package org.sonatype.security.rest.users;

import javax.enterprise.inject.Typed;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import org.codehaus.enunciate.contract.jaxrs.ResourceMethodSignature;
import org.restlet.Context;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.data.Status;
import org.restlet.resource.ResourceException;
import org.restlet.resource.Variant;
import org.sonatype.nexus.rest.component.AbstractComponentListPlexusResource;
import org.sonatype.plexus.rest.resource.PathProtectionDescriptor;
import org.sonatype.plexus.rest.resource.PlexusResource;
import org.sonatype.security.authorization.AuthorizationManager;
import org.sonatype.security.authorization.NoSuchAuthorizationManagerException;
import org.sonatype.security.authorization.NoSuchPrivilegeException;
import org.sonatype.security.authorization.NoSuchRoleException;
import org.sonatype.security.authorization.Privilege;
import org.sonatype.security.authorization.Role;
import org.sonatype.security.rest.AbstractSecurityPlexusResource;
import org.sonatype.security.rest.model.RoleTreeResource;
import org.sonatype.security.rest.model.RoleTreeResourceResponse;
import org.sonatype.security.usermanagement.RoleIdentifier;
import org.sonatype.security.usermanagement.User;
import org.sonatype.security.usermanagement.UserNotFoundException;

@Path(UserRoleTreePlexusResource.RESOURCE_URI)
@Consumes({"application/xml", MediaType.APPLICATION_JSON})
@Named("UserRoleTreePlexusResource")
@Singleton
@Typed({PlexusResource.class})
@Produces({"application/xml", MediaType.APPLICATION_JSON})
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.16-01/nexus-restlet1x-plugin-2.14.16-01.jar:org/sonatype/security/rest/users/UserRoleTreePlexusResource.class */
public class UserRoleTreePlexusResource extends AbstractSecurityPlexusResource {
    public static final String USER_ID_KEY = "userId";
    public static final String RESOURCE_URI = "/role_tree/{userId}";

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public Object getPayloadInstance() {
        return null;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public PathProtectionDescriptor getResourceProtection() {
        return new PathProtectionDescriptor("/role_tree/*", "authcBasic,perms[security:users]");
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public String getResourceUri() {
        return RESOURCE_URI;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    @GET
    @ResourceMethodSignature(output = RoleTreeResourceResponse.class)
    public Object get(Context context, Request request, Response response, Variant variant) throws ResourceException {
        String userId = getUserId(request);
        try {
            RoleTreeResourceResponse roleTreeResourceResponse = new RoleTreeResourceResponse();
            AuthorizationManager authorizationManager = getSecuritySystem().getAuthorizationManager("default");
            if (Boolean.parseBoolean(request.getResourceRef().getQueryAsForm().getFirstValue("isRole"))) {
                handleRole(authorizationManager.getRole(userId), authorizationManager, roleTreeResourceResponse, null);
            } else {
                handleUser(getSecuritySystem().getUser(userId), authorizationManager, roleTreeResourceResponse);
            }
            return roleTreeResourceResponse;
        } catch (NoSuchAuthorizationManagerException e) {
            throw new ResourceException(Status.SERVER_ERROR_INTERNAL, "Unable to load default authorization manager");
        } catch (NoSuchRoleException e2) {
            throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Role: " + userId + " could not be found.");
        } catch (UserNotFoundException e3) {
            throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "User: " + userId + " could not be found.");
        }
    }

    protected void handleUser(User user, AuthorizationManager authorizationManager, RoleTreeResourceResponse roleTreeResourceResponse) {
        for (RoleIdentifier roleIdentifier : user.getRoles()) {
            try {
                Role role = authorizationManager.getRole(roleIdentifier.getRoleId());
                RoleTreeResource roleTreeResource = new RoleTreeResource();
                roleTreeResource.setId(role.getRoleId());
                roleTreeResource.setName(role.getName());
                roleTreeResource.setType(AbstractComponentListPlexusResource.ROLE_ID);
                roleTreeResourceResponse.addData(roleTreeResource);
                handleRole(role, authorizationManager, roleTreeResourceResponse, roleTreeResource);
            } catch (NoSuchRoleException e) {
                getLogger().debug("Invalid roleId: " + roleIdentifier.getRoleId() + " from source: " + roleIdentifier.getSource() + " not found.");
            }
        }
    }

    protected void handleRole(Role role, AuthorizationManager authorizationManager, RoleTreeResourceResponse roleTreeResourceResponse, RoleTreeResource roleTreeResource) {
        for (String str : role.getRoles()) {
            try {
                Role role2 = authorizationManager.getRole(str);
                RoleTreeResource roleTreeResource2 = new RoleTreeResource();
                roleTreeResource2.setId(role2.getRoleId());
                roleTreeResource2.setName(role2.getName());
                roleTreeResource2.setType(AbstractComponentListPlexusResource.ROLE_ID);
                if (roleTreeResource != null) {
                    roleTreeResource.addChildren(roleTreeResource2);
                } else {
                    roleTreeResourceResponse.addData(roleTreeResource2);
                }
                handleRole(role2, authorizationManager, roleTreeResourceResponse, roleTreeResource2);
            } catch (NoSuchRoleException e) {
                getLogger().debug("handleRole() failed, roleId: " + str + " not found");
            }
        }
        for (String str2 : role.getPrivileges()) {
            try {
                Privilege privilege = authorizationManager.getPrivilege(str2);
                RoleTreeResource roleTreeResource3 = new RoleTreeResource();
                roleTreeResource3.setId(privilege.getId());
                roleTreeResource3.setName(privilege.getName());
                roleTreeResource3.setType("privilege");
                if (roleTreeResource != null) {
                    roleTreeResource.addChildren(roleTreeResource3);
                } else {
                    roleTreeResourceResponse.addData(roleTreeResource3);
                }
            } catch (NoSuchPrivilegeException e2) {
                getLogger().debug("handleRole() failed, privilegeId: " + str2 + " not found");
            }
        }
    }

    protected String getUserId(Request request) {
        return getRequestAttribute(request, "userId");
    }
}
