package africa.absa.inception.security;

import africa.absa.inception.api.ApiUtil;
import africa.absa.inception.api.ProblemDetails;
import africa.absa.inception.api.SecureApi;
import africa.absa.inception.core.service.InvalidArgumentException;
import africa.absa.inception.core.service.ServiceUnavailableException;
import africa.absa.inception.core.service.ValidationError;
import africa.absa.inception.core.sorting.SortDirection;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Stream;
import javax.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/security"})
@RestController
@Tag(name = "Security")
@CrossOrigin
/* loaded from: input_file:africa/absa/inception/security/SecurityApi.class */
public class SecurityApi extends SecureApi {
    private static final Logger logger = LoggerFactory.getLogger(SecurityApi.class);
    private final ISecurityService securityService;
    private final Validator validator;

    public SecurityApi(ApplicationContext applicationContext, Validator validator, ISecurityService iSecurityService) {
        super(applicationContext);
        this.validator = validator;
        this.securityService = iSecurityService;
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/members"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Add the group member to the group", description = "Add the group member to the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The group member was successfully added to the group"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "The group member already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void addMemberToGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str, @RequestBody(description = "The group member association to add", required = true) @org.springframework.web.bind.annotation.RequestBody GroupMember groupMember) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (groupMember == null) {
            throw new InvalidArgumentException("groupMember");
        }
        if (!uuid.equals(groupMember.getUserDirectoryId())) {
            throw new InvalidArgumentException("groupMember");
        }
        if (!str.equals(groupMember.getGroupName())) {
            throw new InvalidArgumentException("groupMember");
        }
        Set validate = this.validator.validate(groupMember, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("groupMember", ValidationError.toValidationErrors(validate));
        }
        this.securityService.addMemberToGroup(uuid, str, groupMember.getMemberType(), groupMember.getMemberName());
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/roles"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Add the role to the group", description = "Add the role to the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The role was successfully added to the group"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group or role could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "The group role already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void addRoleToGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str, @RequestBody(description = "The group role association to add", required = true) @org.springframework.web.bind.annotation.RequestBody GroupRole groupRole) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, RoleNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (groupRole == null) {
            throw new InvalidArgumentException("groupRole");
        }
        if (!uuid.equals(groupRole.getUserDirectoryId())) {
            throw new InvalidArgumentException("groupRole");
        }
        if (!str.equals(groupRole.getGroupName())) {
            throw new InvalidArgumentException("groupRole");
        }
        Set validate = this.validator.validate(groupRole, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("groupRole", ValidationError.toValidationErrors(validate));
        }
        if (groupRole.getRoleCode().equalsIgnoreCase("Administrator") && !hasRole("Administrator")) {
            throw new AccessDeniedException("Insufficient authority to add the Administrator role to the group (" + str + ") for the user directory (" + uuid + ")");
        }
        this.securityService.addRoleToGroup(uuid, str, groupRole.getRoleCode());
    }

    @RequestMapping(value = {"/tenants/{tenantId}/user-directories"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Add the user directory to the tenant", description = "Add the user directory to the tenant")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user directory was successfully added to the tenant"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant or user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "The tenant user directory already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void addUserDirectoryToTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid, @RequestBody(description = "The tenant user directory association to add", required = true) @org.springframework.web.bind.annotation.RequestBody TenantUserDirectory tenantUserDirectory) throws InvalidArgumentException, TenantNotFoundException, UserDirectoryNotFoundException, ServiceUnavailableException {
        SecurityContextHolder.getContext().getAuthentication();
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        if (tenantUserDirectory == null) {
            throw new InvalidArgumentException("tenantUserDirectory");
        }
        if (!uuid.equals(tenantUserDirectory.getTenantId())) {
            throw new InvalidArgumentException("tenantUserDirectory");
        }
        Set validate = this.validator.validate(tenantUserDirectory, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("tenantUserDirectory", ValidationError.toValidationErrors(validate));
        }
        if (!tenantUserDirectory.getTenantId().equals(uuid)) {
            throw new InvalidArgumentException("tenantId");
        }
        this.securityService.addUserDirectoryToTenant(uuid, tenantUserDirectory.getUserDirectoryId());
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users/{username}/password"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Operation(summary = "Administratively change the password for the user", description = "Administratively change the password for the user")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration') or hasAuthority('FUNCTION_Security.ResetUserPassword')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The password for the user was changed successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void adminChangePassword(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str, @RequestBody(description = "The password change to apply", required = true) @org.springframework.web.bind.annotation.RequestBody PasswordChange passwordChange) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (passwordChange == null) {
            throw new InvalidArgumentException("passwordChange");
        }
        if (!StringUtils.hasText(passwordChange.getNewPassword())) {
            throw new InvalidArgumentException("passwordChange");
        }
        Set validate = this.validator.validate(passwordChange, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("passwordChange", ValidationError.toValidationErrors(validate));
        }
        this.securityService.adminChangePassword(uuid, str, passwordChange.getNewPassword(), passwordChange.getExpirePassword() != null && passwordChange.getExpirePassword().booleanValue(), passwordChange.getLockUser() != null && passwordChange.getLockUser().booleanValue(), passwordChange.getResetPasswordHistory() != null && passwordChange.getResetPasswordHistory().booleanValue(), passwordChange.getReason());
    }

