package io.gravitee.management.rest.resource;

import io.gravitee.management.model.PageEntity;
import io.gravitee.management.model.UpdatePageEntity;
import io.gravitee.management.model.Visibility;
import io.gravitee.management.model.api.ApiEntity;
import io.gravitee.management.model.permissions.RolePermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.rest.security.Permission;
import io.gravitee.management.rest.security.Permissions;
import io.gravitee.management.service.ApiService;
import io.gravitee.management.service.GroupService;
import io.gravitee.management.service.PageService;
import io.gravitee.management.service.exceptions.ForbiddenAccessException;
import io.gravitee.management.service.exceptions.UnauthorizedAccessException;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.List;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PATCH;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;

@Api(tags = {"API"})
/* loaded from: input_file:io/gravitee/management/rest/resource/ApiPageResource.class */
public class ApiPageResource extends AbstractResource {

    @Inject
    private ApiService apiService;

    @Inject
    private PageService pageService;

    @Inject
    private GroupService groupService;

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "Page"), @ApiResponse(code = 500, message = "Internal server error")})
    @ApiOperation(value = "Get a page", notes = "User must have the READ permission to use this service")
    @Produces({"application/json"})
    public PageEntity getPage(@PathParam("api") String str, @PathParam("page") String str2, @QueryParam("portal") boolean z) {
        ApiEntity findById = this.apiService.findById(str);
        if (!Visibility.PUBLIC.equals(findById.getVisibility()) && !hasPermission(RolePermission.API_DOCUMENTATION, str, RolePermissionAction.READ)) {
            throw new ForbiddenAccessException();
        }
        PageEntity findById2 = this.pageService.findById(str2);
        if (z) {
            this.pageService.transformSwagger(findById2);
            if (!isAuthenticated() && findById2.getMetadata() != null) {
                findById2.getMetadata().clear();
            }
        }
        if (isDisplayable(findById, findById2.isPublished(), findById2.getExcludedGroups())) {
            return findById2;
        }
        throw new UnauthorizedAccessException();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "Page's content"), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/content")
    @ApiOperation(value = "Get the page's content", notes = "User must have the READ permission to use this service")
    public Response getPageContent(@PathParam("api") String str, @PathParam("page") String str2) {
        PageEntity page = getPage(str, str2, true);
        return Response.ok(page.getContent(), page.getContentType()).build();
    }

    @ApiResponses({@ApiResponse(code = 201, message = "Page successfully updated", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.API_DOCUMENTATION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Update a page", notes = "User must have the MANAGE_PAGES permission to use this service")
    @Produces({"application/json"})
    @PUT
    public PageEntity updatePage(@PathParam("api") String str, @PathParam("page") String str2, @NotNull @Valid @ApiParam(name = "page", required = true) UpdatePageEntity updatePageEntity) {
        this.pageService.findById(str2);
        updatePageEntity.setLastContributor(getAuthenticatedUser());
        return this.pageService.update(str2, updatePageEntity);
    }

    @ApiResponses({@ApiResponse(code = 201, message = "Page successfully refreshed", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/_fetch")
    @Permissions({@Permission(value = RolePermission.API_DOCUMENTATION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Refresh page by calling the associated fetcher", notes = "User must have the MANAGE_PAGES permission to use this service")
    @POST
    @Produces({"application/json"})
    public PageEntity fetchPage(@PathParam("api") String str, @PathParam("page") String str2) {
        this.pageService.findById(str2);
        return this.pageService.fetch(str2, getAuthenticatedUser());
    }

    @ApiResponses({@ApiResponse(code = 201, message = "Page successfully updated", response = PageEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.API_DOCUMENTATION, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Update a page", notes = "User must have the MANAGE_PAGES permission to use this service")
    @Produces({"application/json"})
    @PATCH
    public PageEntity partialUpdatePage(@PathParam("api") String str, @PathParam("page") String str2, @ApiParam(name = "page") UpdatePageEntity updatePageEntity) {
        this.pageService.findById(str2);
        updatePageEntity.setLastContributor(getAuthenticatedUser());
        return this.pageService.update(str2, updatePageEntity, true);
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Page successfully deleted"), @ApiResponse(code = 500, message = "Internal server error")})
    @Permissions({@Permission(value = RolePermission.API_DOCUMENTATION, acls = {RolePermissionAction.DELETE})})
    @DELETE
    @ApiOperation(value = "Delete a page", notes = "User must have the MANAGE_PAGES permission to use this service")
    public void deletePage(@PathParam("api") String str, @PathParam("page") String str2) {
        this.pageService.findById(str2);
        this.pageService.delete(str2);
    }

    private boolean isDisplayable(ApiEntity apiEntity, boolean z, List<String> list) {
        return (isAuthenticated() && isAdmin()) || (this.pageService.isDisplayable(apiEntity, z, getAuthenticatedUserOrNull()) && this.groupService.isUserAuthorizedToAccessApiData(apiEntity, list, getAuthenticatedUserOrNull()));
    }
}
