
        }
    }

    protected FormRepresentation createFormRepresentation(AbstractModel abstractModel) {
        try {
            FormDefinitionRepresentation formDefinitionRepresentation = (FormDefinitionRepresentation) this.objectMapper.readValue(abstractModel.getModelEditorJson(), FormDefinitionRepresentation.class);
            FormRepresentation formRepresentation = new FormRepresentation(abstractModel);
            formRepresentation.setFormDefinition(formDefinitionRepresentation);
            return formRepresentation;
        } catch (Exception e) {
            logger.error("Error deserializing form", e);
            throw new InternalServerErrorException("Could not deserialize form definition");
        }
    }

    protected Model getFormModel(Long l, boolean z, boolean z2) {
        Model model = (Model) this.modelRepository.findOne(l);
        if (model == null) {
            NotFoundException notFoundException = new NotFoundException("No model found with the given id: " + l);
            notFoundException.setMessageKey("PROCESS.ERROR.NOT-FOUND");
            throw notFoundException;
        }
        User currentUserObject = SecurityUtils.getCurrentUserObject();
        if (!model.getCreatedBy().equals(currentUserObject)) {
            Model parentModel = model.getReferenceId() != null ? getParentModel(model.getReferenceId()) : model;
            List groupIds = UserUtil.getGroupIds(currentUserObject);
            List findByModelIdWithUserIdOrGroups = CollectionUtils.isNotEmpty(groupIds) ? this.shareInfoRepository.findByModelIdWithUserIdOrGroups(parentModel.getId(), currentUserObject.getId(), groupIds) : this.shareInfoRepository.findByModelIdWithUserId(parentModel.getId(), currentUserObject.getId());
            if (z && CollectionUtils.isEmpty(findByModelIdWithUserIdOrGroups)) {
                throw new NotPermittedException("You are not permitted to access this process model");
            }
            if (z2) {
                if (CollectionUtils.isEmpty(findByModelIdWithUserIdOrGroups)) {
                    throw new NotPermittedException("You are not permitted to access this process model");
                }
                boolean z3 = false;
                Iterator it = findByModelIdWithUserIdOrGroups.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((ModelShareInfo) it.next()).getPermission() == SharePermission.WRITE) {
                        z3 = true;
                        break;
                    }
                }
                if (!z3) {
                    throw new NotPermittedException("You are not permitted to modify this process model");
                }
            }
        }
        return model;
    }

    protected ModelHistory getFormModelHistory(Long l, Long l2, boolean z, boolean z2) {
        Model formModel = getFormModel(l, z, z2);
        ModelHistory modelHistory = (ModelHistory) this.historyRepository.findOne(l2);
        if (modelHistory != null && modelHistory.getRemovalDate() == null && modelHistory.getModelId().equals(formModel.getId())) {
            return modelHistory;
        }
        throw new NotFoundException("Process model history not found: " + l2);
    }

    @Override // com.activiti.rest.editor.BaseModelResource
    protected Model getParentModel(Long l) {
        Model model = (Model) this.modelRepository.findOne(l);
        return model.getReferenceId() != null ? getParentModel(model.getReferenceId()) : model;
    }
}
