package org.hawkular.accounts.backend.boundary;

import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.enterprise.event.Event;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.validation.constraints.NotNull;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.hawkular.accounts.api.CurrentUser;
import org.hawkular.accounts.api.InvitationService;
import org.hawkular.accounts.api.NamedOperation;
import org.hawkular.accounts.api.OrganizationService;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.RoleService;
import org.hawkular.accounts.api.model.HawkularUser;
import org.hawkular.accounts.api.model.Invitation;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.accounts.api.model.Organization;
import org.hawkular.accounts.api.model.Role;
import org.hawkular.accounts.backend.control.MsgLogger;
import org.hawkular.accounts.backend.entity.InvitationCreatedEvent;
import org.hawkular.accounts.backend.entity.rest.ErrorResponse;
import org.hawkular.accounts.backend.entity.rest.InvitationAcceptRequest;
import org.hawkular.accounts.backend.entity.rest.InvitationRequest;

@Path("/invitations")
@PermitAll
@Stateless
/* loaded from: input_file:WEB-INF/classes/org/hawkular/accounts/backend/boundary/InvitationEndpoint.class */
public class InvitationEndpoint {
    private static final MsgLogger logger = MsgLogger.LOGGER;
    private static final String DEFAULT_ROLE = "Monitor";

    @Inject
    RoleService roleService;

    @Inject
    OrganizationService organizationService;

    @Inject
    InvitationService invitationService;

    @Inject
    @CurrentUser
    Instance<HawkularUser> userInstance;

    @Inject
    Event<InvitationCreatedEvent> event;

    @Inject
    PermissionChecker permissionChecker;

    @Inject
    @NamedOperation("organization-list-invitations")
    Operation operationListInvitations;

    @Inject
    @NamedOperation("organization-invite")
    Operation operationInvite;

    @GET
    public Response listPendingInvitations(@QueryParam("organizationId") String str) {
        Organization organization = this.organizationService.get(str);
        return null == organization ? Response.status(Response.Status.NOT_FOUND).entity("The organization could not be found.").build() : !this.permissionChecker.isAllowedTo(this.operationListInvitations, str) ? Response.status(Response.Status.FORBIDDEN).entity("Insufficient permissions to list the pending invitations for this organization.").build() : Response.ok(this.invitationService.getPendingInvitationsForOrganization(organization)).build();
    }

    @POST
    public Response inviteUserToOrganization(@NotNull InvitationRequest invitationRequest) {
        HawkularUser hawkularUser = (HawkularUser) this.userInstance.get();
        Organization organization = this.organizationService.get(invitationRequest.getOrganizationId());
        if (null == organization) {
            return Response.status(Response.Status.NOT_FOUND).entity("The organization could not be found.").build();
        }
        if (!this.permissionChecker.isAllowedTo(this.operationInvite, organization.getId())) {
            return Response.status(Response.Status.FORBIDDEN).entity("Insufficient permissions to list the pending invitations for this organization.").build();
        }
        Role byName = this.roleService.getByName(DEFAULT_ROLE);
        for (String str : invitationRequest.getEmails().split("[, ]")) {
            if (!str.isEmpty()) {
                this.event.fire(new InvitationCreatedEvent(this.invitationService.create(str, hawkularUser, organization, byName)));
            }
        }
        return Response.noContent().build();
    }

    @PUT
    public Response acceptInvitation(@NotNull InvitationAcceptRequest invitationAcceptRequest) {
        HawkularUser hawkularUser = (HawkularUser) this.userInstance.get();
        Invitation byToken = this.invitationService.getByToken(invitationAcceptRequest.getToken());
        if (null == byToken) {
            return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The invitation has not been found.")).build();
        }
        if (hawkularUser.equals(byToken.getInvitedBy())) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("The invitation has been created by the same user who is accepting it.")).build();
        }
        if (byToken.getAcceptedAt() == null) {
            return Response.ok(this.invitationService.accept(byToken, hawkularUser)).build();
        }
        String str = "This invitation has already been previously accepted.";
        if (!hawkularUser.equals(byToken.getAcceptedBy())) {
            str = "This invitation has already been previously accepted by a different user.";
            logger.invitationReused(byToken.getId(), hawkularUser.getId(), byToken.getAcceptedBy().getId());
        }
        return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse(str)).build();
    }
}
