package org.graylog2.rest.resources.users;

import com.codahale.metrics.annotation.Timed;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.graylog.security.UserContext;
import org.graylog.security.permissions.GRNPermission;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.database.PaginatedList;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.rest.models.PaginatedResponse;
import org.graylog2.rest.models.users.requests.ChangePasswordRequest;
import org.graylog2.rest.models.users.requests.ChangeUserRequest;
import org.graylog2.rest.models.users.requests.CreateUserRequest;
import org.graylog2.rest.models.users.requests.PermissionEditRequest;
import org.graylog2.rest.models.users.requests.Startpage;
import org.graylog2.rest.models.users.requests.UpdateUserPreferences;
import org.graylog2.rest.models.users.responses.Token;
import org.graylog2.rest.models.users.responses.TokenList;
import org.graylog2.rest.models.users.responses.UserList;
import org.graylog2.rest.models.users.responses.UserSummary;
import org.graylog2.search.SearchQueryField;
import org.graylog2.search.SearchQueryParser;
import org.graylog2.security.AccessToken;
import org.graylog2.security.AccessTokenService;
import org.graylog2.security.MongoDBSessionService;
import org.graylog2.security.MongoDbSession;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.shared.users.Role;
import org.graylog2.shared.users.Roles;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.PaginatedUserService;
import org.graylog2.users.RoleService;
import org.graylog2.users.UserImpl;
import org.graylog2.users.UserOverviewDTO;
import org.joda.time.DateTimeZone;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequiresAuthentication
@Api(value = "Users", description = "User accounts")
@Path("/users")
@Consumes({"application/json"})
@Produces({"application/json"})
/* loaded from: input_file:org/graylog2/rest/resources/users/UsersResource.class */
public class UsersResource extends RestResource {
    private final UserService userService;
    private final PaginatedUserService paginatedUserService;
    private final AccessTokenService accessTokenService;
    private final RoleService roleService;
    private final MongoDBSessionService sessionService;
    private final SearchQueryParser searchQueryParser = new SearchQueryParser("full_name", (Map<String, SearchQueryField>) SEARCH_FIELD_MAPPING);
    private static final Logger LOG = LoggerFactory.getLogger(RestResource.class);
    protected static final ImmutableMap<String, SearchQueryField> SEARCH_FIELD_MAPPING = ImmutableMap.builder().put("username", SearchQueryField.create("username")).put("full_name", SearchQueryField.create("full_name")).put("email", SearchQueryField.create("email")).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/graylog2/rest/resources/users/UsersResource$AllUserSessions.class */
    public static class AllUserSessions {
        private final Map<String, Optional<MongoDbSession>> sessions;

        public static AllUserSessions create(MongoDBSessionService mongoDBSessionService) {
            return new AllUserSessions(mongoDBSessionService.loadAll());
        }

        private AllUserSessions(Collection<MongoDbSession> collection) {
            this.sessions = getLastSessionForUser(collection);
        }

        public Optional<MongoDbSession> forUser(User user) {
            return this.sessions.getOrDefault(user.getId(), Optional.empty());
        }

        public Optional<MongoDbSession> forUser(UserOverviewDTO userOverviewDTO) {
            return this.sessions.getOrDefault(userOverviewDTO.id(), Optional.empty());
        }

        private Map<String, Optional<MongoDbSession>> getLastSessionForUser(Collection<MongoDbSession> collection) {
            return (Map) collection.stream().filter(mongoDbSession -> {
                return mongoDbSession.getUserIdAttribute().isPresent();
            }).collect(Collectors.groupingBy(mongoDbSession2 -> {
                return mongoDbSession2.getUserIdAttribute().get();
            }, Collectors.maxBy(Comparator.comparing((v0) -> {
                return v0.getLastAccessTime();
            }))));
        }
    }

    @Inject
    public UsersResource(UserService userService, PaginatedUserService paginatedUserService, AccessTokenService accessTokenService, RoleService roleService, MongoDBSessionService mongoDBSessionService) {
        this.userService = userService;
        this.accessTokenService = accessTokenService;
        this.roleService = roleService;
        this.sessionService = mongoDBSessionService;
        this.paginatedUserService = paginatedUserService;
    }

