package org.apache.syncope.core.rest.controller;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.common.SyncopeClientException;
import org.apache.syncope.common.mod.RoleMod;
import org.apache.syncope.common.reqres.BulkAction;
import org.apache.syncope.common.reqres.BulkActionResult;
import org.apache.syncope.common.to.AbstractAttributableTO;
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.to.TaskExecTO;
import org.apache.syncope.common.types.ClientExceptionType;
import org.apache.syncope.common.types.SubjectType;
import org.apache.syncope.core.init.JobInstanceLoader;
import org.apache.syncope.core.persistence.beans.PropagationTask;
import org.apache.syncope.core.persistence.beans.SchedTask;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.NotFoundException;
import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.persistence.dao.SubjectSearchDAO;
import org.apache.syncope.core.persistence.dao.TaskDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.persistence.dao.search.OrderByClause;
import org.apache.syncope.core.persistence.dao.search.SearchCond;
import org.apache.syncope.core.propagation.PropagationException;
import org.apache.syncope.core.propagation.PropagationReporter;
import org.apache.syncope.core.propagation.PropagationTaskExecutor;
import org.apache.syncope.core.propagation.impl.PropagationManager;
import org.apache.syncope.core.quartz.AbstractTaskJob;
import org.apache.syncope.core.quartz.RoleMemberProvisionTaskJob;
import org.apache.syncope.core.rest.data.AttributableTransformer;
import org.apache.syncope.core.rest.data.RoleDataBinder;
import org.apache.syncope.core.util.ApplicationContextProvider;
import org.apache.syncope.core.util.EntitlementUtil;
import org.apache.syncope.core.workflow.WorkflowResult;
import org.apache.syncope.core.workflow.role.RoleWorkflowAdapter;
import org.quartz.JobDataMap;
import org.quartz.JobKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.quartz.SchedulerFactoryBean;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.interceptor.TransactionInterceptor;

@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/rest/controller/RoleController.class */
public class RoleController extends AbstractSubjectController<RoleTO, RoleMod> {

    @Autowired
    protected RoleDAO roleDAO;

    @Autowired
    protected UserDAO userDAO;

    @Autowired
    protected SubjectSearchDAO searchDAO;

    @Autowired
    protected TaskDAO taskDAO;

    @Autowired
    protected RoleDataBinder binder;

    @Autowired
    protected RoleWorkflowAdapter rwfAdapter;

    @Autowired
    protected PropagationManager propagationManager;

    @Autowired
    protected PropagationTaskExecutor taskExecutor;

    @Autowired
    protected AttributableTransformer attrTransformer;

    @Autowired
    protected JobInstanceLoader jobInstanceLoader;

    @Autowired
    protected SchedulerFactoryBean scheduler;

    @Resource(name = "anonymousUser")
    protected String anonymousUser;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_READ', T(org.apache.syncope.common.SyncopeConstants).ANONYMOUS_ENTITLEMENT)")
    public RoleTO read(Long l) {
        SyncopeRole find = this.anonymousUser.equals(EntitlementUtil.getAuthenticatedUsername()) ? this.roleDAO.find(l) : this.binder.getRoleFromId(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        return this.binder.getRoleTO(find, true);
    }

