package org.appfuse.webapp.controller;

import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.AuthenticationTrustResolverImpl;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang.StringUtils;
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.util.StringUtil;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.validation.BindException;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

/* loaded from: input_file:WEB-INF/classes/org/appfuse/webapp/controller/UserFormController.class */
public class UserFormController extends BaseFormController {
    private RoleManager roleManager;

    public void setRoleManager(RoleManager roleManager) {
        this.roleManager = roleManager;
    }

    public UserFormController() {
        setCommandName("user");
        setCommandClass(User.class);
    }

    @Override // org.appfuse.webapp.controller.BaseFormController
    public ModelAndView processFormSubmission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, BindException bindException) throws Exception {
        return httpServletRequest.getParameter("cancel") != null ? !StringUtils.equals(httpServletRequest.getParameter("from"), "list") ? new ModelAndView(getCancelView()) : new ModelAndView(getSuccessView()) : super.processFormSubmission(httpServletRequest, httpServletResponse, obj, bindException);
    }

    public ModelAndView onSubmit(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, BindException bindException) throws Exception {
        String[] parameterValues;
        this.log.debug("entering 'onSubmit' method...");
        User user = (User) obj;
        Locale locale = httpServletRequest.getLocale();
        if (httpServletRequest.getParameter("delete") != null) {
            getUserManager().removeUser(user.getId().toString());
            saveMessage(httpServletRequest, getText("user.deleted", user.getFullName(), locale));
            return new ModelAndView(getSuccessView());
        }
        Boolean bool = (Boolean) getConfiguration().get("encryptPassword");
        if (StringUtils.equals(httpServletRequest.getParameter("encryptPass"), "true") && bool != null && bool.booleanValue()) {
            String str = (String) getConfiguration().get("algorithm");
            if (str == null) {
                this.log.debug("assuming testcase, setting algorithm to 'SHA'");
                str = "SHA";
            }
            user.setPassword(StringUtil.encodePassword(user.getPassword(), str));
        }
        if (httpServletRequest.isUserInRole("ROLE_ADMIN") && (parameterValues = httpServletRequest.getParameterValues("userRoles")) != null) {
            user.getRoles().clear();
            for (String str2 : parameterValues) {
                user.addRole(this.roleManager.getRole(str2));
            }
        }
        Integer version = user.getVersion();
        try {
            user = getUserManager().saveUser(user);
            if (!StringUtils.equals(httpServletRequest.getParameter("from"), "list")) {
                saveMessage(httpServletRequest, getText("user.saved", user.getFullName(), locale));
                return new ModelAndView(new RedirectView("mainMenu.html"));
            }
            if (!StringUtils.isBlank(httpServletRequest.getParameter("version"))) {
                saveMessage(httpServletRequest, getText("user.updated.byAdmin", user.getFullName(), locale));
                return showForm(httpServletRequest, httpServletResponse, bindException);
            }
            saveMessage(httpServletRequest, getText("user.added", user.getFullName(), locale));
            this.message.setSubject(getText("signup.email.subject", locale));
            sendUserMessage(user, getText("newuser.email.message", user.getFullName(), locale), RequestUtil.getAppURL(httpServletRequest));
            return new ModelAndView(getSuccessView());
        } catch (UserExistsException e) {
            this.log.warn(e.getMessage());
            bindException.rejectValue("username", "errors.existing.user", new Object[]{user.getUsername(), user.getEmail()}, "duplicate user");
            user.setPassword(user.getConfirmPassword());
            user.setVersion(version);
            return showForm(httpServletRequest, httpServletResponse, bindException);
        }
    }

    protected ModelAndView showForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BindException bindException) throws Exception {
        if (httpServletRequest.isUserInRole("ROLE_ADMIN") || isFormSubmission(httpServletRequest) || (!isAdd(httpServletRequest) && httpServletRequest.getParameter("id") == null)) {
            return super.showForm(httpServletRequest, httpServletResponse, bindException);
        }
        httpServletResponse.sendError(403);
        this.log.warn("User '" + httpServletRequest.getRemoteUser() + "' is trying to edit user with id '" + httpServletRequest.getParameter("id") + "'");
        throw new AccessDeniedException("You do not have permission to modify other users.");
    }

    protected Object formBackingObject(HttpServletRequest httpServletRequest) throws Exception {
        User user;
        if (isFormSubmission(httpServletRequest)) {
            return (httpServletRequest.getParameter("id") == null || "".equals(httpServletRequest.getParameter("id")) || httpServletRequest.getParameter("cancel") != null) ? super.formBackingObject(httpServletRequest) : getUserManager().getUser(httpServletRequest.getParameter("id"));
        }
        String parameter = httpServletRequest.getParameter("id");
        this.log.debug("checking for remember me login...");
        AuthenticationTrustResolverImpl authenticationTrustResolverImpl = new AuthenticationTrustResolverImpl();
        SecurityContext context = SecurityContextHolder.getContext();
        if (context.getAuthentication() != null && authenticationTrustResolverImpl.isRememberMe(context.getAuthentication())) {
            httpServletRequest.getSession().setAttribute("cookieLogin", "true");
            saveMessage(httpServletRequest, getText("userProfile.cookieLogin", httpServletRequest.getLocale()));
        }
        if (parameter == null && !isAdd(httpServletRequest)) {
            user = getUserManager().getUserByUsername(httpServletRequest.getRemoteUser());
        } else if (StringUtils.isBlank(parameter) || "".equals(httpServletRequest.getParameter("version"))) {
            user = new User();
            user.addRole(new Role("ROLE_USER"));
        } else {
            user = getUserManager().getUser(parameter);
        }
        user.setConfirmPassword(user.getPassword());
        return user;
    }

    protected void onBind(HttpServletRequest httpServletRequest, Object obj) throws Exception {
        if (httpServletRequest.getParameter("delete") != null) {
            super.setValidateOnBinding(false);
        } else {
            super.setValidateOnBinding(true);
        }
    }

    protected boolean isAdd(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("method");
        return parameter != null && parameter.equalsIgnoreCase("add");
    }
}
