package org.apache.syncope.core.rest.controller;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.common.mod.RoleMod;
import org.apache.syncope.common.search.NodeCond;
import org.apache.syncope.common.services.InvalidSearchConditionException;
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.types.AttributableType;
import org.apache.syncope.core.persistence.beans.PropagationTask;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.AttributableSearchDAO;
import org.apache.syncope.core.persistence.dao.NotFoundException;
import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.propagation.PropagationException;
import org.apache.syncope.core.propagation.PropagationReporter;
import org.apache.syncope.core.propagation.PropagationTaskExecutor;
import org.apache.syncope.core.propagation.impl.PropagationManager;
import org.apache.syncope.core.rest.data.AttributableTransformer;
import org.apache.syncope.core.rest.data.RoleDataBinder;
import org.apache.syncope.core.util.ApplicationContextProvider;
import org.apache.syncope.core.util.AttributableUtil;
import org.apache.syncope.core.util.EntitlementUtil;
import org.apache.syncope.core.workflow.WorkflowResult;
import org.apache.syncope.core.workflow.role.RoleWorkflowAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/role"})
@Controller
/* loaded from: input_file:org/apache/syncope/core/rest/controller/RoleController.class */
public class RoleController extends AbstractController<RoleTO> {

    @Autowired
    protected RoleDAO roleDAO;

    @Autowired
    protected UserDAO userDAO;

    @Autowired
    protected AttributableSearchDAO searchDAO;

    @Autowired
    protected RoleDataBinder binder;

    @Autowired
    protected RoleWorkflowAdapter rwfAdapter;

    @Autowired
    protected PropagationManager propagationManager;

    @Autowired
    protected PropagationTaskExecutor taskExecutor;

    @Autowired
    protected AttributableTransformer attrTransformer;

    @RequestMapping(method = {RequestMethod.GET}, value = {"/read/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO read(@PathVariable("roleId") Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        if (EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()).contains(roleFromId.getId())) {
            return this.binder.getRoleTO(roleFromId);
        }
        throw new UnauthorizedRoleException(roleFromId.getId());
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/selfRead/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated()")
    public RoleTO selfRead(@PathVariable("roleId") Long l) {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        SyncopeUser find2 = this.userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName());
        Set<Long> emptySet = find2 == null ? Collections.emptySet() : find2.getRoleIds();
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        roleIds.addAll(emptySet);
        if (roleIds.contains(find.getId())) {
            return this.binder.getRoleTO(find);
        }
        throw new UnauthorizedRoleException(find.getId());
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/parent/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO parent(@PathVariable("roleId") Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleFromId.getParent() == null || roleIds.contains(roleFromId.getParent().getId())) {
            return roleFromId.getParent() == null ? null : this.binder.getRoleTO(roleFromId.getParent());
        }
        throw new UnauthorizedRoleException(roleFromId.getParent().getId());
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/children/{roleId}"})
    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> children(@PathVariable("roleId") Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        List<SyncopeRole> findChildren = this.roleDAO.findChildren(roleFromId);
        ArrayList arrayList = new ArrayList(findChildren.size());
        for (SyncopeRole syncopeRole : findChildren) {
            if (roleIds.contains(syncopeRole.getId())) {
                arrayList.add(this.binder.getRoleTO(syncopeRole));
            }
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search"})
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> search(@RequestBody NodeCond nodeCond) throws InvalidSearchConditionException {
        return search(nodeCond, -1, -1);
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search/{page}/{size}"})
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_READ')")
    public List<RoleTO> search(@RequestBody NodeCond nodeCond, @PathVariable("page") int i, @PathVariable("size") int i2) throws InvalidSearchConditionException {
        if (!nodeCond.isValid()) {
            LOG.error("Invalid search condition: {}", nodeCond);
            throw new InvalidSearchConditionException();
        }
        List search = this.searchDAO.search(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond, i, i2, AttributableUtil.getInstance(AttributableType.ROLE));
        ArrayList arrayList = new ArrayList(search.size());
        Iterator it = search.iterator();
        while (it.hasNext()) {
            arrayList.add(this.binder.getRoleTO((SyncopeRole) it.next()));
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/search/count"})
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_READ')")
    public ModelAndView searchCount(@RequestBody NodeCond nodeCond) throws InvalidSearchConditionException {
        if (nodeCond.isValid()) {
            return new ModelAndView().addObject(Integer.valueOf(this.searchDAO.count(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), nodeCond, AttributableUtil.getInstance(AttributableType.ROLE))));
        }
        LOG.error("Invalid search condition: {}", nodeCond);
        throw new InvalidSearchConditionException();
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/list"})
    @Transactional(readOnly = true)
    public List<RoleTO> list() {
        List<SyncopeRole> findAll = this.roleDAO.findAll();
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<SyncopeRole> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(this.binder.getRoleTO(it.next()));
        }
        return arrayList;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/create"})
    @PreAuthorize("hasRole('ROLE_CREATE')")
    public RoleTO create(HttpServletResponse httpServletResponse, @RequestBody RoleTO roleTO) {
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleTO.getParent() != 0 && !roleIds.contains(Long.valueOf(roleTO.getParent()))) {
            throw new UnauthorizedRoleException(Long.valueOf(roleTO.getParent()));
        }
        RoleTO transform = this.attrTransformer.transform((AttributableTransformer) roleTO);
        LOG.debug("Transformed: {}", transform);
        WorkflowResult<Long> create = this.rwfAdapter.create(transform);
        EntitlementUtil.extendAuthContext(create.getResult());
        List<PropagationTask> roleCreateTaskIds = this.propagationManager.getRoleCreateTaskIds(create, transform.getVirtualAttributes());
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(roleCreateTaskIds, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", e);
            propagationReporter.onPrimaryResourceFailure(roleCreateTaskIds);
        }
        httpServletResponse.setStatus(201);
        RoleTO roleTO2 = this.binder.getRoleTO(create.getResult());
        roleTO2.setPropagationStatusTOs(propagationReporter.getStatuses());
        return roleTO2;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"/update"})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO update(@RequestBody RoleMod roleMod) {
        this.binder.getRoleFromId(Long.valueOf(roleMod.getId()));
        RoleMod transform = this.attrTransformer.transform((AttributableTransformer) roleMod);
        LOG.debug("Transformed: {}", transform);
        WorkflowResult<Long> update = this.rwfAdapter.update(transform);
        List<PropagationTask> roleUpdateTaskIds = this.propagationManager.getRoleUpdateTaskIds(update, transform.getVirtualAttributesToBeRemoved(), transform.getVirtualAttributesToBeUpdated());
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(roleUpdateTaskIds, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", e);
            propagationReporter.onPrimaryResourceFailure(roleUpdateTaskIds);
        }
        RoleTO roleTO = this.binder.getRoleTO(update.getResult());
        roleTO.setPropagationStatusTOs(propagationReporter.getStatuses());
        return roleTO;
    }

