package org.apache.nifi.registry.web.api;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpStatus;
import org.apache.nifi.registry.bucket.Bucket;
import org.apache.nifi.registry.event.EventFactory;
import org.apache.nifi.registry.event.EventService;
import org.apache.nifi.registry.field.Fields;
import org.apache.nifi.registry.security.authorization.RequestAction;
import org.apache.nifi.registry.security.authorization.exception.AccessDeniedException;
import org.apache.nifi.registry.service.AuthorizationService;
import org.apache.nifi.registry.service.RegistryService;
import org.apache.nifi.registry.web.link.LinkService;
import org.apache.nifi.registry.web.security.PermissionsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.stereotype.Component;

@Api(value = "buckets", description = "Create named buckets in the registry to store NiFi objects such flows and extensions. Search for and retrieve existing buckets.", authorizations = {@Authorization("Authorization")})
@Path("/buckets")
@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/registry/web/api/BucketResource.class */
public class BucketResource extends AuthorizableApplicationResource {
    private static final Logger logger = LoggerFactory.getLogger(BucketResource.class);

    @Context
    UriInfo uriInfo;
    private final LinkService linkService;
    private final RegistryService registryService;
    private final PermissionsService permissionsService;

    @Autowired
    public BucketResource(RegistryService registryService, LinkService linkService, PermissionsService permissionsService, AuthorizationService authorizationService, EventService eventService) {
        super(authorizationService, eventService);
        this.registryService = registryService;
        this.linkService = linkService;
        this.permissionsService = permissionsService;
    }

    @ApiResponses({@ApiResponse(code = 400, message = "NiFi Registry was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request.")})
    @Consumes({"application/json"})
    @ApiOperation(value = "Create bucket", response = Bucket.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/buckets")})})
    @POST
    @Produces({"application/json"})
    public Response createBucket(@ApiParam(value = "The bucket to create", required = true) Bucket bucket) {
        authorizeAccess(RequestAction.WRITE);
        Bucket createBucket = this.registryService.createBucket(bucket);
        publish(EventFactory.bucketCreated(createBucket));
        this.permissionsService.populateBucketPermissions(createBucket);
        this.linkService.populateLinks((LinkService) createBucket);
        return Response.status(Response.Status.OK).entity(createBucket).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated.")})
    @Consumes({"*/*"})
    @ApiOperation(value = "Get all buckets", notes = "The returned list will include only buckets for which the user is authorized.If the user is not authorized for any buckets, this returns an empty list.", response = Bucket.class, responseContainer = "List")
    @Produces({"application/json"})
    public Response getBuckets() {
        Set<String> authorizedBucketIds = getAuthorizedBucketIds(RequestAction.READ);
        if (authorizedBucketIds == null || authorizedBucketIds.isEmpty()) {
            return Response.status(Response.Status.OK).entity(new ArrayList()).build();
        }
        List<Bucket> buckets = this.registryService.getBuckets(authorizedBucketIds);
        this.permissionsService.populateBucketPermissions(buckets);
        this.linkService.populateLinks(buckets);
        return Response.status(Response.Status.OK).entity(buckets).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found.")})
    @Path("{bucketId}")
    @Consumes({"*/*"})
    @ApiOperation(value = "Get bucket", notes = "Gets the bucket with the given id.", response = Bucket.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "read"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/buckets/{bucketId}")})})
    @Produces({"application/json"})
    public Response getBucket(@PathParam("bucketId") @ApiParam("The bucket identifier") String str) {
        authorizeBucketAccess(RequestAction.READ, str);
        Bucket bucket = this.registryService.getBucket(str);
        this.permissionsService.populateBucketPermissions(bucket);
        this.linkService.populateLinks((LinkService) bucket);
        return Response.status(Response.Status.OK).entity(bucket).build();
    }

    @ApiResponses({@ApiResponse(code = 400, message = "NiFi Registry was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = HttpStatus.SC_CONFLICT, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid.")})
    @Path("{bucketId}")
    @Consumes({"application/json"})
    @ApiOperation(value = "Update bucket", notes = "Updates the bucket with the given id.", response = Bucket.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/buckets/{bucketId}")})})
    @Produces({"application/json"})
    @PUT
    public Response updateBucket(@PathParam("bucketId") @ApiParam("The bucket identifier") String str, @ApiParam(value = "The updated bucket", required = true) Bucket bucket) {
        if (StringUtils.isBlank(str)) {
            throw new BadRequestException("Bucket id cannot be blank");
        }
        if (bucket == null) {
            throw new BadRequestException("Bucket cannot be null");
        }
        if (bucket.getIdentifier() != null && !str.equals(bucket.getIdentifier())) {
            throw new BadRequestException("Bucket id in path param must match bucket id in body");
        }
        bucket.setIdentifier(str);
        authorizeBucketAccess(RequestAction.WRITE, str);
        Bucket updateBucket = this.registryService.updateBucket(bucket);
        publish(EventFactory.bucketUpdated(updateBucket));
        this.permissionsService.populateBucketPermissions(updateBucket);
        this.linkService.populateLinks((LinkService) updateBucket);
        return Response.status(Response.Status.OK).entity(updateBucket).build();
    }

    @ApiResponses({@ApiResponse(code = 400, message = "NiFi Registry was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found.")})
    @Path("{bucketId}")
    @Consumes({"*/*"})
    @DELETE
    @ApiOperation(value = "Delete bucket", notes = "Deletes the bucket with the given id, along with all objects stored in the bucket", response = Bucket.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "delete"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/buckets/{bucketId}")})})
    @Produces({"application/json"})
    public Response deleteBucket(@PathParam("bucketId") @ApiParam("The bucket identifier") String str) {
        if (StringUtils.isBlank(str)) {
            throw new BadRequestException("Bucket id cannot be blank");
        }
        authorizeBucketAccess(RequestAction.DELETE, str);
        Bucket deleteBucket = this.registryService.deleteBucket(str);
        publish(EventFactory.bucketDeleted(deleteBucket));
        return Response.status(Response.Status.OK).entity(deleteBucket).build();
    }

    @GET
    @Path("fields")
    @Consumes({"*/*"})
    @ApiOperation(value = "Get bucket fields", notes = "Retrieves bucket field names for searching or sorting on buckets.", response = Fields.class)
    @Produces({"application/json"})
    public Response getAvailableBucketFields() {
        return Response.status(Response.Status.OK).entity(new Fields(this.registryService.getBucketFields())).build();
    }

    private void authorizeAccess(RequestAction requestAction) throws AccessDeniedException {
        this.authorizationService.authorize(this.authorizableLookup.getBucketsAuthorizable(), requestAction);
    }
}
