package org.graylog.plugins.views.search.rest;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Sets;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.Collection;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.graylog.plugins.pipelineprocessor.functions.dates.FlexParseDate;
import org.graylog.plugins.views.audit.ViewsAuditEventTypes;
import org.graylog.plugins.views.search.Search;
import org.graylog.plugins.views.search.SearchDomain;
import org.graylog.plugins.views.search.permissions.SearchUser;
import org.graylog.plugins.views.search.searchfilters.ReferencedSearchFiltersHelper;
import org.graylog.plugins.views.search.searchfilters.db.SearchFilterVisibilityCheckStatus;
import org.graylog.plugins.views.search.searchfilters.db.SearchFilterVisibilityChecker;
import org.graylog.plugins.views.search.searchfilters.model.UsesSearchFilters;
import org.graylog.plugins.views.search.views.ViewDTO;
import org.graylog.plugins.views.search.views.ViewResolver;
import org.graylog.plugins.views.search.views.ViewResolverDecoder;
import org.graylog.plugins.views.search.views.ViewService;
import org.graylog.security.UserContext;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.dashboards.events.DashboardDeletedEvent;
import org.graylog2.events.ClusterEventBus;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.rest.PluginRestResource;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.rest.models.PaginatedResponse;
import org.graylog2.search.SearchQuery;
import org.graylog2.search.SearchQueryField;
import org.graylog2.search.SearchQueryParser;
import org.graylog2.shared.rest.documentation.generator.Generator;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;

@Api(value = "Views", tags = {Generator.CLOUD_VISIBLE})
@RequiresAuthentication
@Path("/views")
@Produces({MoreMediaTypes.APPLICATION_JSON})
/* loaded from: input_file:org/graylog/plugins/views/search/rest/ViewsResource.class */
public class ViewsResource extends RestResource implements PluginRestResource {
    private static final ImmutableMap<String, SearchQueryField> SEARCH_FIELD_MAPPING = ImmutableMap.builder().put("id", SearchQueryField.create("id")).put("title", SearchQueryField.create("title")).put("summary", SearchQueryField.create("description")).build();
    private final ViewService dbService;
    private final SearchQueryParser searchQueryParser = new SearchQueryParser("title", (Map<String, SearchQueryField>) SEARCH_FIELD_MAPPING);
    private final ClusterEventBus clusterEventBus;
    private final SearchDomain searchDomain;
    private final Map<String, ViewResolver> viewResolvers;
    private final SearchFilterVisibilityChecker searchFilterVisibilityChecker;
    private final ReferencedSearchFiltersHelper referencedSearchFiltersHelper;

    @Inject
    public ViewsResource(ViewService viewService, ClusterEventBus clusterEventBus, SearchDomain searchDomain, Map<String, ViewResolver> map, SearchFilterVisibilityChecker searchFilterVisibilityChecker, ReferencedSearchFiltersHelper referencedSearchFiltersHelper) {
        this.dbService = viewService;
        this.clusterEventBus = clusterEventBus;
        this.searchDomain = searchDomain;
        this.viewResolvers = map;
        this.searchFilterVisibilityChecker = searchFilterVisibilityChecker;
        this.referencedSearchFiltersHelper = referencedSearchFiltersHelper;
    }

    @GET
    @ApiOperation("Get a list of all views")
    public PaginatedResponse<ViewDTO> views(@QueryParam("page") @ApiParam(name = "page") @DefaultValue("1") int i, @QueryParam("per_page") @ApiParam(name = "per_page") @DefaultValue("50") int i2, @QueryParam("sort") @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "id,title,created_at") @DefaultValue("title") String str, @QueryParam("order") @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") String str2, @QueryParam("query") @ApiParam(name = "query") String str3, @Context SearchUser searchUser) {
        if (!ViewDTO.SORT_FIELDS.contains(str.toLowerCase(Locale.ENGLISH))) {
            str = "title";
        }
        try {
            SearchQuery parse = this.searchQueryParser.parse(str3);
            ViewService viewService = this.dbService;
            Objects.requireNonNull(searchUser);
            return PaginatedResponse.create(ViewsAuditEventTypes.NAMESPACE, viewService.searchPaginated(parse, (v1) -> {
                return r2.canReadView(v1);
            }, str2, str, i, i2), str3);
        } catch (IllegalArgumentException e) {
            throw new BadRequestException(e.getMessage(), e);
        }
    }

