package io.apiman.manager.api.rest.impl;

import io.apiman.common.logging.ApimanLoggerFactory;
import io.apiman.common.logging.IApimanLogger;
import io.apiman.manager.api.beans.apis.ApiDefinitionType;
import io.apiman.manager.api.beans.apis.ApiVersionStatusBean;
import io.apiman.manager.api.beans.apis.NewApiBean;
import io.apiman.manager.api.beans.apis.NewApiDefinitionBean;
import io.apiman.manager.api.beans.apis.NewApiVersionBean;
import io.apiman.manager.api.beans.apis.UpdateApiBean;
import io.apiman.manager.api.beans.apis.UpdateApiVersionBean;
import io.apiman.manager.api.beans.apis.dto.ApiBeanDto;
import io.apiman.manager.api.beans.apis.dto.ApiPlanOrderDto;
import io.apiman.manager.api.beans.apis.dto.ApiVersionBeanDto;
import io.apiman.manager.api.beans.apis.dto.KeyValueTagDto;
import io.apiman.manager.api.beans.audit.AuditEntryBean;
import io.apiman.manager.api.beans.clients.ApiKeyBean;
import io.apiman.manager.api.beans.clients.ClientBean;
import io.apiman.manager.api.beans.clients.ClientVersionBean;
import io.apiman.manager.api.beans.clients.NewClientBean;
import io.apiman.manager.api.beans.clients.NewClientVersionBean;
import io.apiman.manager.api.beans.clients.UpdateClientBean;
import io.apiman.manager.api.beans.contracts.ContractBean;
import io.apiman.manager.api.beans.contracts.NewContractBean;
import io.apiman.manager.api.beans.download.DownloadBean;
import io.apiman.manager.api.beans.download.DownloadType;
import io.apiman.manager.api.beans.idm.GrantRolesBean;
import io.apiman.manager.api.beans.idm.PermissionType;
import io.apiman.manager.api.beans.members.MemberBean;
import io.apiman.manager.api.beans.metrics.ClientUsagePerApiBean;
import io.apiman.manager.api.beans.metrics.HistogramIntervalType;
import io.apiman.manager.api.beans.metrics.ResponseStatsHistogramBean;
import io.apiman.manager.api.beans.metrics.ResponseStatsPerClientBean;
import io.apiman.manager.api.beans.metrics.ResponseStatsPerPlanBean;
import io.apiman.manager.api.beans.metrics.ResponseStatsSummaryBean;
import io.apiman.manager.api.beans.metrics.UsageHistogramBean;
import io.apiman.manager.api.beans.metrics.UsagePerClientBean;
import io.apiman.manager.api.beans.metrics.UsagePerPlanBean;
import io.apiman.manager.api.beans.orgs.NewOrganizationBean;
import io.apiman.manager.api.beans.orgs.OrganizationBean;
import io.apiman.manager.api.beans.orgs.UpdateOrganizationBean;
import io.apiman.manager.api.beans.plans.NewPlanBean;
import io.apiman.manager.api.beans.plans.NewPlanVersionBean;
import io.apiman.manager.api.beans.plans.PlanBean;
import io.apiman.manager.api.beans.plans.PlanVersionBean;
import io.apiman.manager.api.beans.plans.UpdatePlanBean;
import io.apiman.manager.api.beans.policies.NewPolicyBean;
import io.apiman.manager.api.beans.policies.PolicyBean;
import io.apiman.manager.api.beans.policies.PolicyChainBean;
import io.apiman.manager.api.beans.policies.UpdatePolicyBean;
import io.apiman.manager.api.beans.search.SearchResultsBean;
import io.apiman.manager.api.beans.summary.ApiPlanSummaryBean;
import io.apiman.manager.api.beans.summary.ApiSummaryBean;
import io.apiman.manager.api.beans.summary.ApiVersionEndpointSummaryBean;
import io.apiman.manager.api.beans.summary.ApiVersionSummaryBean;
import io.apiman.manager.api.beans.summary.ClientSummaryBean;
import io.apiman.manager.api.beans.summary.ClientVersionSummaryBean;
import io.apiman.manager.api.beans.summary.ContractSummaryBean;
import io.apiman.manager.api.beans.summary.PlanSummaryBean;
import io.apiman.manager.api.beans.summary.PlanVersionSummaryBean;
import io.apiman.manager.api.beans.summary.PolicySummaryBean;
import io.apiman.manager.api.core.IBlobStore;
import io.apiman.manager.api.core.IDownloadManager;
import io.apiman.manager.api.core.config.ApiManagerConfig;
import io.apiman.manager.api.rest.IOrganizationResource;
import io.apiman.manager.api.rest.exceptions.ApiAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.ApiNotFoundException;
import io.apiman.manager.api.rest.exceptions.ApiVersionAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.ApiVersionNotFoundException;
import io.apiman.manager.api.rest.exceptions.ClientAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.ClientNotFoundException;
import io.apiman.manager.api.rest.exceptions.ClientVersionAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.ClientVersionNotFoundException;
import io.apiman.manager.api.rest.exceptions.ContractAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.ContractNotFoundException;
import io.apiman.manager.api.rest.exceptions.EntityStillActiveException;
import io.apiman.manager.api.rest.exceptions.GatewayNotFoundException;
import io.apiman.manager.api.rest.exceptions.InvalidApiStatusException;
import io.apiman.manager.api.rest.exceptions.InvalidClientStatusException;
import io.apiman.manager.api.rest.exceptions.InvalidMetricCriteriaException;
import io.apiman.manager.api.rest.exceptions.InvalidNameException;
import io.apiman.manager.api.rest.exceptions.InvalidPlanStatusException;
import io.apiman.manager.api.rest.exceptions.InvalidVersionException;
import io.apiman.manager.api.rest.exceptions.NotAuthorizedException;
import io.apiman.manager.api.rest.exceptions.OrganizationAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.OrganizationNotFoundException;
import io.apiman.manager.api.rest.exceptions.PlanAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.PlanNotFoundException;
import io.apiman.manager.api.rest.exceptions.PlanVersionAlreadyExistsException;
import io.apiman.manager.api.rest.exceptions.PlanVersionNotFoundException;
import io.apiman.manager.api.rest.exceptions.PolicyNotFoundException;
import io.apiman.manager.api.rest.exceptions.RoleNotFoundException;
import io.apiman.manager.api.rest.exceptions.SystemErrorException;
import io.apiman.manager.api.rest.exceptions.UserNotFoundException;
import io.apiman.manager.api.rest.exceptions.i18n.Messages;
import io.apiman.manager.api.rest.exceptions.util.ExceptionFactory;
import io.apiman.manager.api.rest.impl.util.DataAccessUtilMixin;
import io.apiman.manager.api.rest.impl.util.RestHelper;
import io.apiman.manager.api.security.ISecurityContext;
import io.apiman.manager.api.service.ApiService;
import io.apiman.manager.api.service.ClientAppService;
import io.apiman.manager.api.service.ContractService;
import io.apiman.manager.api.service.OrganizationService;
import io.apiman.manager.api.service.PlanService;
import io.apiman.manager.api.service.StatsService;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.transaction.Transactional;
import javax.validation.Valid;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.BooleanUtils;

