package com.cloudera.server.web.cmf.authorization;

import com.beust.jcommander.internal.Lists;
import com.cloudera.api.model.ApiExternalUserMappingType;
import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.model.DbConfigContainerConfigProvider;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.CurrentUserManager;
import com.cloudera.server.cmf.FeatureManager;
import com.cloudera.server.web.cmf.CmfPath;
import com.cloudera.server.web.cmf.SimplePage;
import com.cloudera.server.web.cmf.WebController;
import com.cloudera.server.web.common.CurrentUser;
import com.cloudera.server.web.common.I18n;
import com.cloudera.server.web.common.JSPageController;
import com.cloudera.server.web.common.JamonModelAndView;
import com.cloudera.server.web.common.menu.LinkMenuItem;
import com.cloudera.server.web.common.menu.MenuItem;
import com.google.common.collect.ImmutableMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:com/cloudera/server/web/cmf/authorization/AuthorizationPageController.class */
public class AuthorizationPageController extends WebController {

    @Autowired
    private CurrentUserManager um;

    @Autowired
    private FeatureManager fm;
    private static final String LABEL_ROLES = "label.roles";
    private static final String LABEL_EXTERNAL_USER_MAPPINGS = "label.externalUserMappings";
    private static final String LABEL_USERS = "label.users";
    private static final String LABEL_USER_SESSIONS = "label.userSessions";
    private static Map<String, String> PAGE_KEY_TO_JSPATH = ImmutableMap.of(LABEL_ROLES, "cloudera/cmf/authorization/RolesPage", LABEL_EXTERNAL_USER_MAPPINGS, "cloudera/cmf/authorization/ExternalUserMappingsPage", LABEL_USERS, "cloudera/cmf/authorization/UsersPage", LABEL_USER_SESSIONS, "cloudera/cmf/authorization/UserSessionsPage");
    private static Map<String, String> PAGE_KEY_TO_URL = ImmutableMap.of(LABEL_USERS, "/cmf/users1", LABEL_EXTERNAL_USER_MAPPINGS, "/cmf/externalRoleAssignments", LABEL_ROLES, "/cmf/roles", LABEL_USER_SESSIONS, "/cmf/userSessions1");

    private ModelAndView renderPage(String str, Map<String, Object> map) {
        SimplePage simplePage = JSPageController.getSimplePage(str);
        simplePage.setSelectedAppTab("administration");
        if (map != null) {
            simplePage.setParameters(map);
        }
        simplePage.setJsPath(str);
        return JamonModelAndView.of(simplePage.makeRenderer());
    }

    private ApiExternalUserMappingType getExternalUserMappingType(CmfEntityManager cmfEntityManager) {
        DbConfigContainerConfigProvider scmConfigProvider = cmfEntityManager.getScmConfigProvider();
        if (((ScmParams.AuthBackendOrder) ScmHandler.getScmConfigValue(ScmParams.AUTH_BACKEND_ORDER, scmConfigProvider)) == ScmParams.AuthBackendOrder.DB_ONLY) {
            return null;
        }
        ScmParams.ExternalAuthType externalAuthType = (ScmParams.ExternalAuthType) ScmHandler.getScmConfigValue(ScmParams.EXTERNAL_AUTH_TYPE, scmConfigProvider);
        ApiExternalUserMappingType apiExternalUserMappingType = ApiExternalUserMappingType.LDAP;
        if (ScmParams.ExternalAuthType.LDAP.equals(externalAuthType)) {
            apiExternalUserMappingType = ApiExternalUserMappingType.LDAP;
        } else if (ScmParams.ExternalAuthType.ACTIVE_DIRECTORY.equals(externalAuthType)) {
            apiExternalUserMappingType = ApiExternalUserMappingType.LDAP;
        } else if (ScmParams.ExternalAuthType.SCRIPT.equals(externalAuthType)) {
            apiExternalUserMappingType = ApiExternalUserMappingType.EXTERNAL_PROGRAM;
        } else if (ScmParams.ExternalAuthType.SAML.equals(externalAuthType)) {
            apiExternalUserMappingType = ScmParams.SAMLRoleMapper.ATTRIBUTE.equals((ScmParams.SAMLRoleMapper) ScmHandler.getScmConfigValue(ScmParams.SAML_ROLE_MAPPER, scmConfigProvider)) ? ApiExternalUserMappingType.SAML_ATTRIBUTE : ApiExternalUserMappingType.SAML_SCRIPT;
        }
        return apiExternalUserMappingType;
    }

