package org.ametys.plugins.core.user;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.ametys.core.authentication.AbstractCredentialProvider;
import org.ametys.core.authentication.AuthenticateAction;
import org.ametys.core.authentication.BlockingCredentialProvider;
import org.ametys.core.right.RightManager;
import org.ametys.core.ui.Callable;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.InvalidModificationException;
import org.ametys.core.user.User;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.user.UserManager;
import org.ametys.core.user.directory.ModifiableUserDirectory;
import org.ametys.core.user.directory.UserDirectory;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.parameter.Errors;
import org.ametys.runtime.parameter.Parameter;
import org.ametys.runtime.parameter.ParameterHelper;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.cocoon.ProcessingException;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/ametys/plugins/core/user/UserDAO.class */
public class UserDAO extends AbstractLogEnabled implements Component, Contextualizable, Serviceable {
    public static final String ROLE = UserDAO.class.getName();
    protected ServiceManager _smanager;
    protected UserManager _userManager;
    protected UserPopulationDAO _userPopulationDAO;
    protected CurrentUserProvider _currentUserProvider;
    protected Context _context;
    protected UserHelper _userHelper;
    protected RightManager _rightManager;

    /* loaded from: input_file:org/ametys/plugins/core/user/UserDAO$ImpersonateCredentialProvider.class */
    public static class ImpersonateCredentialProvider extends AbstractCredentialProvider implements BlockingCredentialProvider {
        @Override // org.ametys.core.authentication.BlockingCredentialProvider
        public boolean blockingGrantAnonymousRequest() {
            return false;
        }

        @Override // org.ametys.core.authentication.BlockingCredentialProvider
        public boolean blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception {
            return true;
        }

        @Override // org.ametys.core.authentication.BlockingCredentialProvider
        public UserIdentity blockingGetUserIdentity(Redirector redirector) throws Exception {
            return null;
        }

        @Override // org.ametys.core.authentication.BlockingCredentialProvider
        public void blockingUserNotAllowed(Redirector redirector) throws Exception {
        }

        @Override // org.ametys.core.authentication.BlockingCredentialProvider
        public void blockingUserAllowed(UserIdentity userIdentity) {
        }

        @Override // org.ametys.core.authentication.BlockingCredentialProvider
        public boolean requiresNewWindow() {
            return false;
        }
    }

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._smanager = serviceManager;
        this._userManager = (UserManager) serviceManager.lookup(UserManager.ROLE);
        this._userPopulationDAO = (UserPopulationDAO) serviceManager.lookup(UserPopulationDAO.ROLE);
        this._userHelper = (UserHelper) serviceManager.lookup(UserHelper.ROLE);
        this._rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
    }

    @Callable
    public Map<String, Object> getUser(String str, String str2) {
        return this._userHelper.user2json(this._userManager.getUser(str2, str), true);
    }

    @Callable
    public Map<String, Object> isModifiable(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("isModifiable", Boolean.valueOf(this._userManager.getUserDirectory(str2, str) instanceof ModifiableUserDirectory));
        hashMap.put("additionalDescription", new I18nizableText("plugin.core-ui", "PLUGINS_CORE_UI_USERS_EDIT_NO_MODIFIABLE_DESCRIPTION"));
        return hashMap;
    }

    @Callable
    public Map<String, Object> isRemovable(String str, String str2) {
        HashMap hashMap = new HashMap();
        UserDirectory userDirectory = this._userManager.getUserDirectory(str2, str);
        if (userDirectory != null && str2.equals(UserPopulationDAO.ADMIN_POPULATION_ID) && userDirectory.getUsers().size() == 1) {
            hashMap.put("isRemovable", false);
            hashMap.put("additionalDescription", new I18nizableText("plugin.core-ui", "PLUGINS_CORE_UI_USERS_DELETE_LAST_ADMIN_DESCRIPTION"));
        } else {
            hashMap.put("isRemovable", Boolean.valueOf(userDirectory instanceof ModifiableUserDirectory));
            hashMap.put("additionalDescription", new I18nizableText("plugin.core-ui", "PLUGINS_CORE_UI_USERS_DELETE_NO_MODIFIABLE_DESCRIPTION"));
        }
        return hashMap;
    }

    @Callable(right = "Runtime_Rights_User_Handle")
    public Map<String, Object> addUser(String str, String str2, Map<String, String> map) throws InvalidModificationException {
        HashMap hashMap = new HashMap();
        UserDirectory userDirectory = this._userPopulationDAO.getUserPopulation(str).getUserDirectory(str2);
        if (!(userDirectory instanceof ModifiableUserDirectory)) {
            getLogger().error("Users are not modifiable !");
            throw new InvalidModificationException("Users are not modifiable !");
        }
        ModifiableUserDirectory modifiableUserDirectory = (ModifiableUserDirectory) userDirectory;
        String str3 = map.get("login");
        try {
            if (getLogger().isInfoEnabled()) {
                getLogger().info(String.format("User %s is adding a new user '%s'", _getCurrentUser(), str3));
            }
            modifiableUserDirectory.add(map);
            return this._userHelper.user2json(modifiableUserDirectory.getUser(str3), true);
        } catch (InvalidModificationException e) {
            Map<String, Errors> fieldErrors = e.getFieldErrors();
            if (fieldErrors == null || fieldErrors.size() <= 0) {
                throw e;
            }
            hashMap.put("errors", fieldErrors);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Ending user's edition");
            }
            return hashMap;
        }
    }

