package org.dataone.bookkeeper.resources;

import com.codahale.metrics.annotation.Timed;
import io.dropwizard.auth.AuthenticationException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.security.PermitAll;
import javax.validation.constraints.NotNull;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.bookkeeper.api.Customer;
import org.dataone.bookkeeper.api.Membership;
import org.dataone.bookkeeper.api.MembershipList;
import org.dataone.bookkeeper.jdbi.CustomerStore;
import org.dataone.bookkeeper.jdbi.MembershipStore;
import org.dataone.bookkeeper.security.DataONEAuthHelper;
import org.jdbi.v3.core.Jdbi;

@Produces({"application/json"})
@Path("/memberships")
@Timed
/* loaded from: input_file:org/dataone/bookkeeper/resources/MembershipsResource.class */
public class MembershipsResource extends BaseResource {
    private final Log log = LogFactory.getLog(MembershipsResource.class);
    private final MembershipStore membershipStore;
    private final CustomerStore customerStore;
    private final DataONEAuthHelper dataoneAuthHelper;

    public MembershipsResource(Jdbi jdbi, DataONEAuthHelper dataONEAuthHelper) {
        this.membershipStore = (MembershipStore) jdbi.onDemand(MembershipStore.class);
        this.customerStore = (CustomerStore) jdbi.onDemand(CustomerStore.class);
        this.dataoneAuthHelper = dataONEAuthHelper;
    }

    @GET
    @PermitAll
    @Timed
    @Produces({"application/json"})
    public MembershipList listMemberships(@Context SecurityContext securityContext, @QueryParam("start") @DefaultValue("0") Integer num, @QueryParam("count") @DefaultValue("1000") Integer num2, @QueryParam("owner") Set<String> set, @QueryParam("requestor") String str) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        new ArrayList();
        boolean z = this.dataoneAuthHelper.isAdmin(customer.getSubject()) || this.dataoneAuthHelper.isBookkeeperAdmin(customer.getSubject());
        ArrayList arrayList = new ArrayList();
        Boolean valueOf = Boolean.valueOf(z && str != null);
        if (str != null) {
            if (!z) {
                throw new WebApplicationException(customer.getSubject() + " does not have admin privilege needed to set 'requestor'. ", Response.Status.FORBIDDEN);
            }
            try {
                customer = this.dataoneAuthHelper.createCustomerFromSubject(str);
            } catch (AuthenticationException e) {
                throw new WebApplicationException("The requested memberships couldn't be listed: " + e.getMessage(), Response.Status.BAD_REQUEST);
            }
        }
        if (set == null || set.size() <= 0) {
            if ((!z || valueOf.booleanValue()) && arrayList.size() == 0) {
                arrayList = new ArrayList(this.dataoneAuthHelper.getAssociatedSubjects(customer));
            }
        } else if (!z || valueOf.booleanValue()) {
            Set<String> filterByAssociatedSubjects = this.dataoneAuthHelper.filterByAssociatedSubjects(customer, set);
            if (filterByAssociatedSubjects.size() > 0) {
                arrayList.addAll(filterByAssociatedSubjects);
            }
            if (arrayList.size() == 0) {
                throw new WebApplicationException("The requested owners don't exist or requestor doesn't have privilege to view them.", Response.Status.FORBIDDEN);
            }
        } else {
            arrayList.addAll(set);
        }
        List<Membership> findMembershipsByOwners = arrayList.size() > 0 ? this.membershipStore.findMembershipsByOwners(arrayList) : this.membershipStore.listMemberships();
        if (findMembershipsByOwners != null && findMembershipsByOwners.size() != 0) {
            return new MembershipList(findMembershipsByOwners);
        }
        if (!z || valueOf.booleanValue()) {
            throw new WebApplicationException("The requested memberships were not found or requestor does not have privilege to view them.", Response.Status.NOT_FOUND);
        }
        throw new WebApplicationException("The requested memberships were not found.", Response.Status.NOT_FOUND);
    }

    @GET
    @PermitAll
    @Path("{membershipId}")
    @Timed
    @Produces({"application/json"})
    public Membership retrieve(@Context SecurityContext securityContext, @PathParam("membershipId") @NotNull Integer num) throws WebApplicationException {
        Customer customer = (Customer) securityContext.getUserPrincipal();
        boolean z = this.dataoneAuthHelper.isAdmin(customer.getSubject()) || this.dataoneAuthHelper.isBookkeeperAdmin(customer.getSubject());
        if (!z) {
            throw new WebApplicationException("Admin privilege is required to retrieve a membership, " + customer.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);
        }
        try {
            Membership membership = this.membershipStore.getMembership(num);
            if (z) {
                return membership;
            }
            String subject = this.customerStore.getCustomer(membership.getCustomerId()).getSubject();
            HashSet hashSet = new HashSet();
            hashSet.add(subject);
            if (this.dataoneAuthHelper.filterByAssociatedSubjects(customer, hashSet).size() > 0) {
                return membership;
            }
            throw new WebApplicationException(customer.getSubject() + " is not associated with this membership.", Response.Status.FORBIDDEN);
        } catch (Exception e) {
            throw new WebApplicationException("Couldn't get the membership: " + e.getMessage(), Response.Status.NOT_FOUND);
        }
    }
}