    private List<MenuItem> getTabs(CmfEntityManager cmfEntityManager) {
        ApiExternalUserMappingType externalUserMappingType = getExternalUserMappingType(cmfEntityManager);
        LinkedList newLinkedList = Lists.newLinkedList();
        for (Map.Entry<String, String> entry : PAGE_KEY_TO_URL.entrySet()) {
            String key = entry.getKey();
            boolean equals = LABEL_EXTERNAL_USER_MAPPINGS.equals(key);
            if (!equals || (externalUserMappingType != null && this.fm.hasFeature(ProductState.Feature.LDAP))) {
                if (equals) {
                    key = "label.authorization.type." + externalUserMappingType.toString().toLowerCase() + 's';
                }
                newLinkedList.add(new LinkMenuItem(I18n.t(key), entry.getValue()));
            }
        }
        return newLinkedList;
    }

    private Map<String, Object> getPageParameters(CmfEntityManager cmfEntityManager, String str) {
        boolean isDeletableLastFullAdmin = this.um.isDeletableLastFullAdmin(cmfEntityManager.findAllUsers());
        ApiExternalUserMappingType externalUserMappingType = getExternalUserMappingType(cmfEntityManager);
        boolean equals = LABEL_EXTERNAL_USER_MAPPINGS.equals(str);
        String t = I18n.t(str);
        if (externalUserMappingType != null && equals) {
            t = I18n.t("label.authorization.type." + externalUserMappingType.toString().toLowerCase() + 's');
        }
        return ImmutableMap.builder().put("tabs", getTabs(cmfEntityManager)).put("selectedTabText", t).put("hasGPERMFeature", Boolean.valueOf(this.fm.hasFeature(ProductState.Feature.FINE_GRAINED_USER_ROLES))).put("currentUsername", CurrentUser.getUsername()).put("canManipulateSelf", Boolean.valueOf(isDeletableLastFullAdmin)).put("canModify", Boolean.valueOf(CurrentUser.hasGlobalAuthority("AUTH_USERS_CONFIG"))).put("externalUserMappingType", externalUserMappingType == null ? CommandUtils.CONFIG_TOP_LEVEL_DIR : externalUserMappingType.toString()).build();
    }

    private ModelAndView renderPage(String str) {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        try {
            createCmfEntityManager.beginForRollbackAndReadonly();
            ModelAndView renderPage = renderPage(PAGE_KEY_TO_JSPATH.get(str), getPageParameters(createCmfEntityManager, str));
            createCmfEntityManager.close();
            return renderPage;
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    @RequestMapping(value = {"roles"}, method = {RequestMethod.GET})
    @PreAuthorize("hasRole('AUTH_USERS_CONFIG')")
    public ModelAndView renderRolesPage() {
        return renderPage(LABEL_ROLES);
    }

    @RequestMapping(value = {CmfPath.Authorization.EXTERNALUSER_MAPPINGS}, method = {RequestMethod.GET})
    @PreAuthorize("hasRole('AUTH_USERS_CONFIG')")
    public ModelAndView renderExternalUserMappingsPage() {
        return renderPage(LABEL_EXTERNAL_USER_MAPPINGS);
    }

    @RequestMapping(value = {CmfPath.Authorization.USERS}, method = {RequestMethod.GET})
    @PreAuthorize("hasRole('AUTH_USERS_CONFIG')")
    public ModelAndView renderUsersPage() {
        return renderPage(LABEL_USERS);
    }

    @RequestMapping(value = {CmfPath.Authorization.USER_SESSIONS}, method = {RequestMethod.GET})
    @PreAuthorize("hasRole('AUTH_USERS_CONFIG')")
    public ModelAndView renderUserSessionsTable() {
        return renderPage(LABEL_USER_SESSIONS);
    }
}
