package io.gravitee.am.management.handlers.management.api.resources.organizations.users;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.BaseJsonNode;
import io.gravitee.am.management.handlers.management.api.bulk.BulkOperationResult;
import io.gravitee.am.management.handlers.management.api.bulk.BulkRequest;
import io.gravitee.am.management.handlers.management.api.bulk.BulkResponse;
import io.gravitee.am.management.handlers.management.api.model.UserEntity;
import io.gravitee.am.management.handlers.management.api.resources.AbstractUsersResource;
import io.gravitee.am.management.handlers.management.api.schemas.BulkCreateOrganizationUser;
import io.gravitee.am.management.handlers.management.api.schemas.BulkDeleteUser;
import io.gravitee.am.management.handlers.management.api.schemas.BulkUpdateUser;
import io.gravitee.am.management.handlers.management.api.spring.UserBulkConfiguration;
import io.gravitee.am.model.Acl;
import io.gravitee.am.model.Organization;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.User;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.model.permissions.Permission;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.OrganizationService;
import io.gravitee.am.service.exception.TooManyOperationsException;
import io.gravitee.am.service.model.NewOrganizationUser;
import io.reactivex.rxjava3.core.Observable;
import io.reactivex.rxjava3.core.Single;
import io.reactivex.rxjava3.core.SingleSource;
import io.reactivex.rxjava3.functions.Consumer;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.DiscriminatorMapping;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.container.AsyncResponse;
import jakarta.ws.rs.container.ResourceContext;
import jakarta.ws.rs.container.Suspended;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;

@Tag(name = "user")
/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/resources/organizations/users/OrganizationUsersResource.class */
public class OrganizationUsersResource extends AbstractUsersResource {

    @Context
    private ResourceContext resourceContext;

    @Autowired
    private UserBulkConfiguration userBulkConfiguration;

    @Autowired
    private IdentityProviderService identityProviderService;

    @Autowired
    private OrganizationService organizationService;

    @Autowired
    private ObjectMapper mapper;

    @Schema(oneOf = {BulkCreateOrganizationUser.class, BulkUpdateUser.class, BulkDeleteUser.class}, discriminatorProperty = "action", discriminatorMapping = {@DiscriminatorMapping(value = "CREATE", schema = BulkCreateOrganizationUser.class), @DiscriminatorMapping(value = "UPDATE", schema = BulkUpdateUser.class), @DiscriminatorMapping(value = "DELETE", schema = BulkDeleteUser.class)})
    /* loaded from: input_file:io/gravitee/am/management/handlers/management/api/resources/organizations/users/OrganizationUsersResource$OrganizationUserBulkRequest.class */
    private static class OrganizationUserBulkRequest extends BulkRequest.Generic {
        @JsonCreator
        public OrganizationUserBulkRequest(@JsonProperty("action") BulkRequest.Action action, @JsonProperty("failOnErrors") Integer num, @JsonProperty("items") List<BaseJsonNode> list) {
            super(action, num, list);
        }
    }

