package io.datarouter.web.user.authenticate;

import io.datarouter.storage.config.DatarouterAdministratorEmailService;
import io.datarouter.storage.config.DatarouterProperties;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.app.WebappName;
import io.datarouter.web.config.DatarouterWebFiles;
import io.datarouter.web.config.DatarouterWebPaths;
import io.datarouter.web.email.DatarouterEmailService;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.GlobalRedirectMav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.handler.types.optional.OptionalLong;
import io.datarouter.web.handler.types.optional.OptionalString;
import io.datarouter.web.user.DatarouterPermissionRequestDao;
import io.datarouter.web.user.DatarouterUserDao;
import io.datarouter.web.user.DatarouterUserEditService;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.databean.DatarouterPermissionRequest;
import io.datarouter.web.user.databean.DatarouterUser;
import io.datarouter.web.user.detail.DatarouterUserExternalDetailService;
import io.datarouter.web.user.role.DatarouterUserRole;
import io.datarouter.web.user.session.CurrentUserSessionInfo;
import io.datarouter.web.user.session.service.DatarouterUserInfo;
import java.util.Comparator;
import java.util.Date;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/web/user/authenticate/DatarouterPermissionRequestHandler.class */
public class DatarouterPermissionRequestHandler extends BaseHandler {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterPermissionRequestHandler.class);
    private static final String P_REASON = "reason";

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterPermissionRequestDao datarouterPermissionRequestDao;

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private CurrentUserSessionInfo currentUserSessionInfo;

    @Inject
    private WebappName webappName;

    @Inject
    private DatarouterEmailService datarouterEmailService;

    @Inject
    private DatarouterProperties datarouterProperties;

    @Inject
    private DatarouterWebFiles webFiles;

    @Inject
    private DatarouterWebPaths paths;

    @Inject
    private DatarouterUserEditService userEditService;

    @Inject
    private DatarouterUserInfo datarouterUserInfo;

    @Inject
    private DatarouterAdministratorEmailService administratorEmailService;

    @Inject
    private DatarouterUserExternalDetailService userExternalDetailService;

    @Inject
    private PermissionRequestAdditionalEmails permissionRequestAdditionalEmails;

    @BaseHandler.Handler(defaultHandler = true)
    protected Mav showForm(OptionalString optionalString) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return noDatarouterAuthenticationMav();
        }
        Mav mav = new Mav(this.webFiles.jsp.authentication.permissionRequestJsp);
        mav.put("appName", this.webappName.getName());
        mav.put("permissionRequestPath", this.authenticationConfig.getPermissionRequestPath());
        String str = "I tried to go to this URL: ";
        "I tried to go to this URL: ".getClass();
        mav.put("defaultSpecifics", optionalString.map(str::concat));
        mav.put("currentRequest", (DatarouterPermissionRequest) this.datarouterPermissionRequestDao.streamOpenPermissionRequestsForUser(getCurrentUser().getId()).max(Comparator.comparing(datarouterPermissionRequest -> {
            return datarouterPermissionRequest.getKey().getRequestTime();
        })).orElse(null));
        mav.put("email", this.administratorEmailService.getAdministratorEmailAddressesCsv(this.permissionRequestAdditionalEmails.get()));
        mav.put("submitPath", this.paths.permissionRequest.submit.toSlashedStringWithoutLeadingSlash());
        mav.put("declinePath", this.paths.permissionRequest.declineAll.toSlashedStringWithoutLeadingSlash());
        return mav;
    }

    @BaseHandler.Handler
    protected Mav submit(OptionalString optionalString) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return noDatarouterAuthenticationMav();
        }
        String required = this.params.required(P_REASON);
        if (StringTool.isEmpty(required)) {
            throw new IllegalArgumentException("Reason is required.");
        }
        String orElse = optionalString.orElse("");
        DatarouterUser currentUser = getCurrentUser();
        this.datarouterPermissionRequestDao.createPermissionRequest(new DatarouterPermissionRequest(currentUser.getId(), new Date(), "reason: " + required + ", specifics: " + orElse, null, null));
        sendEmail(currentUser, required, orElse);
        return currentUser.getRoles().size() > 1 ? new InContextRedirectMav(this.request, this.authenticationConfig.getHomePath()) : showForm(new OptionalString(null));
    }

    @BaseHandler.Handler
    protected Mav declineAll(OptionalLong optionalLong, OptionalString optionalString) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return noDatarouterAuthenticationMav();
        }
        DatarouterUser currentUser = getCurrentUser();
        if (!optionalLong.orElse(currentUser.getId()).equals(currentUser.getId()) && !currentUser.getRoles().contains(DatarouterUserRole.DATAROUTER_ADMIN.getRole())) {
            return new MessageMav("You do not have permission to decline this request.");
        }
        this.datarouterPermissionRequestDao.declineAll(optionalLong.orElse(currentUser.getId()));
        DatarouterUser datarouterUser = currentUser;
        if (!optionalLong.orElse(currentUser.getId()).equals(getCurrentUser().getId())) {
            datarouterUser = this.datarouterUserInfo.getUserById(optionalLong.get()).get();
        }
        this.datarouterEmailService.trySendEmail(datarouterUser.getUsername(), this.userEditService.getUserEditEmailRecipients(datarouterUser), this.userEditService.getPermissionRequestEmailSubject(datarouterUser, this.webappName.getName()), "Permission requests declined for user " + datarouterUser.getUsername() + " by user " + currentUser.getUsername());
        return optionalString.isEmpty() ? currentUser.getRoles().size() > 1 ? new InContextRedirectMav(this.request, this.authenticationConfig.getHomePath()) : showForm(new OptionalString(null)) : new GlobalRedirectMav(optionalString.get());
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserDao.getAndValidateCurrentUser(this.params.getSession());
    }

    private void sendEmail(DatarouterUser datarouterUser, String str, String str2) {
        String str3 = String.valueOf(String.valueOf(StringTool.getStringBeforeLastOccurrence(this.request.getRequestURI(), this.request.getRequestURL().toString())) + this.request.getContextPath()) + this.authenticationConfig.getEditUserPath() + "?userId=" + datarouterUser.getId();
        String username = datarouterUser.getUsername();
        String userEditEmailRecipients = this.userEditService.getUserEditEmailRecipients(datarouterUser);
        String permissionRequestEmailSubject = this.userEditService.getPermissionRequestEmailSubject(datarouterUser, this.webappName.getName());
        StringBuilder append = new StringBuilder().append("User ").append(username).append(" requests elevated permissions.");
        this.userExternalDetailService.getUserProfileUrl(datarouterUser).ifPresent(str4 -> {
            append.append("\nUser Profile: ").append(str4);
        });
        append.append("\nReason: ").append(str);
        if (StringTool.notEmpty(str2)) {
            append.append("\nSpecific: ").append(str2);
        }
        append.append("\nEdit here: ").append(str3);
        this.datarouterEmailService.trySendEmail(username, userEditEmailRecipients, permissionRequestEmailSubject, append.toString());
    }

    private Mav noDatarouterAuthenticationMav() {
        logger.warn("{} went to non-DR permission request page.", this.currentUserSessionInfo.getRequiredSession(this.request).getUsername());
        return new MessageMav("This is only available when using datarouter authentication. Please email " + this.datarouterProperties.getAdministratorEmail() + " for assistance.");
    }
}