    @GET
    @ApiResponses({@ApiResponse(code = 404, message = "The user could not be found.")})
    @Path("{username}")
    @Deprecated
    @ApiOperation(value = "Get user details", notes = "The user's permissions are only included if a user asks for his own account or for users with the necessary permissions to edit permissions.")
    public UserSummary get(@PathParam("username") @ApiParam(name = "username", value = "The username to return information for.", required = true) String str, @Context UserContext userContext) {
        if (!isPermitted(RestPermissions.USERS_EDIT, str)) {
            throw new ForbiddenException("Not allowed to view user " + str);
        }
        User load = this.userService.load(str);
        if (load == null) {
            throw new NotFoundException("Couldn't find user " + str);
        }
        return returnSummary(userContext, load);
    }

    @GET
    @ApiResponses({@ApiResponse(code = 404, message = "The user could not be found.")})
    @Path("id/{userId}")
    @ApiOperation(value = "Get user details by userId", notes = "The user's permissions are only included if a user asks for his own account or for users with the necessary permissions to edit permissions.")
    public UserSummary getbyId(@PathParam("userId") @ApiParam(name = "userId", value = "The userId to return information for.", required = true) String str, @Context UserContext userContext) {
        User loadUserById = loadUserById(str);
        if (isPermitted(RestPermissions.USERS_EDIT, loadUserById.getName())) {
            return returnSummary(userContext, loadUserById);
        }
        throw new ForbiddenException("Not allowed to view userId " + str);
    }

    private UserSummary returnSummary(UserContext userContext, User user) {
        return toUserResponse(user, userContext.getUser().getId().equals(user.getId()) || isPermitted(RestPermissions.USERS_PERMISSIONSEDIT, user.getName()), AllUserSessions.create(this.sessionService));
    }

    @GET
    @RequiresPermissions({RestPermissions.USERS_LIST})
    @Deprecated
    @ApiOperation(value = "List all users", notes = "The permissions assigned to the users are always included.")
    public UserList listUsers() {
        List<User> loadAll = this.userService.loadAll();
        AllUserSessions create = AllUserSessions.create(this.sessionService);
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(loadAll.size() + 1);
        this.userService.getRootUser().ifPresent(user -> {
            newArrayListWithCapacity.add(toUserResponse(user, create));
        });
        Iterator<User> it = loadAll.iterator();
        while (it.hasNext()) {
            newArrayListWithCapacity.add(toUserResponse(it.next(), create));
        }
        return UserList.create(newArrayListWithCapacity);
    }

    @GET
    @Path("/paginated")
    @RequiresPermissions({RestPermissions.USERS_LIST})
    @Timed
    @ApiOperation("Get paginated list of users")
    @Produces({"application/json"})
    public PaginatedResponse<UserOverviewDTO> getPage(@QueryParam("page") @ApiParam(name = "page") @DefaultValue("1") int i, @QueryParam("per_page") @ApiParam(name = "per_page") @DefaultValue("50") int i2, @QueryParam("query") @ApiParam(name = "query") @DefaultValue("") String str, @QueryParam("sort") @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "title,description") @DefaultValue("full_name") String str2, @QueryParam("order") @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") String str3) {
        AllUserSessions create = AllUserSessions.create(this.sessionService);
        try {
            PaginatedList<UserOverviewDTO> findPaginated = this.paginatedUserService.findPaginated(this.searchQueryParser.parse(str), i, i2, str2, str3);
            try {
                Map<String, String> roleNameMap = getRoleNameMap((Set) findPaginated.stream().flatMap(userOverviewDTO -> {
                    return userOverviewDTO.roles() != null ? userOverviewDTO.roles().stream() : Stream.empty();
                }).collect(Collectors.toSet()));
                return PaginatedResponse.create(UserImpl.COLLECTION_NAME, new PaginatedList((List) findPaginated.stream().map(userOverviewDTO2 -> {
                    UserOverviewDTO.Builder fillSession = userOverviewDTO2.toBuilder().fillSession(create.forUser(userOverviewDTO2));
                    if (userOverviewDTO2.roles() != null) {
                        Stream<String> stream = userOverviewDTO2.roles().stream();
                        Objects.requireNonNull(roleNameMap);
                        fillSession.roles((Set) stream.map((v1) -> {
                            return r2.get(v1);
                        }).collect(Collectors.toSet()));
                    }
                    return fillSession.build();
                }).collect(Collectors.toList()), findPaginated.pagination().total(), findPaginated.pagination().page(), findPaginated.pagination().perPage()), str, Collections.singletonMap("admin_user", getAdminUserDTO(create)));
            } catch (org.graylog2.database.NotFoundException e) {
                throw new NotFoundException("Couldn't find roles: " + e.getMessage());
            }
        } catch (IllegalArgumentException e2) {
            throw new BadRequestException("Invalid argument in search query: " + e2.getMessage());
        }
    }

