package org.nuxeo.ecm.restapi.server.jaxrs.usermanager;

import java.util.List;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.core.Response;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.core.api.NuxeoGroup;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webengine.WebException;
import org.nuxeo.ecm.webengine.model.WebObject;
import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
import org.nuxeo.ecm.webengine.model.impl.DefaultObject;
import org.nuxeo.runtime.api.Framework;

@WebObject(type = "userToGroup")
/* loaded from: input_file:org/nuxeo/ecm/restapi/server/jaxrs/usermanager/UserToGroupObject.class */
public class UserToGroupObject extends DefaultObject {
    private NuxeoGroup group;
    private NuxeoPrincipal principal;

    protected void initialize(Object... objArr) {
        if (objArr.length != 2) {
            throw new IllegalArgumentException("UserToGroup object takes two parameters");
        }
        this.principal = (NuxeoPrincipal) objArr[0];
        this.group = (NuxeoGroup) objArr[1];
    }

    @POST
    public Response doAddUserToGroup() {
        try {
            UserManager userManager = (UserManager) Framework.getLocalService(UserManager.class);
            checkPrincipalCanAdministerGroupAndUser(userManager);
            List groups = this.principal.getGroups();
            groups.add(this.group.getName());
            this.principal.setGroups(groups);
            userManager.updateUser(this.principal.getModel());
            return Response.status(Response.Status.CREATED).entity(userManager.getPrincipal(this.principal.getName())).build();
        } catch (NuxeoException e) {
            throw WebException.wrap(e);
        }
    }

    private void checkPrincipalCanAdministerGroupAndUser(UserManager userManager) {
        if (getContext().getCoreSession().getPrincipal().isAdministrator()) {
            return;
        }
        if (!this.principal.isMemberOf("powerusers") || !UserRootObject.isAPowerUserEditableUser(this.principal) || !GroupRootObject.isAPowerUserEditableGroup(this.group)) {
            throw new WebSecurityException("Cannot edit user");
        }
    }

    @DELETE
    public Response doRemoveUserFromGroup() {
        try {
            UserManager userManager = (UserManager) Framework.getLocalService(UserManager.class);
            checkPrincipalCanAdministerGroupAndUser(userManager);
            List groups = this.principal.getGroups();
            groups.remove(this.group.getName());
            this.principal.setGroups(groups);
            userManager.updateUser(this.principal.getModel());
            return Response.ok(this.principal.getName()).build();
        } catch (NuxeoException e) {
            throw WebException.wrap(e);
        }
    }
}
