package ru.infotech24.apk23main.resources.applogic;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestPart;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import ru.infotech24.apk23main.domain.common.LookupObject;
import ru.infotech24.apk23main.domain.user.AccessRequest;
import ru.infotech24.apk23main.domain.user.AccessRequestState;
import ru.infotech24.apk23main.logic.user.AccessRequestBl;
import ru.infotech24.apk23main.logic.user.dto.AccessRequestDecisionDto;
import ru.infotech24.apk23main.logic.user.dto.AdminAccessRequestBatchFilter;
import ru.infotech24.apk23main.logic.user.dto.CurrentInstitutionAccessRequestDecisionDto;
import ru.infotech24.apk23main.logic.user.dto.NewAccessRequestDto;
import ru.infotech24.apk23main.logic.user.dto.UploadedTempFileDto;
import ru.infotech24.apk23main.logic.user.dto.UserAccessRequestDto;
import ru.infotech24.apk23main.logic.user.dto.UserInstitutionAccessRequestDto;
import ru.infotech24.apk23main.logic.user.dto.ViewAccessRequestDto;
import ru.infotech24.apk23main.resources.ApiResultDto;
import ru.infotech24.apk23main.resources.MultipartFileValidator;
import ru.infotech24.apk23main.security.AppSecurityException;
import ru.infotech24.apk23main.security.aop.AppSecured;
import ru.infotech24.apk23main.security.aop.AppSecuredAspect;
import ru.infotech24.apk23main.security.dao.SecurityRoleRightsDao;
import ru.infotech24.apk23main.security.oauth.EsiaService;
import ru.infotech24.apk23main.security.user.UserService;

@RequestMapping(value = {"/access-request"}, produces = {"application/json"})
@RestController
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/resources/applogic/AccessRequestResource.class */
public class AccessRequestResource {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AccessRequestResource.class);
    private final AccessRequestBl accessRequestBl;
    private final UserService userService;
    private final EsiaService esiaService;
    private final SecurityRoleRightsDao securityRoleRightsDao;
    private final MultipartFileValidator multipartFileValidator;

    @Autowired
    public AccessRequestResource(AccessRequestBl accessRequestBl, UserService userService, EsiaService esiaService, SecurityRoleRightsDao securityRoleRightsDao, MultipartFileValidator multipartFileValidator) {
        this.accessRequestBl = accessRequestBl;
        this.userService = userService;
        this.esiaService = esiaService;
        this.securityRoleRightsDao = securityRoleRightsDao;
        this.multipartFileValidator = multipartFileValidator;
    }

    @PostMapping(path = {"/search"}, consumes = {"application/json"})
    @AppSecured(methodId = "AccessRequestResSearch", caption = "Запрос на доступ: Поиск запросов на доступ к ИС", groupCaption = "1 Хозяйств. субъект", appliesScopes = true, metaName1 = LookupObject.META_CODE_SECURE_REGION_RELATED)
    public ResponseEntity<ApiResultDto> searchRequests(@RequestBody AdminAccessRequestBatchFilter adminAccessRequestBatchFilter) {
        return ResponseEntity.ok(new ApiResultDto(new ArrayList(), this.accessRequestBl.readAdminRequestsList(adminAccessRequestBatchFilter)));
    }

    @GetMapping(path = {"/current-institution"})
    @AppSecured(methodId = "AccessRequestResCurrentInstitution", caption = "Запрос на доступ: Получение списка запросов на доступ к своей организации", groupCaption = "1 Хозяйств. субъект")
    public List<UserInstitutionAccessRequestDto> getCurrentInstitutionRequests() {
        return this.accessRequestBl.readCurrentInstitutionRequestsList();
    }

    @AppSecured(methodId = "AccessRequestResCurrentUserList", caption = "Запрос на доступ: Запросы на доступ к ИС текущего пользователя", groupCaption = "1 Хозяйств. субъект")
    @GetMapping({"/current-user-requests"})
    public List<UserAccessRequestDto> getCurrentUserRequests() {
        return this.accessRequestBl.readCurrentUserSent();
    }

    @AppSecured(methodId = "AccessRequestResCurrentUserViewItem", caption = "Запрос на доступ: Просмотр запроса на доступ к ИС текущего пользователя", groupCaption = "1 Хозяйств. субъект", parentMethodId = "AccessRequestResCurrentUserList")
    @GetMapping({"/current-user-item/{id:[\\d]+}"})
    public ViewAccessRequestDto getCurrentUserRequest(@PathVariable(name = "id") int i) {
        return this.accessRequestBl.getUserAccessRequest(Integer.valueOf(i), false, false);
    }

    @AppSecured(methodId = "AccessRequestResViewItem", caption = "Запрос на доступ: Просмотр любого запроса на доступ к ИС (админ)", groupCaption = "1 Хозяйств. субъект", parentMethodId = "AccessRequestResSearch")
    @GetMapping({"/{id:[\\d]+}"})
    public ViewAccessRequestDto getUserAccessRequest(@PathVariable(name = "id") int i) {
        return this.accessRequestBl.getUserAccessRequest(Integer.valueOf(i), hasAccessRequestStoreDecisionAccess(), true);
    }