    @RequestMapping(method = {RequestMethod.GET}, value = {"/delete/{roleId}"})
    @PreAuthorize("hasRole('ROLE_DELETE')")
    public RoleTO delete(@PathVariable("roleId") Long l) {
        ArrayList<SyncopeRole> arrayList = new ArrayList();
        SyncopeRole find = this.roleDAO.find(l);
        if (find != null) {
            arrayList.add(find);
            List<SyncopeRole> findDescendants = this.roleDAO.findDescendants((SyncopeRole) arrayList.get(0));
            if (findDescendants != null) {
                arrayList.addAll(findDescendants);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        for (SyncopeRole syncopeRole : arrayList) {
            Iterator<WorkflowResult<Long>> it = this.binder.getUsersOnResourcesOnlyBecauseOfRole(syncopeRole.getId()).iterator();
            while (it.hasNext()) {
                arrayList2.addAll(this.propagationManager.getUserDeleteTaskIds(it.next()));
            }
            arrayList2.addAll(this.propagationManager.getRoleDeleteTaskIds(syncopeRole.getId()));
        }
        RoleTO roleTO = new RoleTO();
        roleTO.setId(l.longValue());
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(arrayList2, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", e);
            propagationReporter.onPrimaryResourceFailure(arrayList2);
        }
        roleTO.setPropagationStatusTOs(propagationReporter.getStatuses());
        this.rwfAdapter.delete(l);
        return roleTO;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.rest.controller.AbstractController
    /* renamed from: resolveReference, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
    public RoleTO mo115resolveReference(Method method, Object... objArr) throws UnresolvedReferenceException {
        Long l = null;
        if (ArrayUtils.isNotEmpty(objArr)) {
            for (int i = 0; l == null && i < objArr.length; i++) {
                if (objArr[i] instanceof Long) {
                    l = (Long) objArr[i];
                } else if (objArr[i] instanceof RoleTO) {
                    l = Long.valueOf(((RoleTO) objArr[i]).getId());
                } else if (objArr[i] instanceof RoleMod) {
                    l = Long.valueOf(((RoleMod) objArr[i]).getId());
                }
            }
        }
        if (l == null) {
            throw new UnresolvedReferenceException();
        }
        try {
            return this.binder.getRoleTO(l);
        } catch (Throwable th) {
            LOG.debug("Unresolved reference", th);
            throw new UnresolvedReferenceException(th);
        }
    }
}