    @ApiResponses({@ApiResponse(code = 400, message = "Missing or invalid user details.")})
    @RequiresPermissions({RestPermissions.USERS_CREATE})
    @AuditEvent(type = AuditEventTypes.USER_CREATE)
    @ApiOperation("Create a new user account.")
    @POST
    public Response create(@NotNull @Valid @ApiParam(name = "JSON body", value = "Must contain username, full_name, email, password and a list of permissions.", required = true) CreateUserRequest createUserRequest) throws ValidationException {
        if (this.userService.load(createUserRequest.username()) != null) {
            String str = "Cannot create user " + createUserRequest.username() + ". Username is already taken.";
            LOG.error(str);
            throw new BadRequestException(str);
        }
        User create = this.userService.create();
        create.setName(createUserRequest.username());
        create.setPassword(createUserRequest.password());
        create.setFullName(createUserRequest.fullName());
        create.setEmail(createUserRequest.email());
        create.setPermissions(createUserRequest.permissions());
        setUserRoles(createUserRequest.roles(), create);
        if (createUserRequest.timezone() != null) {
            create.setTimeZone(createUserRequest.timezone());
        }
        Long sessionTimeoutMs = createUserRequest.sessionTimeoutMs();
        if (sessionTimeoutMs != null) {
            create.setSessionTimeoutMs(sessionTimeoutMs.longValue());
        }
        Startpage startpage = createUserRequest.startpage();
        if (startpage != null) {
            create.setStartpage(startpage.type(), startpage.id());
        }
        LOG.debug("Saved user {} with id {}", create.getName(), this.userService.save(create));
        return Response.created(getUriBuilderToSelf().path(UsersResource.class).path("{username}").build(new Object[]{create.getName()})).build();
    }

    private void setUserRoles(@Nullable List<String> list, User user) {
        if (list != null) {
            try {
                user.setRoleIds(Sets.newHashSet(Iterables.transform(list, Roles.roleNameToIdFunction(this.roleService.loadAllLowercaseNameMap()))));
            } catch (org.graylog2.database.NotFoundException e) {
                throw new InternalServerErrorException(e);
            }
        }
    }

    @ApiResponses({@ApiResponse(code = 400, message = "Attempted to modify a read only user account (e.g. built-in or LDAP users)."), @ApiResponse(code = 400, message = "Missing or invalid user details.")})
    @Path("{userId}")
    @AuditEvent(type = AuditEventTypes.USER_UPDATE)
    @ApiOperation("Modify user details.")
    @PUT
    public void changeUser(@PathParam("userId") @ApiParam(name = "userId", value = "The ID of the user to modify.", required = true) String str, @NotNull @Valid @ApiParam(name = "JSON body", value = "Updated user information.", required = true) ChangeUserRequest changeUserRequest) throws ValidationException {
        Long sessionTimeoutMs;
        User loadUserById = loadUserById(str);
        String name = loadUserById.getName();
        checkPermission(RestPermissions.USERS_EDIT, name);
        if (loadUserById.isReadOnly()) {
            throw new BadRequestException("Cannot modify readonly user " + name);
        }
        if (changeUserRequest.email() != null) {
            loadUserById.setEmail(changeUserRequest.email());
        }
        if (changeUserRequest.fullName() != null) {
            loadUserById.setFullName(changeUserRequest.fullName());
        }
        if (isPermitted(RestPermissions.USERS_PERMISSIONSEDIT, loadUserById.getName()) && changeUserRequest.permissions() != null) {
            loadUserById.setPermissions(getEffectiveUserPermissions(loadUserById, changeUserRequest.permissions()));
        }
        if (isPermitted(RestPermissions.USERS_ROLESEDIT, loadUserById.getName())) {
            setUserRoles(changeUserRequest.roles(), loadUserById);
        }
        String timezone = changeUserRequest.timezone();
        if (timezone == null) {
            loadUserById.setTimeZone((String) null);
        } else {
            try {
                if (timezone.isEmpty()) {
                    loadUserById.setTimeZone((String) null);
                } else {
                    loadUserById.setTimeZone(DateTimeZone.forID(timezone));
                }
            } catch (IllegalArgumentException e) {
                LOG.error("Invalid timezone '{}', ignoring it for user {}.", timezone, name);
            }
        }
        Startpage startpage = changeUserRequest.startpage();
        if (startpage != null) {
            loadUserById.setStartpage(startpage.type(), startpage.id());
        }
        if (isPermitted("*") && (sessionTimeoutMs = changeUserRequest.sessionTimeoutMs()) != null && sessionTimeoutMs.longValue() != 0) {
            loadUserById.setSessionTimeoutMs(sessionTimeoutMs.longValue());
        }
        this.userService.save(loadUserById);
    }

