package org.phenotips.data.rest.internal;

import java.util.Collection;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.xpath.compiler.Keywords;
import org.json.JSONException;
import org.json.JSONObject;
import org.phenotips.data.Patient;
import org.phenotips.data.PatientRepository;
import org.phenotips.data.PatientWritePolicy;
import org.phenotips.data.rest.DomainObjectFactory;
import org.phenotips.data.rest.PatientByExternalIdResource;
import org.phenotips.data.rest.PatientResource;
import org.phenotips.rest.Autolinker;
import org.phenotips.security.authorization.AuthorizationService;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.EntityType;
import org.xwiki.model.reference.EntityReference;
import org.xwiki.model.reference.EntityReferenceResolver;
import org.xwiki.query.Query;
import org.xwiki.query.QueryException;
import org.xwiki.query.QueryManager;
import org.xwiki.rest.XWikiResource;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;

@Singleton
@Component
@Named("org.phenotips.data.rest.internal.DefaultPatientByExternalIdResourceImpl")
/* loaded from: input_file:WEB-INF/lib/patient-data-rest-1.4.9.jar:org/phenotips/data/rest/internal/DefaultPatientByExternalIdResourceImpl.class */
public class DefaultPatientByExternalIdResourceImpl extends XWikiResource implements PatientByExternalIdResource {
    private static final String EID_LABEL = "external_id";

    @Inject
    private PatientRepository repository;

    @Inject
    private DomainObjectFactory factory;

    @Inject
    private QueryManager qm;

    @Inject
    private AuthorizationService access;

    @Inject
    private UserManager users;

    @Inject
    @Named(Keywords.FUNC_CURRENT_STRING)
    private EntityReferenceResolver<EntityReference> currentResolver;

    @Inject
    private Provider<Autolinker> autolinker;

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response getPatient(String str) {
        this.slf4Jlogger.debug("Retrieving patient record with external ID [{}] via REST", str);
        Patient byName = this.repository.getByName(str);
        if (byName == null) {
            return checkForMultipleRecords(byName, str);
        }
        User currentUser = this.users.getCurrentUser();
        if (!this.access.hasAccess(currentUser, Right.VIEW, byName.getDocumentReference())) {
            this.slf4Jlogger.debug("View access denied to user [{}] on patient record [{}]", currentUser, byName.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        Right right = Right.VIEW;
        if (this.access.hasAccess(currentUser, Right.EDIT, byName.getDocumentReference())) {
            right = Right.EDIT;
        }
        JSONObject json2 = byName.toJSON();
        json2.put("links", (Collection<?>) this.autolinker.get().forResource(PatientResource.class, this.uriInfo).withExtraParameters("entity-id", byName.getId()).withExtraParameters("entity-type", "patients").withGrantedRight(right).build());
        return Response.ok(json2, MediaType.APPLICATION_JSON_TYPE).build();
    }

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response updatePatient(String str, String str2, String str3) {
        return updatePatient(str, str2, PatientWritePolicy.fromString(str3));
    }

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response patchPatient(String str, String str2) {
        return updatePatient(str, str2, PatientWritePolicy.MERGE);
    }

    private Response updatePatient(String str, String str2, PatientWritePolicy patientWritePolicy) {
        this.slf4Jlogger.debug("Updating patient record with external ID [{}] via REST with JSON: {}", str2, str);
        if (patientWritePolicy == null) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        if (str == null) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
        Patient byName = this.repository.getByName(str2);
        if (byName == null) {
            return checkRecords(str2, str);
        }
        User currentUser = this.users.getCurrentUser();
        if (!this.access.hasAccess(currentUser, Right.EDIT, byName.getDocumentReference())) {
            this.slf4Jlogger.debug("Edit access denied to user [{}] on patient record [{}]", currentUser, byName.getId());
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        try {
            JSONObject jSONObject = new JSONObject(str);
            if (hasInternalIdConflict(jSONObject, byName)) {
                throw new WebApplicationException(Response.Status.CONFLICT);
            }
            try {
                byName.updateFromJSON(jSONObject, patientWritePolicy);
                return Response.noContent().build();
            } catch (Exception e) {
                this.slf4Jlogger.warn("Failed to update patient [{}] from JSON: {}. Source JSON was: {}", byName.getId(), e.getMessage(), str);
                throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
            }
        } catch (JSONException e2) {
            this.slf4Jlogger.error("Provided patient json: {} is invalid.", str);
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }
    }

