package org.hawkular.accounts.backend.boundary;

import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.validation.constraints.NotNull;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import org.hawkular.accounts.api.CurrentUser;
import org.hawkular.accounts.api.NamedOperation;
import org.hawkular.accounts.api.OrganizationJoinRequestService;
import org.hawkular.accounts.api.OrganizationService;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.PersonaService;
import org.hawkular.accounts.api.ResourceService;
import org.hawkular.accounts.api.model.HawkularUser;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.accounts.api.model.Organization;
import org.hawkular.accounts.api.model.Persona;
import org.hawkular.accounts.api.model.Visibility;
import org.hawkular.accounts.backend.entity.rest.ErrorResponse;
import org.hawkular.accounts.backend.entity.rest.OrganizationRequest;
import org.hawkular.accounts.backend.entity.rest.OrganizationTransferRequest;

@Path("/organizations")
@PermitAll
@Stateless
/* loaded from: input_file:WEB-INF/classes/org/hawkular/accounts/backend/boundary/OrganizationEndpoint.class */
public class OrganizationEndpoint {

    @Inject
    Instance<Persona> personaInstance;

    @Inject
    @CurrentUser
    Instance<HawkularUser> userInstance;

    @Inject
    PermissionChecker permissionChecker;

    @Inject
    @NamedOperation("organization-create")
    Operation operationCreate;

    @Inject
    @NamedOperation("organization-read")
    Operation operationRead;

    @Inject
    @NamedOperation("organization-update")
    Operation operationUpdate;

    @Inject
    @NamedOperation("organization-delete")
    Operation operationDelete;

    @Inject
    @NamedOperation("organization-transfer")
    Operation operationTransfer;

    @Inject
    ResourceService resourceService;

    @Inject
    OrganizationService organizationService;

    @Inject
    PersonaService personaService;

    @Inject
    OrganizationJoinRequestService joinRequestService;

    @GET
    @Path("/")
    public Response getOrganizationsForPersona() {
        Persona persona = (Persona) this.personaInstance.get();
        return Response.ok().entity((List) this.organizationService.getOrganizationsForPersona(persona).stream().filter(organization -> {
            return this.permissionChecker.isAllowedTo(this.operationRead, organization.getId(), persona);
        }).collect(Collectors.toList())).build();
    }

    @GET
    @Path("/join")
    public Response getOrganizationsToJoin() {
        return Response.ok().entity(this.organizationService.getFilteredOrganizationsToJoin((Persona) this.personaInstance.get())).build();
    }

    @POST
    @Path("/")
    public Response createOrganization(@NotNull OrganizationRequest organizationRequest) {
        Persona persona = (Persona) this.personaInstance.get();
        if (!persona.equals((HawkularUser) this.userInstance.get())) {
            return Response.status(Response.Status.FORBIDDEN).entity("Organizations cannot create sub-organizations.").build();
        }
        if (organizationRequest.getName() == null || organizationRequest.getName().isEmpty()) {
            return Response.status(Response.Status.BAD_REQUEST).entity("Missing organization name.").build();
        }
        if (null != this.organizationService.getByName(organizationRequest.getName())) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("There's already an organization with this name")).build();
        }
        Visibility visibility = null;
        for (Visibility visibility2 : Visibility.values()) {
            if (visibility2.name().equalsIgnoreCase(organizationRequest.getVisibility())) {
                visibility = visibility2;
            }
        }
        if (null == visibility) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("Visibility is invalid. Possible values: " + Arrays.toString(Visibility.values()))).build();
        }
        return Response.ok().entity(this.organizationService.createOrganization(organizationRequest.getName(), organizationRequest.getDescription(), visibility, persona)).build();
    }

    @Path("/{id}")
    @DELETE
    public Response deleteOrganization(@NotNull @PathParam("id") String str) {
        Organization organization = this.organizationService.get(str);
        if (this.organizationService.getSubOrganizations(organization).size() > 0) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("This organization has sub-organizations. Please, remove those before removing this organization.")).build();
        }
        if (this.resourceService.getByPersona(organization).size() > 0) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("This organization is the owner of resources. Please, remove or transfer those resources before removing this organization.")).build();
        }
        if (!this.permissionChecker.isAllowedTo(this.operationDelete, str, (Persona) this.personaInstance.get())) {
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        this.organizationService.deleteOrganization(organization);
        return Response.ok().build();
    }

    @GET
    @Path("/{id}")
    public Response getOrganization(@PathParam("id") String str) {
        Organization organization = this.organizationService.get(str);
        return organization == null ? Response.status(Response.Status.NOT_FOUND).build() : !this.permissionChecker.isAllowedTo(this.operationRead, organization.getId(), (Persona) this.personaInstance.get()) ? Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified organization could not be found for this persona.")).build() : Response.ok().entity(organization).build();
    }

    @Path("/{id}")
    @PUT
    public Response transferOrganization(@PathParam("id") String str, OrganizationTransferRequest organizationTransferRequest) {
        if (null == str || str.isEmpty()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("The given organization ID is invalid (null).")).build();
        }
        if (null == organizationTransferRequest || null == organizationTransferRequest.getOwner() || organizationTransferRequest.getOwner().getId().isEmpty()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("The given user ID is invalid (null).")).build();
        }
        Organization organization = this.organizationService.get(str);
        Persona persona = this.personaService.get(organizationTransferRequest.getOwner().getId());
        if (null == organization) {
            return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified organization is invalid (not found).")).build();
        }
        if (null == persona) {
            return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified new owner is invalid (not found).")).build();
        }
        if (!this.permissionChecker.isAllowedTo(this.operationTransfer, organization.getId())) {
            return Response.status(Response.Status.FORBIDDEN).entity(new ErrorResponse("Insufficient permissions to change the role of users of this organization.")).build();
        }
        this.organizationService.transfer(organization, persona);
        return Response.ok().entity(organization).build();
    }
}
