package org.apache.syncope.core.rest.controller;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javassist.NotFoundException;
import javax.servlet.http.HttpServletResponse;
import org.apache.syncope.client.mod.RoleMod;
import org.apache.syncope.client.to.RoleTO;
import org.apache.syncope.client.validation.SyncopeClientCompositeErrorException;
import org.apache.syncope.core.audit.AuditManager;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.rest.data.RoleDataBinder;
import org.apache.syncope.core.util.EntitlementUtil;
import org.apache.syncope.types.AuditElements;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"/role"})
@Controller
/* loaded from: input_file:org/apache/syncope/core/rest/controller/RoleController.class */
public class RoleController extends AbstractController {

    @Autowired
    private AuditManager auditManager;

    @Autowired
    private RoleDAO roleDAO;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private RoleDataBinder roleDataBinder;

    @RequestMapping(method = {RequestMethod.POST}, value = {"/create"})
    @PreAuthorize("hasRole('ROLE_CREATE')")
    public RoleTO create(HttpServletResponse httpServletResponse, @RequestBody RoleTO roleTO) throws SyncopeClientCompositeErrorException, UnauthorizedRoleException {
        LOG.debug("Role create called with parameters {}", roleTO);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleTO.getParent() != 0 && !roleIds.contains(Long.valueOf(roleTO.getParent()))) {
            throw new UnauthorizedRoleException(Long.valueOf(roleTO.getParent()));
        }
        SyncopeRole save = this.roleDAO.save(this.roleDataBinder.create(roleTO));
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.create, AuditElements.Result.success, "Successfully created role: " + save.getId());
        httpServletResponse.setStatus(201);
        return this.roleDataBinder.getRoleTO(save);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/delete/{roleId}"})
    @PreAuthorize("hasRole('ROLE_DELETE')")
    public RoleTO delete(@PathVariable("roleId") Long l) throws NotFoundException, UnauthorizedRoleException {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        RoleTO roleTO = this.roleDataBinder.getRoleTO(find);
        if (!EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()).contains(find.getId())) {
            throw new UnauthorizedRoleException(find.getId());
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.delete, AuditElements.Result.success, "Successfully deleted role: " + find.getId());
        this.roleDAO.delete(l);
        return roleTO;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/list"})
    @Transactional(readOnly = true)
    public List<RoleTO> list() {
        List<SyncopeRole> findAll = this.roleDAO.findAll();
        ArrayList arrayList = new ArrayList();
        Iterator<SyncopeRole> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(this.roleDataBinder.getRoleTO(it.next()));
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.list, AuditElements.Result.success, "Successfully listed all roles: " + arrayList.size());
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/parent/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO parent(@PathVariable("roleId") Long l) throws NotFoundException, UnauthorizedRoleException {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (find.getParent() != null && !roleIds.contains(find.getParent().getId())) {
            throw new UnauthorizedRoleException(find.getParent().getId());
        }
        RoleTO roleTO = find.getParent() == null ? null : this.roleDataBinder.getRoleTO(find.getParent());
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.parent, AuditElements.Result.success, roleTO == null ? "Role " + find.getId() + " is a root role" : "Found parent for role " + find.getId() + ": " + roleTO.getId());
        return roleTO;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/children/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> children(@PathVariable("roleId") Long l) {
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        List<SyncopeRole> findChildren = this.roleDAO.findChildren(l);
        ArrayList arrayList = new ArrayList(findChildren.size());
        for (SyncopeRole syncopeRole : findChildren) {
            if (roleIds.contains(syncopeRole.getId())) {
                arrayList.add(this.roleDataBinder.getRoleTO(syncopeRole));
            }
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.children, AuditElements.Result.success, "Found " + arrayList.size() + " children of role " + l);
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/read/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO read(@PathVariable("roleId") Long l) throws NotFoundException, UnauthorizedRoleException {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        if (!EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()).contains(find.getId())) {
            throw new UnauthorizedRoleException(find.getId());
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.read, AuditElements.Result.success, "Successfully read role: " + find.getId());
        return this.roleDataBinder.getRoleTO(find);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/selfRead/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated()")
    public RoleTO selfRead(@PathVariable("roleId") Long l) throws NotFoundException, UnauthorizedRoleException {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        SyncopeUser find2 = this.userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName());
        if (find2 == null) {
            throw new NotFoundException("Authenticated user " + SecurityContextHolder.getContext().getAuthentication().getName());
        }
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        roleIds.addAll(find2.getRoleIds());
        if (!roleIds.contains(find.getId())) {
            throw new UnauthorizedRoleException(find.getId());
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.selfRead, AuditElements.Result.success, "Successfully read own role: " + find.getId());
        return this.roleDataBinder.getRoleTO(find);
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/update"})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO update(@RequestBody RoleMod roleMod) throws NotFoundException, UnauthorizedRoleException {
        LOG.debug("Role update called with parameter {}", roleMod);
        SyncopeRole find = this.roleDAO.find(Long.valueOf(roleMod.getId()));
        if (find == null) {
            throw new NotFoundException("Role " + String.valueOf(roleMod.getId()));
        }
        if (!EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()).contains(find.getId())) {
            throw new UnauthorizedRoleException(find.getId());
        }
        this.roleDataBinder.update(find, roleMod);
        SyncopeRole save = this.roleDAO.save(find);
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.update, AuditElements.Result.success, "Successfully updated role: " + save.getId());
        return this.roleDataBinder.getRoleTO(save);
    }
}