    @PostMapping({"/create"})
    @Transactional
    @AppSecured(methodId = "AccessRequestResCreate", caption = "Запрос на доступ: Создание запроса на доступ к ИС", groupCaption = "1 Хозяйств. субъект")
    public ResponseEntity<ApiResultDto> createRequest(@RequestBody NewAccessRequestDto newAccessRequestDto) {
        ArrayList arrayList = new ArrayList();
        AccessRequest createAccessRequest = this.accessRequestBl.createAccessRequest(newAccessRequestDto, arrayList);
        Integer tryAcceptDecisionWithPerson = this.accessRequestBl.tryAcceptDecisionWithPerson(createAccessRequest, arrayList);
        AccessRequest accessRequest = this.accessRequestBl.getAccessRequest(createAccessRequest.getId().intValue());
        if (tryAcceptDecisionWithPerson != null && Objects.equals(accessRequest.getState(), AccessRequestState.ACCEPTED) && Objects.equals(createAccessRequest.getInstitutionTypeId(), 4)) {
            this.esiaService.refreshAuthentication();
        }
        return ResponseEntity.ok().body(new ApiResultDto(arrayList, createAccessRequest));
    }

    @PostMapping({"/cancel/{id:[\\d]+}"})
    @AppSecured(methodId = "AccessRequestResCancel", caption = "Запрос на доступ: Отмена запроса на доступ к ИС", groupCaption = "1 Хозяйств. субъект")
    public ResponseEntity<ApiResultDto> cancelCurrentUserRequest(@PathVariable(name = "id") int i) {
        return ResponseEntity.ok().body(new ApiResultDto(new ArrayList(), Boolean.valueOf(this.accessRequestBl.cancelAccessRequest(i))));
    }

    @PostMapping({"/store-decision"})
    @AppSecured(methodId = "AccessRequestResStoreDecision", caption = "Запрос на доступ: Внесение решения по запросу на доступ к ИС", groupCaption = "1 Хозяйств. субъект", appliesScopes = true, metaName1 = LookupObject.META_CODE_SECURE_REGION_RELATED)
    public ResponseEntity<ApiResultDto> storeAccessRequestDecision(@RequestBody AccessRequestDecisionDto accessRequestDecisionDto) {
        return ResponseEntity.ok().body(new ApiResultDto(new ArrayList(), this.accessRequestBl.storeDecision(accessRequestDecisionDto)));
    }

    @AppSecured(methodId = "AccessRequestResViewCurrentInstitutionItem", caption = "Запрос на доступ: Просмотр запроса на доступ к своей организации", groupCaption = "1 Хозяйств. субъект", parentMethodId = "AccessRequestResCurrentInstitution")
    @GetMapping({"/current-institution/{id:[\\d]+}"})
    public ViewAccessRequestDto getCurrentUserInstitutionAccessRequest(@PathVariable(name = "id") int i) {
        return this.accessRequestBl.getUserAccessRequest(Integer.valueOf(i), hasAccessRequestStoreCurrentInstitutionDecision() & this.accessRequestBl.isCurrentInstitutionAccessDecisionAvailable(Integer.valueOf(i)), this.accessRequestBl.isCurrentInstitutionAccessRequest(Integer.valueOf(i)));
    }

    @PostMapping({"/current-institution/decision"})
    @AppSecured(methodId = "AccessRequestResCurrentInstitutionDecision", caption = "Запрос на доступ: Решение по запросу для своей организации", groupCaption = "1 Хозяйств. субъект")
    public ResponseEntity<ApiResultDto> storeCurrentInstitutionRequestDecision(@RequestBody CurrentInstitutionAccessRequestDecisionDto currentInstitutionAccessRequestDecisionDto) {
        return ResponseEntity.ok().body(new ApiResultDto(new ArrayList(), this.accessRequestBl.storeCurrentInstitutionDecision(currentInstitutionAccessRequestDecisionDto)));
    }

    @PostMapping(value = {"/upload-file"}, consumes = {"multipart/form-data"})
    @AppSecured(methodId = "AccessRequestResUploadFile", caption = "Запрос на доступ: Загрузка файлов в хранилище", groupCaption = "1 Хозяйств. субъект", parentMethodId = "AccessRequestResCreate")
    public UploadedTempFileDto uploadTempFile(@RequestPart("fileName") String str, @RequestPart(value = "file", required = false) MultipartFile multipartFile) {
        this.multipartFileValidator.validate(multipartFile, null);
        return this.accessRequestBl.uploadTempFile(str, multipartFile);
    }

    private boolean hasAccessRequestStoreDecisionAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "AccessRequestResStoreDecision");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasAccessRequestStoreCurrentInstitutionDecision() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "AccessRequestResCurrentInstitutionDecision");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }
}
