package org.camunda.bpm.engine.rest.sub.identity.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.camunda.bpm.engine.ProcessEngineException;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.identity.Authentication;
import org.camunda.bpm.engine.rest.UserRestService;
import org.camunda.bpm.engine.rest.dto.ResourceOptionsDto;
import org.camunda.bpm.engine.rest.dto.identity.UserCredentialsDto;
import org.camunda.bpm.engine.rest.dto.identity.UserProfileDto;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.engine.rest.sub.identity.UserResource;

/* loaded from: input_file:WEB-INF/lib/camunda-engine-rest-core-7.9.0-alpha2.jar:org/camunda/bpm/engine/rest/sub/identity/impl/UserResourceImpl.class */
public class UserResourceImpl extends AbstractIdentityResource implements UserResource {
    protected String rootResourcePath;

    public UserResourceImpl(String str, String str2, String str3, ObjectMapper objectMapper) {
        super(str, Resources.USER, str2, objectMapper);
        this.rootResourcePath = str3;
    }

    @Override // org.camunda.bpm.engine.rest.sub.identity.UserResource
    public UserProfileDto getUserProfile(UriInfo uriInfo) {
        User findUserObject = findUserObject();
        if (findUserObject == null) {
            throw new InvalidRequestException(Response.Status.NOT_FOUND, "User with id " + this.resourceId + " does not exist");
        }
        return UserProfileDto.fromUser(findUserObject);
    }

    @Override // org.camunda.bpm.engine.rest.sub.identity.UserResource
    public ResourceOptionsDto availableOperations(UriInfo uriInfo) {
        ResourceOptionsDto resourceOptionsDto = new ResourceOptionsDto();
        UriBuilder path = uriInfo.getBaseUriBuilder().path(this.rootResourcePath).path(UserRestService.PATH).path(this.resourceId);
        URI build = path.build(new Object[0]);
        URI build2 = path.path("/profile").build(new Object[0]);
        resourceOptionsDto.addReflexiveLink(build2, "GET", "self");
        if (!this.identityService.isReadOnly() && isAuthorized(Permissions.DELETE)) {
            resourceOptionsDto.addReflexiveLink(build, "DELETE", "delete");
        }
        if (!this.identityService.isReadOnly() && isAuthorized(Permissions.UPDATE)) {
            resourceOptionsDto.addReflexiveLink(build2, "PUT", "update");
        }
        return resourceOptionsDto;
    }

    @Override // org.camunda.bpm.engine.rest.sub.identity.UserResource
    public void deleteUser() {
        ensureNotReadOnly();
        this.identityService.deleteUser(this.resourceId);
    }

    @Override // org.camunda.bpm.engine.rest.sub.identity.UserResource
    public void unlockUser() {
        ensureNotReadOnly();
        this.identityService.unlockUser(this.resourceId);
    }

    @Override // org.camunda.bpm.engine.rest.sub.identity.UserResource
    public void updateCredentials(UserCredentialsDto userCredentialsDto) {
        ensureNotReadOnly();
        Authentication currentAuthentication = this.identityService.getCurrentAuthentication();
        if (currentAuthentication != null && currentAuthentication.getUserId() != null && !this.identityService.checkPassword(currentAuthentication.getUserId(), userCredentialsDto.getAuthenticatedUserPassword())) {
            throw new InvalidRequestException(Response.Status.BAD_REQUEST, "The given authenticated user password is not valid.");
        }
        User findUserObject = findUserObject();
        if (findUserObject == null) {
            throw new InvalidRequestException(Response.Status.NOT_FOUND, "User with id " + this.resourceId + " does not exist");
        }
        findUserObject.setPassword(userCredentialsDto.getPassword());
        this.identityService.saveUser(findUserObject);
    }

    @Override // org.camunda.bpm.engine.rest.sub.identity.UserResource
    public void updateProfile(UserProfileDto userProfileDto) {
        ensureNotReadOnly();
        User findUserObject = findUserObject();
        if (findUserObject == null) {
            throw new InvalidRequestException(Response.Status.NOT_FOUND, "User with id " + this.resourceId + " does not exist");
        }
        userProfileDto.update(findUserObject);
        this.identityService.saveUser(findUserObject);
    }

    protected User findUserObject() {
        try {
            return (User) this.identityService.createUserQuery().userId(this.resourceId).singleResult();
        } catch (ProcessEngineException e) {
            throw new InvalidRequestException(Response.Status.INTERNAL_SERVER_ERROR, "Exception while performing user query: " + e.getMessage());
        }
    }
}
