package net.lukemurphey.nsia.web.views;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.util.Map;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.lukemurphey.nsia.Application;
import net.lukemurphey.nsia.DisallowedOperationException;
import net.lukemurphey.nsia.EmailAddress;
import net.lukemurphey.nsia.GeneralizedException;
import net.lukemurphey.nsia.InputValidationException;
import net.lukemurphey.nsia.InvalidLocalPartException;
import net.lukemurphey.nsia.NoDatabaseConnectionException;
import net.lukemurphey.nsia.NotFoundException;
import net.lukemurphey.nsia.UserManagement;
import net.lukemurphey.nsia.eventlog.EventLogField;
import net.lukemurphey.nsia.eventlog.EventLogMessage;
import net.lukemurphey.nsia.web.Link;
import net.lukemurphey.nsia.web.Menu;
import net.lukemurphey.nsia.web.RequestContext;
import net.lukemurphey.nsia.web.SessionMessages;
import net.lukemurphey.nsia.web.Shortcuts;
import net.lukemurphey.nsia.web.URLInvalidException;
import net.lukemurphey.nsia.web.View;
import net.lukemurphey.nsia.web.ViewFailedException;
import net.lukemurphey.nsia.web.ViewNotFoundException;
import net.lukemurphey.nsia.web.forms.EmailAddressValidator;
import net.lukemurphey.nsia.web.forms.Field;
import net.lukemurphey.nsia.web.forms.FieldError;
import net.lukemurphey.nsia.web.forms.FieldErrors;
import net.lukemurphey.nsia.web.forms.Form;
import net.lukemurphey.nsia.web.forms.PasswordValidator;
import net.lukemurphey.nsia.web.forms.PatternValidator;
import net.lukemurphey.nsia.web.templates.DialogTemplateDirective;
import net.lukemurphey.nsia.web.templates.TemplateLoader;
import net.lukemurphey.nsia.web.views.Dialog;

/* loaded from: input_file:net/lukemurphey/nsia/web/views/UserEditView.class */
public class UserEditView extends View {
    public static final String VIEW_NAME = "user_editor";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/lukemurphey/nsia/web/views/UserEditView$UserEditForm.class */
    public static class UserEditForm extends Form {
        private UserEditForm() {
        }

        @Override // net.lukemurphey.nsia.web.forms.Form
        public FieldErrors validate(HttpServletRequest httpServletRequest) {
            FieldErrors validate = super.validate(httpServletRequest);
            if (!validate.isEmpty()) {
                return validate;
            }
            if (httpServletRequest.getParameter("Password") != null && !httpServletRequest.getParameter("Password").equalsIgnoreCase(httpServletRequest.getParameter("PasswordConfirm"))) {
                validate.put(new FieldError("PasswordConfirm", httpServletRequest.getParameter("PasswordConfirm"), "The passwords are not identical"));
            }
            return validate;
        }

        /* synthetic */ UserEditForm(UserEditForm userEditForm) {
            this();
        }
    }

    public UserEditView() {
        super("User", VIEW_NAME, Pattern.compile("(New)|(Edit)", 2), Pattern.compile("[0-9]*"));
    }

    public static String getURL(UserManagement.UserDescriptor userDescriptor) throws URLInvalidException {
        return new UserEditView().createURL("Edit", Integer.valueOf(userDescriptor.getUserID()));
    }

    public static String getURL() throws URLInvalidException {
        return new UserEditView().createURL("New");
    }

    private Form getUserEditForm(boolean z) {
        UserEditForm userEditForm = new UserEditForm(null);
        userEditForm.addField(new Field("Username", new PatternValidator(Pattern.compile("[-A-Z0-9a-z_ .]{1,32}", 2), "Username is not valid")));
        userEditForm.addField(new Field("Fullname", new PatternValidator(Pattern.compile("[-A-Z0-9a-z_ ().]{1,128}", 2), "Full name is not valid")));
        userEditForm.addField(new Field("EmailAddress", new EmailAddressValidator("Email address is not valid")));
        if (z) {
            userEditForm.addField(new Field("Password", new PasswordValidator()));
            userEditForm.addField(new Field("PasswordConfirm"));
        }
        userEditForm.addField(new Field("Unrestricted"));
        return userEditForm;
    }

