package org.artifactory.ui.rest.service.admin.security.user;

import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.artifactory.api.security.AuthorizationService;
import org.artifactory.api.security.UserGroupService;
import org.artifactory.rest.common.service.ArtifactoryRestRequest;
import org.artifactory.rest.common.service.RestResponse;
import org.artifactory.rest.common.service.RestService;
import org.artifactory.ui.rest.model.admin.security.user.DeleteUsersModel;
import org.jfrog.access.client.AccessClientHttpException;
import org.jfrog.access.client.model.ErrorsModel;
import org.jfrog.access.client.model.MessageModel;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;

@Scope("prototype")
@Component
/* loaded from: input_file:org/artifactory/ui/rest/service/admin/security/user/DeleteUserService.class */
public class DeleteUserService<T extends DeleteUsersModel> implements RestService<T> {

    @Autowired
    protected AuthorizationService authorizationService;

    @Autowired
    protected UserGroupService userGroupService;

    public void execute(ArtifactoryRestRequest<T> artifactoryRestRequest, RestResponse restResponse) {
        DeleteUsersModel deleteUsersModel = (DeleteUsersModel) artifactoryRestRequest.getImodel();
        for (String str : deleteUsersModel.getUserNames()) {
            if (StringUtils.isBlank(str)) {
                restResponse.responseCode(404);
                return;
            } else {
                if (userTryToDeleteItsOwnUser(str)) {
                    setForbiddenResponseWithMessage(restResponse, "You are logged-in as the user you have selected for removal");
                    return;
                }
                try {
                    this.userGroupService.deleteUser(str);
                } catch (AccessClientHttpException e) {
                    setForbiddenResponseWithMessage(restResponse, extractMessage(e));
                    return;
                }
            }
        }
        if (deleteUsersModel.getUserNames().size() > 1) {
            restResponse.info("Successfully removed " + deleteUsersModel.getUserNames().size() + " users");
        } else if (deleteUsersModel.getUserNames().size() == 1) {
            restResponse.info("Successfully removed user '" + deleteUsersModel.getUserNames().get(0) + "'");
        }
    }

    private boolean userTryToDeleteItsOwnUser(String str) {
        return this.authorizationService.currentUsername().equals(str);
    }

    private void setForbiddenResponseWithMessage(RestResponse restResponse, String str) {
        restResponse.responseCode(403);
        restResponse.error("Action cancelled. " + str);
    }

    private String extractMessage(AccessClientHttpException accessClientHttpException) {
        ErrorsModel errorsModel = accessClientHttpException.getErrorsModel();
        if (errorsModel == null) {
            return "";
        }
        List errors = errorsModel.getErrors();
        return !errors.isEmpty() ? ((MessageModel) errors.get(0)).getMessage() : "";
    }
}
