package io.datarouter.auth.web.web;

import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.config.DatarouterAuthenticationConfig;
import io.datarouter.auth.role.Role;
import io.datarouter.auth.role.RoleManager;
import io.datarouter.auth.service.DatarouterUserEditService;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.service.PermissionRequestService;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUser;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserDao;
import io.datarouter.auth.web.config.DatarouterAuthSettingRoot;
import io.datarouter.auth.web.util.DatarouterAuthPathUtil;
import io.datarouter.scanner.Scanner;
import io.datarouter.storage.config.properties.AdminEmail;
import io.datarouter.storage.config.properties.ServiceName;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.GlobalRedirectMav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.handler.types.Param;
import io.datarouter.web.html.form.HtmlForm;
import io.datarouter.web.html.form.HtmlFormCheckboxTable;
import io.datarouter.web.html.form.HtmlFormSubmitActionButton;
import io.datarouter.web.html.form.HtmlFormTextArea;
import io.datarouter.web.html.form.HtmlFormTimezoneSelect;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4FormHtml;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory;
import j2html.TagCreator;
import j2html.tags.DomContent;
import j2html.tags.specialized.DivTag;
import jakarta.inject.Inject;
import java.time.ZoneId;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/auth/web/web/DatarouterPermissionRequestHandler.class */
public class DatarouterPermissionRequestHandler extends BaseHandler {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterPermissionRequestHandler.class);
    private static final String P_REASON = "reason";
    private static final String P_REQUESTED_ROLES = "requestedRoles";
    private static final String P_DENIED_URL = "deniedUrl";
    private static final String P_ALLOWED_ROLES = "allowedRoles";
    private static final String P_VALIDATION_ERROR = "validationError";
    private static final String FORM_ID = "permissionRequestForm";
    private static final String ROLE_TABLE_ID = "roleTable";
    private static final String SUBMIT_BUTTON_ID = "submitButton";

    @Inject
    private Bootstrap4PageFactory bootstrap4PageFactory;

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private DatarouterAuthPaths paths;

    @Inject
    private ServiceName serviceName;

    @Inject
    private AdminEmail adminEmail;

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private RoleManager roleManager;

    @Inject
    private PermissionRequestService permissionRequestService;

    @Inject
    private DatarouterAuthSettingRoot authSettingRoot;

    @Inject
    private DatarouterUserEditService userEditService;

    @BaseHandler.Handler(defaultHandler = true)
    public Mav showForm(Optional<String> optional, Optional<String> optional2, @Param("validationError") Optional<String> optional3) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        String join = this.paths.permissionRequest.declineAll.join("/");
        DivTag divTag = (DivTag) this.permissionRequestService.findOpenPermissionRequest(currentUser).map(permissionRequest -> {
            return TagCreator.div(new DomContent[]{TagCreator.p("You already have an open permission request for " + this.serviceName.get() + ". You may submit another request to replace it."), TagCreator.p("Time Requested: " + String.valueOf(permissionRequest.getKey().getRequestTime())), TagCreator.p(new DomContent[]{TagCreator.b("Request Text:\n")}), TagCreator.pre(permissionRequest.getRequestText()).withStyle("margin-left: 2em;"), TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"Click ", TagCreator.a("here").withHref(join), " to decline it."})})});
        }).orElse(new DivTag());
        DivTag divTag2 = new DivTag();
        if (optional.isPresent() && optional2.isPresent()) {
            divTag2 = TagCreator.div(new DomContent[]{TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"You made a request to: %s. This action requires one of these roles: ".formatted(optional.get()), TagCreator.b(optional2.get() + ".")})})});
        }
        DivTag with = TagCreator.div().with(TagCreator.h1("Permission Request: " + this.serviceName.get())).with(divTag).with(divTag2).with(TagCreator.p(new DomContent[]{TagCreator.b("Request the least amount of permissions necessary for your role.")}));
        String str = (String) currentUser.getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(null);
        HtmlForm withAction = ((HtmlForm) new HtmlForm(HtmlForm.HtmlFormMethod.POST).withId(FORM_ID)).withAction("?submitAction=submit");
        ((HtmlFormTextArea) ((HtmlFormTextArea) ((HtmlFormTextArea) withAction.addTextAreaField().withLabel(String.format("Why your role necessitates these permissions in %s:", this.serviceName.get()))).withName(P_REASON)).withPlaceholder("explain reason here")).required();
        HtmlFormCheckboxTable htmlFormCheckboxTable = (HtmlFormCheckboxTable) ((HtmlFormCheckboxTable) ((HtmlFormCheckboxTable) withAction.addCheckboxTableField().withId(ROLE_TABLE_ID)).withLabel("Available Roles to Request")).withColumns(List.of(new HtmlFormCheckboxTable.Column("role", "Role"), new HtmlFormCheckboxTable.Column("description", "Description"))).withRows(Scanner.of(this.roleManager.getRequestableRoles(currentUser)).map(role -> {
            boolean contains = ((Boolean) this.authSettingRoot.allowRequestingRolesHasFromSamlGroup.get()).booleanValue() ? currentUser.getRolesIgnoreSaml().contains(role) : currentUser.getRolesWithSamlGroups(this.roleManager).contains(role);
            return new HtmlFormCheckboxTable.Row(role.persistentString(), List.of(role.persistentString(), role.description()), contains, contains);
        }).sort(Comparator.comparing((v0) -> {
            return v0.name();
        })).list()).required();
        withAction.addHiddenField(P_REQUESTED_ROLES, "");
        withAction.addHiddenField(P_DENIED_URL, optional.orElse(null));
        withAction.addHiddenField(P_ALLOWED_ROLES, optional2.orElse(null));
        withAction.addHiddenField("timezone", str);
        ((HtmlFormSubmitActionButton) withAction.addButton().withLabel("Submit")).withId(SUBMIT_BUTTON_ID);
        DivTag div = TagCreator.div();
        if (optional3.isPresent()) {
            div = (DivTag) div.with(TagCreator.div(optional3.get()).withClass("alert alert-danger").attr("role", "alert"));
        }
        return this.bootstrap4PageFactory.startBuilder(this.request).withTitle("Datarouter - Permission Request").withContent(TagCreator.div().with(with).with(div.with(TagCreator.div(new DomContent[]{Bootstrap4FormHtml.render(withAction)})).withClasses(new String[]{"card card-body bg-light control-group"})).withClass("container-fluid")).withScript(TagCreator.script(HtmlFormTimezoneSelect.HIDDEN_TIMEZONE_JS)).withScript(TagCreator.script(htmlFormCheckboxTable.getCollectValuesJs(FORM_ID, ROLE_TABLE_ID, P_REQUESTED_ROLES))).withScript(TagCreator.script(withAction.getDisableSubmitButtonJs(FORM_ID, SUBMIT_BUTTON_ID))).buildMav();
    }

