package org.syncope.core.rest.controller;

import com.opensymphony.workflow.Workflow;
import com.opensymphony.workflow.WorkflowException;
import com.opensymphony.workflow.spi.Step;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javassist.NotFoundException;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import jpasymphony.dao.JPAWorkflowEntryDAO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.syncope.client.mod.UserMod;
import org.syncope.client.search.NodeCond;
import org.syncope.client.to.UserTO;
import org.syncope.client.to.WorkflowActionsTO;
import org.syncope.client.validation.SyncopeClientCompositeErrorException;
import org.syncope.client.validation.SyncopeClientException;
import org.syncope.core.persistence.beans.TargetResource;
import org.syncope.core.persistence.beans.role.SyncopeRole;
import org.syncope.core.persistence.beans.user.SyncopeUser;
import org.syncope.core.persistence.dao.UserDAO;
import org.syncope.core.persistence.dao.UserSearchDAO;
import org.syncope.core.persistence.propagation.PropagationException;
import org.syncope.core.persistence.propagation.PropagationManager;
import org.syncope.core.persistence.propagation.ResourceOperations;
import org.syncope.core.rest.data.UserDataBinder;
import org.syncope.core.util.EntitlementUtil;
import org.syncope.core.workflow.Constants;
import org.syncope.core.workflow.WFUtils;
import org.syncope.types.SyncopeClientExceptionType;

@RequestMapping({"/user"})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/syncope/core/rest/controller/UserController.class */
public class UserController extends AbstractController {

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private UserSearchDAO userSearchDAO;

    @Autowired
    private JPAWorkflowEntryDAO workflowEntryDAO;

    @Autowired
    private UserDataBinder userDataBinder;

    @Resource(name = Constants.USER_WORKFLOW)
    private Workflow workflow;

    @Autowired
    private PropagationManager propagationManager;

    private SyncopeUser getUserFromId(Long l) throws NotFoundException, UnauthorizedRoleException {
        SyncopeUser find = this.userDAO.find(l);
        if (find == null) {
            throw new NotFoundException("User " + l);
        }
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        HashSet hashSet = new HashSet();
        for (SyncopeRole syncopeRole : find.getRoles()) {
            if (!roleIds.contains(syncopeRole.getId())) {
                hashSet.add(syncopeRole.getId());
            }
        }
        if (hashSet.isEmpty()) {
            return find;
        }
        throw new UnauthorizedRoleException(hashSet);
    }