    @ApiResponses({@ApiResponse(code = 400, message = "When attempting to remove a read only user (e.g. built-in or LDAP user).")})
    @Path("{username}")
    @RequiresPermissions({RestPermissions.USERS_EDIT})
    @AuditEvent(type = AuditEventTypes.USER_DELETE)
    @DELETE
    @ApiOperation("Removes a user account.")
    public void deleteUser(@PathParam("username") @ApiParam(name = "username", value = "The name of the user to delete.", required = true) String str) {
        if (this.userService.delete(str) == 0) {
            throw new NotFoundException("Couldn't find user " + str);
        }
    }

    @ApiResponses({@ApiResponse(code = 400, message = "When attempting to remove a read only user (e.g. built-in or LDAP user).")})
    @Path("id/{userId}")
    @RequiresPermissions({RestPermissions.USERS_EDIT})
    @AuditEvent(type = AuditEventTypes.USER_DELETE)
    @DELETE
    @ApiOperation("Removes a user account.")
    public void deleteUserById(@PathParam("userId") @ApiParam(name = "userId", value = "The id of the user to delete.", required = true) String str) {
        if (this.userService.deleteById(str) == 0) {
            throw new NotFoundException("Couldn't find user " + str);
        }
    }

    @ApiResponses({@ApiResponse(code = 400, message = "Missing or invalid permission data.")})
    @Path("{username}/permissions")
    @RequiresPermissions({RestPermissions.USERS_PERMISSIONSEDIT})
    @AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_UPDATE)
    @ApiOperation("Update a user's permission set.")
    @PUT
    public void editPermissions(@PathParam("username") @ApiParam(name = "username", value = "The name of the user to modify.", required = true) String str, @NotNull @Valid @ApiParam(name = "JSON body", value = "The list of permissions to assign to the user.", required = true) PermissionEditRequest permissionEditRequest) throws ValidationException {
        User load = this.userService.load(str);
        if (load == null) {
            throw new NotFoundException("Couldn't find user " + str);
        }
        load.setPermissions(getEffectiveUserPermissions(load, permissionEditRequest.permissions()));
        this.userService.save(load);
    }

    @ApiResponses({@ApiResponse(code = 400, message = "Missing or invalid permission data.")})
    @Path("{username}/preferences")
    @AuditEvent(type = AuditEventTypes.USER_PREFERENCES_UPDATE)
    @ApiOperation("Update a user's preferences set.")
    @PUT
    public void savePreferences(@PathParam("username") @ApiParam(name = "username", value = "The name of the user to modify.", required = true) String str, @ApiParam(name = "JSON body", value = "The map of preferences to assign to the user.", required = true) UpdateUserPreferences updateUserPreferences) throws ValidationException {
        User load = this.userService.load(str);
        checkPermission(RestPermissions.USERS_EDIT, str);
        if (load == null) {
            throw new NotFoundException("Couldn't find user " + str);
        }
        load.setPreferences(updateUserPreferences.preferences());
        this.userService.save(load);
    }

