package org.graylog.security.authzroles;

import com.codahale.metrics.annotation.Timed;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotEmpty;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.NotAllowedException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.configuration.HttpConfiguration;
import org.graylog2.database.PaginatedList;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.rest.models.PaginatedResponse;
import org.graylog2.search.SearchQuery;
import org.graylog2.search.SearchQueryField;
import org.graylog2.search.SearchQueryParser;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.PaginatedUserService;
import org.graylog2.users.UserImpl;
import org.graylog2.users.UserOverviewDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RequiresAuthentication
@Api(value = "Authorization/Roles", description = "Manage roles")
@Path("/authz/roles")
@Produces({"application/json"})
/* loaded from: input_file:org/graylog/security/authzroles/AuthzRolesResource.class */
public class AuthzRolesResource extends RestResource {
    private static final Logger LOG = LoggerFactory.getLogger(RestResource.class);
    protected static final ImmutableMap<String, SearchQueryField> SEARCH_FIELD_MAPPING = ImmutableMap.builder().put("name", SearchQueryField.create("name")).put("description", SearchQueryField.create("description")).build();
    protected static final ImmutableMap<String, SearchQueryField> USER_SEARCH_FIELD_MAPPING = ImmutableMap.builder().put("username", SearchQueryField.create("username")).put("full_name", SearchQueryField.create("full_name")).put("email", SearchQueryField.create("email")).build();
    private final PaginatedAuthzRolesService authzRolesService;
    private final PaginatedUserService paginatedUserService;
    private final UserService userService;
    private final SearchQueryParser searchQueryParser = new SearchQueryParser("name", (Map<String, SearchQueryField>) SEARCH_FIELD_MAPPING);
    private final SearchQueryParser userSearchQueryParser = new SearchQueryParser("username", (Map<String, SearchQueryField>) USER_SEARCH_FIELD_MAPPING);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/graylog/security/authzroles/AuthzRolesResource$UpdateRoles.class */
    public interface UpdateRoles {
        boolean update(Set<String> set, String str);
    }

    @Inject
    public AuthzRolesResource(PaginatedAuthzRolesService paginatedAuthzRolesService, PaginatedUserService paginatedUserService, UserService userService) {
        this.authzRolesService = paginatedAuthzRolesService;
        this.paginatedUserService = paginatedUserService;
        this.userService = userService;
    }

    @GET
    @RequiresPermissions({RestPermissions.ROLES_READ})
    @Timed
    @ApiOperation("Get a paginated list of all roles")
    public PaginatedResponse<AuthzRoleDTO> getList(@QueryParam("page") @ApiParam(name = "page") @DefaultValue("1") int i, @QueryParam("per_page") @ApiParam(name = "per_page") @DefaultValue("50") int i2, @QueryParam("query") @ApiParam(name = "query") @DefaultValue("") String str, @QueryParam("sort") @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "name,description") @DefaultValue("name") String str2, @QueryParam("order") @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") String str3) {
        try {
            PaginatedList<AuthzRoleDTO> findPaginated = this.authzRolesService.findPaginated(this.searchQueryParser.parse(str), i, i2, str2, str3);
            return PaginatedResponse.create(UserImpl.ROLES, findPaginated, str, ImmutableMap.of(UserImpl.COLLECTION_NAME, userRoleContext(findPaginated)));
        } catch (IllegalArgumentException e) {
            throw new BadRequestException("Invalid argument in search query: " + e.getMessage());
        }
    }

    @GET
    @Path("/{roleId}/assignees")
    @RequiresPermissions({RestPermissions.USERS_LIST})
    @ApiOperation("Get a paginated list of users for a role")
    @Produces({"application/json"})
    public PaginatedResponse<UserOverviewDTO> getUsersForRole(@PathParam("roleId") @NotEmpty @ApiParam(name = "roleId") String str, @QueryParam("page") @ApiParam(name = "page") @DefaultValue("1") int i, @QueryParam("per_page") @ApiParam(name = "per_page") @DefaultValue("50") int i2, @QueryParam("query") @ApiParam(name = "query") @DefaultValue("") String str2, @QueryParam("sort") @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "username,full_name,email") @DefaultValue("name") String str3, @QueryParam("order") @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") String str4) {
        try {
            PaginatedList<UserOverviewDTO> findPaginatedByRole = this.paginatedUserService.findPaginatedByRole(this.userSearchQueryParser.parse(str2), i, i2, str3, str4, ImmutableSet.of(str));
            Map map = (Map) this.authzRolesService.findPaginatedByIds(new SearchQuery(HttpConfiguration.PATH_WEB), 0, 0, "name", "asc", (Set) findPaginatedByRole.stream().flatMap(userOverviewDTO -> {
                return userOverviewDTO.roles().stream();
            }).collect(Collectors.toSet())).stream().collect(Collectors.toMap((v0) -> {
                return v0.id();
            }, (v0) -> {
                return v0.name();
            }));
            return PaginatedResponse.create(UserImpl.COLLECTION_NAME, new PaginatedList((List) findPaginatedByRole.stream().map(userOverviewDTO2 -> {
                Stream<String> stream = userOverviewDTO2.roles().stream();
                Objects.requireNonNull(map);
                return userOverviewDTO2.toBuilder().roles((Set) stream.map((v1) -> {
                    return r1.get(v1);
                }).collect(Collectors.toSet())).build();
            }).collect(Collectors.toList()), findPaginatedByRole.pagination().total(), findPaginatedByRole.pagination().page(), findPaginatedByRole.pagination().perPage()), str2);
        } catch (IllegalArgumentException e) {
            throw new BadRequestException("Invalid argument in search query: " + e.getMessage());
        }
    }

