package org.apache.nifi.web.api;

import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.UserDTO;
import org.apache.nifi.web.api.dto.search.UserGroupSearchResultDTO;
import org.apache.nifi.web.api.dto.search.UserSearchResultDTO;
import org.apache.nifi.web.api.entity.UserEntity;
import org.apache.nifi.web.api.entity.UserSearchResultsEntity;
import org.apache.nifi.web.api.entity.UsersEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
import org.springframework.security.access.prepost.PreAuthorize;

@Api(hidden = true)
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/web/api/UserResource.class */
public class UserResource extends ApplicationResource {
    private WebClusterManager clusterManager;
    private NiFiProperties properties;
    private NiFiServiceFacade serviceFacade;

    @Path("")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @GET
    @Consumes({"*/*"})
    @ApiOperation(value = "Gets all users", response = UsersEntity.class, authorizations = {@Authorization(value = "Administrator", type = "ROLE_ADMIN")})
    @Produces({"application/json", "application/xml"})
    public Response getUsers(@ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam("clientId") @DefaultValue("") ClientIdParameter clientIdParameter, @ApiParam(value = "Whether to return the users in their respective groups.", required = false) @QueryParam("grouped") @DefaultValue("false") Boolean bool) {
        Collection<UserDTO> users = this.serviceFacade.getUsers(bool);
        RevisionDTO revisionDTO = new RevisionDTO();
        revisionDTO.setClientId(clientIdParameter.getClientId());
        UsersEntity usersEntity = new UsersEntity();
        usersEntity.setRevision(revisionDTO);
        usersEntity.setUsers(users);
        usersEntity.setGenerated(new Date());
        return generateOkResponse(usersEntity).build();
    }

    @Path("/{id}")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @GET
    @Consumes({"*/*"})
    @ApiOperation(value = "Gets a user", response = UserEntity.class, authorizations = {@Authorization(value = "Administrator", type = "ROLE_ADMIN")})
    @Produces({"application/json", "application/xml"})
    public Response getUser(@ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam("clientId") @DefaultValue("") ClientIdParameter clientIdParameter, @PathParam("id") @ApiParam(value = "The user id.", required = true) String str) {
        UserDTO user = this.serviceFacade.getUser(str);
        RevisionDTO revisionDTO = new RevisionDTO();
        revisionDTO.setClientId(clientIdParameter.getClientId());
        UserEntity userEntity = new UserEntity();
        userEntity.setRevision(revisionDTO);
        userEntity.setUser(user);
        return generateOkResponse(userEntity).build();
    }

