package org.fcrepo.auth.roles.common;

import com.codahale.metrics.annotation.Timed;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.fcrepo.http.commons.AbstractResource;
import org.fcrepo.http.commons.session.InjectedSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;

@Scope("prototype")
@Path("/{path: .*}/fcr:accessroles")
@Component
/* loaded from: input_file:org/fcrepo/auth/roles/common/AccessRoles.class */
public class AccessRoles extends AbstractResource {
    private static final Logger LOGGER = LoggerFactory.getLogger(AccessRoles.class);

    @InjectedSession
    protected Session session;

    @Autowired
    private AccessRolesProvider accessRolesProvider = null;

    @Context
    protected HttpServletRequest request;

    private AccessRolesProvider getAccessRolesProvider() {
        return this.accessRolesProvider;
    }

    @GET
    @Produces({"application/json"})
    @Timed
    public Response get(@PathParam("path") List<PathSegment> list, @QueryParam("effective") String str) throws RepositoryException {
        Response.ResponseBuilder ok;
        String path = toPath(list);
        LOGGER.debug("Get access roles for: {}", path);
        LOGGER.debug("effective: {}", str);
        try {
            Map<String, List<String>> roles = getAccessRolesProvider().getRoles(this.nodeService.getObject(this.session, path).getNode(), str != null);
            if (roles == null) {
                LOGGER.debug("no content response");
                ok = Response.noContent();
            } else {
                ok = Response.ok(roles);
            }
            return ok.build();
        } finally {
            this.session.logout();
        }
    }

    @POST
    @Consumes({"application/json"})
    @Timed
    public Response post(@PathParam("path") List<PathSegment> list, Map<String, Set<String>> map) throws RepositoryException {
        String path = toPath(list);
        LOGGER.debug("POST Received request param: {}", this.request);
        try {
            try {
                validatePOST(map);
                getAccessRolesProvider().postRoles(this.nodeService.getObject(this.session, path).getNode(), map);
                this.session.save();
                LOGGER.debug("Saved access roles {}", map);
                Response.ResponseBuilder created = Response.created(getUriInfo().getBaseUriBuilder().path(path).path("fcr:accessroles").build(new Object[0]));
                this.session.logout();
                return created.build();
            } catch (IllegalArgumentException e) {
                throw new WebApplicationException(e, Response.status(Response.Status.BAD_REQUEST).build());
            }
        } catch (Throwable th) {
            this.session.logout();
            throw th;
        }
    }

    private void validatePOST(Map<String, Set<String>> map) {
        if (map.isEmpty()) {
            throw new IllegalArgumentException("Posted access roles must include role assignments");
        }
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            if (entry.getKey() == null || entry.getValue() == null || entry.getValue().isEmpty()) {
                throw new IllegalArgumentException("Assignments must include principal name and one or more roles");
            }
            if (entry.getKey().trim().length() == 0) {
                throw new IllegalArgumentException("Principal names cannot be an empty strings or whitespace.");
            }
            Iterator<String> it = entry.getValue().iterator();
            while (it.hasNext()) {
                if (it.next().trim().length() == 0) {
                    throw new IllegalArgumentException("Role names cannot be an empty strings or whitespace.");
                }
            }
        }
    }

    @Timed
    @DELETE
    public Response deleteNodeType(@PathParam("path") List<PathSegment> list) throws RepositoryException {
        try {
            getAccessRolesProvider().deleteRoles(this.nodeService.getObject(this.session, toPath(list)).getNode());
            this.session.save();
            Response build = Response.noContent().build();
            this.session.logout();
            return build;
        } catch (Throwable th) {
            this.session.logout();
            throw th;
        }
    }

    private UriInfo getUriInfo() {
        return this.uriInfo;
    }
}