@RequestScoped
@Transactional
/* loaded from: input_file:io/apiman/manager/api/rest/impl/OrganizationResourceImpl.class */
public class OrganizationResourceImpl implements IOrganizationResource, DataAccessUtilMixin {
    private static final IApimanLogger LOGGER = ApimanLoggerFactory.getLogger(OrganizationResourceImpl.class);
    private ApiManagerConfig config;
    private OrganizationService organizationService;
    private ApiService apiService;
    private PlanService planService;
    private ClientAppService clientService;
    private ContractService contractService;
    private StatsService statsService;
    private IDownloadManager downloadManager;
    private ISecurityContext securityContext;
    private IBlobStore blobStore;
    private HttpServletRequest request;

    @Inject
    public OrganizationResourceImpl(ApiManagerConfig apiManagerConfig, OrganizationService organizationService, ApiService apiService, PlanService planService, ClientAppService clientAppService, ContractService contractService, StatsService statsService, IDownloadManager iDownloadManager, ISecurityContext iSecurityContext, IBlobStore iBlobStore, @Context HttpServletRequest httpServletRequest) {
        this.config = apiManagerConfig;
        this.organizationService = organizationService;
        this.apiService = apiService;
        this.planService = planService;
        this.clientService = clientAppService;
        this.contractService = contractService;
        this.statsService = statsService;
        this.downloadManager = iDownloadManager;
        this.securityContext = iSecurityContext;
        this.blobStore = iBlobStore;
        this.request = httpServletRequest;
    }

    public OrganizationResourceImpl() {
    }

    public OrganizationBean createOrg(NewOrganizationBean newOrganizationBean) throws OrganizationAlreadyExistsException, NotAuthorizedException, InvalidNameException {
        if (this.config.isAdminOnlyOrgCreationEnabled()) {
            this.securityContext.checkAdminPermissions();
        }
        LOGGER.debug("Attempting to create org: {0}", new Object[]{newOrganizationBean});
        return this.organizationService.createOrg(newOrganizationBean);
    }

