package vivid.trace.rest;

import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.vavr.collection.HashMap;
import io.vavr.control.Option;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import vivid.lib.messages.VTE28AccessDenied;
import vivid.lib.rest.Rest;
import vivid.trace.accesscontrols.GroupACPrincipal;
import vivid.trace.accesscontrols.ProjectRoleACPrincipal;
import vivid.trace.accesscontrols.UserACPrincipal;
import vivid.trace.components.Factory;
import vivid.trace.components.Providers;
import vivid.trace.jql.RelationsParameters;
import vivid.trace.servlets.ValidateXsrfToken;

@Path(Static.SYSTEM_REST_RESOURCE_PATH)
@Consumes({"application/json"})
@Produces({"application/json"})
@Tag(name = Static.SYSTEM_REST_RESOURCE_PATH, description = "Information sourced from the host platform")
/* loaded from: input_file:vivid/trace/rest/SystemResource.class */
public class SystemResource {
    private final Factory f;

    @Context
    private HttpServletRequest httpServletRequest;
    private static final Providers<Factory> PROVIDERS = new Providers<>(Arrays.asList(new GroupACPrincipal(), new ProjectRoleACPrincipal(), new UserACPrincipal()));

    public SystemResource(Factory factory) {
        this.f = factory;
    }

    @GET
    @Operation(summary = "Retrieve data from various Jira data sources", operationId = "getJiraSystemData")
    @ApiResponses({@ApiResponse(responseCode = "200", description = Rest.HTTP_200_OK_DESCRIPTION_REPLYING_WITH_DATA), @ApiResponse(responseCode = "403", description = Rest.HTTP_403_FORBIDDEN_DESCRIPTION)})
    public Response getJiraSystemData(@Parameter(description = "Jira system data of interest", required = true, array = @ArraySchema(schema = @Schema(type = "string", allowableValues = {"group", "project-role", "user"}))) @QueryParam("key") List<String> list) {
        Option<Response> validateXsrfToken = ValidateXsrfToken.validateXsrfToken(this.httpServletRequest, this.f);
        if (validateXsrfToken.isDefined()) {
            return validateXsrfToken.get();
        }
        if (this.f.jiraAuthenticationContext.getLoggedInUser() == null) {
            return Rest.responseWithMessage(Response.Status.FORBIDDEN, VTE28AccessDenied.message(Option.of(this.f.i18nResolver)));
        }
        return Rest.responseWithJSONEntity(Response.Status.OK, PROVIDERS.fulfill(list, this.f));
    }

    @GET
    @Path(RelationsParameters.JQL_PARAMETER_NAME)
    @Operation(summary = "Validate a JQL query string", description = "Validates a JQL (\"Jira Query Language\") query string. Useful for providing live feedback.", operationId = "validateJql")
    @AnonymousAllowed
    @ApiResponse(responseCode = "200", description = "Boolean indication of whether the supplied JQL query string is valid or not")
    public Response validateJql(@Parameter(description = "A JQL query string", required = true, schema = @Schema(type = "string")) @QueryParam("jql") String str) {
        Option<Response> validateXsrfToken = ValidateXsrfToken.validateXsrfToken(this.httpServletRequest, this.f);
        if (validateXsrfToken.isDefined()) {
            return validateXsrfToken.get();
        }
        return Rest.responseWithJSONEntity(Response.Status.OK, HashMap.of("valid", Boolean.valueOf(this.f.searchService.parseQuery(this.f.jiraAuthenticationContext.getLoggedInUser(), str).isValid())).toJavaMap());
    }
}
