package org.apache.syncope.core.rest.controller;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javassist.NotFoundException;
import javax.persistence.RollbackException;
import org.apache.syncope.client.mod.UserMod;
import org.apache.syncope.client.to.UserRequestTO;
import org.apache.syncope.client.to.UserTO;
import org.apache.syncope.core.audit.AuditManager;
import org.apache.syncope.core.persistence.beans.UserRequest;
import org.apache.syncope.core.persistence.dao.ConfDAO;
import org.apache.syncope.core.persistence.dao.UserRequestDAO;
import org.apache.syncope.core.rest.data.UserRequestDataBinder;
import org.apache.syncope.types.AuditElements;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/user/request"})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/rest/controller/UserRequestController.class */
public class UserRequestController {
    private static final Logger LOG = LoggerFactory.getLogger(UserRequestController.class);

    @Autowired
    private AuditManager auditManager;

    @Autowired
    private ConfDAO confDAO;

    @Autowired
    private UserRequestDAO userRequestDAO;

    @Autowired
    private UserRequestDataBinder dataBinder;

    private Boolean isCreateAllowedByConf() {
        return Boolean.valueOf(this.confDAO.find("createRequest.allowed", "false").getValue());
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/create/allowed"})
    @Transactional(readOnly = true)
    public ModelAndView isCreateAllowed() {
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.isCreateAllowed, AuditElements.Result.success, "Successfully checked whether self create is allowed");
        return new ModelAndView().addObject(isCreateAllowedByConf());
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/create"})
    public UserRequestTO create(@RequestBody UserTO userTO) throws UnauthorizedRoleException {
        if (!isCreateAllowedByConf().booleanValue()) {
            LOG.error("Create requests are not allowed");
            throw new UnauthorizedRoleException((Long) (-1L));
        }
        LOG.debug("Request user create called with {}", userTO);
        try {
            this.dataBinder.testCreate(userTO);
        } catch (RollbackException e) {
            LOG.debug("Testing create - ignore exception");
        }
        UserRequest userRequest = new UserRequest();
        userRequest.setUserTO(userTO);
        UserRequest save = this.userRequestDAO.save(userRequest);
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.create, AuditElements.Result.success, "Successfully created user request for " + save.getUserTO().getUsername());
        return this.dataBinder.getUserRequestTO(save);
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/update"})
    @PreAuthorize("isAuthenticated()")
    public UserRequestTO update(@RequestBody UserMod userMod) throws NotFoundException, UnauthorizedRoleException {
        LOG.debug("Request user update called with {}", userMod);
        try {
            this.dataBinder.testUpdate(userMod);
        } catch (RollbackException e) {
            LOG.debug("Testing update - ignore exception");
        }
        UserRequest userRequest = new UserRequest();
        userRequest.setUserMod(userMod);
        UserRequest save = this.userRequestDAO.save(userRequest);
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.update, AuditElements.Result.success, "Successfully updated user request for " + save.getUserMod().getUsername());
        return this.dataBinder.getUserRequestTO(save);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/delete/{userId}"})
    @PreAuthorize("isAuthenticated()")
    public UserRequestTO delete(@PathVariable("userId") Long l) throws NotFoundException, UnauthorizedRoleException {
        LOG.debug("Request user delete called with {}", l);
        try {
            this.dataBinder.testDelete(l);
        } catch (RollbackException e) {
            LOG.debug("Testing delete - ignore exception");
        }
        UserRequest userRequest = new UserRequest();
        userRequest.setUserId(l);
        UserRequest save = this.userRequestDAO.save(userRequest);
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.delete, AuditElements.Result.success, "Successfully deleted user request for user" + l);
        return this.dataBinder.getUserRequestTO(save);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/list"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_REQUEST_LIST')")
    public List<UserRequestTO> list() {
        ArrayList arrayList = new ArrayList();
        Iterator<UserRequest> it = this.userRequestDAO.findAll().iterator();
        while (it.hasNext()) {
            arrayList.add(this.dataBinder.getUserRequestTO(it.next()));
        }
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.list, AuditElements.Result.success, "Successfully listed all user requests: " + arrayList.size());
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/read/{requestId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('USER_REQUEST_READ')")
    public UserRequestTO read(@PathVariable("requestId") Long l) throws NotFoundException {
        UserRequest find = this.userRequestDAO.find(l);
        if (find == null) {
            throw new NotFoundException("User request " + l);
        }
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.read, AuditElements.Result.success, "Successfully read user request for " + find.getUserTO().getUsername());
        return this.dataBinder.getUserRequestTO(find);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/deleteRequest/{requestId}"})
    @PreAuthorize("hasRole('USER_REQUEST_DELETE')")
    public UserRequestTO deleteRequest(@PathVariable("requestId") Long l) throws NotFoundException {
        UserRequest find = this.userRequestDAO.find(l);
        if (find == null) {
            throw new NotFoundException("User request " + l);
        }
        UserRequestTO userRequestTO = this.dataBinder.getUserRequestTO(find);
        this.auditManager.audit(AuditElements.Category.userRequest, AuditElements.UserRequestSubCategory.delete, AuditElements.Result.success, "Successfully deleted user request for user" + find.getUserId());
        this.userRequestDAO.delete(l);
        return userRequestTO;
    }
}