    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated() and not(hasRole(T(org.apache.syncope.common.SyncopeConstants).ANONYMOUS_ENTITLEMENT))")
    public RoleTO readSelf(Long l) {
        SyncopeRole find = this.roleDAO.find(l);
        if (find == null) {
            throw new NotFoundException("Role " + l);
        }
        SyncopeUser find2 = this.userDAO.find(EntitlementUtil.getAuthenticatedUsername());
        Set<Long> emptySet = find2 == null ? Collections.emptySet() : find2.getRoleIds();
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        roleIds.addAll(emptySet);
        if (roleIds.contains(find.getId())) {
            return this.binder.getRoleTO(find, true);
        }
        throw new UnauthorizedRoleException(find.getId());
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_READ')")
    public RoleTO parent(Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleFromId.getParent() == null || roleIds.contains(roleFromId.getParent().getId())) {
            return roleFromId.getParent() == null ? null : this.binder.getRoleTO(roleFromId.getParent(), true);
        }
        throw new UnauthorizedRoleException(roleFromId.getParent().getId());
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ROLE_LIST')")
    public List<RoleTO> children(Long l) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        List<SyncopeRole> findChildren = this.roleDAO.findChildren(roleFromId);
        ArrayList arrayList = new ArrayList(findChildren.size());
        for (SyncopeRole syncopeRole : findChildren) {
            if (roleIds.contains(syncopeRole.getId())) {
                arrayList.add(this.binder.getRoleTO(syncopeRole, true));
            }
        }
        return arrayList;
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("isAuthenticated()")
    public int count() {
        return this.roleDAO.count();
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @Transactional(readOnly = true)
    @PreAuthorize("isAuthenticated()")
    public List<RoleTO> list(int i, int i2, List<OrderByClause> list, boolean z) {
        List<SyncopeRole> findAll = this.roleDAO.findAll(i, i2, list);
        ArrayList arrayList = new ArrayList(findAll.size());
        Iterator<SyncopeRole> it = findAll.iterator();
        while (it.hasNext()) {
            arrayList.add(this.binder.getRoleTO(it.next(), z));
        }
        return arrayList;
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("isAuthenticated()")
    public int searchCount(SearchCond searchCond) {
        return this.searchDAO.count(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), searchCond, SubjectType.ROLE);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @Transactional(readOnly = true, rollbackFor = {Throwable.class})
    @PreAuthorize("isAuthenticated()")
    public List<RoleTO> search(SearchCond searchCond, int i, int i2, List<OrderByClause> list, boolean z) {
        List search = this.searchDAO.search(EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames()), searchCond, i, i2, list, SubjectType.ROLE);
        ArrayList arrayList = new ArrayList(search.size());
        Iterator it = search.iterator();
        while (it.hasNext()) {
            arrayList.add(this.binder.getRoleTO((SyncopeRole) it.next(), z));
        }
        return arrayList;
    }

    @PreAuthorize("hasRole('ROLE_CREATE')")
    public RoleTO create(RoleTO roleTO) {
        Set<Long> roleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
        if (roleTO.getParent() != 0 && !roleIds.contains(Long.valueOf(roleTO.getParent()))) {
            throw new UnauthorizedRoleException(Long.valueOf(roleTO.getParent()));
        }
        RoleTO roleTO2 = (RoleTO) this.attrTransformer.transform((AttributableTransformer) roleTO);
        LOG.debug("Transformed: {}", roleTO2);
        WorkflowResult<Long> create = this.rwfAdapter.create(roleTO2);
        EntitlementUtil.extendAuthContext(create.getResult());
        List<PropagationTask> roleCreateTaskIds = this.propagationManager.getRoleCreateTaskIds(create, roleTO2.getVirAttrs());
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(roleCreateTaskIds, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", (Throwable) e);
            propagationReporter.onPrimaryResourceFailure(roleCreateTaskIds);
        }
        RoleTO roleTO3 = this.binder.getRoleTO(create.getResult());
        roleTO3.getPropagationStatusTOs().addAll(propagationReporter.getStatuses());
        return roleTO3;
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO update(RoleMod roleMod) {
        this.binder.getRoleFromId(Long.valueOf(roleMod.getId()));
        RoleMod roleMod2 = (RoleMod) this.attrTransformer.transform((AttributableTransformer) roleMod);
        LOG.debug("Transformed: {}", roleMod2);
        WorkflowResult<Long> update = this.rwfAdapter.update(roleMod2);
        List<PropagationTask> roleUpdateTaskIds = this.propagationManager.getRoleUpdateTaskIds(update, roleMod2.getVirAttrsToRemove(), roleMod2.getVirAttrsToUpdate());
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(roleUpdateTaskIds, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", (Throwable) e);
            propagationReporter.onPrimaryResourceFailure(roleUpdateTaskIds);
        }
        RoleTO roleTO = this.binder.getRoleTO(update.getResult());
        roleTO.getPropagationStatusTOs().addAll(propagationReporter.getStatuses());
        return roleTO;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.syncope.core.rest.controller.AbstractSubjectController
    @PreAuthorize("hasRole('ROLE_DELETE')")
    public RoleTO delete(Long l) {
        List<SyncopeRole> findDescendants;
        List<SyncopeRole> findOwnedByRole = this.roleDAO.findOwnedByRole(l);
        if (!findOwnedByRole.isEmpty()) {
            ArrayList arrayList = new ArrayList(findOwnedByRole.size());
            for (SyncopeRole syncopeRole : findOwnedByRole) {
                arrayList.add(syncopeRole.getId() + " " + syncopeRole.getName());
            }
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.RoleOwnership);
            build.getElements().addAll(arrayList);
            throw build;
        }
        ArrayList<SyncopeRole> arrayList2 = new ArrayList();
        SyncopeRole find = this.roleDAO.find(l);
        if (find != null && (findDescendants = this.roleDAO.findDescendants(find)) != null) {
            arrayList2.addAll(findDescendants);
        }
        ArrayList arrayList3 = new ArrayList();
        for (SyncopeRole syncopeRole2 : arrayList2) {
            Iterator<WorkflowResult<Long>> it = this.binder.getUsersOnResourcesOnlyBecauseOfRole(syncopeRole2.getId()).iterator();
            while (it.hasNext()) {
                arrayList3.addAll(this.propagationManager.getUserDeleteTaskIds(it.next()));
            }
            arrayList3.addAll(this.propagationManager.getRoleDeleteTaskIds(syncopeRole2.getId()));
        }
        RoleTO roleTO = new RoleTO();
        roleTO.setId(l.longValue());
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(arrayList3, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", (Throwable) e);
            propagationReporter.onPrimaryResourceFailure(arrayList3);
        }
        roleTO.getPropagationStatusTOs().addAll(propagationReporter.getStatuses());
        this.rwfAdapter.delete(l);
        return roleTO;
    }