    @Callable(right = "Runtime_Rights_User_Handle")
    public Map<String, Object> editUser(String str, Map<String, String> map) throws InvalidModificationException {
        HashMap hashMap = new HashMap();
        String str2 = map.get("login");
        UserDirectory userDirectory = this._userManager.getUserDirectory(str, str2);
        if (!(userDirectory instanceof ModifiableUserDirectory)) {
            getLogger().error("Users are not modifiable !");
            throw new InvalidModificationException("Users are not modifiable !");
        }
        ModifiableUserDirectory modifiableUserDirectory = (ModifiableUserDirectory) userDirectory;
        try {
            if (getLogger().isInfoEnabled()) {
                getLogger().info(String.format("User %s is updating information about user '%s'", _getCurrentUser(), str2));
            }
            modifiableUserDirectory.update(map);
            return this._userHelper.user2json(modifiableUserDirectory.getUser(str2), true);
        } catch (InvalidModificationException e) {
            Map<String, Errors> fieldErrors = e.getFieldErrors();
            if (fieldErrors == null || fieldErrors.size() <= 0) {
                throw e;
            }
            hashMap.put("errors", fieldErrors);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Ending user's edition");
            }
            return hashMap;
        }
    }

    @Callable(right = "Runtime_Rights_User_Handle")
    public void deleteUsers(List<Map<String, String>> list) throws InvalidModificationException {
        for (Map<String, String> map : list) {
            _deleteUser(map.get("login"), map.get("populationId"));
        }
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Ending user's removal");
        }
    }

    private void _deleteUser(String str, String str2) throws InvalidModificationException {
        UserDirectory userDirectory = this._userManager.getUserDirectory(str2, str);
        if (!(userDirectory instanceof ModifiableUserDirectory)) {
            getLogger().error("Users are not modifiable !");
            throw new InvalidModificationException("Users are not modifiable !");
        }
        if (str2.equals(UserPopulationDAO.ADMIN_POPULATION_ID) && userDirectory.getUsers().size() == 1) {
            getLogger().error("Deletion forbidden: last user of the 'admin' population.");
            throw new InvalidModificationException("You cannot delete the last user of the 'admin' population !");
        }
        ModifiableUserDirectory modifiableUserDirectory = (ModifiableUserDirectory) userDirectory;
        if (getLogger().isInfoEnabled()) {
            getLogger().info(String.format("User %s is removing user '%s'", _getCurrentUser(), str));
        }
        modifiableUserDirectory.remove(str);
    }

    @Callable(right = "Runtime_Rights_User_Handle")
    public Map<String, Object> getEditionModelForUSer(String str, String str2) throws InvalidModificationException, ProcessingException {
        return _getEditionModel(this._userManager.getUserDirectory(str2, str));
    }

    @Callable(right = "Runtime_Rights_User_Handle")
    public Map<String, Object> getEditionModelForDirectory(String str, String str2) throws InvalidModificationException, ProcessingException {
        return _getEditionModel(this._userPopulationDAO.getUserPopulation(str).getUserDirectory(str2));
    }

    private Map<String, Object> _getEditionModel(UserDirectory userDirectory) throws InvalidModificationException, ProcessingException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (!(userDirectory instanceof ModifiableUserDirectory)) {
            getLogger().error("Users are not modifiable !");
            throw new InvalidModificationException("Users are not modifiable !");
        }
        for (Parameter<ParameterHelper.ParameterType> parameter : ((ModifiableUserDirectory) userDirectory).getModel()) {
            Map<String, Object> json = ParameterHelper.toJSON(parameter);
            json.put("type", ParameterHelper.typeToString(parameter.getType()));
            linkedHashMap.put(parameter.getId(), json);
        }
        return linkedHashMap;
    }

    @Callable(right = "Runtime_Rights_User_Handle", context = "/admin")
    public Map<String, String> impersonate(String str, String str2) throws AccessDeniedException {
        UserIdentity _getCurrentUser = _getCurrentUser();
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("'login' parameter is null or empty");
        }
        HashMap hashMap = new HashMap();
        User user = this._userManager.getUser(str2, str);
        if (user == null) {
            hashMap.put("error", "unknown-user");
        } else {
            try {
                this._currentUserProvider.logout();
            } catch (ProcessingException e) {
                getLogger().error("An error occurred while logging out current user " + _getCurrentUser);
            }
            Request request = ContextHelper.getRequest(this._context);
            AuthenticateAction.setUserIdentityInSession(request, user.getIdentity(), new ImpersonateCredentialProvider(), true);
            hashMap.put("login", str);
            hashMap.put("populationId", str2);
            hashMap.put("name", user.getFullName());
            if (getLogger().isInfoEnabled()) {
                getLogger().info("Impersonation of the user '" + str + "' from IP " + request.getRemoteAddr() + " done by " + _getCurrentUser);
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserIdentity _getCurrentUser() {
        if (this._currentUserProvider == null) {
            try {
                this._currentUserProvider = (CurrentUserProvider) this._smanager.lookup(CurrentUserProvider.ROLE);
            } catch (ServiceException e) {
                throw new IllegalStateException((Throwable) e);
            }
        }
        return this._currentUserProvider.getUser();
    }
}
