package org.apache.ranger.rest;

import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.UserMgr;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConfigUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.annotation.RangerAnnotationClassName;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.common.annotation.RangerAnnotationRestAPI;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.util.RangerRestUtil;
import org.apache.ranger.view.VXPasswordChange;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXPortalUserList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXStringList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Path("users")
@Scope("request")
@Transactional(propagation = Propagation.REQUIRES_NEW)
@Component
@RangerAnnotationJSMgrName("UserMgr")
/* loaded from: input_file:org/apache/ranger/rest/UserREST.class */
public class UserREST {

    @Autowired
    StringUtil stringUtil;

    @Autowired
    RangerDaoManager daoManager;

    @Autowired
    RangerConfigUtil configUtil;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    SearchUtil searchUtil;

    @Autowired
    UserMgr userManager;

    @Autowired
    RangerRestUtil msRestUtil;

    @Autowired
    XUserMgr xUserMgr;
    private static final Logger logger = Logger.getLogger(UserREST.class);
    private static final List<SortField> SORT_FIELDS = Arrays.asList(new SortField("requestDate", "requestDate"), new SortField("approvedDate", "approvedDate"), new SortField("activationDate", "activationDate"), new SortField("emailAddress", "emailAddress"), new SortField("firstName", "firstName"), new SortField("lastName", "lastName"));

    @GET
    @Produces({"application/xml", "application/json"})
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.searchUsers\")")
    public VXPortalUserList searchUsers(@Context HttpServletRequest httpServletRequest) {
        SearchCriteria extractCommonCriterias = this.searchUtil.extractCommonCriterias(httpServletRequest, SORT_FIELDS);
        this.searchUtil.extractLong(httpServletRequest, extractCommonCriterias, "userId", "User Id");
        this.searchUtil.extractString(httpServletRequest, extractCommonCriterias, "loginId", "Login Id", null);
        this.searchUtil.extractString(httpServletRequest, extractCommonCriterias, "emailAddress", "Email Address", null);
        this.searchUtil.extractString(httpServletRequest, extractCommonCriterias, "firstName", "First Name", StringUtil.VALIDATION_NAME);
        this.searchUtil.extractString(httpServletRequest, extractCommonCriterias, "lastName", "Last Name", StringUtil.VALIDATION_NAME);
        this.searchUtil.extractEnum(httpServletRequest, extractCommonCriterias, "status", "Status", "statusList", 7);
        this.searchUtil.extractString(httpServletRequest, extractCommonCriterias, "publicScreenName", "Public Screen Name", StringUtil.VALIDATION_NAME);
        this.searchUtil.extractStringList(httpServletRequest, extractCommonCriterias, "role", "Role", "roleList", this.configUtil.getRoles(), StringUtil.VALIDATION_NAME);
        return this.userManager.searchUsers(extractCommonCriterias);
    }

    @GET
    @Path("{userId}")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.getUserProfileForUser\")")
    @Produces({"application/xml", "application/json"})
    public VXPortalUser getUserProfileForUser(@PathParam("userId") Long l) {
        try {
            VXPortalUser userProfile = this.userManager.getUserProfile(l);
            if (userProfile == null) {
                logger.debug("getUserProfile() Not found userId=" + l);
            } else if (logger.isDebugEnabled()) {
                logger.debug("getUserProfile() Found User userId=" + l);
            }
            return userProfile;
        } catch (Throwable th) {
            logger.error("getUserProfile() no user session. error=" + th.toString());
            return null;
        }
    }

    @Consumes({"application/json", "application/xml"})
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.create\")")
    @POST
    @Produces({"application/xml", "application/json"})
    public VXPortalUser create(VXPortalUser vXPortalUser, @Context HttpServletRequest httpServletRequest) {
        logger.info("create:" + vXPortalUser.getEmailAddress());
        return this.userManager.createUser(vXPortalUser);
    }

    @Path("/default")
    @Consumes({"application/json", "application/xml"})
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.createDefaultAccountUser\")")
    @POST
    @Produces({"application/xml", "application/json"})
    public VXPortalUser createDefaultAccountUser(VXPortalUser vXPortalUser, @Context HttpServletRequest httpServletRequest) {
        VXPortalUser createDefaultAccountUser = this.userManager.createDefaultAccountUser(vXPortalUser);
        if (createDefaultAccountUser != null) {
            this.xUserMgr.assignPermissionToUser(createDefaultAccountUser, true);
        }
        return createDefaultAccountUser;
    }

