package org.camunda.bpm.engine.rest.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.AuthorizationQuery;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.impl.identity.Authentication;
import org.camunda.bpm.engine.rest.AuthorizationRestService;
import org.camunda.bpm.engine.rest.dto.AbstractReportDto;
import org.camunda.bpm.engine.rest.dto.CountResultDto;
import org.camunda.bpm.engine.rest.dto.ResourceOptionsDto;
import org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCheckResultDto;
import org.camunda.bpm.engine.rest.dto.authorization.AuthorizationCreateDto;
import org.camunda.bpm.engine.rest.dto.authorization.AuthorizationDto;
import org.camunda.bpm.engine.rest.dto.authorization.AuthorizationQueryDto;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.engine.rest.sub.authorization.AuthorizationResource;
import org.camunda.bpm.engine.rest.sub.authorization.impl.AuthorizationResourceImpl;
import org.camunda.bpm.engine.rest.util.ResourceUtil;

/* loaded from: input_file:WEB-INF/lib/camunda-engine-rest-core-7.12.0-alpha4.jar:org/camunda/bpm/engine/rest/impl/AuthorizationRestServiceImpl.class */
public class AuthorizationRestServiceImpl extends AbstractAuthorizedRestResource implements AuthorizationRestService {
    public AuthorizationRestServiceImpl(String str, ObjectMapper objectMapper) {
        super(str, Resources.AUTHORIZATION, "*", objectMapper);
    }

    @Override // org.camunda.bpm.engine.rest.AuthorizationRestService
    public AuthorizationCheckResultDto isUserAuthorized(String str, String str2, Integer num, String str3, String str4) {
        String str5;
        List<String> groupIds;
        if (str == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Query parameter 'permissionName' cannot be null");
        }
        if (str2 == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Query parameter 'resourceName' cannot be null");
        }
        if (num == null) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "Query parameter 'resourceType' cannot be null");
        }
        Authentication currentAuthentication = this.processEngine.getIdentityService().getCurrentAuthentication();
        if (currentAuthentication == null) {
            throw new InvalidRequestException(Response.Status.UNAUTHORIZED, "You must be authenticated in order to use this resource.");
        }
        AuthorizationService authorizationService = this.processEngine.getAuthorizationService();
        ResourceUtil resourceUtil = new ResourceUtil(str2, num.intValue());
        Permission permissionForName = getProcessEngine().getProcessEngineConfiguration().getPermissionProvider().getPermissionForName(str, num.intValue());
        String userId = currentAuthentication.getUserId();
        new ArrayList();
        if (str4 == null || str4.equals(userId)) {
            str5 = userId;
            groupIds = currentAuthentication.getGroupIds();
        } else {
            if (!authorizationService.isUserAuthorized(userId, currentAuthentication.getGroupIds(), Permissions.READ, Resources.AUTHORIZATION)) {
                throw new InvalidRequestException(Response.Status.FORBIDDEN, "You must have READ permission for Authorization resource.");
            }
            str5 = str4;
            groupIds = getUserGroups(str4);
        }
        return new AuthorizationCheckResultDto((str3 == null || "*".equals(str3)) ? authorizationService.isUserAuthorized(str5, groupIds, permissionForName, resourceUtil) : authorizationService.isUserAuthorized(str5, groupIds, permissionForName, resourceUtil, str3), str, resourceUtil, str3);
    }

    @Override // org.camunda.bpm.engine.rest.AuthorizationRestService
    public AuthorizationResource getAuthorization(String str) {
        return new AuthorizationResourceImpl(getProcessEngine().getName(), str, this.relativeRootResourcePath, getObjectMapper());
    }

    @Override // org.camunda.bpm.engine.rest.AuthorizationRestService
    public List<AuthorizationDto> queryAuthorizations(UriInfo uriInfo, Integer num, Integer num2) {
        return queryAuthorizations(new AuthorizationQueryDto(getObjectMapper(), uriInfo.getQueryParameters()), num, num2);
    }

    @Override // org.camunda.bpm.engine.rest.AuthorizationRestService
    public ResourceOptionsDto availableOperations(UriInfo uriInfo) {
        UriBuilder path = uriInfo.getBaseUriBuilder().path(this.relativeRootResourcePath).path(AuthorizationRestService.PATH);
        ResourceOptionsDto resourceOptionsDto = new ResourceOptionsDto();
        resourceOptionsDto.addReflexiveLink(path.build(new Object[0]), "GET", "list");
        resourceOptionsDto.addReflexiveLink(path.clone().path("/count").build(new Object[0]), "GET", AbstractReportDto.REPORT_TYPE_COUNT);
        if (isAuthorized(Permissions.CREATE)) {
            resourceOptionsDto.addReflexiveLink(path.clone().path("/create").build(new Object[0]), "POST", "create");
        }
        return resourceOptionsDto;
    }

    public List<AuthorizationDto> queryAuthorizations(AuthorizationQueryDto authorizationQueryDto, Integer num, Integer num2) {
        authorizationQueryDto.setObjectMapper(getObjectMapper());
        AuthorizationQuery query = authorizationQueryDto.toQuery(getProcessEngine());
        return AuthorizationDto.fromAuthorizationList((num == null && num2 == null) ? query.list() : executePaginatedQuery(query, num, num2), this.processEngine.getProcessEngineConfiguration());
    }

    @Override // org.camunda.bpm.engine.rest.AuthorizationRestService
    public CountResultDto getAuthorizationCount(UriInfo uriInfo) {
        return getAuthorizationCount(new AuthorizationQueryDto(getObjectMapper(), uriInfo.getQueryParameters()));
    }

    protected CountResultDto getAuthorizationCount(AuthorizationQueryDto authorizationQueryDto) {
        return new CountResultDto(authorizationQueryDto.toQuery(getProcessEngine()).count());
    }

    @Override // org.camunda.bpm.engine.rest.AuthorizationRestService
    public AuthorizationDto createAuthorization(UriInfo uriInfo, AuthorizationCreateDto authorizationCreateDto) {
        AuthorizationService authorizationService = this.processEngine.getAuthorizationService();
        Authorization createNewAuthorization = authorizationService.createNewAuthorization(authorizationCreateDto.getType());
        AuthorizationCreateDto.update(authorizationCreateDto, createNewAuthorization, this.processEngine.getProcessEngineConfiguration());
        return getAuthorization(authorizationService.saveAuthorization(createNewAuthorization).getId()).getAuthorization(uriInfo);
    }

    protected List<Authorization> executePaginatedQuery(AuthorizationQuery authorizationQuery, Integer num, Integer num2) {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = Integer.MAX_VALUE;
        }
        return authorizationQuery.listPage(num.intValue(), num2.intValue());
    }

    protected IdentityService getIdentityService() {
        return getProcessEngine().getIdentityService();
    }

    protected List<String> getUserGroups(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator it = getIdentityService().createGroupQuery().groupMember(str).list().iterator();
        while (it.hasNext()) {
            arrayList.add(((Group) it.next()).getId());
        }
        return arrayList;
    }
}
