package io.gravitee.management.rest.resource;

import io.gravitee.management.model.NewPlanEntity;
import io.gravitee.management.model.PlanEntity;
import io.gravitee.management.model.PlanStatus;
import io.gravitee.management.model.PlanType;
import io.gravitee.management.model.UpdatePlanEntity;
import io.gravitee.management.model.Visibility;
import io.gravitee.management.model.api.ApiEntity;
import io.gravitee.management.model.permissions.RolePermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.rest.resource.param.PlanSecurityParam;
import io.gravitee.management.rest.resource.param.PlanStatusParam;
import io.gravitee.management.rest.security.Permission;
import io.gravitee.management.rest.security.Permissions;
import io.gravitee.management.service.ApiService;
import io.gravitee.management.service.GroupService;
import io.gravitee.management.service.PlanService;
import io.gravitee.management.service.exceptions.ForbiddenAccessException;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.net.URI;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

@Api(tags = {"API", "Plan"})
/* loaded from: input_file:io/gravitee/management/rest/resource/ApiPlansResource.class */
public class ApiPlansResource extends AbstractResource {

    @Inject
    private PlanService planService;

    @Inject
    private ApiService apiService;

    @Inject
    private GroupService groupService;

    @Context
    private ResourceContext resourceContext;

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "List accessible plans for current user", response = PlanEntity.class, responseContainer = "Set"), @ApiResponse(code = 500, message = "Internal server error")})
    @ApiOperation(value = "List plans for an API", notes = "List all the plans accessible to the current user.")
    @Produces({"application/json"})
    public List<PlanEntity> listPlans(@PathParam("api") String str, @QueryParam("status") @DefaultValue("published") PlanStatusParam planStatusParam, @QueryParam("security") PlanSecurityParam planSecurityParam) {
        PlanStatusParam planStatusParam2;
        ApiEntity findById = this.apiService.findById(str);
        List asList = Arrays.asList(PlanStatus.PUBLISHED, PlanStatus.CLOSED);
        if (!((Boolean) planStatusParam.getStatuses().stream().map(planStatus -> {
            return Boolean.valueOf(!asList.contains(planStatus));
        }).reduce((v0, v1) -> {
            return Boolean.logicalOr(v0, v1);
        }).orElse(true)).booleanValue() || hasPermission(RolePermission.API_PLAN, str, RolePermissionAction.CREATE, RolePermissionAction.UPDATE, RolePermissionAction.DELETE)) {
            planStatusParam2 = planStatusParam;
        } else {
            Stream<PlanStatus> stream = planStatusParam.getStatuses().stream();
            asList.getClass();
            planStatusParam2 = new PlanStatusParam((List<PlanStatus>) stream.filter((v1) -> {
                return r3.contains(v1);
            }).collect(Collectors.toList()));
        }
        if (!Visibility.PUBLIC.equals(findById.getVisibility()) && !hasPermission(RolePermission.API_PLAN, str, RolePermissionAction.READ)) {
            throw new ForbiddenAccessException();
        }
        PlanStatusParam planStatusParam3 = planStatusParam2;
        return (List) this.planService.findByApi(str).stream().filter(planEntity -> {
            return planStatusParam3.getStatuses().contains(planEntity.getStatus()) && ((isAuthenticated() && isAdmin()) || this.groupService.isUserAuthorizedToAccessApiData(findById, planEntity.getExcludedGroups(), getAuthenticatedUserOrNull()));
        }).filter(planEntity2 -> {
            return planSecurityParam == null || planSecurityParam.getSecurities().contains(planEntity2.getSecurity());
        }).sorted(Comparator.comparingInt((v0) -> {
            return v0.getOrder();
        })).collect(Collectors.toList());
    }

