package org.apache.syncope.core.rest.controller;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
import org.apache.syncope.common.mod.RoleMod;
import org.apache.syncope.common.search.NodeCond;
import org.apache.syncope.common.services.InvalidSearchConditionException;
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.types.AttributableType;
import org.apache.syncope.common.types.AuditElements;
import org.apache.syncope.core.audit.AuditManager;
import org.apache.syncope.core.connid.ConnObjectUtil;
import org.apache.syncope.core.persistence.beans.PropagationTask;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.AttributableSearchDAO;
import org.apache.syncope.core.persistence.dao.NotFoundException;
import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.propagation.PropagationTaskExecutor;
import org.apache.syncope.core.propagation.impl.DefaultPropagationHandler;
import org.apache.syncope.core.propagation.impl.PropagationManager;
import org.apache.syncope.core.rest.data.RoleDataBinder;
import org.apache.syncope.core.util.AttributableUtil;
import org.apache.syncope.core.util.EntitlementUtil;
import org.apache.syncope.core.workflow.WorkflowResult;
import org.apache.syncope.core.workflow.role.RoleWorkflowAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/role"})
@Controller
/* loaded from: input_file:org/apache/syncope/core/rest/controller/RoleController.class */
public class RoleController {
    protected static final Logger LOG = LoggerFactory.getLogger(RoleController.class);

    @Autowired
    private AuditManager auditManager;

    @Autowired
    private RoleDAO roleDAO;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private AttributableSearchDAO searchDAO;

    @Autowired
    private RoleDataBinder binder;

    @Autowired
    private RoleWorkflowAdapter rwfAdapter;

    @Autowired
    private PropagationManager propagationManager;

    @Autowired
    private PropagationTaskExecutor taskExecutor;

    @Autowired
    private ConnObjectUtil connObjectUtil;

