package org.craftercms.profile.management.web.controllers;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.craftercms.commons.security.exception.ActionDeniedException;
import org.craftercms.commons.security.permissions.PermissionEvaluator;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.Tenant;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.TenantService;
import org.craftercms.profile.management.exceptions.ResourceNotFoundException;
import org.craftercms.profile.management.security.AuthorizationUtils;
import org.craftercms.profile.management.security.permissions.Action;
import org.craftercms.security.utils.SecurityUtils;
import org.craftercms.security.utils.tenant.TenantUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({TenantController.BASE_URL_TENANT})
@Controller
/* loaded from: input_file:org/craftercms/profile/management/web/controllers/TenantController.class */
public class TenantController {
    public static final String BASE_URL_TENANT = "/tenant";
    public static final String PATH_VAR_NAME = "name";
    public static final String URL_VIEW_TENANT_LIST = "/list/view";
    public static final String URL_VIEW_NEW_TENANT = "/new/view";
    public static final String URL_VIEW_TENANT = "/view";
    public static final String URL_GET_TENANT_NAMES = "/names";
    public static final String URL_GET_TENANT = "/{name}";
    public static final String URL_CREATE_TENANT = "/create";
    public static final String URL_UPDATE_TENANT = "/update";
    public static final String URL_DELETE_TENANT = "/{name}/delete";
    public static final String VIEW_TENANT_LIST = "tenant-list";
    public static final String VIEW_TENANT = "tenant";
    public static final String MODEL_PAGE_HEADER = "pageHeader";
    public static final String MODEL_MESSAGE = "message";
    public static final String PAGE_HEADER_NEW = "New Tenant";
    public static final String PAGE_HEADER_UPDATE = "Update Tenant";
    public static final String MSG_TENANT_CREATED_FORMAT = "Tenant '%s' created";
    public static final String MSG_TENANT_UPDATED_FORMAT = "Tenant '%s' updated";
    public static final String MSG_TENANT_DELETED_FORMAT = "Tenant '%s' deleted";
    private TenantService tenantService;
    private PermissionEvaluator<Profile, String> tenantPermissionEvaluator;

    public TenantController(TenantService tenantService, PermissionEvaluator<Profile, String> permissionEvaluator) {
        this.tenantService = tenantService;
        this.tenantPermissionEvaluator = permissionEvaluator;
    }

    @RequestMapping(value = {"/list/view"}, method = {RequestMethod.GET})
    public String viewTenantList() throws ProfileException {
        return VIEW_TENANT_LIST;
    }

    @RequestMapping(value = {"/new/view"}, method = {RequestMethod.GET})
    public ModelAndView viewNewTenant() throws ProfileException {
        return new ModelAndView(VIEW_TENANT, MODEL_PAGE_HEADER, PAGE_HEADER_NEW);
    }

    @RequestMapping(value = {"/view"}, method = {RequestMethod.GET})
    public ModelAndView viewTenant() throws ProfileException {
        return new ModelAndView(VIEW_TENANT, MODEL_PAGE_HEADER, PAGE_HEADER_UPDATE);
    }

    @RequestMapping(value = {URL_GET_TENANT_NAMES}, method = {RequestMethod.GET})
    @ResponseBody
    public List<String> getTenantNames() throws ProfileException {
        return AuthorizationUtils.isSuperadmin(SecurityUtils.getCurrentProfile()) ? TenantUtils.getTenantNames(this.tenantService) : Collections.singletonList(SecurityUtils.getCurrentProfile().getTenant());
    }

    @RequestMapping(value = {URL_GET_TENANT}, method = {RequestMethod.GET})
    @ResponseBody
    public Tenant getTenant(@PathVariable("name") String str) throws ProfileException {
        checkIfAllowed(str, Action.GET_TENANT);
        Tenant tenant = this.tenantService.getTenant(str);
        if (tenant != null) {
            return tenant;
        }
        throw new ResourceNotFoundException("No tenant found with name '" + str + "'");
    }

    @RequestMapping(value = {"/create"}, method = {RequestMethod.POST})
    @ResponseBody
    public Map<String, String> createTenant(@RequestBody Tenant tenant) throws ProfileException {
        checkIfAllowed(null, Action.CREATE_TENANT);
        if (tenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE)) {
            throw new ActionDeniedException(Action.CREATE_TENANT.toString(), tenant.getName());
        }
        return Collections.singletonMap("message", String.format(MSG_TENANT_CREATED_FORMAT, this.tenantService.createTenant(tenant).getName()));
    }

    @RequestMapping(value = {"/update"}, method = {RequestMethod.POST})
    @ResponseBody
    public Map<String, String> updateTenant(@RequestBody Tenant tenant) throws ProfileException {
        String name = tenant.getName();
        checkIfAllowed(name, Action.UPDATE_TENANT);
        Tenant tenant2 = this.tenantService.getTenant(name);
        if (tenant2 == null) {
            throw new ResourceNotFoundException("No tenant found with name '" + name + "'");
        }
        if (!tenant2.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE) && tenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE)) {
            throw new ActionDeniedException(Action.UPDATE_TENANT.toString(), name);
        }
        if (tenant2.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE) && !tenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE)) {
            throw new ActionDeniedException(Action.UPDATE_TENANT.toString(), name);
        }
        this.tenantService.updateTenant(tenant);
        return Collections.singletonMap("message", String.format(MSG_TENANT_UPDATED_FORMAT, name));
    }

    @RequestMapping(value = {URL_DELETE_TENANT}, method = {RequestMethod.POST})
    @ResponseBody
    public Map<String, String> deleteTenant(@PathVariable("name") String str) throws ProfileException {
        checkIfAllowed(str, Action.DELETE_TENANT);
        if (this.tenantService.getTenant(str) == null) {
            throw new ResourceNotFoundException("No tenant found with name '" + str + "'");
        }
        this.tenantService.deleteTenant(str);
        return Collections.singletonMap("message", String.format(MSG_TENANT_DELETED_FORMAT, str));
    }

    private void checkIfAllowed(String str, Action action) throws ActionDeniedException {
        if (this.tenantPermissionEvaluator.isAllowed(str, action.toString())) {
            return;
        }
        if (str == null) {
            throw new ActionDeniedException(action.toString());
        }
        throw new ActionDeniedException(action.toString(), str);
    }
}
