package org.molgenis.security.group;

import com.google.common.collect.Lists;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.molgenis.data.security.GroupIdentity;
import org.molgenis.data.security.auth.Group;
import org.molgenis.data.security.auth.GroupPermission;
import org.molgenis.data.security.auth.GroupPermissionService;
import org.molgenis.data.security.auth.GroupService;
import org.molgenis.data.security.auth.RoleService;
import org.molgenis.data.security.exception.GroupNameNotAvailableException;
import org.molgenis.data.security.exception.GroupPermissionDeniedException;
import org.molgenis.data.security.permission.RoleMembershipService;
import org.molgenis.data.security.user.UserService;
import org.molgenis.security.core.GroupValueFactory;
import org.molgenis.security.core.Permission;
import org.molgenis.security.core.UserPermissionEvaluator;
import org.molgenis.security.core.model.GroupValue;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

@Api("Group")
@RestController
@Validated
/* loaded from: input_file:org/molgenis/security/group/GroupRestController.class */
public class GroupRestController {
    public static final String USER = "/user";
    private static final String SECURITY_API_PATH = "/api/plugin/security";
    static final String GROUP_END_POINT = "/api/plugin/security/group";
    private static final String GROUP_MEMBER_END_POINT = "/api/plugin/security/group/{groupName}/member";
    private static final String GROUP_PERMISSION_END_POINT = "/api/plugin/security/group/{groupName}/permission";
    static final String TEMP_USER_END_POINT = "/api/plugin/security/user";
    private final GroupValueFactory groupValueFactory;
    private final GroupService groupService;
    private final RoleMembershipService roleMembershipService;
    private final RoleService roleService;
    private final UserService userService;
    private final UserPermissionEvaluator userPermissionEvaluator;
    private final GroupPermissionService groupPermissionService;

    GroupRestController(GroupValueFactory groupValueFactory, GroupService groupService, RoleMembershipService roleMembershipService, RoleService roleService, UserService userService, UserPermissionEvaluator userPermissionEvaluator, GroupPermissionService groupPermissionService) {
        this.groupValueFactory = (GroupValueFactory) Objects.requireNonNull(groupValueFactory);
        this.groupService = (GroupService) Objects.requireNonNull(groupService);
        this.roleMembershipService = (RoleMembershipService) Objects.requireNonNull(roleMembershipService);
        this.roleService = (RoleService) Objects.requireNonNull(roleService);
        this.userService = (UserService) Objects.requireNonNull(userService);
        this.userPermissionEvaluator = (UserPermissionEvaluator) Objects.requireNonNull(userPermissionEvaluator);
        this.groupPermissionService = (GroupPermissionService) Objects.requireNonNull(groupPermissionService);
    }

    @PostMapping({GROUP_END_POINT})
    @ApiResponses({@ApiResponse(code = 201, message = "New group created", response = ResponseEntity.class), @ApiResponse(code = 400, message = "Group name not available", response = ResponseEntity.class)})
    @ApiOperation(value = "Create a new group", response = ResponseEntity.class)
    @Transactional
    public ResponseEntity createGroup(@RequestBody GroupCommand groupCommand) {
        GroupValue createGroup = this.groupValueFactory.createGroup(groupCommand.getName(), groupCommand.getLabel(), GroupService.DEFAULT_ROLES);
        if (!this.groupService.isGroupNameAvailable(createGroup)) {
            throw new GroupNameNotAvailableException(groupCommand.getName());
        }
        this.groupService.persist(createGroup);
        this.groupPermissionService.grantDefaultPermissions(createGroup);
        this.roleMembershipService.addUserToRole(SecurityUtils.getCurrentUsername(), getManagerRoleName(createGroup));
        return ResponseEntity.created(ServletUriComponentsBuilder.fromCurrentRequest().path("/{name}").buildAndExpand(new Object[]{createGroup.getName()}).toUri()).build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Group deleted", response = ResponseEntity.class)})
    @ApiOperation(value = "Delete a group", response = ResponseEntity.class)
    @DeleteMapping({"/api/plugin/security/group/{groupName}"})
    @Transactional
    public ResponseEntity deleteGroup(@PathVariable("groupName") String str) {
        this.groupService.deleteGroup(str);
        return ResponseEntity.noContent().build();
    }

    @ApiResponses({@ApiResponse(code = 200, message = "List of groupResponse object available to user", response = List.class)})
    @ApiOperation(value = "Get list with groups", response = ResponseEntity.class)
    @GetMapping({GROUP_END_POINT})
    @ResponseBody
    public List<GroupResponse> getGroups() {
        return (List) this.groupService.getGroups().stream().filter(group -> {
            return this.userPermissionEvaluator.hasPermission(new GroupIdentity(group), GroupPermission.VIEW);
        }).map(GroupResponse::fromEntity).collect(Collectors.toList());
    }