    public OrganizationBean getOrg(String str) throws OrganizationNotFoundException {
        LOGGER.debug("Attempting to get org: {0}", new Object[]{str});
        OrganizationBean org = this.organizationService.getOrg(str);
        return this.securityContext.hasPermission(PermissionType.orgView, str) ? org : RestHelper.hideSensitiveDataFromOrganizationBean(org);
    }

    public void updateOrg(String str, UpdateOrganizationBean updateOrganizationBean) throws OrganizationNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.orgEdit, str);
        LOGGER.debug("Attempting to update org {0}: {1}", new Object[]{str, updateOrganizationBean});
        this.organizationService.updateOrg(str, updateOrganizationBean);
    }

    public void deleteOrg(String str) throws OrganizationNotFoundException, NotAuthorizedException, EntityStillActiveException {
        this.securityContext.checkPermissions(PermissionType.orgAdmin, str);
        LOGGER.debug("Attempting to delete org: {0}", new Object[]{str});
        this.organizationService.deleteOrg(str);
    }

    public SearchResultsBean<AuditEntryBean> getOrgActivity(String str, int i, int i2) throws OrganizationNotFoundException, NotAuthorizedException {
        if (!this.securityContext.isMemberOf(str)) {
            throw ExceptionFactory.notAuthorizedException();
        }
        LOGGER.debug("Attempting to get org activity: {0} (page {1} / pageSize {2}", new Object[]{str, Integer.valueOf(i), Integer.valueOf(i2)});
        return this.organizationService.activity(str, i, i2);
    }

    public ClientBean createClient(String str, NewClientBean newClientBean) throws OrganizationNotFoundException, ClientAlreadyExistsException, NotAuthorizedException, InvalidNameException {
        LOGGER.debug("Attempting to create client {0} in org {1}", new Object[]{newClientBean, str});
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        this.blobStore.attachToBlob(newClientBean.getImage());
        return this.clientService.createClient(str, newClientBean);
    }

    public ClientBean getClient(String str, String str2) throws ClientNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        LOGGER.debug("Attempting to get client {0} in org {1}", new Object[]{str2, str});
        return this.clientService.getClient(str, str2);
    }

    public void updateClient(String str, String str2, UpdateClientBean updateClientBean) throws ClientNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        LOGGER.debug("Attempting to update client {0} in org {1} with {2}", new Object[]{str2, str, updateClientBean});
        this.clientService.updateClient(str, str2, updateClientBean);
    }

    public void deleteClient(String str, String str2) throws OrganizationNotFoundException, NotAuthorizedException, EntityStillActiveException {
        this.securityContext.checkPermissions(PermissionType.clientAdmin, str);
        LOGGER.debug("Attempting to delete client {0} in org {1}", new Object[]{str2, str});
        this.clientService.deleteClient(str, str2);
    }

    public SearchResultsBean<AuditEntryBean> getClientActivity(String str, String str2, int i, int i2) throws ClientNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        LOGGER.debug("Attempting to get activity for client {0} in org {1}", new Object[]{str2, str});
        return this.clientService.getClientActivity(str, str2, i, i2);
    }

    public List<ClientSummaryBean> listClients(String str) throws OrganizationNotFoundException, NotAuthorizedException {
        this.securityContext.checkAllPermissions(Set.of(PermissionType.orgView, PermissionType.clientView), str);
        LOGGER.debug("Attempting to list all clients in org {1}", new Object[]{str});
        return this.clientService.listClients(str);
    }

    public ClientVersionBean createClientVersion(String str, String str2, NewClientVersionBean newClientVersionBean) throws ClientNotFoundException, NotAuthorizedException, InvalidVersionException, ClientVersionAlreadyExistsException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        LOGGER.debug("Attempting to create clientVersion {0} in org {1} with {2}", new Object[]{str2, str, newClientVersionBean});
        return this.clientService.createClientVersion(str, str2, newClientVersionBean);
    }

    public List<ClientVersionSummaryBean> listClientVersions(String str, String str2) throws ClientNotFoundException, NotAuthorizedException {
        this.securityContext.checkAllPermissions(Set.of(PermissionType.orgView, PermissionType.clientView), str);
        LOGGER.debug("Attempting to list all clientVersions in client {0} in org {1}", new Object[]{str2, str});
        return this.clientService.listClientVersions(str, str2);
    }

