package org.dataone.bookkeeper.resources;

import com.codahale.metrics.annotation.Timed;
import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.security.PermitAll;
import javax.validation.Valid;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.bookkeeper.api.Customer;
import org.dataone.bookkeeper.api.CustomerList;
import org.dataone.bookkeeper.jdbi.CustomerStore;
import org.dataone.bookkeeper.security.DataONEAuthHelper;
import org.jdbi.v3.core.Jdbi;

@Produces({"application/json"})
@Path("/customers")
@Timed
/* loaded from: input_file:org/dataone/bookkeeper/resources/CustomersResource.class */
public class CustomersResource extends BaseResource {
    private Log log = LogFactory.getLog(CustomersResource.class);
    private final CustomerStore customerStore;
    private final DataONEAuthHelper dataoneAuthHelper;
    static final /* synthetic */ boolean $assertionsDisabled;

    public CustomersResource(Jdbi jdbi, DataONEAuthHelper dataONEAuthHelper) {
        this.customerStore = (CustomerStore) jdbi.onDemand(CustomerStore.class);
        this.dataoneAuthHelper = dataONEAuthHelper;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @PermitAll
    @Timed
    @Produces({"application/json"})
    public CustomerList listCustomers(@Context SecurityContext securityContext, @QueryParam("start") @DefaultValue("0") Integer num, @QueryParam("count") @DefaultValue("1000") Integer num2, @QueryParam("email") @Email String str, @QueryParam("subject") String str2) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        Boolean valueOf = Boolean.valueOf(this.dataoneAuthHelper.isBookkeeperAdmin(customer.getSubject()));
        List arrayList = new ArrayList();
        if (str2 != null && !str2.isEmpty()) {
            Customer findCustomerBySubject = this.customerStore.findCustomerBySubject(str2);
            if (findCustomerBySubject.getSubject().compareToIgnoreCase(customer.getSubject()) != 0 && !valueOf.booleanValue()) {
                throw new WebApplicationException("Bookkeeper admin privilege is required list a customer other than the requestor's, " + customer.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);
            }
            arrayList.add(findCustomerBySubject);
        } else if (str != null && !str.isEmpty()) {
            Customer findCustomerByEmail = this.customerStore.findCustomerByEmail(str);
            if (findCustomerByEmail.getSubject().compareToIgnoreCase(customer.getSubject()) != 0 && !valueOf.booleanValue()) {
                throw new WebApplicationException("Bookkeeper admin privilege is required list a customer other than the requestor's, " + customer.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);
            }
            arrayList.add(findCustomerByEmail);
        } else {
            if (!valueOf.booleanValue()) {
                throw new WebApplicationException("Bookkeeper admin privilege is required list all customers, " + customer.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);
            }
            arrayList = this.customerStore.listCustomers();
        }
        return new CustomerList(arrayList);
    }

    @PermitAll
    @Timed
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Customer create(@Context SecurityContext securityContext, @NotNull @Valid Customer customer) throws WebApplicationException {
        Customer customer2 = (Customer) securityContext.getUserPrincipal();
        if (!this.dataoneAuthHelper.isAdmin(customer2.getSubject())) {
            customer.setSubject(customer2.getSubject());
        }
        try {
            if (this.customerStore.findCustomerByEmail(customer.getEmail()) != null) {
                throw new Exception("A customer exists with the given email.");
            }
            if (this.customerStore.findCustomerBySubject(customer.getSubject()) != null) {
                throw new Exception("A customer exists with the given subject.");
            }
            customer.setCreated(new Integer((int) Instant.now().getEpochSecond()));
            return this.customerStore.getCustomer(this.customerStore.insert(customer));
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't insert the customer: " + e.getMessage(), Response.Status.EXPECTATION_FAILED);
        }
    }

    @GET
    @PermitAll
    @Path("{customerId: [0-9]+}")
    @Timed
    @Produces({"application/json"})
    public Customer retrieve(@Context SecurityContext securityContext, @PathParam("customerId") Integer num) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer.getSubject());
        Customer customer2 = null;
        if (num != null) {
            try {
                customer2 = this.customerStore.getCustomer(num);
            } catch (Exception e) {
                throw new WebApplicationException("Couldn't get the customer: " + e.getMessage(), Response.Status.NOT_FOUND);
            }
        }
        if (isAdmin || customer2 == null || customer2.getSubject().equals(customer.getSubject())) {
            return customer2;
        }
        throw new Exception("The caller and customer subject don't match.");
    }

    @PermitAll
    @Path("{customerId}")
    @Timed
    @Produces({"application/json"})
    @PUT
    public Customer update(@Context SecurityContext securityContext, @NotNull @Valid Customer customer) throws WebApplicationException {
        Customer customer2 = (Customer) securityContext.getUserPrincipal();
        boolean isAdmin = this.dataoneAuthHelper.isAdmin(customer2.getSubject());
        try {
            Customer customer3 = this.customerStore.getCustomer(customer.getId());
            if (!isAdmin && customer3 != null && !customer3.getSubject().equals(customer2.getSubject())) {
                throw new Exception("The caller and customer subject don't match.");
            }
            if (!$assertionsDisabled && customer3 == null) {
                throw new AssertionError();
            }
            customer.setCreated(customer3.getCreated());
            customer.setBalance(customer3.getBalance());
            customer.setDelinquent(customer3.isDelinquent());
            customer.setSubject(customer3.getSubject());
            customer.setSubjectInfo(null);
            if (!isAdmin) {
                customer.setDiscount(customer3.getDiscount());
            }
            this.customerStore.update(customer);
            return customer;
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't update the customer: " + e.getMessage(), Response.Status.EXPECTATION_FAILED);
        }
    }

    @PermitAll
    @Path("{customerId}")
    @Timed
    @DELETE
    public Response delete(@Context SecurityContext securityContext, @PathParam("customerId") @Valid Integer num) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        if (!this.dataoneAuthHelper.isBookkeeperAdmin(customer.getSubject())) {
            throw new WebApplicationException("Bookkeeper admin privilege is required to delete a customer, " + customer.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);
        }
        if (num == null) {
            throw new WebApplicationException("The customerId cannot be null.", Response.Status.BAD_REQUEST);
        }
        try {
            this.customerStore.delete(num);
            return Response.ok().build();
        } catch (Exception e) {
            this.log.error("Deleting the customer with id " + num + " failed: " + e.getMessage());
            e.printStackTrace();
            throw e;
        }
    }

    static {
        $assertionsDisabled = !CustomersResource.class.desiredAssertionStatus();
    }
}