    @Consumes({"application/json", "application/xml"})
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.update\")")
    @Produces({"application/xml", "application/json"})
    @RangerAnnotationRestAPI(updates_classes = "VUserProfile")
    @PUT
    public VXPortalUser update(VXPortalUser vXPortalUser, @Context HttpServletRequest httpServletRequest) {
        logger.info("update:" + vXPortalUser.getEmailAddress());
        XXPortalUser byId = this.daoManager.getXXPortalUser().getById(vXPortalUser.getId());
        this.userManager.checkAccess(byId);
        if (byId == null) {
            logger.info("update(): Invalid userId provided: userId=" + vXPortalUser.getId());
            throw this.restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, vXPortalUser.toString());
        }
        this.msRestUtil.validateVUserProfileForUpdate(byId, vXPortalUser);
        return this.userManager.mapXXPortalUserVXPortalUser(this.userManager.updateUser(vXPortalUser));
    }

    @Path("/{userId}/roles")
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.setUserRoles\")")
    @Produces({"application/xml", "application/json"})
    @PUT
    public VXResponse setUserRoles(@PathParam("userId") Long l, VXStringList vXStringList) {
        this.userManager.checkAccess(l);
        this.userManager.setUserRoles(l, vXStringList.getVXStrings());
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(0);
        return vXResponse;
    }

    @Path("{userId}/deactivate")
    @RangerAnnotationClassName(class_name = VXPortalUser.class)
    @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"UserREST.deactivateUser\")")
    @POST
    @Produces({"application/xml", "application/json"})
    public VXPortalUser deactivateUser(@PathParam("userId") Long l) {
        XXPortalUser byId = this.daoManager.getXXPortalUser().getById(l);
        if (byId != null) {
            return this.userManager.deactivateUser(byId);
        }
        logger.info("update(): Invalid userId provided: userId=" + l);
        throw this.restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, "" + l);
    }

    @GET
    @Produces({"application/xml", "application/json"})
    @Path("/profile")
    public VXPortalUser getUserProfile(@Context HttpServletRequest httpServletRequest) {
        try {
            logger.debug("getUserProfile(). httpSessionId=" + httpServletRequest.getSession().getId());
            return this.userManager.getUserProfileByLoginId();
        } catch (Throwable th) {
            logger.error("getUserProfile() no user session. error=" + th.toString(), th);
            return null;
        }
    }

    @GET
    @Produces({"application/xml", "application/json"})
    @Path("/firstnames")
    public String suggestUserFirstName(@QueryParam("letters") String str, @Context HttpServletRequest httpServletRequest) {
        return null;
    }

    @POST
    @Produces({"application/xml", "application/json"})
    @Path("{userId}/passwordchange")
    public VXResponse changePassword(@PathParam("userId") Long l, VXPasswordChange vXPasswordChange) {
        if (vXPasswordChange == null || this.stringUtil.isEmpty(vXPasswordChange.getLoginId())) {
            logger.warn("SECURITY:changePassword(): Invalid loginId provided. loginId was empty or null");
            throw this.restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, "");
        }
        logger.info("changePassword:" + vXPasswordChange.getLoginId());
        XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(vXPasswordChange.getLoginId());
        if (findByLoginId == null) {
            logger.warn("SECURITY:changePassword(): Invalid loginId provided: loginId=" + vXPasswordChange.getLoginId());
            throw this.restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, vXPasswordChange.getLoginId());
        }
        this.userManager.checkAccessForUpdate(findByLoginId);
        vXPasswordChange.setId(findByLoginId.getId());
        return this.userManager.changePassword(vXPasswordChange);
    }

    @POST
    @Produces({"application/xml", "application/json"})
    @Path("{userId}/emailchange")
    public VXPortalUser changeEmailAddress(@PathParam("userId") Long l, VXPasswordChange vXPasswordChange) {
        if (vXPasswordChange == null || this.stringUtil.isEmpty(vXPasswordChange.getLoginId())) {
            logger.warn("SECURITY:changeEmail(): Invalid loginId provided. loginId was empty or null");
            throw this.restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, "");
        }
        logger.info("changeEmail:" + vXPasswordChange.getLoginId());
        XXPortalUser findByLoginId = this.daoManager.getXXPortalUser().findByLoginId(vXPasswordChange.getLoginId());
        if (findByLoginId == null) {
            logger.warn("SECURITY:changeEmail(): Invalid loginId provided: loginId=" + vXPasswordChange.getLoginId());
            throw this.restErrorUtil.createRESTException("serverMsg.userRestUser", MessageEnums.DATA_NOT_FOUND, null, null, vXPasswordChange.getLoginId());
        }
        this.userManager.checkAccessForUpdate(findByLoginId);
        vXPasswordChange.setId(findByLoginId.getId());
        return this.userManager.changeEmailAddress(findByLoginId, vXPasswordChange);
    }
}