    public ApiKeyBean updateClientApiKey(String str, String str2, String str3, ApiKeyBean apiKeyBean) throws ClientNotFoundException, NotAuthorizedException, InvalidVersionException, InvalidClientStatusException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        LOGGER.debug("Attempting to update client {0} with version {1} API key in org {2} with {3}", new Object[]{str2, str3, str, apiKeyBean});
        return this.clientService.updateClientApiKey(str, str2, str3, apiKeyBean);
    }

    public ApiKeyBean getClientApiKey(String str, String str2, String str3) throws ClientNotFoundException, NotAuthorizedException, InvalidVersionException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        LOGGER.debug("Attempting to get client {0} with version {1} API key in org {2}", new Object[]{str2, str3, str});
        return this.clientService.getClientApiKey(str, str2, str3);
    }

    public ClientVersionBean getClientVersion(String str, String str2, String str3) throws ClientVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        LOGGER.debug("Attempting to get client {0} with version {1} in org {1}", new Object[]{str2, str3, str});
        return this.clientService.getClientVersion(str, str2, str3);
    }

    public SearchResultsBean<AuditEntryBean> getClientVersionActivity(String str, String str2, String str3, int i, int i2) throws ClientVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return this.clientService.getClientVersionActivity(str, str2, str3, i, i2);
    }

    public ClientUsagePerApiBean getClientUsagePerApi(String str, String str2, String str3, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return this.statsService.getClientUsagePerApi(str, str2, str3, str4, str5);
    }

    private boolean isDiscoverable(NewContractBean newContractBean) {
        return this.securityContext.isDiscoverable(ISecurityContext.EntityType.API, newContractBean.getApiOrgId(), newContractBean.getApiId(), newContractBean.getApiVersion()) && this.securityContext.isDiscoverable(ISecurityContext.EntityType.PLAN, newContractBean.getApiOrgId(), newContractBean.getPlanId());
    }

    public ContractBean createContract(String str, String str2, String str3, NewContractBean newContractBean) throws OrganizationNotFoundException, ClientNotFoundException, ApiNotFoundException, PlanNotFoundException, ContractAlreadyExistsException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        if (this.securityContext.hasAllPermissions(Set.of(PermissionType.apiView, PermissionType.planView), newContractBean.getApiOrgId()) || isDiscoverable(newContractBean)) {
            return this.contractService.createContract(str, str2, str3, newContractBean);
        }
        throw ExceptionFactory.notAuthorizedException();
    }

    public ContractBean getContract(String str, String str2, String str3, Long l) throws ClientNotFoundException, ContractNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return this.contractService.getContract(l);
    }

    public Response probeContractPolicy(String str, String str2, String str3, Long l, long j, String str4) throws ClientNotFoundException, ContractNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return Response.ok(this.contractService.probePolicy(l, j, str4)).build();
    }

    public List<ContractSummaryBean> getClientVersionContracts(String str, String str2, String str3) throws ClientNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return this.clientService.getClientVersionContracts(str, str2, str3);
    }

    public Response getApiRegistryJSON(String str, String str2, String str3, String str4) throws ClientNotFoundException, NotAuthorizedException {
        if (!BooleanUtils.toBoolean(str4)) {
            return getApiRegistryJSONInternal(str, str2, str3);
        }
        String format = String.format("%s/%s/%s", str, str2, str3);
        return Response.ok((DownloadBean) tryAction(() -> {
            return this.downloadManager.createDownload(DownloadType.apiRegistryJson, format);
        }), "application/json").build();
    }

    public Response getApiRegistryJSONInternal(String str, String str2, String str3) throws ClientVersionNotFoundException {
        return Response.ok(this.organizationService.getApiRegistry(str, str2, str3), "application/json").header("Content-Disposition", "attachment; filename=api-registry.json").build();
    }

    public Response getApiRegistryXML(String str, String str2, String str3, String str4) throws ClientVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return BooleanUtils.toBoolean(str4) ? (Response) tryAction(() -> {
            return Response.ok(this.downloadManager.createDownload(DownloadType.apiRegistryXml, String.format("%s/%s/%s", str, str2, str3)), "application/json").build();
        }) : getApiRegistryXMLInternal(str, str2, str3);
    }

    public Response getApiRegistryXMLInternal(String str, String str2, String str3) throws ClientVersionNotFoundException {
        return Response.ok(this.organizationService.getApiRegistry(str, str2, str3), "application/xml").header("Content-Disposition", "attachment; filename=api-registry.xml").build();
    }

