package org.hawkular.accounts.backend.boundary;

import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;
import javax.validation.constraints.NotNull;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import org.hawkular.accounts.api.CurrentUser;
import org.hawkular.accounts.api.NamedOperation;
import org.hawkular.accounts.api.OrganizationService;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.ResourceService;
import org.hawkular.accounts.api.internal.adapter.HawkularAccounts;
import org.hawkular.accounts.api.model.HawkularUser;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.accounts.api.model.Organization;
import org.hawkular.accounts.api.model.Organization_;
import org.hawkular.accounts.api.model.Persona;
import org.hawkular.accounts.backend.entity.rest.ErrorResponse;
import org.hawkular.accounts.backend.entity.rest.OrganizationRequest;

@Path("/organizations")
@PermitAll
@Stateless
/* loaded from: input_file:WEB-INF/classes/org/hawkular/accounts/backend/boundary/OrganizationEndpoint.class */
public class OrganizationEndpoint {

    @Inject
    @HawkularAccounts
    EntityManager em;

    @Inject
    Persona persona;

    @Inject
    @CurrentUser
    HawkularUser user;

    @Inject
    PermissionChecker permissionChecker;

    @Inject
    @NamedOperation("organization-create")
    Operation operationCreate;

    @Inject
    @NamedOperation("organization-read")
    Operation operationRead;

    @Inject
    @NamedOperation("organization-update")
    Operation operationUpdate;

    @Inject
    @NamedOperation("organization-delete")
    Operation operationDelete;

    @Inject
    ResourceService resourceService;

    @Inject
    OrganizationService organizationService;

    @GET
    @Path("/")
    public Response getOrganizationsForPersona() {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Organization.class);
        Root from = createQuery.from(Organization.class);
        createQuery.select(from);
        createQuery.where(criteriaBuilder.equal(from.get(Organization_.owner), this.persona));
        return Response.ok().entity(this.em.createQuery(createQuery).getResultList()).build();
    }

    @POST
    @Path("/")
    public Response createOrganization(@NotNull OrganizationRequest organizationRequest) {
        if (!this.persona.equals(this.user)) {
            return Response.status(Response.Status.FORBIDDEN).entity("Organizations cannot create sub-organizations.").build();
        }
        Organization createOrganization = this.organizationService.createOrganization(organizationRequest.getName(), organizationRequest.getDescription(), this.persona);
        this.resourceService.create(createOrganization.getId(), this.persona);
        return Response.ok().entity(createOrganization).build();
    }

    @Path("/{id}")
    @DELETE
    public Response deleteOrganization(@NotNull @PathParam("id") String str) {
        Organization organization = (Organization) this.em.find(Organization.class, str);
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Organization.class);
        Root from = createQuery.from(Organization.class);
        createQuery.select(from);
        createQuery.where(criteriaBuilder.equal(from.get(Organization_.owner), organization));
        if (this.em.createQuery(createQuery).getResultList().size() > 0) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("This organization has sub-organizations. Please, remove those before removing this organization.")).build();
        }
        if (!this.permissionChecker.isAllowedTo(this.operationDelete, str, this.persona)) {
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        this.organizationService.deleteOrganization(organization);
        return Response.ok().build();
    }
}
