package sirius.biz.tenants;

import java.util.Collections;
import java.util.List;
import java.util.Optional;
import sirius.biz.model.LoginData;
import sirius.biz.model.PermissionData;
import sirius.biz.model.PersonData;
import sirius.biz.web.BizController;
import sirius.biz.web.PageHelper;
import sirius.db.mixing.Column;
import sirius.db.mixing.Constraint;
import sirius.db.mixing.Entity;
import sirius.db.mixing.SmartQuery;
import sirius.db.mixing.constraints.Like;
import sirius.kernel.commons.Context;
import sirius.kernel.commons.Strings;
import sirius.kernel.di.std.ConfigValue;
import sirius.kernel.di.std.Framework;
import sirius.kernel.di.std.Part;
import sirius.kernel.di.std.Register;
import sirius.kernel.health.Exceptions;
import sirius.kernel.nls.NLS;
import sirius.web.controller.AutocompleteHelper;
import sirius.web.controller.Controller;
import sirius.web.controller.DefaultRoute;
import sirius.web.controller.Message;
import sirius.web.controller.Routed;
import sirius.web.http.WebContext;
import sirius.web.mails.Mails;
import sirius.web.security.LoginRequired;
import sirius.web.security.Permission;
import sirius.web.security.UserContext;
import sirius.web.services.JSONStructuredOutput;

@Framework("tenants")
@Register(classes = {Controller.class})
/* loaded from: input_file:sirius/biz/tenants/UserAccountController.class */
public class UserAccountController extends BizController {
    public static final String PERMISSION_MANAGE_USER_ACCOUNTS = "permission-manage-user-accounts";
    private static final String PARAM_PASSWORD = "password";
    private static final String PARAM_CONFIRMATION = "confirmation";
    private static final String PARAM_NAME = "name";
    private static final String PARAM_USERNAME = "username";
    private static final String PARAM_URL = "url";
    private static final String PARAM_EMAIL = "email";
    private static final String PARAM_REASON = "reason";

    @Part
    private Mails mails;

    @ConfigValue("product.wondergemRoot")
    private String wondergemRoot;

    @ConfigValue("security.roles")
    private List<String> roles;

    @LoginRequired
    @Routed("/user-accounts")
    @DefaultRoute
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void accounts(WebContext webContext) {
        PageHelper withQuery = PageHelper.withQuery(this.oma.select(UserAccount.class).orderAsc(UserAccount.PERSON.inner(PersonData.LASTNAME)).orderAsc(UserAccount.PERSON.inner(PersonData.FIRSTNAME)));
        withQuery.forCurrentTenant();
        withQuery.withContext(webContext);
        withQuery.withSearchFields(UserAccount.EMAIL, UserAccount.LOGIN.inner(LoginData.USERNAME), UserAccount.PERSON.inner(PersonData.FIRSTNAME), UserAccount.PERSON.inner(PersonData.LASTNAME));
        webContext.respondWith().template("view/tenants/user-accounts.html", new Object[]{withQuery.asPage()});
    }

    @Routed("/user-account/:1")
    @LoginRequired
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void account(WebContext webContext, String str) {
        UserAccount userAccount = (UserAccount) findForTenant(UserAccount.class, str);
        if (prepareSave(webContext).withAfterCreateURI("/user-account/${id}").withAfterSaveURI("/user-accounts").withPreSaveHandler(bool -> {
            userAccount.getPermissions().getPermissions().clear();
            for (String str2 : webContext.getParameters("roles")) {
                if (getRoles().contains(str2)) {
                    userAccount.getPermissions().getPermissions().add(str2);
                }
            }
        }).saveEntity(userAccount)) {
            return;
        }
        validate(userAccount);
        webContext.respondWith().template("view/tenants/user-account-details.html", new Object[]{userAccount, this});
    }

    @Routed("/user-account/:1/config")
    @LoginRequired
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void accountConfig(WebContext webContext, String str) {
        UserAccount userAccount = (UserAccount) findForTenant(UserAccount.class, str);
        assertNotNew(userAccount);
        webContext.respondWith().template("view/tenants/user-account-config.html", new Object[]{userAccount});
    }

    @Routed(value = "/user-account/:1/update", jsonCall = true)
    @LoginRequired
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void accountUpdate(WebContext webContext, JSONStructuredOutput jSONStructuredOutput, String str) {
        UserAccount userAccount = (UserAccount) findForTenant(UserAccount.class, str);
        assertNotNew(userAccount);
        load(webContext, userAccount);
        if (webContext.hasParameter(UserAccount.PERMISSIONS.inner(PermissionData.CONFIG_STRING).getName())) {
            userAccount.getPermissions().getConfig();
        }
        this.oma.update(userAccount);
    }

    public List<String> getRoles() {
        return Collections.unmodifiableList(this.roles);
    }

    public String getRoleName(String str) {
        return NLS.get("Role." + str);
    }

    public String getRoleDescription(String str) {
        return NLS.get("Role." + str + ".description");
    }

