package org.camunda.bpm.admin.impl.web;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Iterator;
import java.util.ServiceLoader;
import javax.servlet.ServletException;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Providers;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.engine.rest.dto.identity.UserDto;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.engine.rest.exception.RestException;
import org.camunda.bpm.engine.rest.impl.UserRestServiceImpl;
import org.camunda.bpm.engine.rest.spi.ProcessEngineProvider;
import org.camunda.bpm.engine.rest.util.ProvidersUtil;
import org.camunda.bpm.webapp.impl.security.SecurityActions;

@Path("/setup/{engine}")
/* loaded from: input_file:org/camunda/bpm/admin/impl/web/SetupResource.class */
public class SetupResource {

    @Context
    protected Providers providers;

    @Path("/user/create")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public void createInitialUser(@PathParam("engine") String str, UserDto userDto) throws IOException, ServletException {
        ProcessEngine lookupProcessEngine = lookupProcessEngine(str);
        if (lookupProcessEngine == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Process Engine '" + str + "' does not exist.");
        }
        SecurityActions.runWithoutAuthentication(() -> {
            createInitialUserInternal(str, userDto, lookupProcessEngine);
            return null;
        }, lookupProcessEngine);
    }

    private void createInitialUserInternal(String str, UserDto userDto, ProcessEngine processEngine) {
        ObjectMapper objectMapper = getObjectMapper();
        ensureSetupAvailable(processEngine);
        new UserRestServiceImpl(str, objectMapper).createUser(userDto);
        ensureCamundaAdminGroupExists(processEngine);
        processEngine.getIdentityService().createMembership(userDto.getProfile().getId(), "camunda-admin");
    }

    private ObjectMapper getObjectMapper() {
        if (this.providers == null) {
            return null;
        }
        return (ObjectMapper) ProvidersUtil.resolveFromContext(this.providers, ObjectMapper.class, MediaType.APPLICATION_JSON_TYPE, getClass());
    }

    private void ensureCamundaAdminGroupExists(ProcessEngine processEngine) {
        IdentityService identityService = processEngine.getIdentityService();
        AuthorizationService authorizationService = processEngine.getAuthorizationService();
        if (identityService.createGroupQuery().groupId("camunda-admin").count() == 0) {
            Group newGroup = identityService.newGroup("camunda-admin");
            newGroup.setName("camunda BPM Administrators");
            newGroup.setType("SYSTEM");
            identityService.saveGroup(newGroup);
        }
        for (Resource resource : Resources.values()) {
            if (authorizationService.createAuthorizationQuery().groupIdIn(new String[]{"camunda-admin"}).resourceType(resource).resourceId("*").count() == 0) {
                AuthorizationEntity authorizationEntity = new AuthorizationEntity(1);
                authorizationEntity.setGroupId("camunda-admin");
                authorizationEntity.setResource(resource);
                authorizationEntity.setResourceId("*");
                authorizationEntity.addPermission(Permissions.ALL);
                authorizationService.saveAuthorization(authorizationEntity);
            }
        }
    }

    private void ensureSetupAvailable(ProcessEngine processEngine) {
        IdentityService identityService = processEngine.getIdentityService();
        if (identityService.isReadOnly() || identityService.createUserQuery().memberOfGroup("camunda-admin").count() > 0) {
            throw new InvalidRequestException(Response.Status.FORBIDDEN, "Setup action not available");
        }
    }

    private ProcessEngine lookupProcessEngine(String str) {
        Iterator it = ServiceLoader.load(ProcessEngineProvider.class).iterator();
        if (it.hasNext()) {
            return ((ProcessEngineProvider) it.next()).getProcessEngine(str);
        }
        throw new RestException(Response.Status.BAD_REQUEST, "Could not find an implementation of the " + ProcessEngineProvider.class + "- SPI");
    }
}