    private boolean performActions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext, String[] strArr, Map<String, Object> map, UserManagement.UserDescriptor userDescriptor) throws ViewFailedException, IOException, URLInvalidException, ViewNotFoundException, DisallowedOperationException {
        try {
            UserManagement userManagement = new UserManagement(Application.getApplication());
            if (!"POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
                return false;
            }
            FieldErrors validate = ((strArr.length <= 0 || !strArr[0].equalsIgnoreCase("Edit")) ? getUserEditForm(true) : getUserEditForm(false)).validate(httpServletRequest);
            if (validate.size() > 0) {
                map.put("form_errors", validate);
                return false;
            }
            String parameter = httpServletRequest.getParameter("Username");
            String parameter2 = httpServletRequest.getParameter("Fullname");
            EmailAddress byAddress = EmailAddress.getByAddress(httpServletRequest.getParameter("EmailAddress"));
            String parameter3 = httpServletRequest.getParameter("Password");
            boolean z = false;
            if (httpServletRequest.getParameter("Unrestricted") != null) {
                z = true;
            }
            try {
                if (userDescriptor != null) {
                    if (z && !requestContext.getUser().isUnrestricted()) {
                        Application.getApplication().logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getUser().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getUser().getUserID()), new EventLogField(EventLogField.FieldName.TARGET_USER_NAME, userDescriptor.getUserName()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userDescriptor.getUserID()));
                        throw new DisallowedOperationException("Restricted users cannot create unrestricted accounts");
                    }
                    if (userManagement.updateAccountEx(userDescriptor.getUserID(), parameter, parameter2, byAddress, z)) {
                        Application.getApplication().logEvent(EventLogMessage.EventType.USER_MODIFIED, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getUser().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getUser().getUserID()), new EventLogField(EventLogField.FieldName.TARGET_USER_NAME, userDescriptor.getUserName()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userDescriptor.getUserID()));
                        requestContext.addMessage("User updated successfully", SessionMessages.MessageSeverity.SUCCESS);
                        httpServletResponse.sendRedirect(UserView.getURL(userDescriptor));
                        return true;
                    }
                    Application.getApplication().logEvent(EventLogMessage.EventType.OPERATION_FAILED, new EventLogField(EventLogField.FieldName.OPERATION, "Update user account"), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getUser().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getUser().getUserID()), new EventLogField(EventLogField.FieldName.TARGET_USER_NAME, userDescriptor.getUserName()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userDescriptor.getUserID()));
                    requestContext.addMessage("User could not be updated", SessionMessages.MessageSeverity.WARNING);
                    httpServletResponse.sendRedirect(UserView.getURL(userDescriptor));
                    return true;
                }
                if (!requestContext.getUser().isUnrestricted() && z) {
                    Application.getApplication().logEvent(EventLogMessage.EventType.ACCESS_CONTROL_DENY, new EventLogField(EventLogField.FieldName.MESSAGE, "Attempt to create unrestricted account from restricted account"), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getUser().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getUser().getUserName()));
                    throw new DisallowedOperationException("Restricted users cannot create unrestricted accounts");
                }
                if (userManagement.getUserID(parameter) != -1) {
                    requestContext.addMessage("User name already exists", SessionMessages.MessageSeverity.WARNING);
                    return false;
                }
                int addAccount = userManagement.addAccount(parameter, parameter2, parameter3, byAddress, z);
                if (addAccount <= 0) {
                    Application.getApplication().logEvent(EventLogMessage.EventType.OPERATION_FAILED, new EventLogField(EventLogField.FieldName.OPERATION, "Add user account"), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getUser().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getUser().getUserID()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, parameter));
                    requestContext.addMessage("User was not created successfully", SessionMessages.MessageSeverity.WARNING);
                    return false;
                }
                UserManagement.UserDescriptor userDescriptor2 = userManagement.getUserDescriptor(addAccount);
                Application.getApplication().logEvent(EventLogMessage.EventType.USER_ADDED, new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getUser().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getUser().getUserID()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, addAccount), new EventLogField(EventLogField.FieldName.TARGET_USER_NAME, parameter));
                requestContext.addMessage("User created successfully", SessionMessages.MessageSeverity.SUCCESS);
                httpServletResponse.sendRedirect(UserView.getURL(userDescriptor2));
                return true;
            } catch (InputValidationException e) {
                throw new ViewFailedException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new ViewFailedException(e2);
        } catch (SQLException e3) {
            throw new ViewFailedException(e3);
        } catch (InvalidLocalPartException e4) {
            throw new ViewFailedException(e4);
        } catch (NoDatabaseConnectionException e5) {
            throw new ViewFailedException(e5);
        } catch (NotFoundException e6) {
            throw new ViewFailedException(e6);
        }
    }