    @ApiResponses({@ApiResponse(code = 500, message = "When saving the user failed.")})
    @Path("{username}/permissions")
    @RequiresPermissions({RestPermissions.USERS_PERMISSIONSEDIT})
    @AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_DELETE)
    @DELETE
    @ApiOperation("Revoke all permissions for a user without deleting the account.")
    public void deletePermissions(@PathParam("username") @ApiParam(name = "username", value = "The name of the user to modify.", required = true) String str) throws ValidationException {
        User load = this.userService.load(str);
        if (load == null) {
            throw new NotFoundException("Couldn't find user " + str);
        }
        load.setPermissions(Collections.emptyList());
        this.userService.save(load);
    }

    @ApiResponses({@ApiResponse(code = 204, message = "The password was successfully updated. Subsequent requests must be made with the new password."), @ApiResponse(code = 400, message = "The new password is missing, or the old password is missing or incorrect."), @ApiResponse(code = 403, message = "The requesting user has insufficient privileges to update the password for the given user."), @ApiResponse(code = 404, message = "User does not exist.")})
    @Path("{userId}/password")
    @AuditEvent(type = AuditEventTypes.USER_PASSWORD_UPDATE)
    @ApiOperation("Update the password for a user.")
    @PUT
    public void changePassword(@PathParam("userId") @ApiParam(name = "userId", value = "The id of the user whose password to change.", required = true) String str, @Valid @ApiParam(name = "JSON body", value = "The old and new passwords.", required = true) ChangePasswordRequest changePasswordRequest) throws ValidationException {
        User loadUserById = loadUserById(str);
        String name = loadUserById.getName();
        if (!getSubject().isPermitted("users:passwordchange:" + name)) {
            throw new ForbiddenException("Not allowed to change password for user " + name);
        }
        if (loadUserById.isExternalUser()) {
            LOG.error("Cannot change password for external user.");
            throw new ForbiddenException("Cannot change password for external user.");
        }
        boolean z = true;
        if (getSubject().isPermitted("users:passwordchange:*")) {
            if (name.equals(getSubject().getPrincipal())) {
                LOG.debug("User {} is allowed to change the password of any user, but attempts to change own password. Must supply the old password.", getSubject().getPrincipal());
                z = true;
            } else {
                LOG.debug("User {} is allowed to change the password for any user, including {}, ignoring old password", getSubject().getPrincipal(), name);
                z = false;
            }
        }
        boolean z2 = false;
        if (!z) {
            z2 = true;
        } else if (loadUserById.isUserPassword(changePasswordRequest.oldPassword())) {
            z2 = true;
        }
        if (!z2) {
            throw new BadRequestException("Old password is missing or incorrect.");
        }
        loadUserById.setPassword(changePasswordRequest.password());
        this.userService.save(loadUserById);
    }

    @GET
    @Path("{userId}/tokens")
    @ApiOperation("Retrieves the list of access tokens for a user")
    public TokenList listTokens(@PathParam("userId") @ApiParam(name = "userId", required = true) String str) {
        User loadUserById = loadUserById(str);
        String name = loadUserById.getName();
        if (!isPermitted(RestPermissions.USERS_TOKENLIST, name)) {
            throw new ForbiddenException("Not allowed to list tokens for user " + name);
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        for (AccessToken accessToken : this.accessTokenService.loadAll(loadUserById.getName())) {
            builder.add(Token.create(accessToken.getId(), accessToken.getName(), accessToken.getToken(), accessToken.getLastAccess()));
        }
        return TokenList.create(builder.build());
    }

    @Path("{userId}/tokens/{name}")
    @AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_CREATE)
    @ApiOperation("Generates a new access token for a user")
    @POST
    public Token generateNewToken(@PathParam("userId") @ApiParam(name = "userId", required = true) String str, @PathParam("name") @ApiParam(name = "name", value = "Descriptive name for this token (e.g. 'cronjob') ", required = true) String str2, @ApiParam(name = "JSON Body", value = "Placeholder because POST requests should have a body. Set to '{}', the content will be ignored.", defaultValue = "{}") String str3) {
        User loadUserById = loadUserById(str);
        String name = loadUserById.getName();
        if (!isPermitted(RestPermissions.USERS_TOKENCREATE, name)) {
            throw new ForbiddenException("Not allowed to create tokens for user " + name);
        }
        AccessToken create = this.accessTokenService.create(loadUserById.getName(), str2);
        return Token.create(create.getId(), create.getName(), create.getToken(), create.getLastAccess());
    }