    @GET
    @Path("{id}")
    @ApiOperation("Get a single view")
    public ViewDTO get(@PathParam("id") @NotEmpty @ApiParam(name = "id") String str, @Context SearchUser searchUser) {
        if (FlexParseDate.DEFAULT.equals(str)) {
            Optional<ViewDTO> optional = this.dbService.getDefault();
            Objects.requireNonNull(searchUser);
            return optional.filter((v1) -> {
                return r1.canReadView(v1);
            }).orElseThrow(() -> {
                return new NotFoundException("Default view doesn't exist");
            });
        }
        ViewDTO resolveView = resolveView(str);
        if (searchUser.canReadView(resolveView)) {
            return resolveView;
        }
        throw viewNotFoundException(str);
    }

    ViewDTO resolveView(String str) {
        ViewResolverDecoder viewResolverDecoder = new ViewResolverDecoder(str);
        if (!viewResolverDecoder.isResolverViewId()) {
            return loadView(str);
        }
        ViewResolver viewResolver = this.viewResolvers.get(viewResolverDecoder.getResolverName());
        if (viewResolver != null) {
            return viewResolver.get(viewResolverDecoder.getViewId()).orElseThrow(() -> {
                return new NotFoundException("Failed to resolve view:" + str);
            });
        }
        throw new NotFoundException("Failed to find view resolver: " + viewResolverDecoder.getResolverName());
    }

    @POST
    @AuditEvent(type = ViewsAuditEventTypes.VIEW_CREATE)
    @ApiOperation("Create a new view")
    public ViewDTO create(@NotNull(message = "View is mandatory") @Valid @ApiParam ViewDTO viewDTO, @Context UserContext userContext, @Context SearchUser searchUser) throws ValidationException {
        if (viewDTO.type().equals(ViewDTO.Type.DASHBOARD) && !searchUser.canCreateDashboards()) {
            throw new ForbiddenException("User is not allowed to create new dashboards.");
        }
        validateIntegrity(viewDTO, searchUser, true);
        return this.dbService.saveWithOwner(viewDTO.toBuilder().owner(searchUser.username()).build(), userContext.getUser());
    }

    private void validateIntegrity(ViewDTO viewDTO, SearchUser searchUser, boolean z) {
        Search orElseThrow = this.searchDomain.getForUser(viewDTO.searchId(), searchUser).orElseThrow(() -> {
            return new BadRequestException("Search " + viewDTO.searchId() + " not available");
        });
        validateSearchProperties(viewDTO, orElseThrow);
        if (z) {
            SearchFilterVisibilityCheckStatus checkSearchFilterVisibility = this.searchFilterVisibilityChecker.checkSearchFilterVisibility(str -> {
                return isPermitted(RestPermissions.SEARCH_FILTERS_READ, str);
            }, this.referencedSearchFiltersHelper.getReferencedSearchFiltersIds(getSearchFiltersUsages(viewDTO, orElseThrow)));
            if (!checkSearchFilterVisibility.allSearchFiltersVisible()) {
                throw new BadRequestException(checkSearchFilterVisibility.toMessage());
            }
            return;
        }
        ViewDTO orElseThrow2 = this.dbService.get(viewDTO.id()).orElseThrow(() -> {
            return new BadRequestException("Cannot update a view that does not exist : id = " + viewDTO.id());
        });
        String searchId = orElseThrow2.searchId();
        Set<String> referencedSearchFiltersIds = this.referencedSearchFiltersHelper.getReferencedSearchFiltersIds(getSearchFiltersUsages(orElseThrow2, this.searchDomain.getForUser(searchId, searchUser).orElseThrow(() -> {
            return new BadRequestException("Search " + searchId + " not available");
        })));
        SearchFilterVisibilityCheckStatus checkSearchFilterVisibility2 = this.searchFilterVisibilityChecker.checkSearchFilterVisibility(str2 -> {
            return isPermitted(RestPermissions.SEARCH_FILTERS_READ, str2);
        }, this.referencedSearchFiltersHelper.getReferencedSearchFiltersIds(getSearchFiltersUsages(viewDTO, orElseThrow)));
        if (!checkSearchFilterVisibility2.allSearchFiltersVisible(referencedSearchFiltersIds)) {
            throw new BadRequestException(checkSearchFilterVisibility2.toMessage(referencedSearchFiltersIds));
        }
    }