    protected TaskExecTO startRoleMemberProvisionTask(Long l, RoleMemberProvisionTaskJob.Action action) {
        SchedTask schedTask = new SchedTask();
        schedTask.setName("Bulk member provision for role " + l);
        schedTask.setJobClassName(RoleMemberProvisionTaskJob.class.getName());
        SchedTask schedTask2 = (SchedTask) this.taskDAO.save(schedTask);
        try {
            this.jobInstanceLoader.registerJob(schedTask2, schedTask2.getJobClassName(), schedTask2.getCronExpression());
            JobDataMap jobDataMap = new JobDataMap();
            jobDataMap.put(AbstractTaskJob.DRY_RUN_JOBDETAIL_KEY, false);
            jobDataMap.put(RoleMemberProvisionTaskJob.PROVISION_ACTION_JOBDETAIL_KEY, (Object) action);
            jobDataMap.put(RoleMemberProvisionTaskJob.ROLE_ID_JOBDETAIL_KEY, (Object) l);
            this.scheduler.getScheduler().triggerJob(new JobKey(JobInstanceLoader.getJobName(schedTask2), "DEFAULT"), jobDataMap);
            TaskExecTO taskExecTO = new TaskExecTO();
            taskExecTO.setTask(schedTask2.getId().longValue());
            taskExecTO.setStartDate(new Date());
            taskExecTO.setStatus("JOB_FIRED");
            taskExecTO.setMessage("Job fired; waiting for results...");
            return taskExecTO;
        } catch (Exception e) {
            LOG.error("While executing task {}", schedTask2, e);
            SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.Scheduling);
            build.getElements().add(e.getMessage());
            throw build;
        }
    }

    @Transactional
    @PreAuthorize("hasRole('TASK_CREATE') and hasRole('TASK_EXECUTE')")
    public TaskExecTO bulkProvisionMembers(Long l) {
        return startRoleMemberProvisionTask(l, RoleMemberProvisionTaskJob.Action.PROVISION);
    }

    @Transactional
    @PreAuthorize("hasRole('TASK_CREATE') and hasRole('TASK_EXECUTE')")
    public TaskExecTO bulkDeprovisionMembers(Long l) {
        return startRoleMemberProvisionTask(l, RoleMemberProvisionTaskJob.Action.DEPROVISION);
    }