    @Path("{userId}/tokens/{idOrToken}")
    @AuditEvent(type = AuditEventTypes.USER_ACCESS_TOKEN_DELETE)
    @DELETE
    @ApiOperation("Removes a token for a user")
    public void revokeToken(@PathParam("userId") @ApiParam(name = "userId", required = true) String str, @PathParam("idOrToken") @ApiParam(name = "idOrToken", required = true) String str2) {
        String name = loadUserById(str).getName();
        if (!isPermitted(RestPermissions.USERS_TOKENREMOVE, name)) {
            throw new ForbiddenException("Not allowed to remove tokens for user " + name);
        }
        AccessToken accessToken = (AccessToken) Optional.ofNullable(this.accessTokenService.loadById(str2)).orElse(this.accessTokenService.load(str2));
        if (accessToken == null) {
            throw new NotFoundException("Couldn't find access token for user " + name);
        }
        this.accessTokenService.destroy(accessToken);
    }

    private User loadUserById(String str) {
        User loadById = this.userService.loadById(str);
        if (loadById == null) {
            throw new NotFoundException("Couldn't find user with ID <" + str + ">");
        }
        return loadById;
    }

    private UserSummary toUserResponse(User user, AllUserSessions allUserSessions) {
        return toUserResponse(user, true, allUserSessions);
    }

    private UserSummary toUserResponse(User user, boolean z, AllUserSessions allUserSessions) {
        List<WildcardPermission> of;
        List<GRNPermission> of2;
        Set<String> roleIds = user.getRoleIds();
        Set<String> emptySet = Collections.emptySet();
        if (!roleIds.isEmpty()) {
            emptySet = this.userService.getRoleNames(user);
            if (emptySet.isEmpty()) {
                LOG.error("Unable to load role names for role IDs {} for user {}", roleIds, user);
            }
        }
        boolean z2 = false;
        Date date = null;
        String str = null;
        Optional<MongoDbSession> forUser = allUserSessions.forUser(user);
        if (forUser.isPresent()) {
            MongoDbSession mongoDbSession = forUser.get();
            z2 = true;
            date = mongoDbSession.getLastAccessTime();
            str = mongoDbSession.getHost();
        }
        if (z) {
            of = this.userService.getWildcardPermissionsForUser(user);
            of2 = this.userService.getGRNPermissionsForUser(user);
        } else {
            of = ImmutableList.of();
            of2 = ImmutableList.of();
        }
        return UserSummary.create(user.getId(), user.getName(), user.getEmail(), user.getFullName(), of, of2, user.getPreferences(), user.getTimeZone() == null ? null : user.getTimeZone().getID(), Long.valueOf(user.getSessionTimeoutMs()), user.isReadOnly(), user.isExternalUser(), user.getStartpage(), emptySet, z2, date, str);
    }

    private List<String> getEffectiveUserPermissions(User user, List<String> list) {
        ArrayList newArrayList = Lists.newArrayList(list);
        newArrayList.removeAll(this.userService.getUserPermissionsFromRoles(user));
        return newArrayList;
    }

    private Map<String, String> getRoleNameMap(Set<String> set) throws org.graylog2.database.NotFoundException {
        Map<String, Role> findIdMap = this.roleService.findIdMap(set);
        HashMap hashMap = new HashMap(findIdMap.size());
        findIdMap.forEach((str, role) -> {
        });
        return hashMap;
    }

    private UserOverviewDTO getAdminUserDTO(AllUserSessions allUserSessions) {
        Optional<User> rootUser = this.userService.getRootUser();
        if (!rootUser.isPresent()) {
            return null;
        }
        User user = rootUser.get();
        return UserOverviewDTO.builder().username(user.getName()).fullName(user.getFullName()).email(user.getEmail()).externalUser(Boolean.valueOf(user.isExternalUser())).readOnly(Boolean.valueOf(user.isReadOnly())).id(user.getId()).fillSession(allUserSessions.forUser(user)).roles(this.userService.getRoleNames(user)).build();
    }
}