    @Path("/search-results")
    @PreAuthorize("hasAnyRole('ROLE_DFM', 'ROLE_ADMIN')")
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @GET
    @Consumes({"*/*"})
    @ApiOperation(value = "Searches for users", response = UserSearchResultsEntity.class, authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), @Authorization(value = "Administrator", type = "ROLE_ADMIN")})
    @Produces({"application/json", "application/xml"})
    public Response searchUsers(@ApiParam(value = "The search terms.", required = true) @QueryParam("q") @DefaultValue("") String str) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Collection<UserDTO> users = this.serviceFacade.getUsers(Boolean.FALSE);
        HashSet hashSet = new HashSet();
        for (UserDTO userDTO : users) {
            if (StringUtils.isBlank(str)) {
                if (userDTO.getUserGroup() != null && !hashSet.contains(userDTO.getUserGroup())) {
                    hashSet.add(userDTO.getUserGroup());
                    UserGroupSearchResultDTO userGroupSearchResultDTO = new UserGroupSearchResultDTO();
                    userGroupSearchResultDTO.setGroup(userDTO.getUserGroup());
                    arrayList2.add(userGroupSearchResultDTO);
                }
                UserSearchResultDTO userSearchResultDTO = new UserSearchResultDTO();
                userSearchResultDTO.setUserDn(userDTO.getDn());
                userSearchResultDTO.setUserName(userDTO.getUserName());
                arrayList.add(userSearchResultDTO);
            } else {
                if (StringUtils.containsIgnoreCase(userDTO.getDn(), str) || StringUtils.containsIgnoreCase(userDTO.getUserName(), str)) {
                    UserSearchResultDTO userSearchResultDTO2 = new UserSearchResultDTO();
                    userSearchResultDTO2.setUserDn(userDTO.getDn());
                    userSearchResultDTO2.setUserName(userDTO.getUserName());
                    arrayList.add(userSearchResultDTO2);
                }
                if (StringUtils.containsIgnoreCase(userDTO.getUserGroup(), str) && !hashSet.contains(userDTO.getUserGroup())) {
                    hashSet.add(userDTO.getUserGroup());
                    UserGroupSearchResultDTO userGroupSearchResultDTO2 = new UserGroupSearchResultDTO();
                    userGroupSearchResultDTO2.setGroup(userDTO.getUserGroup());
                    arrayList2.add(userGroupSearchResultDTO2);
                }
            }
        }
        Collections.sort(arrayList, new Comparator<UserSearchResultDTO>() { // from class: org.apache.nifi.web.api.UserResource.1
            @Override // java.util.Comparator
            public int compare(UserSearchResultDTO userSearchResultDTO3, UserSearchResultDTO userSearchResultDTO4) {
                return userSearchResultDTO3.getUserName().compareTo(userSearchResultDTO4.getUserName());
            }
        });
        Collections.sort(arrayList2, new Comparator<UserGroupSearchResultDTO>() { // from class: org.apache.nifi.web.api.UserResource.2
            @Override // java.util.Comparator
            public int compare(UserGroupSearchResultDTO userGroupSearchResultDTO3, UserGroupSearchResultDTO userGroupSearchResultDTO4) {
                return userGroupSearchResultDTO3.getGroup().compareTo(userGroupSearchResultDTO4.getGroup());
            }
        });
        UserSearchResultsEntity userSearchResultsEntity = new UserSearchResultsEntity();
        userSearchResultsEntity.setUserResults(arrayList);
        userSearchResultsEntity.setUserGroupResults(arrayList2);
        return noCache(Response.ok(userSearchResultsEntity)).build();
    }

    @Path("/{id}")
    @Consumes({"application/x-www-form-urlencoded"})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @Produces({"application/json", "application/xml"})
    @PUT
    public Response updateUser(@Context HttpServletRequest httpServletRequest, @FormParam("clientId") @DefaultValue("") ClientIdParameter clientIdParameter, @PathParam("id") String str, @FormParam("authorities[]") Set<String> set, @FormParam("status") String str2, MultivaluedMap<String, String> multivaluedMap) {
        UserDTO userDTO = new UserDTO();
        userDTO.setId(str);
        userDTO.setStatus(str2);
        HashSet hashSet = new HashSet();
        for (String str3 : set) {
            if (StringUtils.isNotBlank(str3)) {
                hashSet.add(str3);
            }
        }
        if (!hashSet.isEmpty() || multivaluedMap.containsKey("authorities")) {
            userDTO.setAuthorities(hashSet);
        }
        RevisionDTO revisionDTO = new RevisionDTO();
        revisionDTO.setClientId(clientIdParameter.getClientId());
        UserEntity userEntity = new UserEntity();
        userEntity.setRevision(revisionDTO);
        userEntity.setUser(userDTO);
        return updateUser(httpServletRequest, str, userEntity);
    }