    public void deleteAllContracts(String str, String str2, String str3) throws ClientNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        this.contractService.deleteAllContracts(str, str2, str3);
    }

    public void deleteContract(String str, String str2, String str3, Long l) throws ClientNotFoundException, ContractNotFoundException, NotAuthorizedException, InvalidClientStatusException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        this.contractService.deleteContract(str, str2, str3, l);
    }

    public PolicyBean createClientPolicy(String str, String str2, String str3, NewPolicyBean newPolicyBean) throws OrganizationNotFoundException, ClientVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        return this.clientService.createClientPolicy(str, str2, str3, newPolicyBean);
    }

    public PolicyBean getClientPolicy(String str, String str2, String str3, long j) throws OrganizationNotFoundException, ClientVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return this.clientService.getClientPolicy(str, str2, str3, j);
    }

    public void updateClientPolicy(String str, String str2, String str3, long j, UpdatePolicyBean updatePolicyBean) throws OrganizationNotFoundException, ClientVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        this.clientService.updateClientPolicy(str, str2, str3, j, updatePolicyBean);
    }

    public void deleteClientPolicy(String str, String str2, String str3, long j) throws OrganizationNotFoundException, ClientVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        this.clientService.deleteClientPolicy(str, str2, str3, j);
    }

    public List<PolicySummaryBean> listClientPolicies(String str, String str2, String str3) throws OrganizationNotFoundException, ClientVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientView, str);
        return this.clientService.listClientPolicies(str, str2, str3);
    }

    public void reorderClientPolicies(String str, String str2, String str3, PolicyChainBean policyChainBean) throws OrganizationNotFoundException, ClientVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.clientEdit, str);
        this.clientService.reorderClientPolicies(str, str2, str3, policyChainBean);
    }

    public ApiBeanDto createApi(String str, NewApiBean newApiBean) throws OrganizationNotFoundException, ApiAlreadyExistsException, NotAuthorizedException, InvalidNameException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.blobStore.attachToBlob(newApiBean.getImage());
        return this.apiService.createApi(str, newApiBean);
    }

    public List<ApiSummaryBean> listApis(String str) throws OrganizationNotFoundException {
        return this.securityContext.hasAllPermissions(Set.of(PermissionType.orgView, PermissionType.apiView), str) ? this.apiService.listApis(str) : (List) this.apiService.listApis(str).stream().filter(apiSummaryBean -> {
            return this.securityContext.isDiscoverable(ISecurityContext.EntityType.API, str, apiSummaryBean.getId());
        }).collect(Collectors.toList());
    }

    public ApiBeanDto getApi(String str, String str2) throws ApiNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, Set.of(PermissionType.apiView));
        return this.apiService.getApi(str, str2);
    }

    public void updateApi(String str, String str2, UpdateApiBean updateApiBean) throws ApiNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.updateApi(str, str2, updateApiBean);
    }

    public void tagApi(String str, String str2, KeyValueTagDto keyValueTagDto) throws ApiNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.addTag(str, str2, keyValueTagDto);
    }

    public void deleteApi(String str, String str2) throws ApiNotFoundException, NotAuthorizedException, InvalidApiStatusException {
        this.securityContext.checkPermissions(PermissionType.apiAdmin, str);
        this.apiService.deleteApi(str, str2);
    }

    public void deleteApiImage(String str, String str2) throws ApiNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.deleteApiImage(str, str2);
    }

    public SearchResultsBean<AuditEntryBean> getApiActivity(String str, String str2, int i, int i2) throws ApiNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.apiService.getApiActivity(str, str2, i, i2);
    }

    public ApiVersionBeanDto createApiVersion(String str, String str2, NewApiVersionBean newApiVersionBean) throws ApiNotFoundException, NotAuthorizedException, InvalidVersionException, ApiVersionAlreadyExistsException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        return this.apiService.createApiVersion(str, str2, newApiVersionBean);
    }

    public List<ApiVersionSummaryBean> listApiVersions(String str, String str2) throws ApiNotFoundException {
        return this.securityContext.hasPermission(PermissionType.apiView, str) ? this.apiService.listApiVersions(str, str2) : (List) this.apiService.listApiVersions(str, str2).stream().filter(apiVersionSummaryBean -> {
            return this.securityContext.isDiscoverable(ISecurityContext.EntityType.API, str, str2, apiVersionSummaryBean.getVersion());
        }).collect(Collectors.toList());
    }

