package org.hawkular.accounts.backend.control;

import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.hawkular.accounts.api.OperationService;
import org.hawkular.accounts.api.RoleService;
import org.hawkular.accounts.api.model.Role;

/* loaded from: input_file:WEB-INF/classes/org/hawkular/accounts/backend/control/SetupHawkularAccountsImpl.class */
public class SetupHawkularAccountsImpl implements ServletContextListener {

    @Inject
    RoleService roleService;

    @Inject
    OperationService operationService;
    private final MsgLogger logger = MsgLogger.LOGGER;
    Set<Role> roles = new HashSet(7);
    Role monitor = new Role("Monitor", "Has the fewest permissions. Only read configuration and current runtime state, No access to sensitive resources or data or audit logging resources");
    Role operator = new Role("Operator", "All permissions of Monitor. Can modify the runtime state, e.g. reload or shutdown the server, pause/resume JMS destination, flush database connection pool. Does not have permission to modify persistent state.");
    Role maintainer = new Role("Maintainer", "All permissions of Operator. Can modify the persistent state, e.g. deploy an application, setting up new data sources, add a JMS destination");
    Role deployer = new Role("Deployer", "All permissions of Maintainer. Permission is restricted to applications only, cannot make changes to container configuration");
    Role administrator = new Role("Administrator", "All permissions of Maintainer. View and modify sensitive data such as access control system.  No access to administrative audit logging system.");
    Role auditor = new Role("Auditor", "All permissions of Monitor. View and modify resources to administrative audit logging system. Cannot modify sensitive resources or data outside auditing, can read any sensitive data");
    Role superUser = new Role("SuperUser", "Has all the permissions. Equivalent to administrator in previous versions.");

    public void contextInitialized(ServletContextEvent servletContextEvent) {
        setup();
    }

    public void contextDestroyed(ServletContextEvent servletContextEvent) {
    }

    public void setup() {
        this.logger.infoStartedSetupAccounts();
        this.roles.add(this.monitor);
        this.roles.add(this.operator);
        this.roles.add(this.maintainer);
        this.roles.add(this.deployer);
        this.roles.add(this.administrator);
        this.roles.add(this.auditor);
        this.roles.add(this.superUser);
        this.roles.stream().forEach(this::addRoleIfDoesntExists);
        this.operationService.setup("organization-create").add("Monitor").persist().setup("organization-read").add("Maintainer").persist().setup("organization-delete").add("SuperUser").persist().setup("organization-update").add("Maintainer").persist().setup("organization-invite").add("Administrator").persist().setup("organization-list-invitations").add("Administrator").persist().setup("organization-change-role-of-members").add("Administrator").persist().setup("organization-transfer").add("SuperUser").persist().setup("organization-join-request-decision").add("Administrator").persist();
        this.logger.infoFinishedSetupAccounts();
    }

    private void addRoleIfDoesntExists(Role role) {
        if (null == this.roleService.getByName(role.getName())) {
            this.roleService.create(role.getName(), role.getDescription());
        }
    }
}
