package org.sonatype.security.rest.privileges;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.inject.Typed;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import org.codehaus.enunciate.contract.jaxrs.ResourceMethodSignature;
import org.restlet.Context;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.data.Status;
import org.restlet.resource.ResourceException;
import org.restlet.resource.Variant;
import org.sonatype.plexus.rest.resource.PathProtectionDescriptor;
import org.sonatype.plexus.rest.resource.PlexusResource;
import org.sonatype.security.authorization.AuthorizationManager;
import org.sonatype.security.authorization.NoSuchAuthorizationManagerException;
import org.sonatype.security.authorization.NoSuchPrivilegeException;
import org.sonatype.security.authorization.NoSuchRoleException;
import org.sonatype.security.authorization.Privilege;
import org.sonatype.security.authorization.Role;
import org.sonatype.security.rest.AbstractSecurityPlexusResource;
import org.sonatype.security.rest.model.AssignedPrivilegeListResource;
import org.sonatype.security.rest.model.AssignedPrivilegeListResourceResponse;
import org.sonatype.security.rest.model.ParentNode;
import org.sonatype.security.usermanagement.RoleIdentifier;
import org.sonatype.security.usermanagement.User;
import org.sonatype.security.usermanagement.UserNotFoundException;

@Path(AssignedPrivilegesPlexusResource.RESOURCE_URI)
@Consumes({"application/xml", MediaType.APPLICATION_JSON})
@Named("AssignedPrivilegesPlexusResource")
@Singleton
@Typed({PlexusResource.class})
@Produces({"application/xml", MediaType.APPLICATION_JSON})
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.17-01/nexus-restlet1x-plugin-2.14.17-01.jar:org/sonatype/security/rest/privileges/AssignedPrivilegesPlexusResource.class */
public class AssignedPrivilegesPlexusResource extends AbstractSecurityPlexusResource {
    public static final String USER_ID_KEY = "userId";
    public static final String RESOURCE_URI = "/assigned_privileges/{userId}";

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public Object getPayloadInstance() {
        return null;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public PathProtectionDescriptor getResourceProtection() {
        return new PathProtectionDescriptor("/assigned_privileges/*", "authcBasic,perms[security:users]");
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public String getResourceUri() {
        return RESOURCE_URI;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    @GET
    @ResourceMethodSignature(output = AssignedPrivilegeListResourceResponse.class)
    public Object get(Context context, Request request, Response response, Variant variant) throws ResourceException {
        String userId = getUserId(request);
        try {
            AssignedPrivilegeListResourceResponse assignedPrivilegeListResourceResponse = new AssignedPrivilegeListResourceResponse();
            User user = getSecuritySystem().getUser(userId);
            AuthorizationManager authorizationManager = getSecuritySystem().getAuthorizationManager("default");
            for (RoleIdentifier roleIdentifier : user.getRoles()) {
                try {
                    handleRole(authorizationManager.getRole(roleIdentifier.getRoleId()), null, authorizationManager, assignedPrivilegeListResourceResponse);
                } catch (NoSuchRoleException e) {
                    getLogger().debug("Invalid roleId: " + roleIdentifier.getRoleId() + " from source: " + roleIdentifier.getSource() + " not found.");
                }
            }
            return assignedPrivilegeListResourceResponse;
        } catch (NoSuchAuthorizationManagerException e2) {
            throw new ResourceException(Status.SERVER_ERROR_INTERNAL, "Unable to load default authorization manager");
        } catch (UserNotFoundException e3) {
            throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "User: " + userId + " could not be found.");
        }
    }

    protected void handleRole(Role role, List<Role> list, AuthorizationManager authorizationManager, AssignedPrivilegeListResourceResponse assignedPrivilegeListResourceResponse) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            arrayList.addAll(list);
        }
        arrayList.add(0, role);
        for (String str : role.getRoles()) {
            try {
                handleRole(authorizationManager.getRole(str), arrayList, authorizationManager, assignedPrivilegeListResourceResponse);
            } catch (NoSuchRoleException e) {
                getLogger().debug("handleRole() failed, roleId: " + str + " not found");
            }
        }
        for (String str2 : role.getPrivileges()) {
            try {
                handlePrivilege(authorizationManager.getPrivilege(str2), arrayList, assignedPrivilegeListResourceResponse);
            } catch (NoSuchPrivilegeException e2) {
                getLogger().debug("handleRole() failed, privilegeId: " + str2 + " not found");
            }
        }
    }

    protected void handlePrivilege(Privilege privilege, List<Role> list, AssignedPrivilegeListResourceResponse assignedPrivilegeListResourceResponse) {
        AssignedPrivilegeListResource assignedPrivilegeListResource = null;
        Iterator<AssignedPrivilegeListResource> it = assignedPrivilegeListResourceResponse.getData().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AssignedPrivilegeListResource next = it.next();
            if (next.getId().equals(privilege.getId())) {
                assignedPrivilegeListResource = next;
                break;
            }
        }
        if (assignedPrivilegeListResource == null) {
            assignedPrivilegeListResource = new AssignedPrivilegeListResource();
            assignedPrivilegeListResource.setId(privilege.getId());
            assignedPrivilegeListResource.setName(privilege.getName());
            assignedPrivilegeListResourceResponse.addData(assignedPrivilegeListResource);
        }
        ParentNode parentNode = null;
        ParentNode parentNode2 = null;
        for (Role role : list) {
            ParentNode parentNode3 = new ParentNode();
            parentNode3.setId(role.getRoleId());
            parentNode3.setName(role.getName());
            if (parentNode == null) {
                parentNode = parentNode3;
                parentNode2 = parentNode;
            } else {
                parentNode2.addParent(parentNode3);
                parentNode2 = parentNode3;
            }
        }
        assignedPrivilegeListResource.addParent(parentNode);
    }

    protected String getUserId(Request request) {
        return getRequestAttribute(request, "userId");
    }
}