    @Override // org.phenotips.data.rest.PatientByExternalIdResource
    public Response deletePatient(String str) {
        this.slf4Jlogger.debug("Deleting patient record with external ID [{}] via REST", str);
        Patient byName = this.repository.getByName(str);
        if (byName == null) {
            return checkForMultipleRecords(byName, str);
        }
        User currentUser = this.users.getCurrentUser();
        if (!this.access.hasAccess(currentUser, Right.DELETE, byName.getDocumentReference())) {
            this.slf4Jlogger.debug("Delete access denied to user [{}] on patient record [{}]", currentUser, byName.getId());
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        try {
            this.repository.delete(byName);
            this.slf4Jlogger.debug("Deleted patient record with external id [{}]", str);
            return Response.noContent().build();
        } catch (Exception e) {
            this.slf4Jlogger.warn("Failed to delete patient record with external id [{}]: {}", str, e.getMessage());
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private Response checkForMultipleRecords(Patient patient, String str) {
        try {
            Query createQuery = this.qm.createQuery("where doc.object(PhenoTips.PatientClass).external_id = :eid", Query.XWQL);
            createQuery.bindValue("eid", str);
            List<String> execute = createQuery.execute();
            if (execute.size() > 1) {
                this.slf4Jlogger.debug("Multiple patient records ({}) with external ID [{}]: {}", Integer.valueOf(execute.size()), str, execute);
                return Response.status(300).entity(this.factory.createAlternatives(execute, this.uriInfo)).build();
            }
        } catch (QueryException e) {
            this.slf4Jlogger.warn("Failed to retrieve patient with external id [{}]: {}", str, e.getMessage());
        }
        if (patient != null) {
            return null;
        }
        this.slf4Jlogger.debug("No patient record with external ID [{}] exists yet", str);
        return Response.status(Response.Status.NOT_FOUND).build();
    }

    private Response checkRecords(String str, String str2) {
        Response checkForMultipleRecords = checkForMultipleRecords(null, str);
        return (checkForMultipleRecords == null || checkForMultipleRecords.getStatus() != Response.Status.NOT_FOUND.getStatusCode()) ? checkForMultipleRecords : createPatient(str, str2);
    }

    private Response createPatient(String str, String str2) {
        this.slf4Jlogger.debug("Creating patient record with external ID [{}]", str);
        try {
            if (StringUtils.isBlank(str2)) {
                this.slf4Jlogger.error("Provided patient json: {} is invalid.", str2);
                return Response.status(Response.Status.BAD_REQUEST).build();
            }
            JSONObject jSONObject = new JSONObject(str2);
            User currentUser = this.users.getCurrentUser();
            if (this.access.hasAccess(currentUser, Right.EDIT, this.currentResolver.resolve(Patient.DEFAULT_DATA_SPACE, EntityType.SPACE, new Object[0]))) {
                return updatePatientWithJsonData(this.repository.create(), str, jSONObject);
            }
            this.slf4Jlogger.error("Edit access denied to user [{}].", currentUser);
            return Response.status(Response.Status.FORBIDDEN).build();
        } catch (JSONException e) {
            this.slf4Jlogger.error("Provided patient json: {} is invalid.", str2);
            return Response.status(Response.Status.BAD_REQUEST).build();
        } catch (Exception e2) {
            this.slf4Jlogger.error("Failed to create patient with external ID: [{}] from JSON: {}.", str, str2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

    private Response updatePatientWithJsonData(Patient patient, String str, JSONObject jSONObject) {
        if (hasInternalIdConflict(jSONObject, patient)) {
            return Response.status(Response.Status.CONFLICT).build();
        }
        if (!jSONObject.has(EID_LABEL)) {
            jSONObject.put(EID_LABEL, str);
        }
        patient.updateFromJSON(jSONObject);
        return Response.noContent().build();
    }

    private boolean hasInternalIdConflict(JSONObject jSONObject, Patient patient) {
        String optString = jSONObject.optString("id");
        return StringUtils.isNotBlank(optString) && !patient.getId().equals(optString);
    }
}
