package org.sonar.server.usergroups.ws;

import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.index.UserIndexDefinition;
import org.sonar.server.ws.WsUtils;

/* loaded from: input_file:org/sonar/server/usergroups/ws/RemoveUserAction.class */
public class RemoveUserAction implements UserGroupsWsAction {
    private final DbClient dbClient;
    private final UserSession userSession;
    private final GroupWsSupport support;

    public RemoveUserAction(DbClient dbClient, UserSession userSession, GroupWsSupport groupWsSupport) {
        this.dbClient = dbClient;
        this.userSession = userSession;
        this.support = groupWsSupport;
    }

    public void define(WebService.NewController newController) {
        WebService.NewAction since = newController.createAction(org.sonar.server.permission.ws.RemoveUserAction.ACTION).setDescription(String.format("Remove a user from a group.<br />'%s' or '%s' must be provided.<br>Requires the following permission: 'Administer System'.", "id", "name")).setHandler(this).setPost(true).setSince("5.2");
        GroupWsSupport.defineGroupWsParameters(since);
        GroupWsSupport.defineLoginWsParameter(since);
    }

    public void handle(Request request, Response response) throws Exception {
        this.userSession.checkLoggedIn();
        DbSession openSession = this.dbClient.openSession(false);
        Throwable th = null;
        try {
            try {
                GroupDto findGroupDto = this.support.findGroupDto(openSession, request);
                this.userSession.checkPermission(OrganizationPermission.ADMINISTER, findGroupDto.getOrganizationUuid());
                this.support.checkGroupIsNotDefault(openSession, findGroupDto);
                UserDto user = getUser(openSession, request.mandatoryParam(UserIndexDefinition.FIELD_LOGIN));
                ensureLastAdminIsNotRemoved(openSession, findGroupDto, user);
                this.dbClient.userGroupDao().delete(openSession, findGroupDto.getId().intValue(), user.getId().intValue());
                openSession.commit();
                response.noContent();
                if (openSession != null) {
                    if (0 == 0) {
                        openSession.close();
                        return;
                    }
                    try {
                        openSession.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (openSession != null) {
                if (th != null) {
                    try {
                        openSession.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    openSession.close();
                }
            }
            throw th4;
        }
    }

    private void ensureLastAdminIsNotRemoved(DbSession dbSession, GroupDto groupDto, UserDto userDto) {
        WsUtils.checkRequest(this.dbClient.authorizationDao().countUsersWithGlobalPermissionExcludingGroupMember(dbSession, groupDto.getOrganizationUuid(), OrganizationPermission.ADMINISTER.getKey(), groupDto.getId().intValue(), userDto.getId().intValue()) > 0, "The last administrator user cannot be removed", new Object[0]);
    }

    private UserDto getUser(DbSession dbSession, String str) {
        return (UserDto) WsUtils.checkFound(this.dbClient.userDao().selectActiveUserByLogin(dbSession, str), "User with login '%s' is not found'", str);
    }
}