    protected void validateSearchProperties(ViewDTO viewDTO, Search search) {
        Set set = (Set) search.queries().stream().map((v0) -> {
            return v0.id();
        }).collect(Collectors.toSet());
        Set<String> keySet = viewDTO.state().keySet();
        if (!set.containsAll(keySet)) {
            throw new BadRequestException(String.format(Locale.ROOT, "Search queries do not correspond to view/state queries, missing query IDs: %s; search queries: %s; state queries: %s", Sets.difference(keySet, set), set, keySet));
        }
        Set set2 = (Set) search.queries().stream().flatMap(query -> {
            return query.searchTypes().stream();
        }).map((v0) -> {
            return v0.id();
        }).collect(Collectors.toSet());
        Set set3 = (Set) viewDTO.state().values().stream().flatMap(viewStateDTO -> {
            return viewStateDTO.widgetMapping().values().stream();
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
        if (!set2.containsAll(set3)) {
            throw new BadRequestException(String.format(Locale.ROOT, "Search types do not correspond to view/search types, missing searches %s; search types: %s; state types: %s", Sets.difference(set3, set2), set2, set3));
        }
        Set set4 = (Set) viewDTO.state().values().stream().flatMap(viewStateDTO2 -> {
            return viewStateDTO2.widgets().stream();
        }).map((v0) -> {
            return v0.id();
        }).collect(Collectors.toSet());
        Set set5 = (Set) viewDTO.state().values().stream().flatMap(viewStateDTO3 -> {
            return viewStateDTO3.widgetPositions().keySet().stream();
        }).collect(Collectors.toSet());
        if (set5.containsAll(set4)) {
            return;
        }
        throw new BadRequestException(String.format(Locale.ROOT, "Widget positions don't correspond to widgets, missing widget positions %s; widget IDs: %s; widget positions: %s", Sets.difference(set4, set5), set4, set5));
    }

    private Set<UsesSearchFilters> getSearchFiltersUsages(ViewDTO viewDTO, Search search) {
        HashSet hashSet = new HashSet((Collection) search.queries());
        if (viewDTO.type() == ViewDTO.Type.DASHBOARD) {
            hashSet.addAll(viewDTO.getAllWidgets());
        }
        return hashSet;
    }

    @Path("{id}")
    @AuditEvent(type = ViewsAuditEventTypes.VIEW_UPDATE)
    @ApiOperation("Update view")
    @PUT
    public ViewDTO update(@PathParam("id") @NotEmpty @ApiParam(name = "id") String str, @Valid @ApiParam ViewDTO viewDTO, @Context SearchUser searchUser) {
        ViewDTO build = viewDTO.toBuilder().id(str).build();
        if (!searchUser.canUpdateView(build)) {
            throw new ForbiddenException("Not allowed to edit " + summarize(build) + ".");
        }
        validateIntegrity(build, searchUser, false);
        return this.dbService.update(build);
    }

    @Path("{id}/default")
    @AuditEvent(type = ViewsAuditEventTypes.DEFAULT_VIEW_SET)
    @ApiOperation("Configures the view as default view")
    @PUT
    public void setDefault(@PathParam("id") @NotEmpty @ApiParam(name = "id") String str) {
        checkPermission(ViewsRestPermissions.VIEW_READ, str);
        checkPermission(ViewsRestPermissions.DEFAULT_VIEW_SET);
        this.dbService.saveDefault(loadView(str));
    }

    @Path("{id}")
    @AuditEvent(type = ViewsAuditEventTypes.VIEW_DELETE)
    @DELETE
    @ApiOperation("Delete view")
    public ViewDTO delete(@PathParam("id") @NotEmpty @ApiParam(name = "id") String str, @Context SearchUser searchUser) {
        ViewDTO loadView = loadView(str);
        if (!searchUser.canDeleteView(loadView)) {
            throw new ForbiddenException("Unable to delete " + summarize(loadView) + ".");
        }
        this.dbService.delete(str);
        triggerDeletedEvent(loadView);
        return loadView;
    }

    private String summarize(ViewDTO viewDTO) {
        return viewDTO.type().toString().toLowerCase(Locale.ROOT) + " <" + viewDTO.id() + ">";
    }

    private void triggerDeletedEvent(ViewDTO viewDTO) {
        if (viewDTO == null || viewDTO.type() == null || !viewDTO.type().equals(ViewDTO.Type.DASHBOARD)) {
            return;
        }
        this.clusterEventBus.post(DashboardDeletedEvent.create(viewDTO.id()));
    }

    private ViewDTO loadView(String str) {
        try {
            return this.dbService.get(str).orElseThrow(() -> {
                return viewNotFoundException(str);
            });
        } catch (IllegalArgumentException e) {
            throw viewNotFoundException(str);
        }
    }

    private NotFoundException viewNotFoundException(String str) {
        return new NotFoundException("View " + str + " doesn't exist");
    }
}