    private UserTO executeAction(UserTO userTO, String str, Map<String, Object> map) throws WorkflowException, NotFoundException, UnauthorizedRoleException {
        SyncopeUser userFromId = getUserFromId(Long.valueOf(userTO.getId()));
        HashMap hashMap = new HashMap();
        if (map != null && !map.isEmpty()) {
            hashMap.putAll(map);
        }
        hashMap.put(Constants.SYNCOPE_USER, userFromId);
        WFUtils.doExecuteAction(this.workflow, Constants.USER_WORKFLOW, str, userFromId.getWorkflowId(), hashMap);
        return this.userDataBinder.getUserTO(this.userDAO.save(userFromId), this.workflow);
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/activate"})
    @PreAuthorize("hasRole('USER_UPDATE')")
    public UserTO activate(@RequestBody UserTO userTO) throws WorkflowException, NotFoundException, UnauthorizedRoleException {
        return executeAction(userTO, Constants.ACTION_ACTIVATE, Collections.singletonMap(Constants.TOKEN, userTO.getToken()));
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/generateToken/{userId}"})
    @PreAuthorize("hasRole('USER_UPDATE')")
    public UserTO generateToken(@PathVariable("userId") Long l) throws WorkflowException, NotFoundException, UnauthorizedRoleException {
        UserTO userTO = new UserTO();
        userTO.setId(l.longValue());
        return executeAction(userTO, Constants.ACTION_GENERATE_TOKEN, null);
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/verifyToken"})
    @PreAuthorize("hasRole('USER_UPDATE')")
    public UserTO verifyToken(@RequestBody UserTO userTO) throws WorkflowException, NotFoundException, UnauthorizedRoleException {
        return executeAction(userTO, Constants.ACTION_VERIFY_TOKEN, Collections.singletonMap(Constants.TOKEN, userTO.getToken()));
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/verifyPassword/{userId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public ModelAndView verifyPassword(@PathVariable("userId") Long l, @RequestParam("password") String str) throws NotFoundException, UnauthorizedRoleException {
        SyncopeUser userFromId = getUserFromId(l);
        SyncopeUser syncopeUser = new SyncopeUser();
        syncopeUser.setPassword(str);
        return new ModelAndView().addObject(Boolean.valueOf(userFromId.getPassword().equalsIgnoreCase(syncopeUser.getPassword())));
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/count"})
    @PreAuthorize("hasRole('TASK_LIST')")
    public ModelAndView count() {
        return new ModelAndView().addObject(this.userDAO.count(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames())));
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search/count"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public ModelAndView searchCount(@RequestBody NodeCond nodeCond) throws InvalidSearchConditionException {
        if (nodeCond.checkValidity()) {
            return new ModelAndView().addObject(this.userSearchDAO.count(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond));
        }
        LOG.error("Invalid search condition: {}", nodeCond);
        throw new InvalidSearchConditionException();
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/list"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_LIST')")
    public List<UserTO> list() {
        List<SyncopeUser> findAll = this.userDAO.findAll(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()));
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<SyncopeUser> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(this.userDataBinder.getUserTO(it.next(), this.workflow));
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/list/{page}/{size}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_LIST')")
    public List<UserTO> list(@PathVariable("page") int i, @PathVariable("size") int i2) {
        List<SyncopeUser> findAll = this.userDAO.findAll(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), i, i2);
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<SyncopeUser> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(this.userDataBinder.getUserTO(it.next(), this.workflow));
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/read/{userId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public UserTO read(@PathVariable("userId") Long l) throws NotFoundException, UnauthorizedRoleException {
        return this.userDataBinder.getUserTO(getUserFromId(l), this.workflow);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/actions/{userId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public WorkflowActionsTO getActions(@PathVariable("userId") Long l) throws NotFoundException, UnauthorizedRoleException {
        SyncopeUser userFromId = getUserFromId(l);
        WorkflowActionsTO workflowActionsTO = new WorkflowActionsTO();
        for (int i : this.workflow.getAvailableActions(userFromId.getWorkflowId().longValue(), Collections.EMPTY_MAP)) {
            workflowActionsTO.addAction(this.workflow.getWorkflowDescriptor(Constants.USER_WORKFLOW).getAction(i).getName());
        }
        return workflowActionsTO;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public List<UserTO> search(@RequestBody NodeCond nodeCond) throws InvalidSearchConditionException {
        LOG.debug("User search called with condition {}", nodeCond);
        if (!nodeCond.checkValidity()) {
            LOG.error("Invalid search condition: {}", nodeCond);
            throw new InvalidSearchConditionException();
        }
        List<SyncopeUser> search = this.userSearchDAO.search(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond);
        ArrayList arrayList = new ArrayList(search.size());
        Iterator<SyncopeUser> it = search.iterator();
        while (it.hasNext()) {
            arrayList.add(this.userDataBinder.getUserTO(it.next(), this.workflow));
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search/{page}/{size}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public List<UserTO> search(@RequestBody NodeCond nodeCond, @PathVariable("page") int i, @PathVariable("size") int i2) throws InvalidSearchConditionException {
        LOG.debug("User search called with condition {}", nodeCond);
        if (!nodeCond.checkValidity()) {
            LOG.error("Invalid search condition: {}", nodeCond);
            throw new InvalidSearchConditionException();
        }
        List<SyncopeUser> search = this.userSearchDAO.search(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond, i, i2);
        ArrayList arrayList = new ArrayList(search.size());
        Iterator<SyncopeUser> it = search.iterator();
        while (it.hasNext()) {
            arrayList.add(this.userDataBinder.getUserTO(it.next(), this.workflow));
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/status/{userId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_READ')")
    public ModelAndView getStatus(@PathVariable("userId") Long l) throws NotFoundException, UnauthorizedRoleException {
        List currentSteps = this.workflow.getCurrentSteps(getUserFromId(l).getWorkflowId().longValue());
        ModelAndView modelAndView = new ModelAndView();
        if (currentSteps != null && !currentSteps.isEmpty()) {
            modelAndView.addObject(((Step) currentSteps.iterator().next()).getStatus());
        }
        return modelAndView;
    }

