package org.appfuse.webapp.controller;

import com.mysql.jdbc.NonRegisteringDriver;
import java.util.Locale;
import java.util.UUID;
import javassist.compiler.TokenId;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.OutputKeys;
import org.apache.commons.lang.StringUtils;
import org.appfuse.Constants;
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.webapp.util.RequestUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mail.MailException;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"/userform*"})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/appfuse/webapp/controller/UserFormController.class */
public class UserFormController extends BaseFormController {
    private RoleManager roleManager;

    @Autowired
    public void setRoleManager(RoleManager roleManager) {
        this.roleManager = roleManager;
    }

    public UserFormController() {
        setCancelView("redirect:/home");
        setSuccessView("redirect:/admin/users");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.appfuse.webapp.controller.BaseFormController
    @InitBinder
    public void initBinder(HttpServletRequest httpServletRequest, ServletRequestDataBinder servletRequestDataBinder) {
        super.initBinder(httpServletRequest, servletRequestDataBinder);
        servletRequestDataBinder.setDisallowedFields(NonRegisteringDriver.PASSWORD_PROPERTY_KEY, "confirmPassword");
    }

    @ModelAttribute("user")
    protected User loadUser(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("id");
        return (isFormSubmission(httpServletRequest) && StringUtils.isNotBlank(parameter)) ? getUserManager().getUser(parameter) : new User();
    }

    @RequestMapping(method = {RequestMethod.POST})
    public String onSubmit(@ModelAttribute("user") User user, BindingResult bindingResult, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (httpServletRequest.getParameter("cancel") != null) {
            return !StringUtils.equals(httpServletRequest.getParameter("from"), "list") ? getCancelView() : getSuccessView();
        }
        if (this.validator != null) {
            this.validator.validate(user, bindingResult);
            if (bindingResult.hasErrors() && httpServletRequest.getParameter("delete") == null) {
                return "userform";
            }
        }
        this.log.debug("entering 'onSubmit' method...");
        Locale locale = httpServletRequest.getLocale();
        if (httpServletRequest.getParameter("delete") != null) {
            getUserManager().removeUser(user.getId().toString());
            saveMessage(httpServletRequest, getText("user.deleted", user.getFullName(), locale));
            return getSuccessView();
        }
        if (httpServletRequest.isUserInRole(Constants.ADMIN_ROLE)) {
            String[] parameterValues = httpServletRequest.getParameterValues(Constants.USER_ROLES);
            if (parameterValues != null) {
                user.getRoles().clear();
                for (String str : parameterValues) {
                    user.addRole(this.roleManager.getRole(str));
                }
            }
        } else {
            user.setRoles(getUserManager().getUserByUsername(httpServletRequest.getRemoteUser()).getRoles());
        }
        Integer version = user.getVersion();
        if (version == null && StringUtils.isBlank(user.getPassword())) {
            user.setPassword(UUID.randomUUID().toString());
        }
        try {
            getUserManager().saveUser(user);
            if (!StringUtils.equals(httpServletRequest.getParameter("from"), "list")) {
                saveMessage(httpServletRequest, getText("user.saved", user.getFullName(), locale));
                return getCancelView();
            }
            if (!StringUtils.isBlank(httpServletRequest.getParameter("version"))) {
                saveMessage(httpServletRequest, getText("user.updated.byAdmin", user.getFullName(), locale));
                return "userform";
            }
            saveMessage(httpServletRequest, getText("user.added", user.getFullName(), locale));
            this.message.setSubject(getText("signup.email.subject", locale));
            try {
                sendUserMessage(user, getText("newuser.email.message", user.getFullName(), locale), RequestUtil.getAppURL(httpServletRequest) + getUserManager().buildRecoveryPasswordUrl(user, UpdatePasswordController.RECOVERY_PASSWORD_TEMPLATE));
            } catch (MailException e) {
                saveError(httpServletRequest, e.getCause().getLocalizedMessage());
            }
            return getSuccessView();
        } catch (UserExistsException e2) {
            bindingResult.rejectValue("username", "errors.existing.user", new Object[]{user.getUsername(), user.getEmail()}, "duplicate user");
            user.setVersion(version);
            return "userform";
        } catch (AccessDeniedException e3) {
            this.log.warn(e3.getMessage());
            httpServletResponse.sendError(TokenId.LongConstant);
            return null;
        }
    }

    @RequestMapping(method = {RequestMethod.GET})
    @ModelAttribute
    protected User showForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        User user;
        if (!httpServletRequest.isUserInRole(Constants.ADMIN_ROLE) && !isFormSubmission(httpServletRequest) && (isAdd(httpServletRequest) || httpServletRequest.getParameter("id") != null)) {
            httpServletResponse.sendError(TokenId.LongConstant);
            this.log.warn("User '" + httpServletRequest.getRemoteUser() + "' is trying to edit user with id '" + httpServletRequest.getParameter("id") + "'");
            throw new AccessDeniedException("You do not have permission to modify other users.");
        }
        if (isFormSubmission(httpServletRequest)) {
            return getUserManager().getUser(httpServletRequest.getParameter("id"));
        }
        String parameter = httpServletRequest.getParameter("id");
        if (parameter == null && !isAdd(httpServletRequest)) {
            user = getUserManager().getUserByUsername(httpServletRequest.getRemoteUser());
        } else if (StringUtils.isBlank(parameter) || "".equals(httpServletRequest.getParameter("version"))) {
            user = new User();
            user.addRole(new Role(Constants.USER_ROLE));
        } else {
            user = getUserManager().getUser(parameter);
        }
        return user;
    }

    private boolean isFormSubmission(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equalsIgnoreCase("post");
    }

    protected boolean isAdd(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(OutputKeys.METHOD);
        return parameter != null && parameter.equalsIgnoreCase("add");
    }
}