    public ApiVersionBeanDto getApiVersion(String str, String str2, String str3) throws ApiVersionNotFoundException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        if (this.securityContext.hasPermission(PermissionType.apiView, str)) {
            return this.apiService.getApiVersion(str, str2, str3);
        }
        ApiVersionBeanDto apiVersion = this.apiService.getApiVersion(str, str2, str3);
        apiVersion.setPlans((Set) apiVersion.getPlans().stream().filter(apiPlanBeanDto -> {
            return this.securityContext.getPermittedDiscoverabilities().contains(apiPlanBeanDto.getDiscoverability());
        }).collect(Collectors.toSet()));
        return apiVersion;
    }

    public ApiVersionStatusBean getApiVersionStatus(String str, String str2, String str3) throws ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.getApiVersionStatus(str, str2, str3);
    }

    public Response getApiDefinition(String str, String str2, String str3) throws ApiVersionNotFoundException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        ApiService.ApiDefinitionStream apiDefinition = this.apiService.getApiDefinition(str, str2, str3);
        return Response.ok().entity(apiDefinition.getDefinition()).type(apiDefinition.getDefinitionType().getMediaType()).build();
    }

    public ApiVersionEndpointSummaryBean getApiVersionEndpointInfo(String str, String str2, String str3) throws ApiVersionNotFoundException, InvalidApiStatusException, GatewayNotFoundException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.getApiVersionEndpointInfo(str, str2, str3);
    }

    public ApiVersionBeanDto updateApiVersion(String str, String str2, String str3, @Valid UpdateApiVersionBean updateApiVersionBean) throws ApiVersionNotFoundException, NotAuthorizedException, InvalidApiStatusException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        return this.apiService.updateApiVersion(str, str2, str3, updateApiVersionBean);
    }

    public void updateApiDefinition(String str, String str2, String str3) throws ApiVersionNotFoundException, NotAuthorizedException, InvalidApiStatusException {
        ApiDefinitionType apiDefinitionType;
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        String contentType = this.request.getContentType();
        try {
            InputStream inputStream = this.request.getInputStream();
            try {
                if (contentType.toLowerCase().contains("application/json")) {
                    apiDefinitionType = ApiDefinitionType.SwaggerJSON;
                } else if (contentType.toLowerCase().contains("application/x-yaml")) {
                    apiDefinitionType = ApiDefinitionType.SwaggerYAML;
                } else {
                    if (!contentType.toLowerCase().contains("application/wsdl+xml")) {
                        throw new SystemErrorException(Messages.i18n.format("InvalidApiDefinitionContentType", new Object[]{contentType}));
                    }
                    apiDefinitionType = ApiDefinitionType.WSDL;
                }
                this.apiService.setApiDefinition(str, str2, str3, apiDefinitionType, inputStream);
                LOGGER.debug("Updated API definition for {0}", new Object[]{str2});
                IOUtils.closeQuietly(inputStream);
            } catch (Throwable th) {
                IOUtils.closeQuietly(inputStream);
                throw th;
            }
        } catch (IOException e) {
            throw new SystemErrorException(e);
        }
    }

    public void updateApiDefinitionFromURL(String str, String str2, String str3, NewApiDefinitionBean newApiDefinitionBean) throws ApiVersionNotFoundException, NotAuthorizedException, InvalidApiStatusException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        try {
            this.apiService.setApiDefinition(str, str2, str3, newApiDefinitionBean, new URL(newApiDefinitionBean.getDefinitionUrl()).openStream());
        } catch (IOException e) {
            throw new SystemErrorException(e);
        }
    }

    public SearchResultsBean<AuditEntryBean> getApiVersionActivity(String str, String str2, String str3, int i, int i2) throws ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.getApiVersionActivity(str, str2, str3, i, i2);
    }

    public List<ApiPlanSummaryBean> getApiVersionPlans(String str, String str2, String str3) throws ApiVersionNotFoundException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.securityContext.hasPermission(PermissionType.apiView, str) ? this.apiService.getApiVersionPlans(str, str2, str3) : (List) this.apiService.getApiVersionPlans(str, str2, str3).stream().filter(apiPlanSummaryBean -> {
            return this.securityContext.getPermittedDiscoverabilities().contains(apiPlanSummaryBean.getDiscoverability());
        }).collect(Collectors.toList());
    }

    public void reorderApiPlans(String str, String str2, String str3, ApiPlanOrderDto apiPlanOrderDto) throws ApiVersionNotFoundException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.reorderApiPlans(str, str2, str3, apiPlanOrderDto);
    }

