package io.datarouter.auth.web.web;

import io.datarouter.auth.role.Role;
import io.datarouter.auth.role.RoleManager;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUser;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserDao;
import io.datarouter.auth.storage.user.permissionrequest.DatarouterPermissionRequest;
import io.datarouter.auth.storage.user.permissionrequest.DatarouterPermissionRequestDao;
import io.datarouter.auth.web.config.DatarouterAuthPaths;
import io.datarouter.auth.web.service.DatarouterUserEditService;
import io.datarouter.auth.web.service.PermissionRequestUserInfo;
import io.datarouter.email.html.J2HtmlDatarouterEmailBuilder;
import io.datarouter.email.type.DatarouterEmailTypes;
import io.datarouter.scanner.Scanner;
import io.datarouter.storage.config.properties.AdminEmail;
import io.datarouter.storage.config.properties.ServiceName;
import io.datarouter.storage.config.setting.DatarouterEmailSubscriberSettings;
import io.datarouter.storage.servertype.ServerTypeDetector;
import io.datarouter.util.string.StringTool;
import io.datarouter.util.time.ZonedDateFormatterTool;
import io.datarouter.web.email.DatarouterHtmlEmailService;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.GlobalRedirectMav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.handler.types.Param;
import io.datarouter.web.html.form.HtmlForm;
import io.datarouter.web.html.form.HtmlFormCheckboxTable;
import io.datarouter.web.html.form.HtmlFormTextArea;
import io.datarouter.web.html.form.HtmlFormTimezoneSelect;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4FormHtml;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import j2html.TagCreator;
import j2html.tags.DomContent;
import j2html.tags.specialized.DivTag;
import j2html.tags.specialized.TableTag;
import j2html.tags.specialized.TrTag;
import jakarta.inject.Inject;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/auth/web/web/DatarouterPermissionRequestHandler.class */
public class DatarouterPermissionRequestHandler extends BaseHandler {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterPermissionRequestHandler.class);
    private static final String P_REASON = "reason";
    private static final String P_REQUESTED_ROLES = "requestedRoles";
    private static final String P_DENIED_URL = "deniedUrl";
    private static final String P_ALLOWED_ROLES = "allowedRoles";
    private static final String P_SPECIFICS = "specifics";
    private static final String EMAIL_TITLE = "Permission Request";
    private static final String FORM_ID = "permissionRequestForm";
    private static final String ROLE_TABLE_ID = "roleTable";

    @Inject
    private Bootstrap4PageFactory bootstrap4PageFactory;

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterPermissionRequestDao datarouterPermissionRequestDao;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private DatarouterHtmlEmailService htmlEmailService;

    @Inject
    private DatarouterAuthPaths paths;

    @Inject
    private DatarouterUserEditService userEditService;

    @Inject
    private DatarouterEmailTypes.PermissionRequestEmailType permissionRequestEmailType;

    @Inject
    private ServiceName serviceName;

    @Inject
    private ServerTypeDetector serverTypeDetector;

    @Inject
    private AdminEmail adminEmail;

    @Inject
    private DatarouterEmailSubscriberSettings subscribersSettings;

    @Inject
    private PermissionRequestUserInfo.PermissionRequestUserInfoSupplier userInfoSupplier;

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private RoleManager roleManager;

    /* loaded from: input_file:io/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto.class */
    protected static final class DeclinePermissionRequestDto extends Record {
        private final boolean success;
        private final String message;

        protected DeclinePermissionRequestDto(boolean z, String str) {
            this.success = z;
            this.message = str;
        }

        public boolean success() {
            return this.success;
        }

        public String message() {
            return this.message;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, DeclinePermissionRequestDto.class), DeclinePermissionRequestDto.class, "success;message", "FIELD:Lio/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto;->success:Z", "FIELD:Lio/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto;->message:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, DeclinePermissionRequestDto.class), DeclinePermissionRequestDto.class, "success;message", "FIELD:Lio/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto;->success:Z", "FIELD:Lio/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto;->message:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, DeclinePermissionRequestDto.class, Object.class), DeclinePermissionRequestDto.class, "success;message", "FIELD:Lio/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto;->success:Z", "FIELD:Lio/datarouter/auth/web/web/DatarouterPermissionRequestHandler$DeclinePermissionRequestDto;->message:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/web/DatarouterPermissionRequestHandler$PermissionRequestDto.class */
    public static class PermissionRequestDto {
        public final String requestTime;
        public final Long requestTimeMs;
        public final String requestText;
        public final String resolutionTime;
        public final Long resolutionTimeMs;
        public final String resolution;
        public final String editor;