    @PreAuthorize("(hasRole('ROLE_DELETE') and #bulkAction.operation == #bulkAction.operation.DELETE)")
    public BulkActionResult bulk(BulkAction bulkAction) {
        BulkActionResult bulkActionResult = new BulkActionResult();
        if (bulkAction.getOperation() == BulkAction.Type.DELETE) {
            for (String str : bulkAction.getTargets()) {
                try {
                    bulkActionResult.add(Long.valueOf(delete(Long.valueOf(str)).getId()), BulkActionResult.Status.SUCCESS);
                } catch (Exception e) {
                    LOG.error("Error performing delete for role {}", str, e);
                    bulkActionResult.add(str, BulkActionResult.Status.FAILURE);
                }
            }
        } else {
            LOG.warn("Unsupported bulk action: {}", bulkAction.getOperation());
        }
        return bulkActionResult;
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO unlink(Long l, Collection<String> collection) {
        RoleMod roleMod = new RoleMod();
        roleMod.setId(l.longValue());
        roleMod.getResourcesToRemove().addAll(collection);
        return this.binder.getRoleTO(this.rwfAdapter.update(roleMod).getResult());
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO link(Long l, Collection<String> collection) {
        RoleMod roleMod = new RoleMod();
        roleMod.setId(l.longValue());
        roleMod.getResourcesToAdd().addAll(collection);
        return this.binder.getRoleTO(this.rwfAdapter.update(roleMod).getResult());
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO unassign(Long l, Collection<String> collection) {
        RoleMod roleMod = new RoleMod();
        roleMod.setId(l.longValue());
        roleMod.getResourcesToRemove().addAll(collection);
        return update(roleMod);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO assign(Long l, Collection<String> collection, boolean z, String str) {
        RoleMod roleMod = new RoleMod();
        roleMod.setId(l.longValue());
        roleMod.getResourcesToAdd().addAll(collection);
        return update(roleMod);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO deprovision(Long l, Collection<String> collection) {
        SyncopeRole roleFromId = this.binder.getRoleFromId(l);
        Set<String> resourceNames = roleFromId.getResourceNames();
        resourceNames.removeAll(collection);
        List<PropagationTask> roleDeleteTaskIds = this.propagationManager.getRoleDeleteTaskIds(l, new HashSet(collection), resourceNames);
        PropagationReporter propagationReporter = (PropagationReporter) ApplicationContextProvider.getApplicationContext().getBean(PropagationReporter.class);
        try {
            this.taskExecutor.execute(roleDeleteTaskIds, propagationReporter);
        } catch (PropagationException e) {
            LOG.error("Error propagation primary resource", (Throwable) e);
            propagationReporter.onPrimaryResourceFailure(roleDeleteTaskIds);
        }
        RoleTO roleTO = this.binder.getRoleTO(roleFromId, true);
        roleTO.getPropagationStatusTOs().addAll(propagationReporter.getStatuses());
        return roleTO;
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public RoleTO provision(Long l, Collection<String> collection, boolean z, String str) {
        RoleTO roleTO = this.binder.getRoleTO(l);
        roleTO.getPropagationStatusTOs().addAll(assign(l, collection, z, str).getPropagationStatusTOs());
        TransactionInterceptor.currentTransactionStatus().setRollbackOnly();
        return roleTO;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.rest.controller.AbstractController
    public RoleTO resolveReference(Method method, Object... objArr) throws UnresolvedReferenceException {
        Long l = null;
        if (ArrayUtils.isNotEmpty(objArr)) {
            for (int i = 0; l == null && i < objArr.length; i++) {
                if (objArr[i] instanceof Long) {
                    l = (Long) objArr[i];
                } else if (objArr[i] instanceof RoleTO) {
                    l = Long.valueOf(((RoleTO) objArr[i]).getId());
                } else if (objArr[i] instanceof RoleMod) {
                    l = Long.valueOf(((RoleMod) objArr[i]).getId());
                }
            }
        }
        if (l == null || l.equals(0L)) {
            throw new UnresolvedReferenceException();
        }
        try {
            return this.binder.getRoleTO(l);
        } catch (Throwable th) {
            LOG.debug("Unresolved reference", th);
            throw new UnresolvedReferenceException(th);
        }
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public /* bridge */ /* synthetic */ AbstractAttributableTO provision(Long l, Collection collection, boolean z, String str) {
        return provision(l, (Collection<String>) collection, z, str);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public /* bridge */ /* synthetic */ AbstractAttributableTO deprovision(Long l, Collection collection) {
        return deprovision(l, (Collection<String>) collection);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public /* bridge */ /* synthetic */ AbstractAttributableTO assign(Long l, Collection collection, boolean z, String str) {
        return assign(l, (Collection<String>) collection, z, str);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public /* bridge */ /* synthetic */ AbstractAttributableTO unassign(Long l, Collection collection) {
        return unassign(l, (Collection<String>) collection);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public /* bridge */ /* synthetic */ AbstractAttributableTO link(Long l, Collection collection) {
        return link(l, (Collection<String>) collection);
    }

    @Override // org.apache.syncope.core.rest.controller.AbstractResourceAssociator
    @Transactional(rollbackFor = {Throwable.class})
    @PreAuthorize("hasRole('ROLE_UPDATE')")
    public /* bridge */ /* synthetic */ AbstractAttributableTO unlink(Long l, Collection collection) {
        return unlink(l, (Collection<String>) collection);
    }
}
