package info.novatec.micronaut.camunda.bpm.feature.initialization;

import info.novatec.micronaut.camunda.bpm.feature.Configuration;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.util.StringUtils;
import io.micronaut.transaction.SynchronousTransactionManager;
import jakarta.inject.Singleton;
import java.sql.Connection;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requires(property = "camunda.admin-user.id")
/* loaded from: input_file:info/novatec/micronaut/camunda/bpm/feature/initialization/AdminUserCreator.class */
public class AdminUserCreator implements ParallelInitializationWithProcessEngine {
    private static final Logger log = LoggerFactory.getLogger(AdminUserCreator.class);
    protected final Configuration.AdminUser adminUser;
    protected final SynchronousTransactionManager<Connection> transactionManager;

    public AdminUserCreator(Configuration configuration, SynchronousTransactionManager<Connection> synchronousTransactionManager) {
        this.adminUser = configuration.getAdminUser();
        this.transactionManager = synchronousTransactionManager;
    }

    @Override // info.novatec.micronaut.camunda.bpm.feature.initialization.ParallelInitializationWithProcessEngine
    public void execute(ProcessEngine processEngine) {
        IdentityService identityService = processEngine.getIdentityService();
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        this.transactionManager.executeWrite(transactionStatus -> {
            if (userAlreadyExists(identityService, this.adminUser.getId())) {
                return null;
            }
            createUser(identityService);
            if (!adminGroupAlreadyExists(identityService)) {
                createAdminGroup(identityService);
            }
            createAdminGroupAuthorizations(authorizationService);
            identityService.createMembership(this.adminUser.getId(), "camunda-admin");
            log.info("Created initial Admin User: {}", this.adminUser.getId());
            return null;
        });
    }

    protected boolean userAlreadyExists(IdentityService identityService, String str) {
        return identityService.createUserQuery().userId(str).singleResult() != null;
    }

    protected boolean adminGroupAlreadyExists(IdentityService identityService) {
        return identityService.createGroupQuery().groupId("camunda-admin").count() > 0;
    }

    protected void createUser(IdentityService identityService) {
        User newUser = identityService.newUser(this.adminUser.getId());
        newUser.setPassword(this.adminUser.getPassword());
        newUser.setFirstName(this.adminUser.getFirstname().orElse(StringUtils.capitalize(this.adminUser.getId())));
        newUser.setLastName(this.adminUser.getLastname().orElse(StringUtils.capitalize(this.adminUser.getId())));
        newUser.setEmail(this.adminUser.getEmail().orElse(this.adminUser.getId() + "@localhost"));
        identityService.saveUser(newUser);
    }

    protected void createAdminGroup(IdentityService identityService) {
        Group newGroup = identityService.newGroup("camunda-admin");
        newGroup.setName("Camunda Administrators");
        newGroup.setType("SYSTEM");
        identityService.saveGroup(newGroup);
    }

    protected void createAdminGroupAuthorizations(AuthorizationService authorizationService) {
        for (Resource resource : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(new String[]{"camunda-admin"}).resourceType(resource).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId("camunda-admin");
                authorizationEntity.setResource(resource);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                authorizationService.saveAuthorization(authorizationEntity);
            }
        }
    }
}
