package com.netflix.spinnaker.fiat.controllers;

import com.netflix.spinnaker.fiat.model.UserPermission;
import com.netflix.spinnaker.fiat.model.resources.Role;
import com.netflix.spinnaker.fiat.permissions.ExternalUser;
import com.netflix.spinnaker.fiat.permissions.PermissionResolutionException;
import com.netflix.spinnaker.fiat.permissions.PermissionsRepository;
import com.netflix.spinnaker.fiat.permissions.PermissionsResolver;
import com.netflix.spinnaker.fiat.roles.UserRolesSyncer;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletResponse;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/roles"})
@RestController
@ConditionalOnExpression("${fiat.write-mode.enabled:true}")
/* loaded from: input_file:com/netflix/spinnaker/fiat/controllers/RolesController.class */
public class RolesController {
    private static final Logger log = LoggerFactory.getLogger(RolesController.class);

    @Autowired
    PermissionsResolver permissionsResolver;

    @Autowired
    PermissionsRepository permissionsRepository;

    @Autowired
    UserRolesSyncer syncer;

    @RequestMapping(value = {"/{userId:.+}"}, method = {RequestMethod.POST})
    public void putUserPermission(@PathVariable String str) {
        try {
            UserPermission resolve = this.permissionsResolver.resolve(ControllerSupport.convert(str));
            log.debug("Updated user permissions (userId: {}, roles: {})", str, resolve.getRoles().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList()));
            this.permissionsRepository.put(resolve);
        } catch (PermissionResolutionException e) {
            throw new UserPermissionModificationException((Throwable) e);
        }
    }

    @RequestMapping(value = {"/{userId:.+}"}, method = {RequestMethod.PUT})
    public void putUserPermission(@PathVariable String str, @NonNull @RequestBody List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("externalRoles is marked non-null but is null");
        }
        try {
            UserPermission resolveAndMerge = this.permissionsResolver.resolveAndMerge(new ExternalUser().setId(ControllerSupport.convert(str)).setExternalRoles((List) list.stream().map(str2 -> {
                return new Role().setSource(Role.Source.EXTERNAL).setName(str2);
            }).collect(Collectors.toList())));
            log.debug("Updated user permissions (userId: {}, roles: {}, suppliedExternalRoles: {})", new Object[]{str, resolveAndMerge.getRoles().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList()), list});
            this.permissionsRepository.put(resolveAndMerge);
        } catch (PermissionResolutionException e) {
            throw new UserPermissionModificationException((Throwable) e);
        }
    }

    @RequestMapping(value = {"/{userId:.+}"}, method = {RequestMethod.DELETE})
    public void deleteUserPermission(@PathVariable String str) {
        this.permissionsRepository.remove(ControllerSupport.convert(str));
    }

    @RequestMapping(value = {"/sync"}, method = {RequestMethod.POST})
    public long sync(HttpServletResponse httpServletResponse, @RequestBody(required = false) List<String> list) throws IOException {
        log.info("Role sync invoked by web request for roles: {}", list);
        long syncAndReturn = this.syncer.syncAndReturn(list);
        if (syncAndReturn == 0) {
            log.info("No users found with specified roles");
            httpServletResponse.sendError(503, "Error occurred syncing permissions. See Fiat Logs.");
        }
        return syncAndReturn;
    }

    @RequestMapping(value = {"/sync/serviceAccount/{serviceAccountId:.+}"}, method = {RequestMethod.POST})
    public long syncServiceAccount(@PathVariable String str, @RequestBody List<String> list) {
        log.info("Service Account {} sync invoked by web request with roles: {}", str, list);
        return this.syncer.syncServiceAccount(str, list);
    }

    public RolesController setPermissionsResolver(PermissionsResolver permissionsResolver) {
        this.permissionsResolver = permissionsResolver;
        return this;
    }

    public RolesController setPermissionsRepository(PermissionsRepository permissionsRepository) {
        this.permissionsRepository = permissionsRepository;
        return this;
    }

    public RolesController setSyncer(UserRolesSyncer userRolesSyncer) {
        this.syncer = userRolesSyncer;
        return this;
    }
}
