package io.camunda.operate.webapp.rest;

import io.camunda.operate.util.rest.ValidLongId;
import io.camunda.operate.webapp.InternalAPIErrorController;
import io.camunda.operate.webapp.api.v1.rest.DecisionInstanceController;
import io.camunda.operate.webapp.reader.DecisionReader;
import io.camunda.operate.webapp.rest.dto.DecisionRequestDto;
import io.camunda.operate.webapp.rest.dto.dmn.DecisionGroupDto;
import io.camunda.operate.webapp.rest.exception.NotAuthorizedException;
import io.camunda.operate.webapp.security.identity.IdentityPermission;
import io.camunda.operate.webapp.security.permission.PermissionsService;
import io.camunda.operate.webapp.writer.BatchOperationWriter;
import io.camunda.webapps.schema.entities.operate.dmn.definition.DecisionDefinitionEntity;
import io.camunda.webapps.schema.entities.operation.BatchOperationEntity;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({DecisionRestService.DECISION_URL})
@Tag(name = "Decisions")
@RestController
/* loaded from: input_file:io/camunda/operate/webapp/rest/DecisionRestService.class */
public class DecisionRestService extends InternalAPIErrorController {
    public static final String DECISION_URL = "/api/decisions";

    @Autowired
    private DecisionReader decisionReader;

    @Autowired
    private PermissionsService permissionsService;

    @Autowired
    private BatchOperationWriter batchOperationWriter;

    @GetMapping(path = {"/{id}/xml"})
    @Operation(summary = "Get decision DMN XML")
    public String getDecisionDiagram(@ValidLongId @PathVariable("id") String str) {
        Long valueOf = Long.valueOf(str);
        checkIdentityReadPermission(valueOf);
        return this.decisionReader.getDiagram(valueOf);
    }

    @GetMapping(path = {"/grouped"})
    @Operation(summary = "List decisions grouped by decisionId")
    @Deprecated
    public List<DecisionGroupDto> getDecisionsGrouped() {
        return DecisionGroupDto.createFrom(this.decisionReader.getDecisionsGrouped(new DecisionRequestDto()), this.permissionsService);
    }

    @PostMapping(path = {"/grouped"})
    @Operation(summary = "List decisions grouped by decisionId")
    public List<DecisionGroupDto> getDecisionsGrouped(@RequestBody DecisionRequestDto decisionRequestDto) {
        return DecisionGroupDto.createFrom(this.decisionReader.getDecisionsGrouped(decisionRequestDto), this.permissionsService);
    }

    @DeleteMapping(path = {DecisionInstanceController.BY_ID})
    @Operation(summary = "Delete decision definition and dependant resources")
    @PreAuthorize("hasPermission('write')")
    public BatchOperationEntity deleteDecisionDefinition(@ValidLongId @PathVariable("id") String str) {
        DecisionDefinitionEntity decision = this.decisionReader.getDecision(Long.valueOf(str));
        checkIdentityDeletePermission(decision.getDecisionId());
        return this.batchOperationWriter.scheduleDeleteDecisionDefinition(decision);
    }

    private void checkIdentityReadPermission(Long l) {
        if (this.permissionsService.permissionsEnabled()) {
            String decisionId = this.decisionReader.getDecision(l).getDecisionId();
            if (!this.permissionsService.hasPermissionForDecision(decisionId, IdentityPermission.READ)) {
                throw new NotAuthorizedException(String.format("No read permission for decision %s", decisionId));
            }
        }
    }

    private void checkIdentityDeletePermission(String str) {
        if (this.permissionsService.permissionsEnabled() && !this.permissionsService.hasPermissionForDecision(str, IdentityPermission.DELETE)) {
            throw new NotAuthorizedException(String.format("No delete permission for decision %s", str));
        }
    }
}
