package org.molgenis.api.files.v1;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.net.URI;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import javax.servlet.http.HttpServletRequest;
import org.molgenis.api.ApiController;
import org.molgenis.api.files.FilesApiNamespace;
import org.molgenis.api.files.FilesService;
import org.molgenis.data.file.model.FileMeta;
import org.molgenis.data.security.EntityTypeIdentity;
import org.molgenis.data.security.EntityTypePermission;
import org.molgenis.data.security.exception.EntityTypePermissionDeniedException;
import org.molgenis.security.core.UserPermissionEvaluator;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

@Api("Files")
@RequestMapping({FilesApiNamespace.API_FILES_PATH})
@RestController
/* loaded from: input_file:org/molgenis/api/files/v1/FilesController.class */
class FilesController extends ApiController {
    private final FilesService filesService;
    private final UserPermissionEvaluator userPermissionEvaluator;

    FilesController(FilesService filesService, UserPermissionEvaluator userPermissionEvaluator) {
        super(FilesApiNamespace.API_FILES_ID, 1);
        this.filesService = (FilesService) Objects.requireNonNull(filesService);
        this.userPermissionEvaluator = (UserPermissionEvaluator) Objects.requireNonNull(userPermissionEvaluator);
    }

    @PostMapping
    @ApiOperation("Upload file (see documentation)")
    @ResponseStatus(HttpStatus.CREATED)
    public CompletableFuture<ResponseEntity<FileResponse>> createFile(HttpServletRequest httpServletRequest) {
        validateCreatePermission();
        return this.filesService.upload(httpServletRequest).thenApply(fileMeta -> {
            return toFileResponseEntity(fileMeta, httpServletRequest);
        });
    }

    @PostMapping(consumes = {"application/x-www-form-urlencoded", "multipart/form-data"})
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    public CompletableFuture<ResponseEntity<FileResponse>> createFileFromForm(HttpServletRequest httpServletRequest) {
        throw new UnsupportedOperationException("Media type '" + httpServletRequest.getContentType() + "' not supported");
    }

    @GetMapping({"/{fileId}"})
    @ApiOperation("Retrieve file metadata (see documentation)")
    public FileResponse readFile(@PathVariable("fileId") String str) {
        validateReadPermission();
        return toFileResponse(this.filesService.getFileMeta(str));
    }

    @GetMapping(value = {"/{fileId}"}, params = {"alt=media"})
    @ApiOperation("Download file (see documentation)")
    public ResponseEntity<StreamingResponseBody> downloadFile(@PathVariable("fileId") String str) {
        validateReadPermission();
        return this.filesService.download(str);
    }

    @DeleteMapping({"/{fileId}"})
    @ApiOperation("Delete file (see documentation)")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void deleteFile(@PathVariable("fileId") String str) {
        validateDeletePermission();
        this.filesService.delete(str);
    }

    private ResponseEntity<FileResponse> toFileResponseEntity(FileMeta fileMeta, HttpServletRequest httpServletRequest) {
        FileResponse fileResponse = toFileResponse(fileMeta);
        URI uri = ServletUriComponentsBuilder.fromRequestUri(httpServletRequest).pathSegment(new String[]{fileMeta.getId()}).queryParam("alt", new Object[]{"media"}).build().toUri();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setLocation(uri);
        return new ResponseEntity<>(fileResponse, httpHeaders, HttpStatus.CREATED);
    }

    private FileResponse toFileResponse(FileMeta fileMeta) {
        return FileResponse.builder().setId(fileMeta.getId()).setFilename(fileMeta.getFilename()).setContentType(fileMeta.getContentType()).setSize(fileMeta.getSize()).build();
    }

    private void validateCreatePermission() {
        validatePermission(EntityTypePermission.ADD_DATA);
    }

    private void validateReadPermission() {
        validatePermission(EntityTypePermission.READ_DATA);
    }

    private void validateDeletePermission() {
        validatePermission(EntityTypePermission.DELETE_DATA);
    }

    private void validatePermission(EntityTypePermission entityTypePermission) {
        if (!this.userPermissionEvaluator.hasPermission(new EntityTypeIdentity("sys_FileMeta"), entityTypePermission)) {
            throw new EntityTypePermissionDeniedException(entityTypePermission, "sys_FileMeta");
        }
    }
}