        public PermissionRequestDto(Instant instant, String str, Optional<Instant> optional, String str2, ZoneId zoneId, String str3) {
            this.requestTime = ZonedDateFormatterTool.formatInstantWithZone(instant, zoneId);
            this.requestTimeMs = Long.valueOf(instant.toEpochMilli());
            this.requestText = str;
            this.resolutionTime = (String) optional.map(instant2 -> {
                return ZonedDateFormatterTool.formatInstantWithZone(instant2, zoneId);
            }).orElse(null);
            this.resolutionTimeMs = (Long) optional.map((v0) -> {
                return v0.toEpochMilli();
            }).orElse(null);
            this.resolution = str2;
            this.editor = str3;
        }
    }

    @BaseHandler.Handler(defaultHandler = true)
    public Mav showForm(Optional<String> optional, Optional<String> optional2, Optional<String> optional3) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        DatarouterPermissionRequest datarouterPermissionRequest = (DatarouterPermissionRequest) this.datarouterPermissionRequestDao.scanOpenPermissionRequestsForUser(currentUser.getId()).findMax(Comparator.comparing(datarouterPermissionRequest2 -> {
            return datarouterPermissionRequest2.getKey().getRequestTime();
        })).orElse(null);
        Optional<U> map = optional.map(str -> {
            StringBuilder append = new StringBuilder("Attempted request to: ").append(str).append(".");
            String str = " These are its allowed roles at the time of this request: ";
            " These are its allowed roles at the time of this request: ".getClass();
            return append.append((String) optional2.map(str::concat).orElse("")).toString();
        });
        String join = this.paths.permissionRequest.declineAll.join("/");
        DivTag divTag = new DivTag();
        if (datarouterPermissionRequest != null) {
            divTag = TagCreator.div(new DomContent[]{TagCreator.p("You already have an open permission request for " + this.serviceName.get() + ". You may submit another request to replace it."), TagCreator.p("Time Requested: " + datarouterPermissionRequest.getKey().getRequestTime()), TagCreator.p("Request Text: " + datarouterPermissionRequest.getRequestText()), TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"Click ", TagCreator.a("here").withHref(join), " to decline it."})})});
        }
        DivTag divTag2 = new DivTag();
        if (optional.isPresent() && optional2.isPresent()) {
            divTag2 = TagCreator.div(new DomContent[]{TagCreator.p("You made a request to: %s. This action requires one of these roles: %s.".formatted(optional.get(), optional2.get()))});
        }
        DivTag with = TagCreator.div().with(TagCreator.h1("Permission Request: " + this.serviceName.get())).with(divTag).with(divTag2).with(TagCreator.p(new DomContent[]{TagCreator.b("Request the least amount of permissions necessary for your role.")}));
        String str2 = (String) currentUser.getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(null);
        HtmlForm withAction = ((HtmlForm) new HtmlForm(HtmlForm.HtmlFormMethod.POST).withId(FORM_ID)).withAction("?submitAction=submit");
        ((HtmlFormTextArea) ((HtmlFormTextArea) ((HtmlFormTextArea) withAction.addTextAreaField().withLabel(String.format("Why your role necessitates these permissions in %s:", this.serviceName.get()))).withName(P_REASON)).withPlaceholder("explain reason here")).required();
        HtmlFormCheckboxTable htmlFormCheckboxTable = (HtmlFormCheckboxTable) ((HtmlFormCheckboxTable) ((HtmlFormCheckboxTable) withAction.addCheckboxTableField().withId(ROLE_TABLE_ID)).withLabel("Available Roles to Request")).withColumns(List.of(new HtmlFormCheckboxTable.Column("role", "Role"), new HtmlFormCheckboxTable.Column("description", "Description"))).withRows(Scanner.of(this.roleManager.getAllRoles()).map(role -> {
            boolean contains = currentUser.getRolesIgnoreSaml().contains(role);
            return new HtmlFormCheckboxTable.Row(role.getPersistentString(), List.of(role.getPersistentString(), role.getDescription()), contains, contains);
        }).list()).required();
        withAction.addHiddenField(P_REQUESTED_ROLES, "");
        withAction.addHiddenField(P_SPECIFICS, (String) map.orElse(null));
        withAction.addHiddenField(P_DENIED_URL, optional.orElse(null));
        withAction.addHiddenField(P_ALLOWED_ROLES, optional2.orElse(null));
        withAction.addHiddenField("timezone", str2);
        withAction.addButton().withLabel("Submit");
        DivTag div = TagCreator.div();
        if (optional3.isPresent()) {
            div = (DivTag) div.with(TagCreator.div(optional3.get()).withClass("alert alert-danger").attr("role", "alert"));
        }
        return this.bootstrap4PageFactory.startBuilder(this.request).withTitle("Datarouter - Permission Request").withContent(TagCreator.div().with(with).with(div.with(TagCreator.div(new DomContent[]{Bootstrap4FormHtml.render(withAction)})).withClasses(new String[]{"card card-body bg-light control-group"})).withClass("container-fluid")).withScript(TagCreator.script(HtmlFormTimezoneSelect.HIDDEN_TIMEZONE_JS)).withScript(TagCreator.script(htmlFormCheckboxTable.getCollectValuesJs(FORM_ID, ROLE_TABLE_ID, P_REQUESTED_ROLES))).buildMav();
    }