    @GetMapping({GROUP_MEMBER_END_POINT})
    @ApiOperation(value = "Get group members", response = Collection.class)
    @ResponseBody
    public Collection<GroupMemberResponse> getMembers(@PathVariable("groupName") String str) {
        checkGroupPermission(str, GroupPermission.VIEW_MEMBERSHIP);
        return (Collection) this.roleMembershipService.getMemberships(Lists.newArrayList(this.groupService.getGroup(str).getRoles())).stream().map(GroupMemberResponse::fromEntity).collect(Collectors.toList());
    }

    @PostMapping({GROUP_MEMBER_END_POINT})
    @ApiResponses({@ApiResponse(code = 201, message = "Member added to group", response = ResponseEntity.class)})
    @ApiOperation(value = "Add member to group", response = ResponseEntity.class)
    @Transactional
    public ResponseEntity addMember(@PathVariable("groupName") String str, @RequestBody AddGroupMemberCommand addGroupMemberCommand) {
        checkGroupPermission(str, GroupPermission.ADD_MEMBERSHIP);
        Group group = this.groupService.getGroup(str);
        String username = addGroupMemberCommand.getUsername();
        this.groupService.addMember(group, this.userService.getUser(username), this.roleService.getRole(addGroupMemberCommand.getRoleName()));
        return ResponseEntity.created(ServletUriComponentsBuilder.fromCurrentRequest().path("/{group}/member/{member}").buildAndExpand(new Object[]{str, username}).toUri()).build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Member removed from group", response = ResponseEntity.class)})
    @ApiOperation(value = "Remove member from group", response = ResponseEntity.class)
    @DeleteMapping({"/api/plugin/security/group/{groupName}/member/{memberName}"})
    @Transactional
    public ResponseEntity removeMember(@PathVariable("groupName") String str, @PathVariable("memberName") String str2) {
        checkGroupPermission(str, GroupPermission.REMOVE_MEMBERSHIP);
        this.groupService.removeMember(this.groupService.getGroup(str), this.userService.getUser(str2));
        return ResponseEntity.noContent().build();
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Updated membership role", response = ResponseEntity.class)})
    @PutMapping({"/api/plugin/security/group/{groupName}/member/{memberName}"})
    @ApiOperation(value = "Change membership role", response = ResponseEntity.class)
    @ResponseStatus(HttpStatus.OK)
    @Transactional
    public void updateMember(@PathVariable("groupName") String str, @PathVariable("memberName") String str2, @RequestBody UpdateGroupMemberCommand updateGroupMemberCommand) {
        checkGroupPermission(str, GroupPermission.UPDATE_MEMBERSHIP);
        this.groupService.updateMemberRole(this.groupService.getGroup(str), this.userService.getUser(str2), this.roleService.getRole(updateGroupMemberCommand.getRoleName()));
    }

    @GetMapping({"/api/plugin/security/group/{groupName}/role"})
    @ApiOperation(value = "Get group roles", response = Collection.class)
    @ResponseBody
    public Collection<RoleResponse> getGroupRoles(@PathVariable("groupName") String str) {
        checkGroupPermission(str, GroupPermission.VIEW);
        Iterable roles = this.groupService.getGroup(str).getRoles();
        ArrayList arrayList = new ArrayList();
        arrayList.getClass();
        roles.forEach((v1) -> {
            r1.add(v1);
        });
        return (Collection) arrayList.stream().map(RoleResponse::fromEntity).collect(Collectors.toList());
    }

    @ApiOperation(value = "Get all users", response = Collection.class)
    @PreAuthorize("hasAnyRole('SU', 'MANAGER')")
    @GetMapping({TEMP_USER_END_POINT})
    @ResponseBody
    public Collection<UserResponse> getUsers() {
        return (Collection) this.userService.getUsers().stream().filter(user -> {
            return !user.getUsername().equals("anonymous");
        }).map(UserResponse::fromEntity).collect(Collectors.toList());
    }

    @ApiResponses({@ApiResponse(code = 200, message = "List of permissions for current user on group", response = Collection.class)})
    @ApiOperation(value = "Get group permissions", response = Collection.class)
    @GetMapping({GROUP_PERMISSION_END_POINT})
    @ResponseBody
    public Collection<Permission> getPermissions(@PathVariable("groupName") String str) {
        return this.userPermissionEvaluator.getPermissions(new GroupIdentity(str), GroupPermission.values());
    }

    private String getManagerRoleName(GroupValue groupValue) {
        return (String) groupValue.getRoles().stream().filter(roleValue -> {
            return roleValue.getLabel().equals("Manager");
        }).map((v0) -> {
            return v0.getName();
        }).findFirst().orElseThrow(() -> {
            return new IllegalStateException("Manager role is missing");
        });
    }

    private void checkGroupPermission(@PathVariable("groupName") String str, GroupPermission groupPermission) {
        if (!this.userPermissionEvaluator.hasPermission(new GroupIdentity(str), groupPermission)) {
            throw new GroupPermissionDeniedException(groupPermission, str);
        }
    }
}
