package org.apache.nifi.registry.web.api;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.nifi.registry.authorization.AccessPolicy;
import org.apache.nifi.registry.authorization.AccessPolicySummary;
import org.apache.nifi.registry.authorization.Resource;
import org.apache.nifi.registry.event.EventService;
import org.apache.nifi.registry.revision.web.ClientIdParameter;
import org.apache.nifi.registry.revision.web.LongParameter;
import org.apache.nifi.registry.security.authorization.RequestAction;
import org.apache.nifi.registry.web.service.ServiceFacade;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.stereotype.Component;

@Api(value = "policies", description = "Endpoint for managing access policies.", authorizations = {@Authorization("Authorization")})
@Path("/policies")
@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/registry/web/api/AccessPolicyResource.class */
public class AccessPolicyResource extends ApplicationResource {
    @Autowired
    public AccessPolicyResource(ServiceFacade serviceFacade, EventService eventService) {
        super(serviceFacade, eventService);
    }

    @ApiResponses({@ApiResponse(code = 400, message = "NiFi Registry was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid. The NiFi Registry might not be configured to use a ConfigurableAccessPolicyProvider.")})
    @Consumes({"application/json"})
    @ApiOperation(value = "Create access policy", response = AccessPolicy.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @POST
    @Produces({"application/json"})
    public Response createAccessPolicy(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The access policy configuration details.", required = true) AccessPolicy accessPolicy) {
        AccessPolicy createAccessPolicy = this.serviceFacade.createAccessPolicy(accessPolicy);
        return generateCreatedResponse(URI.create(generateAccessPolicyUri(createAccessPolicy)), createAccessPolicy).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid.")})
    @Consumes({"*/*"})
    @ApiOperation(value = "Get all access policies", response = AccessPolicy.class, responseContainer = "List", extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "read"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @Produces({"application/json"})
    public Response getAccessPolicies() {
        List<AccessPolicy> accessPolicies = this.serviceFacade.getAccessPolicies();
        if (accessPolicies == null) {
            accessPolicies = Collections.emptyList();
        }
        return generateOkResponse(accessPolicies).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid.")})
    @Path("{id}")
    @Consumes({"*/*"})
    @ApiOperation(value = "Get access policy", response = AccessPolicy.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "read"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @Produces({"application/json"})
    public Response getAccessPolicy(@PathParam("id") @ApiParam(value = "The access policy id.", required = true) String str) {
        return generateOkResponse(this.serviceFacade.getAccessPolicy(str)).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 400, message = "NiFi Registry was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid.")})
    @Path("{action}/{resource: .+}")
    @Consumes({"*/*"})
    @ApiOperation(value = "Get access policy for resource", notes = "Gets an access policy for the specified action and resource", response = AccessPolicy.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "read"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @Produces({"application/json"})
    public Response getAccessPolicyForResource(@PathParam("action") @ApiParam(value = "The request action.", allowableValues = "read, write, delete", required = true) String str, @PathParam("resource") @ApiParam(value = "The resource of the policy.", required = true) String str2) {
        return generateOkResponse(this.serviceFacade.getAccessPolicy("/" + str2, RequestAction.valueOfValue(str))).build();
    }

    @ApiResponses({@ApiResponse(code = 400, message = "NiFi Registry was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid. The NiFi Registry might not be configured to use a ConfigurableAccessPolicyProvider.")})
    @Path("{id}")
    @Consumes({"application/json"})
    @ApiOperation(value = "Update access policy", response = AccessPolicy.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @Produces({"application/json"})
    @PUT
    public Response updateAccessPolicy(@Context HttpServletRequest httpServletRequest, @PathParam("id") @ApiParam(value = "The access policy id.", required = true) String str, @ApiParam(value = "The access policy configuration details.", required = true) AccessPolicy accessPolicy) {
        if (accessPolicy == null) {
            throw new IllegalArgumentException("Access policy details must be specified when updating a policy.");
        }
        if (str.equals(accessPolicy.getIdentifier())) {
            return generateOkResponse(this.serviceFacade.updateAccessPolicy(accessPolicy)).build();
        }
        throw new IllegalArgumentException(String.format("The policy id in the request body (%s) does not equal the policy id of the requested resource (%s).", accessPolicy.getIdentifier(), str));
    }

    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "NiFi Registry was unable to complete the request because it assumes a server state that is not valid. The NiFi Registry might not be configured to use a ConfigurableAccessPolicyProvider.")})
    @Path("{id}")
    @Consumes({"*/*"})
    @DELETE
    @ApiOperation(value = "Delete access policy", response = AccessPolicy.class, extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "delete"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @Produces({"application/json"})
    public Response removeAccessPolicy(@Context HttpServletRequest httpServletRequest, @QueryParam("version") @ApiParam(value = "The version is used to verify the client is working with the latest version of the entity.", required = true) LongParameter longParameter, @QueryParam("clientId") @ApiParam("If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.") @DefaultValue("") ClientIdParameter clientIdParameter, @PathParam("id") @ApiParam(value = "The access policy id.", required = true) String str) {
        return generateOkResponse(this.serviceFacade.deleteAccessPolicy(str, getRevisionInfo(longParameter, clientIdParameter))).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request.")})
    @Path("/resources")
    @Consumes({"*/*"})
    @ApiOperation(value = "Get available resources", notes = "Gets the available resources that support access/authorization policies", response = Resource.class, responseContainer = "List", extensions = {@Extension(name = "access-policy", properties = {@ExtensionProperty(name = "action", value = "read"), @ExtensionProperty(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, value = "/policies")})})
    @Produces({"application/json"})
    public Response getResources() {
        return generateOkResponse(this.serviceFacade.getResources()).build();
    }

    private String generateAccessPolicyUri(AccessPolicySummary accessPolicySummary) {
        return generateResourceUri("policies", accessPolicySummary.getIdentifier());
    }
}
