package info.novatec.micronaut.camunda.bpm.feature;

import info.novatec.micronaut.camunda.bpm.feature.Configuration;
import io.micronaut.context.annotation.Requires;
import io.micronaut.context.event.ApplicationEventListener;
import io.micronaut.core.util.StringUtils;
import io.micronaut.runtime.server.event.ServerStartupEvent;
import io.micronaut.transaction.SynchronousTransactionManager;
import jakarta.inject.Singleton;
import java.sql.Connection;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requires(property = "camunda.admin-user.id")
/* loaded from: input_file:info/novatec/micronaut/camunda/bpm/feature/AdminUserCreator.class */
public class AdminUserCreator implements ApplicationEventListener<ServerStartupEvent> {
    private static final Logger log = LoggerFactory.getLogger(AdminUserCreator.class);
    protected final IdentityService identityService;
    protected final AuthorizationService authorizationService;
    protected final Configuration.AdminUser adminUser;
    protected final SynchronousTransactionManager<Connection> transactionManager;

    public AdminUserCreator(IdentityService identityService, AuthorizationService authorizationService, Configuration configuration, SynchronousTransactionManager<Connection> synchronousTransactionManager) {
        this.identityService = identityService;
        this.authorizationService = authorizationService;
        this.adminUser = configuration.getAdminUser();
        this.transactionManager = synchronousTransactionManager;
    }

    public void onApplicationEvent(ServerStartupEvent serverStartupEvent) {
        this.transactionManager.executeWrite(transactionStatus -> {
            if (userAlreadyExists(this.adminUser.getId())) {
                return null;
            }
            createUser();
            if (!adminGroupAlreadyExists()) {
                createAdminGroup();
            }
            createAdminGroupAuthorizations();
            this.identityService.createMembership(this.adminUser.getId(), "camunda-admin");
            log.info("Created initial Admin User: {}", this.adminUser.getId());
            return null;
        });
    }

    protected boolean userAlreadyExists(String str) {
        return this.identityService.createUserQuery().userId(str).singleResult() != null;
    }

    protected boolean adminGroupAlreadyExists() {
        return this.identityService.createGroupQuery().groupId("camunda-admin").count() > 0;
    }

    protected void createUser() {
        User newUser = this.identityService.newUser(this.adminUser.getId());
        newUser.setPassword(this.adminUser.getPassword());
        newUser.setFirstName(this.adminUser.getFirstname().orElse(StringUtils.capitalize(this.adminUser.getId())));
        newUser.setLastName(this.adminUser.getLastname().orElse(StringUtils.capitalize(this.adminUser.getId())));
        newUser.setEmail(this.adminUser.getEmail().orElse(this.adminUser.getId() + "@localhost"));
        this.identityService.saveUser(newUser);
    }

    protected void createAdminGroup() {
        Group newGroup = this.identityService.newGroup("camunda-admin");
        newGroup.setName("Camunda Administrators");
        newGroup.setType("SYSTEM");
        this.identityService.saveGroup(newGroup);
    }

    protected void createAdminGroupAuthorizations() {
        for (Resource resource : Resources.values()) {
            if (this.authorizationService.createAuthorizationQuery().groupIdIn(new String[]{"camunda-admin"}).resourceType(resource).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId("camunda-admin");
                authorizationEntity.setResource(resource);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                this.authorizationService.saveAuthorization(authorizationEntity);
            }
        }
    }
}