    public PolicyBean createApiPolicy(String str, String str2, String str3, NewPolicyBean newPolicyBean) throws OrganizationNotFoundException, ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        return this.apiService.createApiPolicy(str, str2, str3, newPolicyBean);
    }

    public PolicyBean getApiPolicy(String str, String str2, String str3, long j) throws OrganizationNotFoundException, ApiVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.getApiPolicy(str, str2, str3, j);
    }

    public void updateApiPolicy(String str, String str2, String str3, long j, UpdatePolicyBean updatePolicyBean) throws OrganizationNotFoundException, ApiVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.updateApiPolicy(str, str2, str3, j, updatePolicyBean);
    }

    public void deleteApiPolicy(String str, String str2, String str3, long j) throws OrganizationNotFoundException, ApiVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.deleteApiPolicy(str, str2, str3, j);
    }

    public void deleteApiDefinition(String str, String str2, String str3) throws OrganizationNotFoundException, ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.deleteApiDefinition(str, str2, str3);
    }

    public List<PolicySummaryBean> listApiPolicies(String str, String str2, String str3) throws OrganizationNotFoundException, ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.listApiPolicies(str, str2, str3);
    }

    public void reorderApiPolicies(String str, String str2, String str3, PolicyChainBean policyChainBean) throws OrganizationNotFoundException, ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.apiEdit, str);
        this.apiService.reorderApiPolicies(str, str2, str3, policyChainBean);
    }

    public PolicyChainBean getApiPolicyChain(String str, String str2, String str3, String str4) throws ApiVersionNotFoundException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.getApiPolicyChain(str, str2, str3, str4);
    }

    public List<ContractSummaryBean> getApiVersionContracts(String str, String str2, String str3, int i, int i2) throws ApiVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.API, str, str2, str3, Set.of(PermissionType.apiView));
        return this.apiService.getApiVersionContracts(str, str2, str3, i, i2);
    }

    public PlanBean createPlan(String str, NewPlanBean newPlanBean) throws OrganizationNotFoundException, PlanAlreadyExistsException, NotAuthorizedException, InvalidNameException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.planService.createPlan(str, newPlanBean);
    }

    public PlanBean getPlan(String str, String str2) throws PlanNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.PLAN, str, str2, Set.of(PermissionType.planView));
        return this.planService.getPlan(str, str2);
    }

    public SearchResultsBean<AuditEntryBean> getPlanActivity(String str, String str2, int i, int i2) throws PlanNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.PLAN, str, str2, Set.of(PermissionType.planView));
        return this.planService.getPlanActivity(str, str2, i, i2);
    }

    public List<PlanSummaryBean> listPlans(String str) throws OrganizationNotFoundException, NotAuthorizedException {
        return this.securityContext.hasPermission(PermissionType.planView, str) ? this.planService.listPlans(str) : (List) this.planService.listPlans(str).stream().filter(planSummaryBean -> {
            return this.securityContext.isDiscoverable(ISecurityContext.EntityType.PLAN, str, planSummaryBean.getId());
        }).collect(Collectors.toList());
    }

    public void updatePlan(String str, String str2, UpdatePlanBean updatePlanBean) throws PlanNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.planEdit, str);
        this.planService.updatePlan(str, str2, updatePlanBean);
    }

    public PlanVersionBean createPlanVersion(String str, String str2, NewPlanVersionBean newPlanVersionBean) throws PlanNotFoundException, NotAuthorizedException, InvalidVersionException, PlanVersionAlreadyExistsException {
        this.securityContext.checkPermissions(PermissionType.planEdit, str);
        return this.planService.createPlanVersion(str, str2, newPlanVersionBean);
    }

    public List<PlanVersionSummaryBean> listPlanVersions(String str, String str2) throws PlanNotFoundException, NotAuthorizedException {
        return this.securityContext.hasPermission(PermissionType.planView, str) ? this.planService.listPlanVersions(str, str2) : (List) this.planService.listPlanVersions(str, str2).stream().filter(planVersionSummaryBean -> {
            return this.securityContext.isDiscoverable(ISecurityContext.EntityType.PLAN, str, str2, planVersionSummaryBean.getVersion());
        }).collect(Collectors.toList());
    }

    public PlanVersionBean getPlanVersion(String str, String str2, String str3) throws PlanVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.PLAN, str, str2, Set.of(PermissionType.planView));
        return this.planService.getPlanVersion(str, str2, str3);
    }

