package de.adorsys.ledgers.middleware.rest.resource;

import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.um.AccountAccessTO;
import de.adorsys.ledgers.middleware.api.domain.um.ScaUserDataTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserCredentialsTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserRoleTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserTO;
import de.adorsys.ledgers.middleware.api.exception.MiddlewareErrorCode;
import de.adorsys.ledgers.middleware.api.exception.MiddlewareModuleException;
import de.adorsys.ledgers.middleware.api.service.MiddlewareOnlineBankingService;
import de.adorsys.ledgers.middleware.api.service.MiddlewareUserManagementService;
import de.adorsys.ledgers.middleware.rest.annotation.MiddlewareUserResource;
import de.adorsys.ledgers.middleware.rest.security.ScaInfoHolder;
import java.util.Collections;
import java.util.List;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.util.UriComponentsBuilder;

@RequestMapping({"/staff-access/users"})
@RestController
@MiddlewareUserResource
/* loaded from: input_file:de/adorsys/ledgers/middleware/rest/resource/UserMgmtStaffResource.class */
public class UserMgmtStaffResource implements UserMgmtStaffResourceAPI {
    private final MiddlewareOnlineBankingService onlineBankingService;
    private final MiddlewareUserManagementService middlewareUserService;
    private final ScaInfoHolder scaInfoHolder;

    public ResponseEntity<UserTO> register(String str, UserTO userTO) {
        if (this.middlewareUserService.countUsersByBranch(str) > 0) {
            throw MiddlewareModuleException.builder().errorCode(MiddlewareErrorCode.INSUFFICIENT_PERMISSION).devMsg("User cannot register for this branch. The branch is occupied by other user").build();
        }
        userTO.setBranch(str);
        userTO.setUserRoles(Collections.singletonList(UserRoleTO.STAFF));
        UserTO create = this.middlewareUserService.create(userTO);
        create.setPin((String) null);
        return ResponseEntity.ok(create);
    }

    public ResponseEntity<UserTO> modifyUser(String str, UserTO userTO) {
        return ResponseEntity.ok(this.middlewareUserService.updateUser(str, userTO));
    }

    public ResponseEntity<SCALoginResponseTO> login(UserCredentialsTO userCredentialsTO) {
        return ResponseEntity.ok(this.onlineBankingService.authorise(userCredentialsTO.getLogin(), userCredentialsTO.getPin(), UserRoleTO.STAFF));
    }

    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<UserTO> createUser(UserTO userTO) {
        userTO.setBranch(this.middlewareUserService.findById(this.scaInfoHolder.getScaInfo().getUserId()).getBranch());
        userTO.getUserRoles().remove(UserRoleTO.SYSTEM);
        userTO.getUserRoles().remove(UserRoleTO.TECHNICAL);
        UserTO create = this.middlewareUserService.create(userTO);
        create.setPin((String) null);
        return ResponseEntity.ok(create);
    }

    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<List<UserTO>> getBranchUsersByRoles(List<UserRoleTO> list) {
        return ResponseEntity.ok(this.middlewareUserService.getUsersByBranchAndRoles(this.middlewareUserService.findById(this.scaInfoHolder.getScaInfo().getUserId()).getBranch(), list));
    }

    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<UserTO> getBranchUserById(String str) {
        return ResponseEntity.ok(findUserForBranch(str));
    }

    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<Void> updateUserScaData(String str, List<ScaUserDataTO> list) {
        return ResponseEntity.created(UriComponentsBuilder.fromUriString("/staff-access/users/" + this.middlewareUserService.updateScaData(findUserForBranch(str).getLogin(), list).getId()).build().toUri()).build();
    }

    @PreAuthorize("hasRole('STAFF')")
    public ResponseEntity<Void> updateAccountAccessForUser(String str, AccountAccessTO accountAccessTO) {
        this.middlewareUserService.updateAccountAccess(this.scaInfoHolder.getScaInfo(), str, accountAccessTO);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    private UserTO findUserForBranch(String str) {
        UserTO findById = this.middlewareUserService.findById(this.scaInfoHolder.getScaInfo().getUserId());
        UserTO findById2 = this.middlewareUserService.findById(str);
        if (findById.getBranch().equals(findById2.getBranch())) {
            return findById2;
        }
        throw MiddlewareModuleException.builder().errorCode(MiddlewareErrorCode.INSUFFICIENT_PERMISSION).devMsg("User is not your branch").build();
    }

    public UserMgmtStaffResource(MiddlewareOnlineBankingService middlewareOnlineBankingService, MiddlewareUserManagementService middlewareUserManagementService, ScaInfoHolder scaInfoHolder) {
        this.onlineBankingService = middlewareOnlineBankingService;
        this.middlewareUserService = middlewareUserManagementService;
        this.scaInfoHolder = scaInfoHolder;
    }
}