    @Override // net.lukemurphey.nsia.web.View
    protected boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext, String[] strArr, Map<String, Object> map) throws ViewFailedException, URLInvalidException, IOException, ViewNotFoundException {
        UserManagement.UserDescriptor userDescriptor = null;
        if (strArr.length >= 2) {
            try {
                try {
                    userDescriptor = new UserManagement(Application.getApplication()).getUserDescriptor(Integer.valueOf(strArr[1]).intValue());
                    if (userDescriptor == null) {
                        Dialog.getDialog(httpServletResponse, requestContext, map, "No user was found with the given ID", "User Not Found", Dialog.DialogType.WARNING);
                        return true;
                    }
                    map.put(UserView.VIEW_NAME, userDescriptor);
                } catch (SQLException e) {
                    throw new ViewFailedException(e);
                } catch (NoDatabaseConnectionException e2) {
                    throw new ViewFailedException(e2);
                } catch (NotFoundException e3) {
                    Dialog.getDialog(httpServletResponse, requestContext, map, "No user was found with the given ID", "User Not Found", Dialog.DialogType.WARNING);
                    return true;
                }
            } catch (NumberFormatException e4) {
                Dialog.getDialog(httpServletResponse, requestContext, map, "The User ID provided is not valid", "User ID Invalid", Dialog.DialogType.WARNING);
                return true;
            }
        }
        map.put("menu", Menu.getUserMenu(requestContext, userDescriptor));
        Vector vector = new Vector();
        vector.add(new Link("Main Dashboard", MainDashboardView.getURL()));
        vector.add(new Link("User Management", UsersView.getURL()));
        Shortcuts.addDashboardHeaders(httpServletRequest, httpServletResponse, map);
        map.put("breadcrumbs", vector);
        try {
            if (userDescriptor == null) {
                if (!Shortcuts.hasRight(requestContext.getSessionInfo(), "Users.Add", "Create new user account")) {
                    vector.add(new Link("New User", createURL("New")));
                    map.put("breadcrumbs", vector);
                    Shortcuts.getPermissionDeniedDialog(httpServletResponse, map, "You do not have permission to create users");
                    return true;
                }
            } else {
                if (requestContext.getUser().getUserID() == userDescriptor.getUserID() && !Shortcuts.hasRight(requestContext.getSessionInfo(), "Users.UpdateOwnPassword", "Update user's own account")) {
                    Shortcuts.getPermissionDeniedDialog(httpServletResponse, map, "You do not have permission to edit your account");
                    return true;
                }
                if (!Shortcuts.hasRight(requestContext.getSessionInfo(), "Users.Edit", "Update another user's account")) {
                    vector.add(new Link("View User", UserView.getURL(userDescriptor)));
                    vector.add(new Link("Edit User", createURL("Edit", Integer.valueOf(userDescriptor.getUserID()))));
                    map.put("breadcrumbs", vector);
                    Shortcuts.getPermissionDeniedDialog(httpServletResponse, map, "You do not have permission to edit users");
                    return true;
                }
            }
            try {
                if (performActions(httpServletRequest, httpServletResponse, requestContext, strArr, map, userDescriptor)) {
                    return true;
                }
            } catch (DisallowedOperationException e5) {
                requestContext.addMessage(e5.getMessage(), SessionMessages.MessageSeverity.WARNING);
            }
            if (userDescriptor != null) {
                vector.add(new Link("View User: " + userDescriptor.getUserName(), UserView.getURL(userDescriptor)));
                vector.add(new Link("Edit User", createURL("Edit", Integer.valueOf(userDescriptor.getUserID()))));
                map.put(DialogTemplateDirective.PARAM_TITLE, "User: " + userDescriptor);
            } else {
                vector.add(new Link("New User", createURL("New")));
                map.put(DialogTemplateDirective.PARAM_TITLE, "New User");
            }
            map.put("breadcrumbs", vector);
            TemplateLoader.renderToResponse("UserEdit.ftl", map, httpServletResponse);
            return true;
        } catch (GeneralizedException e6) {
            throw new ViewFailedException(e6);
        }
    }
}