    @Produces({"application/json"})
    @Operation(operationId = "listOrganisationUsers", summary = "List users of the organization", description = "User must have the ORGANIZATION_USER[LIST] permission on the specified organization. Each returned user is filtered and contains only basic information such as id and username and displayname. Last login and identity provider name will be also returned if current user has ORGANIZATION_USER[READ] permission on the organization.")
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "List users of the organization", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Page.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void list(@PathParam("organizationId") String str, @QueryParam("q") String str2, @QueryParam("filter") String str3, @QueryParam("page") @DefaultValue("0") int i, @QueryParam("size") @DefaultValue("30") int i2, @Suspended AsyncResponse asyncResponse) {
        Single flatMap = this.permissionService.findAllPermissions(getAuthenticatedUser(), ReferenceType.ORGANIZATION, str).flatMap(map -> {
            return checkPermission(map, Permission.ORGANIZATION_USER, Acl.LIST).andThen(searchUsers(ReferenceType.ORGANIZATION, str, str2, str3, i, i2).flatMap(page -> {
                return Observable.fromIterable(page.getData()).flatMapSingle(user -> {
                    return filterUserInfos(map, user);
                }).toSortedList(Comparator.comparing((v0) -> {
                    return v0.getUsername();
                }, Comparator.nullsLast(Comparator.naturalOrder()))).map(list -> {
                    return new Page(list, page.getCurrentPage(), page.getTotalCount());
                });
            }));
        });
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        flatMap.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "createOrganisationUser", summary = "Create a platform user or Service Account", description = "User must have the ORGANIZATION_USER[READ] permission on the specified organization")
    @POST
    @Consumes({"application/json"})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "User or Service Account successfully created", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = User.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void create(@PathParam("organizationId") String str, @Parameter(name = "user", required = true) @Valid @NotNull NewOrganizationUser newOrganizationUser, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Single andThen = checkPermission(ReferenceType.ORGANIZATION, str, Permission.ORGANIZATION_USER, Acl.CREATE).andThen(this.organizationService.findById(str).flatMap(organization -> {
            return this.organizationUserService.createGraviteeUser(organization, newOrganizationUser, authenticatedUser);
        }).map(user -> {
            return Response.created(URI.create("/organizations/" + str + "/users/" + user.getId())).entity(new UserEntity(user)).build();
        }));
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "bulkOrganisationUserOperation", summary = "Create/update/delete platform users or Service Accounts", description = "User must have the ORGANIZATION_USER[CREATE/UPDATE/DELETE] permission on the specified organization")
    @POST
    @Path("/bulk")
    @Consumes({"application/json"})
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Some users or Service Accounts got created, inspect each result for details", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = BulkResponse.class))}), @ApiResponse(responseCode = "201", description = "Users or Service Accounts successfully created", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = BulkResponse.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void handleBulkOperation(@PathParam("organizationId") String str, @Valid @NotNull OrganizationUserBulkRequest organizationUserBulkRequest, @Suspended AsyncResponse asyncResponse) {
        if (organizationUserBulkRequest.items().size() > this.userBulkConfiguration.bulkMaxRequestOperations()) {
            throw TooManyOperationsException.tooManyOperation(this.userBulkConfiguration.bulkMaxRequestOperations());
        }
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Single andThen = checkPermission(ReferenceType.ORGANIZATION, str, Permission.ORGANIZATION_USER, organizationUserBulkRequest.action().requiredAcl()).andThen(this.organizationService.findById(str).flatMap(organization -> {
            return processBulkRequest(organizationUserBulkRequest, organization, authenticatedUser);
        }));
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = asyncResponse::resume;
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    private SingleSource<?> processBulkRequest(BulkRequest.Generic generic, Organization organization, io.gravitee.am.identityprovider.api.User user) {
        switch (generic.action()) {
            case CREATE:
                return generic.processOneByOne(NewOrganizationUser.class, this.mapper, newOrganizationUser -> {
                    return this.organizationUserService.createGraviteeUser(organization, newOrganizationUser, user).map((v0) -> {
                        return BulkOperationResult.created(v0);
                    });
                });
            case DELETE:
                return generic.processOneByOne(String.class, this.mapper, str -> {
                    return this.organizationUserService.delete(ReferenceType.ORGANIZATION, organization.getId(), str, user).map((v0) -> {
                        return v0.getId();
                    }).map((v0) -> {
                        return BulkOperationResult.ok(v0);
                    });
                });
            case UPDATE:
                return generic.processOneByOne(BulkUpdateUser.UpdateUserWithId.class, this.mapper, updateUserWithId -> {
                    return this.organizationUserService.update(ReferenceType.ORGANIZATION, organization.getId(), updateUserWithId.getId(), updateUserWithId, user).map(UserEntity::new).map((v0) -> {
                        return BulkOperationResult.ok(v0);
                    });
                });
            default:
                throw new IncompatibleClassChangeError();
        }
    }

    @Path("{user}")
    public OrganizationUserResource getUserResource() {
        return (OrganizationUserResource) this.resourceContext.getResource(OrganizationUserResource.class);
    }

    private Single<User> filterUserInfos(Map<Permission, Set<Acl>> map, User user) {
        User user2;
        if (hasPermission(map, Permission.ORGANIZATION_USER, Acl.READ).booleanValue()) {
            user2 = new UserEntity(user);
            if (user.getSource() != null) {
                return this.identityProviderService.findById(user.getSource()).map(identityProvider -> {
                    user2.setSource(identityProvider.getName());
                    return user2;
                }).defaultIfEmpty(user2);
            }
        } else {
            user2 = new User(false);
            user2.setId(user.getId());
            user2.setUsername(user.getUsername());
            user2.setDisplayName(user.getDisplayName());
            user2.setPicture(user.getPicture());
        }
        return Single.just(user2);
    }
}