    @GET
    @Path("{roleId}")
    @ApiOperation("Get a single role")
    @Produces({"application/json"})
    public AuthzRoleDTO get(@PathParam("roleId") @NotBlank @ApiParam(name = "roleId") String str) {
        checkPermission(RestPermissions.ROLES_READ, str);
        return this.authzRolesService.get(str).orElseThrow(() -> {
            return new NotFoundException("Could not find role with id: " + str);
        });
    }

    @GET
    @Path("/user/{username}")
    @RequiresPermissions({RestPermissions.ROLES_READ})
    @ApiOperation("Get a paginated list roles for a user")
    public PaginatedResponse<AuthzRoleDTO> getListForUser(@PathParam("username") @NotEmpty @ApiParam(name = "username") String str, @QueryParam("page") @ApiParam(name = "page") @DefaultValue("1") int i, @QueryParam("per_page") @ApiParam(name = "per_page") @DefaultValue("50") int i2, @QueryParam("query") @ApiParam(name = "query") @DefaultValue("") String str2, @QueryParam("sort") @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "name,description") @DefaultValue("name") String str3, @QueryParam("order") @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") String str4) {
        try {
            return PaginatedResponse.create(UserImpl.ROLES, this.authzRolesService.findPaginatedByIds(this.searchQueryParser.parse(str2), i, i2, str3, str4, ((User) Optional.ofNullable(this.userService.load(str)).orElseThrow(() -> {
                return new NotFoundException("Couldn't find user: " + str);
            })).getRoleIds()), str2);
        } catch (IllegalArgumentException e) {
            throw new BadRequestException("Invalid argument in search query: " + e.getMessage());
        }
    }

    @Path("{roleId}/assignees")
    @AuditEvent(type = AuditEventTypes.ROLE_MEMBERSHIP_UPDATE)
    @ApiOperation("Add user to role")
    @Produces({"application/json"})
    @PUT
    public void addUser(@PathParam("roleId") @NotBlank @ApiParam(name = "roleId") String str, @ApiParam(name = "usernames") Set<String> set) throws ValidationException {
        updateUserRole(str, set, (v0, v1) -> {
            return v0.add(v1);
        });
    }

    @Path("{roleId}/assignee/{username}")
    @AuditEvent(type = AuditEventTypes.ROLE_MEMBERSHIP_DELETE)
    @DELETE
    @ApiOperation("Remove user from role")
    public void removeUser(@PathParam("roleId") @NotBlank @ApiParam(name = "roleId") String str, @PathParam("username") @NotBlank @ApiParam(name = "username") String str2) throws ValidationException {
        updateUserRole(str, ImmutableSet.of(str2), (v0, v1) -> {
            return v0.remove(v1);
        });
    }

    private void updateUserRole(String str, Set<String> set, UpdateRoles updateRoles) throws ValidationException {
        set.forEach(str2 -> {
            checkPermission(RestPermissions.USERS_EDIT, str2);
            User load = this.userService.load(str2);
            if (load == null) {
                throw new NotFoundException("Cannot find user with name: " + str2);
            }
            this.authzRolesService.get(str).orElseThrow(() -> {
                return new NotFoundException("Cannot find role with id: " + str);
            });
            Set<String> roleIds = load.getRoleIds();
            updateRoles.update(roleIds, str);
            load.setRoleIds(roleIds);
            try {
                this.userService.save(load);
            } catch (ValidationException e) {
                LOG.warn("Could not update user: {}", str2);
            }
        });
    }

    @Path("{roleId}")
    @AuditEvent(type = AuditEventTypes.ROLE_DELETE)
    @DELETE
    @ApiOperation("Delete a role")
    @Produces({"application/json"})
    public void delete(@PathParam("roleId") @NotBlank @ApiParam(name = "roleId") String str) {
        checkPermission(RestPermissions.ROLES_EDIT);
        if (this.authzRolesService.get(str).orElseThrow(() -> {
            return new NotFoundException("Could not delete role with id: " + str);
        }).readOnly()) {
            throw new NotAllowedException("Cannot delete read only role with id: " + str, new String[0]);
        }
        this.authzRolesService.delete(str);
    }

    private Map<String, Set<Map<String, String>>> userRoleContext(PaginatedList<AuthzRoleDTO> paginatedList) {
        PaginatedList<UserOverviewDTO> findPaginatedByRole = this.paginatedUserService.findPaginatedByRole(new SearchQuery(HttpConfiguration.PATH_WEB), 1, 0, "username", "asc", (Set) paginatedList.stream().map((v0) -> {
            return v0.id();
        }).collect(Collectors.toSet()));
        HashMap hashMap = new HashMap(paginatedList.size());
        paginatedList.forEach(authzRoleDTO -> {
            hashMap.put(authzRoleDTO.id(), (Set) findPaginatedByRole.stream().filter(userOverviewDTO -> {
                return userOverviewDTO.roles().contains(authzRoleDTO.id());
            }).map(userOverviewDTO2 -> {
                return ImmutableMap.of("id", (String) Objects.requireNonNull(userOverviewDTO2.id()), "username", userOverviewDTO2.username());
            }).collect(Collectors.toSet()));
        });
        return hashMap;
    }
}
