package org.graylog.security.rest;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.BeanParam;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog.security.DBGrantService;
import org.graylog.security.entities.EntityDescriptor;
import org.graylog.security.shares.EntityShareRequest;
import org.graylog.security.shares.EntityShareResponse;
import org.graylog.security.shares.EntitySharesService;
import org.graylog.security.shares.GranteeSharesService;
import org.graylog2.audit.jersey.NoAuditEvent;
import org.graylog2.plugin.database.users.User;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.rest.PaginationParameters;
import org.graylog2.rest.models.PaginatedResponse;
import org.graylog2.shared.rest.documentation.generator.Generator;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.shared.users.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api(value = "Authorization/Shares", description = "Manage share permissions on entities", tags = {Generator.CLOUD_VISIBLE})
@RequiresAuthentication
@Produces({MoreMediaTypes.APPLICATION_JSON})
@Path("/authz/shares")
@Consumes({MoreMediaTypes.APPLICATION_JSON})
/* loaded from: input_file:org/graylog/security/rest/EntitySharesResource.class */
public class EntitySharesResource extends RestResourceWithOwnerCheck {
    private static final Logger LOG = LoggerFactory.getLogger(EntitySharesResource.class);
    private final GRNRegistry grnRegistry;
    private final DBGrantService grantService;
    private final UserService userService;
    private final GranteeSharesService granteeSharesService;
    private final EntitySharesService entitySharesService;

    @Inject
    public EntitySharesResource(GRNRegistry gRNRegistry, DBGrantService dBGrantService, UserService userService, GranteeSharesService granteeSharesService, EntitySharesService entitySharesService) {
        this.grnRegistry = gRNRegistry;
        this.grantService = dBGrantService;
        this.userService = userService;
        this.granteeSharesService = granteeSharesService;
        this.entitySharesService = entitySharesService;
    }

    @GET
    @Path("user/{userId}")
    @ApiOperation("Return shares for a user")
    public PaginatedResponse<EntityDescriptor> get(@ApiParam(name = "pagination parameters") @BeanParam PaginationParameters paginationParameters, @NotBlank @ApiParam(name = "userId", required = true) @PathParam("userId") String str, @QueryParam("capability") @ApiParam(name = "capability") @DefaultValue("") String str2, @QueryParam("entity_type") @ApiParam(name = "entity_type") @DefaultValue("") String str3) {
        User loadById = this.userService.loadById(str);
        if (loadById == null) {
            throw new NotFoundException("Couldn't find user <" + str + ">");
        }
        if (!isPermitted(RestPermissions.USERS_EDIT, loadById.getName())) {
            throw new ForbiddenException("Couldn't access user <" + str + ">");
        }
        GranteeSharesService.SharesResponse paginatedSharesFor = this.granteeSharesService.getPaginatedSharesFor(this.grnRegistry.ofUser(loadById), paginationParameters, str2, str3);
        return PaginatedResponse.create("entities", paginatedSharesFor.paginatedEntities(), (Map<String, Object>) Collections.singletonMap("grantee_capabilities", paginatedSharesFor.capabilities()));
    }

    @ApiOperation("Prepare shares for an entity or collection")
    @POST
    @Path("entities/{entityGRN}/prepare")
    @NoAuditEvent("This does not change any data")
    public EntityShareResponse prepareShare(@NotBlank @ApiParam(name = "entityGRN", required = true) @PathParam("entityGRN") String str, @NotNull @Valid @ApiParam(name = "JSON Body", required = true) EntityShareRequest entityShareRequest) {
        GRN parse = this.grnRegistry.parse(str);
        checkOwnership(parse);
        return this.entitySharesService.prepareShare(parse, entityShareRequest, getCurrentUser(), getSubject());
    }

    @ApiOperation("Create / update shares for an entity or collection")
    @POST
    @Path("entities/{entityGRN}")
    @NoAuditEvent("Audit events are created within EntitySharesService")
    public Response updateEntityShares(@NotBlank @ApiParam(name = "entityGRN", required = true) @PathParam("entityGRN") String str, @NotNull @Valid @ApiParam(name = "JSON Body", required = true) EntityShareRequest entityShareRequest) {
        GRN parse = this.grnRegistry.parse(str);
        checkOwnership(parse);
        EntityShareResponse updateEntityShares = this.entitySharesService.updateEntityShares(parse, entityShareRequest, (User) Objects.requireNonNull(getCurrentUser()));
        return updateEntityShares.validationResult().failed() ? Response.status(Response.Status.BAD_REQUEST).entity(updateEntityShares).build() : Response.ok(updateEntityShares).build();
    }
}