    @Routed("/user-account/:1/password")
    @LoginRequired
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void password(WebContext webContext, String str) {
        UserAccount userAccount = (UserAccount) findForTenant(UserAccount.class, str);
        assertNotNew(userAccount);
        if (webContext.isPOST()) {
            try {
                String asString = webContext.get(PARAM_PASSWORD).asString();
                String asString2 = webContext.get(PARAM_CONFIRMATION).asString();
                if (Strings.isEmpty(asString) || asString.length() < userAccount.getMinPasswordLength()) {
                    UserContext.setFieldError(PARAM_PASSWORD, (Object) null);
                    throw Exceptions.createHandled().withNLSKey("Model.password.minLengthError").set("minChars", Integer.valueOf(userAccount.getMinPasswordLength())).handle();
                }
                if (!Strings.areEqual(asString, asString2)) {
                    UserContext.setFieldError(PARAM_CONFIRMATION, (Object) null);
                    throw Exceptions.createHandled().withNLSKey("Model.password.confirmationMismatch").handle();
                }
                userAccount.getLogin().setCleartextPassword(asString);
                this.oma.update(userAccount);
                showSavedMessage();
                accounts(webContext);
                return;
            } catch (Exception e) {
                UserContext.handle(e);
            }
        }
        webContext.respondWith().template("view/tenants/user-account-password.html", new Object[]{userAccount});
    }

    @Routed("/user-account/:1/generate-password")
    @LoginRequired
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void generatePassword(WebContext webContext, String str) {
        UserAccount userAccount = (UserAccount) findForTenant(UserAccount.class, str);
        assertNotNew(userAccount);
        userAccount.getLogin().setGeneratedPassword(Strings.generatePassword());
        this.oma.update(userAccount);
        showSavedMessage();
        if (Strings.isFilled(userAccount.getEmail())) {
            this.mails.createEmail().useMailTemplate("user-account-password", Context.create().set(PARAM_PASSWORD, userAccount.getLogin().getGeneratedPassword()).set(PARAM_NAME, userAccount.getPerson().getAddressableName()).set(PARAM_USERNAME, userAccount.getLogin().getUsername()).set(PARAM_URL, getBaseUrl())).to(userAccount.getEmail(), userAccount.getPerson().toString()).send();
        }
        accounts(webContext);
    }

    @Routed(value = "/forgotPassword", jsonCall = true)
    public void forgotPassword(WebContext webContext, JSONStructuredOutput jSONStructuredOutput) {
        List queryList = this.oma.select(UserAccount.class).eq(UserAccount.EMAIL, webContext.get(PARAM_EMAIL).asString()).limit(2).queryList();
        if (queryList.isEmpty()) {
            throw Exceptions.createHandled().withNLSKey("UserAccountController.noUserFoundForEmail").handle();
        }
        if (queryList.size() > 1) {
            throw Exceptions.createHandled().withNLSKey("UserAccountController.tooManyUsersFoundForEmail").handle();
        }
        UserAccount userAccount = (UserAccount) queryList.get(0);
        if (userAccount.getLogin().isAccountLocked()) {
            throw Exceptions.createHandled().withNLSKey("LoginData.accountIsLocked").handle();
        }
        userAccount.getLogin().setGeneratedPassword(Strings.generatePassword());
        this.oma.update(userAccount);
        if (Strings.isFilled(userAccount.getEmail())) {
            this.mails.createEmail().useMailTemplate("user-account-password", Context.create().set(PARAM_REASON, NLS.fmtr("UserAccountController.forgotPassword.reason").set("ip", webContext.getRemoteIP().toString()).format()).set(PARAM_PASSWORD, userAccount.getLogin().getGeneratedPassword()).set(PARAM_NAME, userAccount.getPerson().getAddressableName()).set(PARAM_USERNAME, userAccount.getLogin().getUsername()).set(PARAM_URL, getBaseUrl())).to(userAccount.getEmail(), userAccount.getPerson().toString()).send();
        }
    }

