package org.phenotips.data.rest.internal;

import java.util.HashSet;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.json.JSONArray;
import org.phenotips.data.ConsentManager;
import org.phenotips.data.Patient;
import org.phenotips.data.PatientRepository;
import org.phenotips.data.rest.PatientConsentResource;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.rest.XWikiResource;
import org.xwiki.security.authorization.AuthorizationManager;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;

@Singleton
@Component
@Named("org.phenotips.data.rest.internal.DefaultPatientConsentResourceImpl")
/* loaded from: input_file:org/phenotips/data/rest/internal/DefaultPatientConsentResourceImpl.class */
public class DefaultPatientConsentResourceImpl extends XWikiResource implements PatientConsentResource {
    private static final Response.Status INVALID_CONSENT_ID_CODE = Response.Status.BAD_REQUEST;
    private static final Response.Status PATIENT_NOT_FOUND = Response.Status.NOT_FOUND;
    private static final Response.Status ACCESS_DENIED = Response.Status.FORBIDDEN;

    @Inject
    private Logger logger;

    @Inject
    private PatientRepository repository;

    @Inject
    private AuthorizationManager access;

    @Inject
    private UserManager users;

    @Inject
    private ConsentManager consentManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/phenotips/data/rest/internal/DefaultPatientConsentResourceImpl$Security.class */
    public class Security {
        private Patient patient;
        private Response response;
        private boolean isAllowed;

        Security(Patient patient, Response response, boolean z) {
            this.patient = patient;
            this.response = response;
            this.isAllowed = z;
        }

        public Patient getPatient() {
            return this.patient;
        }

        public Response getFailResponse() {
            return this.response;
        }

        public boolean isAllowed() {
            return this.isAllowed;
        }
    }

    @Override // org.phenotips.data.rest.PatientConsentResource
    public Response getConsents(String str) {
        this.logger.debug("Retrieving consents from patient record [{}] via REST", str);
        Security securityCheck = securityCheck(str, Right.VIEW);
        if (!securityCheck.isAllowed()) {
            return securityCheck.getFailResponse();
        }
        return Response.ok(this.consentManager.toJSON(this.consentManager.getAllConsentsForPatient(securityCheck.getPatient())), MediaType.APPLICATION_JSON_TYPE).build();
    }

    @Override // org.phenotips.data.rest.PatientConsentResource
    public Response grantConsent(String str, String str2) {
        Security securityCheck = securityCheck(str, Right.EDIT);
        return securityCheck.isAllowed() ? !this.consentManager.isValidConsentId(str2) ? Response.status(INVALID_CONSENT_ID_CODE).build() : this.consentManager.grantConsent(securityCheck.getPatient(), str2) ? Response.ok().build() : Response.serverError().build() : securityCheck.getFailResponse();
    }

    @Override // org.phenotips.data.rest.PatientConsentResource
    public Response revokeConsent(String str, String str2) {
        Security securityCheck = securityCheck(str, Right.EDIT);
        return securityCheck.isAllowed() ? !this.consentManager.isValidConsentId(str2) ? Response.status(INVALID_CONSENT_ID_CODE).build() : this.consentManager.revokeConsent(securityCheck.getPatient(), str2) ? Response.ok().build() : Response.serverError().build() : securityCheck.getFailResponse();
    }

    @Override // org.phenotips.data.rest.PatientConsentResource
    public Response assignConsents(@PathParam("patient_id") String str, String str2) {
        try {
            Security securityCheck = securityCheck(str, Right.EDIT);
            if (!securityCheck.isAllowed()) {
                return securityCheck.getFailResponse();
            }
            JSONArray jSONArray = str2 == null ? null : new JSONArray(str2);
            HashSet hashSet = new HashSet();
            for (int i = 0; i < jSONArray.length(); i++) {
                String optString = jSONArray.optString(i);
                if (optString != null) {
                    if (!this.consentManager.isValidConsentId(optString)) {
                        return Response.status(INVALID_CONSENT_ID_CODE).build();
                    }
                    hashSet.add(optString);
                }
            }
            return this.consentManager.setPatientConsents(securityCheck.getPatient(), hashSet) ? Response.ok().build() : Response.serverError().build();
        } catch (Exception e) {
            this.logger.error("Could not process assign consents request [{}]: {}", str2, e);
            return Response.serverError().build();
        }
    }

    private Security securityCheck(String str, Right right) {
        Patient patient = this.repository.get(str);
        if (patient == null) {
            this.logger.debug("No such patient record: [{}]", str);
            return new Security(patient, Response.status(PATIENT_NOT_FOUND).build(), false);
        }
        User currentUser = this.users.getCurrentUser();
        if (this.access.hasAccess(right, currentUser == null ? null : currentUser.getProfileDocument(), patient.getDocument())) {
            return new Security(patient, null, true);
        }
        this.logger.debug("View access denied to user [{}] on patient record [{}]", currentUser, str);
        return new Security(patient, Response.status(ACCESS_DENIED).build(), false);
    }
}