    @RequestMapping(method = {RequestMethod.GET}, value = {"/read/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO read(@PathVariable("roleId") Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        if (!EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()).contains(roleFromId.getId())) {
            throw new UnauthorizedRoleException(roleFromId.getId());
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.read, AuditElements.Result.success, "Successfully read role: " + roleFromId.getId());
        return this.binder.getRoleTO(roleFromId);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/selfRead/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated()")
    public RoleTO selfRead(@PathVariable("roleId") Long l) {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        SyncopeUser find2 = this.userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName());
        Set<Long> emptySet = find2 == null ? Collections.emptySet() : find2.getRoleIds();
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        roleIds.addAll(emptySet);
        if (!roleIds.contains(find.getId())) {
            throw new UnauthorizedRoleException(find.getId());
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.selfRead, AuditElements.Result.success, "Successfully read own role: " + find.getId());
        return this.binder.getRoleTO(find);
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/parent/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO parent(@PathVariable("roleId") Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleFromId.getParent() != null && !roleIds.contains(roleFromId.getParent().getId())) {
            throw new UnauthorizedRoleException(roleFromId.getParent().getId());
        }
        RoleTO roleTO = roleFromId.getParent() == null ? null : this.binder.getRoleTO(roleFromId.getParent());
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.parent, AuditElements.Result.success, roleTO == null ? "Role " + roleFromId.getId() + " is a root role" : "Found parent for role " + roleFromId.getId() + ": " + roleTO.getId());
        return roleTO;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/children/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> children(@PathVariable("roleId") Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        List<SyncopeRole> findChildren = this.roleDAO.findChildren(roleFromId);
        ArrayList arrayList = new ArrayList(findChildren.size());
        for (SyncopeRole syncopeRole : findChildren) {
            if (roleIds.contains(syncopeRole.getId())) {
                arrayList.add(this.binder.getRoleTO(syncopeRole));
            }
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.children, AuditElements.Result.success, "Found " + arrayList.size() + " children of role " + l);
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search"})
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> search(@RequestBody NodeCond nodeCond) throws InvalidSearchConditionException {
        return search(nodeCond, -1, -1);
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search/{page}/{size}"})
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> search(@RequestBody NodeCond nodeCond, @PathVariable("page") int i, @PathVariable("size") int i2) throws InvalidSearchConditionException {
        LOG.debug("Role search called with condition {}", nodeCond);
        if (!nodeCond.isValid()) {
            LOG.error("Invalid search condition: {}", nodeCond);
            throw new InvalidSearchConditionException();
        }
        List search = this.searchDAO.search(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond, i, i2, AttributableUtil.getInstance(AttributableType.ROLE));
        ArrayList arrayList = new ArrayList(search.size());
        Iterator it = search.iterator();
        while (it.hasNext()) {
            arrayList.add(this.binder.getRoleTO((SyncopeRole) it.next()));
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.read, AuditElements.Result.success, "Successfully searched for roles (page=" + i + ", size=" + i2 + "): " + arrayList.size());
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search/count"})
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_READ')")
    public ModelAndView searchCount(@RequestBody NodeCond nodeCond) throws InvalidSearchConditionException {
        if (nodeCond.isValid()) {
            return new ModelAndView().addObject(Integer.valueOf(this.searchDAO.count(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond, AttributableUtil.getInstance(AttributableType.ROLE))));
        }
        LOG.error("Invalid search condition: {}", nodeCond);
        throw new InvalidSearchConditionException();
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/list"})
    @Transactional(readOnly = true)
    public List<RoleTO> list() {
        List<SyncopeRole> findAll = this.roleDAO.findAll();
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<SyncopeRole> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(this.binder.getRoleTO(it.next()));
        }
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.list, AuditElements.Result.success, "Successfully listed all roles: " + arrayList.size());
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/create"})
    @PreAuthorize("hasRole('ROLE_CREATE')")
    public RoleTO create(HttpServletResponse httpServletResponse, @RequestBody RoleTO roleTO) {
        LOG.debug("Role create called with parameters {}", roleTO);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleTO.getParent() != 0 && !roleIds.contains(Long.valueOf(roleTO.getParent()))) {
            throw new UnauthorizedRoleException(Long.valueOf(roleTO.getParent()));
        }
        WorkflowResult<Long> create = this.rwfAdapter.create(roleTO);
        EntitlementUtil.extendAuthContext(create.getResult());
        List<PropagationTask> roleCreateTaskIds = this.propagationManager.getRoleCreateTaskIds(create, roleTO.getVirtualAttributes());
        ArrayList arrayList = new ArrayList();
        this.taskExecutor.execute(roleCreateTaskIds, new DefaultPropagationHandler(this.connObjectUtil, arrayList));
        RoleTO roleTO2 = this.binder.getRoleTO(create.getResult());
        roleTO2.setPropagationStatusTOs(arrayList);
        LOG.debug("About to return created role\n{}", roleTO2);
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.create, AuditElements.Result.success, "Successfully created role: " + roleTO2.getId());
        httpServletResponse.setStatus(201);
        return roleTO2;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/update"})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO update(@RequestBody RoleMod roleMod) {
        LOG.debug("Role update called with {}", roleMod);
        SyncopeRole roleFromId = this.binder.getRoleFromId(Long.valueOf(roleMod.getId()));
        WorkflowResult<Long> update = this.rwfAdapter.update(roleMod);
        List<PropagationTask> roleUpdateTaskIds = this.propagationManager.getRoleUpdateTaskIds(update, roleMod.getVirtualAttributesToBeRemoved(), roleMod.getVirtualAttributesToBeUpdated());
        ArrayList arrayList = new ArrayList();
        this.taskExecutor.execute(roleUpdateTaskIds, new DefaultPropagationHandler(this.connObjectUtil, arrayList));
        RoleTO roleTO = this.binder.getRoleTO(update.getResult());
        roleTO.setPropagationStatusTOs(arrayList);
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.update, AuditElements.Result.success, "Successfully updated role: " + roleFromId.getId());
        LOG.debug("About to return updated role\n{}", roleTO);
        return roleTO;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/delete/{roleId}"})
    @PreAuthorize("hasRole('ROLE_DELETE')")
    public RoleTO delete(@PathVariable("roleId") Long l) {
        LOG.debug("Role delete called for {}", l);
        ArrayList arrayList = new ArrayList();
        Iterator<WorkflowResult<Long>> it = this.binder.getUsersOnResourcesOnlyBecauseOfRole(l).iterator();
        while (it.hasNext()) {
            arrayList.addAll(this.propagationManager.getUserDeleteTaskIds(it.next()));
        }
        arrayList.addAll(this.propagationManager.getRoleDeleteTaskIds(l));
        RoleTO roleTO = new RoleTO();
        roleTO.setId(l.longValue());
        ArrayList arrayList2 = new ArrayList();
        this.taskExecutor.execute(arrayList, new DefaultPropagationHandler(this.connObjectUtil, arrayList2));
        roleTO.setPropagationStatusTOs(arrayList2);
        this.rwfAdapter.delete(l);
        this.auditManager.audit(AuditElements.Category.role, AuditElements.RoleSubCategory.delete, AuditElements.Result.success, "Successfully deleted role: " + l);
        LOG.debug("Role successfully deleted: {}", l);
        return roleTO;
    }
}
