package org.sonatype.nexus.rest.privileges;

import java.util.List;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import org.codehaus.enunciate.contract.jaxrs.ResourceMethodSignature;
import org.restlet.Context;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.data.Status;
import org.restlet.resource.ResourceException;
import org.sonatype.configuration.validation.InvalidConfigurationException;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeGroupPropertyDescriptor;
import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeRepositoryTargetPropertyDescriptor;
import org.sonatype.nexus.rest.model.PrivilegeResource;
import org.sonatype.nexus.rest.model.PrivilegeResourceRequest;
import org.sonatype.plexus.rest.resource.PathProtectionDescriptor;
import org.sonatype.plexus.rest.resource.PlexusResourceException;
import org.sonatype.security.authorization.NoSuchAuthorizationManagerException;
import org.sonatype.security.authorization.Privilege;
import org.sonatype.security.rest.model.PrivilegeListResourceResponse;
import org.sonatype.security.rest.privileges.AbstractPrivilegePlexusResource;

@Path(TargetPrivilegePlexusResource.RESOURCE_URI)
@Consumes({"application/xml", "application/json"})
@Named
@Singleton
@Produces({"application/xml", "application/json"})
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.5-02/nexus-restlet1x-plugin-2.14.5-02.jar:org/sonatype/nexus/rest/privileges/TargetPrivilegePlexusResource.class */
public class TargetPrivilegePlexusResource extends AbstractPrivilegePlexusResource {
    public static final String RESOURCE_URI = "/privileges_target";

    public TargetPrivilegePlexusResource() {
        setModifiable(true);
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public Object getPayloadInstance() {
        return new PrivilegeResourceRequest();
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public String getResourceUri() {
        return RESOURCE_URI;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public PathProtectionDescriptor getResourceProtection() {
        return new PathProtectionDescriptor(getResourceUri(), "authcBasic,perms[security:privileges]");
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    @POST
    @ResourceMethodSignature(input = PrivilegeResourceRequest.class, output = PrivilegeListResourceResponse.class)
    public Object post(Context context, Request request, Response response, Object obj) throws ResourceException {
        PrivilegeResourceRequest privilegeResourceRequest = (PrivilegeResourceRequest) obj;
        PrivilegeListResourceResponse privilegeListResourceResponse = null;
        if (privilegeResourceRequest != null) {
            privilegeListResourceResponse = new PrivilegeListResourceResponse();
            PrivilegeResource data = privilegeResourceRequest.getData();
            if (!"target".equals(data.getType())) {
                throw new PlexusResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Configuration error.", getErrorResponse("type", "Not allowed privilege type!"));
            }
            List<String> method = data.getMethod();
            if (method == null || method.size() == 0) {
                throw new PlexusResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Configuration error.", getErrorResponse("method", "No method(s) supplied, must select at least one method."));
            }
            try {
                for (String str : method) {
                    Privilege privilege = new Privilege();
                    privilege.setName(data.getName() != null ? data.getName() + " - (" + str + ")" : null);
                    privilege.setDescription(data.getDescription());
                    privilege.setType("target");
                    privilege.addProperty("method", str);
                    privilege.addProperty(TargetPrivilegeRepositoryTargetPropertyDescriptor.ID, data.getRepositoryTargetId());
                    privilege.addProperty("repositoryId", data.getRepositoryId());
                    privilege.addProperty(TargetPrivilegeGroupPropertyDescriptor.ID, data.getRepositoryGroupId());
                    privilegeListResourceResponse.addData(securityToRestModel(getSecuritySystem().getAuthorizationManager("default").addPrivilege(privilege), request, true));
                }
            } catch (InvalidConfigurationException e) {
                handleInvalidConfigurationException(e);
            } catch (NoSuchAuthorizationManagerException e2) {
                getLogger().warn("Could not find the default AuthorizationManager", (Throwable) e2);
                throw new ResourceException(Status.SERVER_ERROR_INTERNAL, e2);
            }
        }
        return privilegeListResourceResponse;
    }
}