    private Set<String> getMandatoryResourceNames(SyncopeUser syncopeUser, Set<Long> set, Set<String> set2) {
        if (set == null) {
            set = Collections.EMPTY_SET;
        }
        if (set2 == null) {
            set2 = Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        for (TargetResource targetResource : syncopeUser.getTargetResources()) {
            if (set2.contains(targetResource.getName())) {
                hashSet.add(targetResource.getName());
            }
        }
        for (SyncopeRole syncopeRole : syncopeUser.getRoles()) {
            if (set.contains(syncopeRole.getId())) {
                Iterator<TargetResource> it = syncopeRole.getTargetResources().iterator();
                while (it.hasNext()) {
                    hashSet.add(it.next().getName());
                }
            }
        }
        return hashSet;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/create"})
    @PreAuthorize("hasRole('USER_CREATE')")
    public UserTO create(HttpServletResponse httpServletResponse, @RequestBody UserTO userTO, @RequestParam(value = "mandatoryRoles", required = false) Set<Long> set, @RequestParam(value = "mandatoryResources", required = false) Set<String> set2) throws SyncopeClientCompositeErrorException, DataIntegrityViolationException, WorkflowException, PropagationException, NotFoundException, UnauthorizedRoleException {
        LOG.debug("User create called with parameters {}\n{}\n{}", new Object[]{userTO, set, set2});
        UserDataBinder.CheckInResult checkIn = this.userDataBinder.checkIn(userTO);
        LOG.debug("Check-in result: {}", checkIn);
        switch (checkIn.getAction()) {
            case OVERWRITE:
                delete(checkIn.getSyncopeUserId(), set, set2);
                break;
            case REJECT:
                SyncopeClientCompositeErrorException syncopeClientCompositeErrorException = new SyncopeClientCompositeErrorException(HttpStatus.BAD_REQUEST);
                SyncopeClientException syncopeClientException = new SyncopeClientException(SyncopeClientExceptionType.RejectedUserCreate);
                syncopeClientException.addElement(String.valueOf(checkIn.getSyncopeUserId()));
                syncopeClientCompositeErrorException.addException(syncopeClientException);
                throw syncopeClientCompositeErrorException;
        }
        SyncopeUser syncopeUser = new SyncopeUser();
        this.userDataBinder.create(syncopeUser, userTO);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        HashSet hashSet = new HashSet();
        for (SyncopeRole syncopeRole : syncopeUser.getRoles()) {
            if (!roleIds.contains(syncopeRole.getId())) {
                hashSet.add(syncopeRole.getId());
            }
        }
        if (!hashSet.isEmpty()) {
            throw new UnauthorizedRoleException(hashSet);
        }
        SyncopeUser save = this.userDAO.save(syncopeUser);
        Set<String> mandatoryResourceNames = getMandatoryResourceNames(save, set, set2);
        if (!mandatoryResourceNames.isEmpty()) {
            LOG.debug("About to propagate mandatory onto resources {}", mandatoryResourceNames);
        }
        this.propagationManager.create(save, userTO.getPassword(), mandatoryResourceNames);
        Long valueOf = Long.valueOf(this.workflow.initialize(Constants.USER_WORKFLOW, 0, null));
        save.setWorkflowId(valueOf);
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.SYNCOPE_USER, save);
        hashMap.put(Constants.USER_TO, userTO);
        int[] availableActions = this.workflow.getAvailableActions(valueOf.longValue(), null);
        LOG.debug("Available workflow actions for user {}: {}", save, availableActions);
        for (int i : availableActions) {
            LOG.debug("About to execute action {} on user {}", Integer.valueOf(i), save);
            this.workflow.doAction(valueOf.longValue(), i, hashMap);
            LOG.debug("Action {} on user {} run successfully", Integer.valueOf(i), save);
        }
        UserTO userTO2 = this.userDataBinder.getUserTO(this.userDAO.save(save), this.workflow);
        LOG.debug("About to return create user\n{}", userTO2);
        httpServletResponse.setStatus(201);
        return userTO2;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/update"})
    @PreAuthorize("hasRole('USER_UPDATE')")
    public UserTO update(@RequestBody UserMod userMod, @RequestParam(value = "mandatoryRoles", required = false) Set<Long> set, @RequestParam(value = "mandatoryResources", required = false) Set<String> set2) throws NotFoundException, PropagationException, WorkflowException, UnauthorizedRoleException {
        LOG.debug("User update called with parameters {}\n{}\n{}", new Object[]{userMod, set, set2});
        SyncopeUser userFromId = getUserFromId(Long.valueOf(userMod.getId()));
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.SYNCOPE_USER, userFromId);
        hashMap.put(Constants.USER_MOD, userMod);
        WFUtils.doExecuteAction(this.workflow, Constants.USER_WORKFLOW, "update", userFromId.getWorkflowId(), hashMap);
        ResourceOperations update = this.userDataBinder.update(userFromId, userMod);
        SyncopeUser save = this.userDAO.save(userFromId);
        Set<String> mandatoryResourceNames = getMandatoryResourceNames(save, set, set2);
        if (!mandatoryResourceNames.isEmpty()) {
            LOG.debug("About to propagate mandatory onto resources {}", mandatoryResourceNames);
        }
        this.propagationManager.update(save, userMod.getPassword(), update, mandatoryResourceNames);
        return this.userDataBinder.getUserTO(save, this.workflow);
    }

    @RequestMapping(method = {RequestMethod.DELETE}, value = {"/delete/{userId}"})
    @PreAuthorize("hasRole('USER_DELETE')")
    public void delete(@PathVariable("userId") Long l, @RequestParam(value = "mandatoryRoles", required = false) Set<Long> set, @RequestParam(value = "mandatoryResources", required = false) Set<String> set2) throws NotFoundException, WorkflowException, PropagationException, UnauthorizedRoleException {
        SyncopeUser userFromId = getUserFromId(l);
        WFUtils.doExecuteAction(this.workflow, Constants.USER_WORKFLOW, "delete", userFromId.getWorkflowId(), Collections.singletonMap(Constants.SYNCOPE_USER, userFromId));
        Set<String> mandatoryResourceNames = getMandatoryResourceNames(userFromId, set, set2);
        if (!mandatoryResourceNames.isEmpty()) {
            LOG.debug("About to propagate mandatory onto resources {}", mandatoryResourceNames);
        }
        this.propagationManager.delete(userFromId, mandatoryResourceNames);
        if (userFromId.getWorkflowId() != null) {
            this.workflowEntryDAO.delete(userFromId.getWorkflowId());
        }
        this.userDAO.delete(l);
    }
}