    @BaseHandler.Handler
    public String getUserTimezone() {
        return (String) getCurrentUser().getZoneId().map((v0) -> {
            return v0.getId();
        }).orElse(null);
    }

    @BaseHandler.Handler
    public void setTimezone(String str) {
        DatarouterUser currentUser = getCurrentUser();
        currentUser.setZoneId(ZoneId.of(str));
        this.datarouterUserDao.put(currentUser);
    }

    @BaseHandler.Handler
    private Mav submit(@Param("reason") String str, @Param("requestedRoles") String str2, @Param("deniedUrl") Optional<String> optional, @Param("allowedRoles") Optional<String> optional2, @Param("timezone") Optional<String> optional3) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        if (StringTool.isEmptyOrWhitespace(str)) {
            return new InContextRedirectMav(this.request, this.paths.permissionRequest, Map.of(P_VALIDATION_ERROR, "Reason is required."));
        }
        String trim = str.trim();
        if (StringTool.isEmpty(str2)) {
            return new InContextRedirectMav(this.request, this.paths.permissionRequest, Map.of(P_VALIDATION_ERROR, "At least one requested role is required."));
        }
        Scanner of = Scanner.of(str2.split(","));
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        HashSet hashSet = new HashSet(of.map(roleManager::findRoleFromPersistentString).map(optional4 -> {
            return (Role) optional4.orElseThrow(() -> {
                return new IllegalArgumentException("Permission request made with unknown role(s): " + str2);
            });
        }).list());
        DatarouterUser currentUser = getCurrentUser();
        if (optional3.isPresent()) {
            currentUser.setZoneId((ZoneId) optional3.map(ZoneId::of).orElseThrow());
            this.datarouterUserDao.put(currentUser);
        }
        return this.datarouterUserService.getUserRolesWithSamlGroups(this.userEditService.requestPermissions(currentUser, hashSet, trim, DatarouterAuthPathUtil.getSignInUrl(this.request, this.paths), optional, optional2)).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : new InContextRedirectMav(this.request, this.paths.permissionRequest);
    }

    @BaseHandler.Handler
    private Mav declineAll(Optional<Long> optional, Optional<String> optional2) {
        PermissionRequestService.DeclinePermissionRequestDto declinePermissionRequests = declinePermissionRequests(optional.orElse(getCurrentUser().getId()).toString());
        return !declinePermissionRequests.success() ? new MessageMav(declinePermissionRequests.message()) : optional2.isEmpty() ? this.datarouterUserService.getUserRolesWithSamlGroups(getCurrentUser()).size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : new InContextRedirectMav(this.request, this.paths.permissionRequest) : new GlobalRedirectMav(optional2.get());
    }

    @BaseHandler.Handler
    private PermissionRequestService.DeclinePermissionRequestDto declinePermissionRequests(String str) {
        long parseLong = Long.parseLong(str);
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new PermissionRequestService.DeclinePermissionRequestDto(false, noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        return this.permissionRequestService.declinePermissionRequests(parseLong == currentUser.getId().longValue() ? currentUser : this.datarouterUserService.getUserById(Long.valueOf(parseLong), true), currentUser);
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserService.getAndValidateCurrentUser(getSessionInfo().getRequiredSession());
    }

    private String noDatarouterAuthentication() {
        logger.warn("{} went to non-DR permission request page.", getSessionInfo().getRequiredSession().getUsername());
        return "This is only available when using datarouter authentication. Please email " + this.adminEmail.get() + " for assistance.";
    }
}
