package org.trustedanalytics.usermanagement.users.rest;

import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.Collection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import org.trustedanalytics.usermanagement.security.service.UserDetailsFinder;
import org.trustedanalytics.usermanagement.users.BlacklistEmailValidator;
import org.trustedanalytics.usermanagement.users.UserRoleRequestValidator;
import org.trustedanalytics.usermanagement.users.model.User;
import org.trustedanalytics.usermanagement.users.model.UserRequest;
import org.trustedanalytics.usermanagement.users.model.UserRole;
import org.trustedanalytics.usermanagement.users.model.UserRolesRequest;
import org.trustedanalytics.usermanagement.users.service.UsersService;

@RestController
/* loaded from: input_file:org/trustedanalytics/usermanagement/users/rest/UsersController.class */
public class UsersController {
    public static final String ORG_USERS_URL = "/rest/orgs/{org}/users";
    private final UsersService usersService;
    private final UsersService priviledgedUsersService;
    private final UserDetailsFinder detailsFinder;
    private final BlacklistEmailValidator emailValidator;

    @Autowired
    public UsersController(UsersService usersService, UsersService usersService2, UserDetailsFinder userDetailsFinder, BlacklistEmailValidator blacklistEmailValidator) {
        this.usersService = usersService;
        this.priviledgedUsersService = usersService2;
        this.detailsFinder = userDetailsFinder;
        this.emailValidator = blacklistEmailValidator;
    }

    private UsersService determinePriviledgeLevel(Authentication authentication) {
        return this.detailsFinder.findUserRole(authentication).equals(UserRole.ADMIN) ? this.priviledgedUsersService : this.usersService;
    }

    @ApiResponses({@ApiResponse(code = 200, message = "OK", response = User.class, responseContainer = "List"), @ApiResponse(code = 400, message = "Request was malformed. eg. organization with ID 'org' doesn't exist"), @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")})
    @RequestMapping(value = {ORG_USERS_URL}, method = {RequestMethod.GET}, produces = {"application/json"})
    @ApiOperation(value = "Returns list of users which has at least one role in the organization. NOTE: The CF role 'Users' is not included ", notes = "Privilege level: Consumer of this endpoint must be a member of specified organization based on valid access token")
    public Collection<User> getOrgUsers(@PathVariable String str, @ApiParam(hidden = true) Authentication authentication) {
        return determinePriviledgeLevel(authentication).getOrgUsers(str);
    }

    @ApiResponses({@ApiResponse(code = 200, message = "OK", response = User.class), @ApiResponse(code = 400, message = "Request was malformed. e.g. organization with ID 'org' doesn't exist"), @ApiResponse(code = 409, message = "Email is not valid or it belongs to forbidden domains."), @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")})
    @RequestMapping(value = {ORG_USERS_URL}, method = {RequestMethod.POST}, produces = {"application/json"}, consumes = {"application/json"})
    @ApiOperation(value = "Sends invitations message for new users or returns user for existing one in organization.", notes = "Privilege level: Consumer of this endpoint must be a member of specified organization with OrgManager role, based on valid access token")
    public void createOrgUser(@RequestBody UserRequest userRequest, @PathVariable String str, @ApiParam(hidden = true) Authentication authentication) {
        String findUserName = this.detailsFinder.findUserName(authentication);
        this.emailValidator.validate(userRequest.getUsername());
        determinePriviledgeLevel(authentication).addOrgUser(userRequest, str, findUserName);
    }

    @ApiResponses({@ApiResponse(code = 200, message = "OK", response = UserRole.class, responseContainer = "List"), @ApiResponse(code = 400, message = "Request was malformed. e.g. organization with ID 'org' doesn't exist"), @ApiResponse(code = 404, message = "User not found in organization."), @ApiResponse(code = 409, message = "Roles should be specified."), @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")})
    @RequestMapping(value = {"/rest/orgs/{org}/users/{user}"}, method = {RequestMethod.POST}, produces = {"application/json"}, consumes = {"application/json"})
    @ApiOperation(value = "Updates user roles in organization", notes = "Privilege level: Consumer of this endpoint must be a member of specified organization with OrgManager role, based on valid access token")
    public UserRole updateOrgUserRole(@RequestBody UserRolesRequest userRolesRequest, @PathVariable String str, @PathVariable String str2, @ApiParam(hidden = true) Authentication authentication) {
        UserRoleRequestValidator.validate(userRolesRequest);
        denyOperationsOnYourself(this.detailsFinder.findUserId(authentication), str2);
        return determinePriviledgeLevel(authentication).updateOrgUserRole(str2, str, userRolesRequest.getRole());
    }

    @ApiResponses({@ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 400, message = "Request was malformed. e.g. organization with ID 'org' doesn't exist"), @ApiResponse(code = 404, message = "User 'user' not found in organization."), @ApiResponse(code = 500, message = "Internal server error, e.g. error connecting to CloudController")})
    @RequestMapping(value = {"/rest/orgs/{org}/users/{user}"}, method = {RequestMethod.DELETE})
    @ApiOperation(value = "Deletes user from organization.", notes = "Privilege level: Consumer of this endpoint must be a member of specified organization with OrgManager role, based on valid access token")
    public void deleteUserFromOrg(@PathVariable String str, @PathVariable String str2, @ApiParam(hidden = true) Authentication authentication) {
        denyOperationsOnYourself(this.detailsFinder.findUserId(authentication), str2);
        determinePriviledgeLevel(authentication).deleteUserFromOrg(str2, str);
    }

    private void denyOperationsOnYourself(String str, String str2) {
        if (str.equals(str2)) {
            throw new AccessDeniedException("You cannot perform request on yourself.");
        }
    }
}