    @BaseHandler.Handler
    public String getUserTimezone() {
        return (String) getCurrentUser().getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(null);
    }

    @BaseHandler.Handler
    public void setTimezone(String str) {
        DatarouterUser currentUser = getCurrentUser();
        currentUser.setZoneId(ZoneId.of(str));
        this.datarouterUserDao.put(currentUser);
    }

    @BaseHandler.Handler
    private Mav submit(@Param("reason") String str, @Param("requestedRoles") String str2, @Param("deniedUrl") Optional<String> optional, @Param("allowedRoles") Optional<String> optional2, @Param("timezone") Optional<String> optional3, @Param("specifics") Optional<String> optional4) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        if (StringTool.isEmpty(str)) {
            return showForm(optional, optional2, Optional.of("Reason is required."));
        }
        if (StringTool.isEmpty(str2)) {
            return showForm(optional, optional2, Optional.of("At least one requested role is required."));
        }
        String concat = ((String) optional4.map(str3 -> {
            return String.valueOf(str3) + " ";
        }).orElse("")).concat("Requested Roles: " + str2);
        DatarouterUser currentUser = getCurrentUser();
        optional3.map(ZoneId::of).ifPresent(zoneId -> {
            currentUser.setZoneId(zoneId);
            this.datarouterUserDao.put(currentUser);
        });
        this.datarouterPermissionRequestDao.createPermissionRequest(new DatarouterPermissionRequest(currentUser.getId(), new Date(), "reason: " + str + ", specifics: " + concat, (DatarouterPermissionRequest.DatarouterPermissionRequestResolution) null, (Date) null));
        Scanner of = Scanner.of(str2.split(","));
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        sendRequestEmail(currentUser, str, concat, this.roleManager.getAdditionalPermissionRequestEmailRecipients(currentUser, new HashSet(of.map(roleManager::findRoleFromPersistentString).map(optional5 -> {
            return (Role) optional5.orElseThrow(() -> {
                return new IllegalArgumentException("Permission request made with unknown role(s): " + str2);
            });
        }).list())));
        return this.datarouterUserService.getUserRolesWithSamlGroups(currentUser).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : showForm(Optional.empty(), Optional.empty(), Optional.empty());
    }

    @BaseHandler.Handler
    private Mav declineAll(Optional<Long> optional, Optional<String> optional2) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        if (!optional.orElse(currentUser.getId()).equals(currentUser.getId()) && !this.datarouterUserService.isDatarouterAdmin(currentUser)) {
            return new MessageMav("You do not have permission to decline this request.");
        }
        this.datarouterPermissionRequestDao.declineAll(optional.orElse(currentUser.getId()));
        DatarouterUser datarouterUser = currentUser;
        if (!optional.orElse(currentUser.getId()).equals(getCurrentUser().getId())) {
            datarouterUser = (DatarouterUser) this.datarouterUserService.findUserById(optional.get(), true).get();
        }
        sendDeclineEmail(datarouterUser, currentUser);
        return optional2.isEmpty() ? this.datarouterUserService.getUserRolesWithSamlGroups(currentUser).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : showForm(Optional.empty(), Optional.empty(), Optional.empty()) : new GlobalRedirectMav(optional2.get());
    }