    @ApiResponses({@ApiResponse(code = 201, message = "Plan successfully created", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.API_PLAN, acls = {RolePermissionAction.CREATE})})
    @ApiOperation(value = "Create a plan", notes = "User must have the MANAGE_PLANS permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response createPlan(@PathParam("api") String str, @NotNull @Valid @ApiParam(name = "plan", required = true) NewPlanEntity newPlanEntity) {
        newPlanEntity.setApi(str);
        newPlanEntity.setType(PlanType.API);
        PlanEntity create = this.planService.create(newPlanEntity);
        return Response.created(URI.create("/apis/" + str + "/plans/" + create.getId())).entity(create).build();
    }

    @Path("/{plan}")
    @ApiResponses({@ApiResponse(code = 200, message = "Plan successfully updated", response = PlanEntity.class), @ApiResponse(code = 400, message = "Bad plan format"), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.API_PLAN, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Update a plan", notes = "User must have the MANAGE_PLANS permission to use this service")
    @Produces({"application/json"})
    @PUT
    public Response updatePlan(@PathParam("api") String str, @PathParam("plan") String str2, @NotNull @Valid @ApiParam(name = "plan", required = true) UpdatePlanEntity updatePlanEntity) {
        if (updatePlanEntity.getId() != null && !str2.equals(updatePlanEntity.getId())) {
            return Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the plan to update").build();
        }
        updatePlanEntity.setId(str2);
        return !this.planService.findById(str2).getApis().contains(str) ? Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the current API").build() : Response.ok(this.planService.update(updatePlanEntity)).build();
    }

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "Plan information", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/{plan}")
    @ApiOperation(value = "Get a plan", notes = "User must have the READ permission to use this service")
    @Produces({"application/json"})
    public Response getPlan(@PathParam("api") String str, @PathParam("plan") String str2) {
        if (!Visibility.PUBLIC.equals(this.apiService.findById(str).getVisibility()) && !hasPermission(RolePermission.API_PLAN, str, RolePermissionAction.READ)) {
            throw new ForbiddenAccessException();
        }
        PlanEntity findById = this.planService.findById(str2);
        return !findById.getApis().contains(str) ? Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the current API").build() : Response.ok(findById).build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Plan successfully deleted"), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/{plan}")
    @Permissions({@Permission(value = RolePermission.API_PLAN, acls = {RolePermissionAction.DELETE})})
    @DELETE
    @ApiOperation(value = "Delete a plan", notes = "User must have the MANAGE_PLANS permission to use this service")
    @Produces({"application/json"})
    public Response deletePlan(@PathParam("api") String str, @PathParam("plan") String str2) {
        if (!this.planService.findById(str2).getApis().contains(str)) {
            return Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the current API").build();
        }
        this.planService.delete(str2);
        return Response.noContent().build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Plan successfully closed", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/{plan}/_close")
    @Permissions({@Permission(value = RolePermission.API_PLAN, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Close  a plan", notes = "User must have the MANAGE_PLANS permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response closePlan(@PathParam("api") String str, @PathParam("plan") String str2) {
        return !this.planService.findById(str2).getApis().contains(str) ? Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the current API").build() : Response.ok(this.planService.close(str2, getAuthenticatedUser())).build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Plan successfully published", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/{plan}/_publish")
    @Permissions({@Permission(value = RolePermission.API_PLAN, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Publicly publish plan", notes = "User must have the MANAGE_PLANS permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response publishPlan(@PathParam("api") String str, @PathParam("plan") String str2) {
        return !this.planService.findById(str2).getApis().contains(str) ? Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the current API").build() : Response.ok(this.planService.publish(str2)).build();
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Plan successfully depreciated", response = PlanEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Path("/{plan}/_depreciate")
    @Permissions({@Permission(value = RolePermission.API_PLAN, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation(value = "Depreciate a plan", notes = "User must have the API_PLAN[UPDATE] permission to use this service")
    @POST
    @Produces({"application/json"})
    public Response depreciatePlan(@PathParam("api") String str, @PathParam("plan") String str2) {
        return !this.planService.findById(str2).getApis().contains(str) ? Response.status(Response.Status.BAD_REQUEST).entity("'plan' parameter does not correspond to the current API").build() : Response.ok(this.planService.depreciate(str2)).build();
    }
}