    @LoginRequired
    @Routed("/user-account/:1/delete")
    @Permission(PERMISSION_MANAGE_USER_ACCOUNTS)
    public void deleteAdmin(WebContext webContext, String str) {
        Optional tryFindForTenant = tryFindForTenant(UserAccount.class, str);
        if (tryFindForTenant.isPresent()) {
            this.oma.delete((Entity) tryFindForTenant.get());
            showDeletedMessage();
        }
        accounts(webContext);
    }

    @Routed("/logout")
    public void logout(WebContext webContext) {
        UserContext.get().getUserManager().detachFromSession(getUser(), webContext);
        webContext.respondWith().redirectTemporarily(this.wondergemRoot);
    }

    @Routed("/user-accounts/autocomplete")
    public void usersAutocomplete(WebContext webContext) {
        AutocompleteHelper.handle(webContext, (str, consumer) -> {
            this.oma.select(UserAccount.class).eq(UserAccount.TENANT, Long.valueOf(currentTenant().getId())).where(new Constraint[]{Like.allWordsInAnyField(str, new Column[]{UserAccount.EMAIL, UserAccount.LOGIN.inner(LoginData.USERNAME), UserAccount.PERSON.inner(PersonData.FIRSTNAME), UserAccount.PERSON.inner(PersonData.LASTNAME)})}).limit(10).iterateAll(userAccount -> {
                consumer.accept(new AutocompleteHelper.Completion(userAccount.getIdAsString(), userAccount.toString(), userAccount.toString()));
            });
        });
    }

    @Routed("/user-accounts/select")
    @LoginRequired
    @Permission(TenantUserManager.PERMISSION_SELECT_USER_ACCOUNT)
    public void selectUserAccounts(WebContext webContext) {
        SmartQuery orderAsc = this.oma.select(UserAccount.class).orderAsc(UserAccount.PERSON.inner(PersonData.LASTNAME)).orderAsc(UserAccount.PERSON.inner(PersonData.FIRSTNAME));
        if (!UserContext.getCurrentUser().hasPermission(TenantUserManager.PERMISSION_SYSTEM_TENANT)) {
            orderAsc.eq(UserAccount.TENANT, currentTenant());
        }
        orderAsc.fields(new Column[]{Entity.ID, UserAccount.PERSON.inner(PersonData.LASTNAME), UserAccount.PERSON.inner(PersonData.FIRSTNAME), UserAccount.LOGIN.inner(LoginData.USERNAME), UserAccount.TENANT.join(Tenant.NAME), UserAccount.TENANT.join(Tenant.ACCOUNT_NUMBER)});
        PageHelper withQuery = PageHelper.withQuery(orderAsc);
        withQuery.withContext(webContext);
        withQuery.withSearchFields(UserAccount.PERSON.inner(PersonData.LASTNAME), UserAccount.PERSON.inner(PersonData.FIRSTNAME), UserAccount.LOGIN.inner(LoginData.USERNAME), UserAccount.EMAIL, UserAccount.TENANT.join(Tenant.NAME), UserAccount.TENANT.join(Tenant.ACCOUNT_NUMBER));
        webContext.respondWith().template("view/tenants/select-user-account.html", new Object[]{withQuery.asPage(), Boolean.valueOf(isCurrentlySpying(webContext))});
    }

    private boolean isCurrentlySpying(WebContext webContext) {
        return webContext.getSessionValue(UserContext.getCurrentScope().getScopeId() + TenantUserManager.SPY_ID_SUFFIX).isFilled();
    }

    @LoginRequired
    @Routed("/user-accounts/select/:1")
    public void selectUserAccount(WebContext webContext, String str) {
        if ("main".equals(str)) {
            webContext.setSessionValue(UserContext.getCurrentScope().getScopeId() + TenantUserManager.SPY_ID_SUFFIX, (Object) null);
            webContext.respondWith().redirectTemporarily("/user-accounts/select");
            return;
        }
        assertPermission(TenantUserManager.PERMISSION_SELECT_USER_ACCOUNT);
        UserAccount userAccount = (UserAccount) this.oma.find(UserAccount.class, str).orElse(null);
        if (userAccount == null) {
            UserContext.get().addMessage(Message.error(NLS.get("UserAccountController.cannotBecomeUser")));
            selectUserAccounts(webContext);
        } else {
            if (!UserContext.getCurrentUser().hasPermission(TenantUserManager.PERMISSION_SYSTEM_TENANT)) {
                assertTenant(userAccount);
            }
            webContext.setSessionValue(UserContext.getCurrentScope().getScopeId() + TenantUserManager.SPY_ID_SUFFIX, userAccount.getUniqueName());
            webContext.respondWith().redirectTemporarily(webContext.get("goto").asString(this.wondergemRoot));
        }
    }
}