    public SearchResultsBean<AuditEntryBean> getPlanVersionActivity(String str, String str2, String str3, int i, int i2) throws PlanVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.PLAN, str, str2, Set.of(PermissionType.planView));
        return this.planService.getPlanVersionActivity(str, str2, str3, i, i2);
    }

    public PolicyBean createPlanPolicy(String str, String str2, String str3, NewPolicyBean newPolicyBean) throws OrganizationNotFoundException, PlanVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.planEdit, str);
        return this.planService.createPlanPolicy(str, str2, str3, newPolicyBean);
    }

    public List<PolicySummaryBean> listPlanPolicies(String str, String str2, String str3) throws OrganizationNotFoundException, PlanVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.PLAN, str, str2, Set.of(PermissionType.planView));
        return this.planService.listPlanPolicies(str, str2, str3);
    }

    public PolicyBean getPlanPolicy(String str, String str2, String str3, long j) throws OrganizationNotFoundException, PlanVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissionsOrDiscoverability(ISecurityContext.EntityType.PLAN, str, str2, Set.of(PermissionType.planView));
        return this.planService.getPlanPolicy(str, str2, str3, j);
    }

    public void updatePlanPolicy(String str, String str2, String str3, long j, UpdatePolicyBean updatePolicyBean) throws OrganizationNotFoundException, PlanVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.planEdit, str);
        this.planService.updatePlanPolicy(str, str2, str3, j, updatePolicyBean);
    }

    public void deletePlanPolicy(String str, String str2, String str3, long j) throws OrganizationNotFoundException, PlanVersionNotFoundException, PolicyNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.planEdit, str);
        this.planService.deletePlanPolicy(str, str2, str3, j);
    }

    public void deletePlan(String str, String str2) throws PlanNotFoundException, NotAuthorizedException, InvalidPlanStatusException {
        this.securityContext.checkPermissions(PermissionType.planAdmin, str);
        this.planService.deletePlan(str, str2);
    }

    public void reorderPlanPolicies(String str, String str2, String str3, PolicyChainBean policyChainBean) throws OrganizationNotFoundException, PlanVersionNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.planEdit, str);
        this.planService.reorderPlanPolicies(str, str2, str3, policyChainBean);
    }

    public void grant(String str, GrantRolesBean grantRolesBean) throws OrganizationNotFoundException, RoleNotFoundException, UserNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.orgAdmin, str);
        this.organizationService.grant(str, grantRolesBean);
    }

    public void revoke(String str, String str2, String str3) throws OrganizationNotFoundException, RoleNotFoundException, UserNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.orgAdmin, str);
        this.organizationService.revoke(str, str2, str3);
    }

    public void revokeAll(String str, String str2) throws OrganizationNotFoundException, RoleNotFoundException, UserNotFoundException, NotAuthorizedException {
        this.securityContext.checkPermissions(PermissionType.orgAdmin, str);
        this.organizationService.revokeAll(str, str2);
    }

    public List<MemberBean> listMembers(String str) throws OrganizationNotFoundException, NotAuthorizedException {
        if (this.securityContext.isMemberOf(str)) {
            return this.organizationService.listMembers(str);
        }
        throw ExceptionFactory.notAuthorizedException();
    }

    public UsageHistogramBean getUsage(String str, String str2, String str3, HistogramIntervalType histogramIntervalType, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getUsage(str, str2, str3, histogramIntervalType, str4, str5);
    }

    public UsagePerClientBean getUsagePerClient(String str, String str2, String str3, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getUsagePerClient(str, str2, str3, str4, str5);
    }

    public UsagePerPlanBean getUsagePerPlan(String str, String str2, String str3, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getUsagePerPlan(str, str2, str3, str4, str5);
    }

    public ResponseStatsHistogramBean getResponseStats(String str, String str2, String str3, HistogramIntervalType histogramIntervalType, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getResponseStats(str, str2, str3, histogramIntervalType, str4, str5);
    }

    public ResponseStatsSummaryBean getResponseStatsSummary(String str, String str2, String str3, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getResponseStatsSummary(str, str2, str3, str4, str5);
    }

    public ResponseStatsPerClientBean getResponseStatsPerClient(String str, String str2, String str3, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getResponseStatsPerClient(str, str2, str3, str4, str5);
    }

    public ResponseStatsPerPlanBean getResponseStatsPerPlan(String str, String str2, String str3, String str4, String str5) throws NotAuthorizedException, InvalidMetricCriteriaException {
        this.securityContext.checkPermissions(PermissionType.apiView, str);
        return this.statsService.getResponseStatsPerPlan(str, str2, str3, str4, str5);
    }
}
