package com.cloudera.nav.api.v3.impl;

import com.cloudera.nav.AuditLogger;
import com.cloudera.nav.api.v1.impl.ApiUtils;
import com.cloudera.nav.api.v3.AuthorizationResourceV3;
import com.cloudera.nav.audit.AuditEventType;
import com.cloudera.nav.audit.AuditMessage;
import com.cloudera.nav.audit.message.model.AuthorizationAuditMessage;
import com.cloudera.nav.auth.LdapGroupSearch;
import com.cloudera.nav.auth.NavigatorUser;
import com.cloudera.nav.auth.model.Group;
import com.cloudera.nav.auth.model.Role;
import com.cloudera.nav.persistence.relational.dao.GroupDAO;
import com.cloudera.nav.persistence.relational.dao.RoleDAO;
import com.cloudera.nav.persistence.relational.dao.impl.GroupDAOImpl;
import com.cloudera.nav.persistence.relational.dao.impl.RoleDAOImpl;
import com.cloudera.nav.server.NavOptions;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.sql.DataSource;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.BooleanUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Primary
@Component("authorizationResourceV3")
/* loaded from: input_file:com/cloudera/nav/api/v3/impl/AuthorizationResourceV3Impl.class */
public class AuthorizationResourceV3Impl implements AuthorizationResourceV3 {
    protected final GroupDAO groupDao;
    protected final RoleDAO roleDao;
    protected final NavOptions navOptions;

    @Autowired
    public AuthorizationResourceV3Impl(DataSource dataSource, NavOptions navOptions) {
        this.navOptions = navOptions;
        this.groupDao = new GroupDAOImpl(dataSource, this.navOptions);
        this.roleDao = new RoleDAOImpl(dataSource);
    }

    @VisibleForTesting
    AuthorizationResourceV3Impl(NavOptions navOptions, GroupDAO groupDAO, RoleDAO roleDAO) {
        this.navOptions = navOptions;
        this.groupDao = groupDAO;
        this.roleDao = roleDAO;
    }

    @Override // com.cloudera.nav.api.v3.AuthorizationResourceV3
    public Collection<Role> getRoles(Boolean bool) {
        if (BooleanUtils.isNotTrue(bool)) {
            return this.roleDao.getRoles();
        }
        NavigatorUser navigatorUser = (NavigatorUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        AuditLogger.log(new AuditMessage(AuditEventType.AUTHORIZATION, "fetchRoles", "", "", PhaseInterceptorChain.getCurrentMessage(), new AuthorizationAuditMessage((String) null, (String) null)));
        return navigatorUser.getRoles();
    }

    @Override // com.cloudera.nav.api.v3.AuthorizationResourceV3
    public Collection<Group> getGroups(String str, Boolean bool) {
        Collection<Group> groups = this.groupDao.getGroups(str);
        if (BooleanUtils.isTrue(bool)) {
            return groups;
        }
        if (Strings.nullToEmpty(str).length() < 2) {
            throw new IllegalArgumentException("Search term should be 2 characters or longer.");
        }
        Collection<Group> mergeGroups = mergeGroups(groups, new LdapGroupSearch(this.navOptions).getGroups(str));
        AuditLogger.log(new AuditMessage(AuditEventType.AUTHORIZATION, "searchGroup", "", "", PhaseInterceptorChain.getCurrentMessage(), new AuthorizationAuditMessage((String) null, str)));
        return mergeGroups;
    }

    private Collection<Group> mergeGroups(Collection<Group> collection, Collection<Group> collection2) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<Group> it = collection.iterator();
        while (it.hasNext()) {
            newHashSet.add(it.next().getDn().toLowerCase());
        }
        HashSet newHashSet2 = Sets.newHashSet(collection);
        for (Group group : collection2) {
            if (!newHashSet.contains(group.getDn().toLowerCase())) {
                newHashSet2.add(group);
            }
        }
        return newHashSet2;
    }

    @Override // com.cloudera.nav.api.v3.AuthorizationResourceV3
    public Group getGroup(String str) {
        Group groupByDn = this.groupDao.getGroupByDn(str);
        if (groupByDn == null) {
            throw new IllegalArgumentException("No group found for groupDn: " + str);
        }
        AuditLogger.log(new AuditMessage(AuditEventType.AUTHORIZATION, "fetchGroup", "", "", PhaseInterceptorChain.getCurrentMessage(), new AuthorizationAuditMessage(str, (String) null)));
        return groupByDn;
    }

    @Override // com.cloudera.nav.api.v3.AuthorizationResourceV3
    @Transactional
    public Group setRoles(String str, String str2, List<Long> list) {
        ArrayList newArrayList = Lists.newArrayList();
        for (Long l : list) {
            Role role = this.roleDao.getRole(l.longValue());
            if (role == null) {
                ApiUtils.sendErrorQuietly(Response.Status.BAD_REQUEST, String.format("Role with %d id not found.", l));
            }
            newArrayList.add(role.getName());
        }
        AuditLogger.log(new AuditMessage(AuditEventType.AUTHORIZATION, "updateRoles", "", "", PhaseInterceptorChain.getCurrentMessage(), new AuthorizationAuditMessage(str, str2, newArrayList)));
        return this.groupDao.setRoles(str, str2, list);
    }
}