    @BaseHandler.Handler
    private DeclinePermissionRequestDto declinePermissionRequests(String str) {
        long parseLong = Long.parseLong(str);
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new DeclinePermissionRequestDto(false, noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        if (parseLong != currentUser.getId().longValue() && !this.datarouterUserService.isDatarouterAdmin(currentUser)) {
            return new DeclinePermissionRequestDto(false, "You do not have permission to decline this request.");
        }
        this.datarouterPermissionRequestDao.declineAll(Long.valueOf(parseLong));
        DatarouterUser datarouterUser = currentUser;
        if (parseLong != getCurrentUser().getId().longValue()) {
            datarouterUser = this.datarouterUserService.getUserById(Long.valueOf(parseLong), true);
        }
        sendDeclineEmail(datarouterUser, currentUser);
        return new DeclinePermissionRequestDto(true, null);
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserService.getAndValidateCurrentUser(getSessionInfo().getRequiredSession());
    }

    private void sendRequestEmail(DatarouterUser datarouterUser, String str, String str2, Set<String> set) {
        String username = datarouterUser.getUsername();
        String build = this.htmlEmailService.startLinkBuilder().withLocalPath(this.paths.admin.editUser.toSlashedString()).withParam("userId", new StringBuilder().append(datarouterUser.getId()).toString()).build();
        J2HtmlDatarouterEmailBuilder admin = this.htmlEmailService.startEmailBuilder().withSubject(this.userEditService.getPermissionRequestEmailSubject(datarouterUser)).withTitle(EMAIL_TITLE).withTitleHref(build).withContent(TagCreator.div(new DomContent[]{(TableTag) TagCreator.table(new DomContent[]{TagCreator.tbody().with(createLabelValueTr("Service", TagCreator.text(this.serviceName.get())).with(this.userInfoSupplier.get().getUserInformation(datarouterUser))).with(createLabelValueTr("Reason", TagCreator.text(str))).condWith(StringTool.notEmpty(str2), createLabelValueTr("Specifics", TagCreator.text(str2)))}).withStyle("border-spacing: 0"), TagCreator.p(new DomContent[]{TagCreator.a("Edit user profile").withHref(build)})})).from(username).to(username).to(set).to(this.permissionRequestEmailType, this.serverTypeDetector.mightBeProduction()).toAdmin(this.serverTypeDetector.mightBeDevelopment());
        if (((Boolean) this.subscribersSettings.includeSubscribers.get()).booleanValue()) {
            admin.toSubscribers();
        }
        this.htmlEmailService.trySendJ2Html(admin);
    }

    private void sendDeclineEmail(DatarouterUser datarouterUser, DatarouterUser datarouterUser2) {
        this.htmlEmailService.trySendJ2Html(this.htmlEmailService.startEmailBuilder().withSubject(this.userEditService.getPermissionRequestEmailSubject(datarouterUser)).withTitle(EMAIL_TITLE).withTitleHref(this.htmlEmailService.startLinkBuilder().withLocalPath(this.paths.admin.editUser.toSlashedString()).withParam("userId", new StringBuilder().append(datarouterUser.getId()).toString()).build()).withContent(TagCreator.p(String.format("Permission requests declined for user %s by user %s", datarouterUser.getUsername(), datarouterUser2.getUsername()))).from(datarouterUser.getUsername()).to(datarouterUser.getUsername()).to(this.permissionRequestEmailType, this.serverTypeDetector.mightBeProduction()).toSubscribers(this.serverTypeDetector.mightBeProduction()).toAdmin(this.serverTypeDetector.mightBeDevelopment()));
    }

    public static TrTag createLabelValueTr(String str, DomContent... domContentArr) {
        return TagCreator.tr(new DomContent[]{TagCreator.td(new DomContent[]{TagCreator.b(String.valueOf(str) + ' ')}).withStyle("text-align: right"), TagCreator.td().with(domContentArr).withStyle("padding-left: 8px")}).withStyle("vertical-align: top");
    }

    private String noDatarouterAuthentication() {
        logger.warn("{} went to non-DR permission request page.", getSessionInfo().getRequiredSession().getUsername());
        return "This is only available when using datarouter authentication. Please email " + this.adminEmail.get() + " for assistance.";
    }
}