    @Path("/{id}")
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Consumes({"application/json", "application/xml"})
    @ApiOperation(value = "Updates a user", response = UserEntity.class, authorizations = {@Authorization(value = "Administrator", type = "ROLE_ADMIN")})
    @Produces({"application/json", "application/xml"})
    @PUT
    public Response updateUser(@Context HttpServletRequest httpServletRequest, @PathParam("id") @ApiParam(value = "The user id.", required = true) String str, @ApiParam(value = "The user configuration details.", required = true) UserEntity userEntity) {
        if (userEntity == null || userEntity.getUser() == null) {
            throw new IllegalArgumentException("User details must be specified.");
        }
        UserDTO user = userEntity.getUser();
        if (!str.equals(user.getId())) {
            throw new IllegalArgumentException(String.format("The user id (%s) in the request body does not equal the user id of the requested resource (%s).", user.getId(), str));
        }
        RevisionDTO revisionDTO = new RevisionDTO();
        if (userEntity.getRevision() == null) {
            revisionDTO.setClientId(new ClientIdParameter().getClientId());
        } else {
            revisionDTO.setClientId(userEntity.getRevision().getClientId());
        }
        if (this.properties.isClusterManager()) {
            Map<String, String> hashMap = new HashMap<>();
            hashMap.put("content-type", "application/json");
            Map<String, String> headers = getHeaders(hashMap);
            headers.put("X-ClusterInvalidateUser", Boolean.TRUE.toString());
            RevisionDTO revisionDTO2 = new RevisionDTO();
            revisionDTO.setClientId(revisionDTO.getClientId());
            new UserDTO().setId(user.getId());
            UserEntity userEntity2 = new UserEntity();
            userEntity2.setRevision(revisionDTO2);
            userEntity2.setUser(user);
            NodeResponse applyRequest = this.clusterManager.applyRequest("PUT", getAbsolutePath(), userEntity2, headers);
            if (!applyRequest.is2xx()) {
                return applyRequest.getResponse();
            }
        }
        if (httpServletRequest.getHeader("X-NcmExpects") != null) {
            return generateContinueResponse().build();
        }
        if (httpServletRequest.getHeader("X-ClusterInvalidateUser") != null) {
            this.serviceFacade.invalidateUser(str);
            return generateOkResponse().build();
        }
        UserDTO updateUser = this.serviceFacade.updateUser(user);
        UserEntity userEntity3 = new UserEntity();
        userEntity3.setRevision(revisionDTO);
        userEntity3.setUser(updateUser);
        return generateOkResponse(userEntity3).build();
    }

    @Path("/{id}")
    @DELETE
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")})
    @Consumes({"*/*"})
    @ApiOperation(value = "Deletes a user", response = UserEntity.class, authorizations = {@Authorization(value = "Administrator", type = "ROLE_ADMIN")})
    @Produces({"application/json", "application/xml"})
    public Response deleteUser(@Context HttpServletRequest httpServletRequest, @PathParam("id") @ApiParam(value = "The user id.", required = true) String str, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam("clientId") @DefaultValue("") ClientIdParameter clientIdParameter) {
        if (this.properties.isClusterManager()) {
            Map<String, String> headers = getHeaders();
            headers.put("X-ClusterInvalidateUser", Boolean.TRUE.toString());
            NodeResponse applyRequest = this.clusterManager.applyRequest("DELETE", getAbsolutePath(), getRequestParameters(true), headers);
            if (!applyRequest.is2xx()) {
                return applyRequest.getResponse();
            }
        }
        if (httpServletRequest.getHeader("X-NcmExpects") != null) {
            return generateContinueResponse().build();
        }
        if (httpServletRequest.getHeader("X-ClusterInvalidateUser") != null) {
            this.serviceFacade.invalidateUser(str);
            return generateOkResponse().build();
        }
        this.serviceFacade.deleteUser(str);
        RevisionDTO revisionDTO = new RevisionDTO();
        revisionDTO.setClientId(clientIdParameter.getClientId());
        UserEntity userEntity = new UserEntity();
        userEntity.setRevision(revisionDTO);
        return generateOkResponse(userEntity).build();
    }

    public void setServiceFacade(NiFiServiceFacade niFiServiceFacade) {
        this.serviceFacade = niFiServiceFacade;
    }

    public void setProperties(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    public void setClusterManager(WebClusterManager webClusterManager) {
        this.clusterManager = webClusterManager;
    }
}