    @RequestMapping(value = {"/users/{username}/password"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Operation(summary = "Change the password for the user", description = "Change the password for the user")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The password for the user was changed successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "401", description = "Authentication failed or invalid security code", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "The user has exceeded the maximum number of failed password attempts and has been locked", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "The new password for the user has been used recently and is not valid", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void changePassword(@PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str, @RequestBody(description = "The password change to apply", required = true) @org.springframework.web.bind.annotation.RequestBody PasswordChange passwordChange) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, AuthenticationFailedException, InvalidSecurityCodeException, ExistingPasswordException, UserLockedException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        if (passwordChange == null) {
            throw new InvalidArgumentException("passwordChange");
        }
        if (!StringUtils.hasText(passwordChange.getNewPassword())) {
            throw new InvalidArgumentException("passwordChange");
        }
        Set validate = this.validator.validate(passwordChange, new Class[0]);
        if (!validate.isEmpty()) {
            throw new InvalidArgumentException("passwordChange", ValidationError.toValidationErrors(validate));
        }
        if (passwordChange.getReason() != PasswordChangeReason.ADMINISTRATIVE) {
            if (passwordChange.getReason() == PasswordChangeReason.USER) {
                if (!StringUtils.hasText(passwordChange.getPassword())) {
                    throw new InvalidArgumentException("passwordChange");
                }
                this.securityService.changePassword(str, passwordChange.getPassword(), passwordChange.getNewPassword());
                return;
            } else {
                if (passwordChange.getReason() == PasswordChangeReason.RESET) {
                    if (!StringUtils.hasText(passwordChange.getSecurityCode())) {
                        throw new InvalidArgumentException("passwordChange");
                    }
                    this.securityService.resetPassword(str, passwordChange.getNewPassword(), passwordChange.getSecurityCode());
                    return;
                }
                return;
            }
        }
        if (!isSecurityDisabled() && !hasRole("Administrator") && !hasAccessToFunction("Security.TenantAdministration") && !hasAccessToFunction("Security.UserAdministration") && !hasAccessToFunction("Security.ResetUserPassword")) {
            throw new AccessDeniedException("Insufficient access to change the password for the user (" + str + ")");
        }
        Optional userDirectoryIdForUser = this.securityService.getUserDirectoryIdForUser(str);
        if (userDirectoryIdForUser.isEmpty()) {
            throw new UserNotFoundException(str);
        }
        UUID uuid = (UUID) userDirectoryIdForUser.get();
        if (isSecurityEnabled() && !hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        this.securityService.adminChangePassword(uuid, str, passwordChange.getNewPassword(), passwordChange.getExpirePassword() != null && passwordChange.getExpirePassword().booleanValue(), passwordChange.getLockUser() != null && passwordChange.getLockUser().booleanValue(), passwordChange.getResetPasswordHistory() != null && passwordChange.getResetPasswordHistory().booleanValue(), passwordChange.getReason());
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Create the group", description = "Create the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The group was created successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "A group with the specified name already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void createGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @RequestBody(description = "The group to create", required = true) @org.springframework.web.bind.annotation.RequestBody Group group) throws InvalidArgumentException, UserDirectoryNotFoundException, DuplicateGroupException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (group == null) {
            throw new InvalidArgumentException("group");
        }
        if (!uuid.equals(group.getUserDirectoryId())) {
            throw new InvalidArgumentException("group");
        }
        this.securityService.createGroup(group);
    }

    @RequestMapping(value = {"/tenants"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Create the tenant", description = "Create the tenant")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The tenant was created successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "An tenant with the specified ID or name already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void createTenant(@RequestBody(description = "The tenant to create", required = true) @org.springframework.web.bind.annotation.RequestBody Tenant tenant, @RequestParam(value = "createUserDirectory", required = false) @Parameter(name = "createUserDirectory", description = "Should a new internal user directory be created for the tenant") Boolean bool) throws InvalidArgumentException, DuplicateTenantException, ServiceUnavailableException {
        this.securityService.createTenant(tenant, bool != null && bool.booleanValue());
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Create the user", description = "Create the user")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user was created successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "A user with the specified username already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void createUser(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @RequestBody(description = "The user to create", required = true) @org.springframework.web.bind.annotation.RequestBody User user, @RequestParam(value = "expiredPassword", required = false) @Parameter(name = "expiredPassword", description = "Create the user with its password expired") Boolean bool, @RequestParam(value = "userLocked", required = false) @Parameter(name = "userLocked", description = "Create the user locked") Boolean bool2) throws InvalidArgumentException, UserDirectoryNotFoundException, DuplicateUserException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (user == null) {
            throw new InvalidArgumentException("user");
        }
        if (!uuid.equals(user.getUserDirectoryId())) {
            throw new InvalidArgumentException("user");
        }
        this.securityService.createUser(user, bool != null && bool.booleanValue(), bool2 != null && bool2.booleanValue());
    }

    @RequestMapping(value = {"/user-directories"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Create the user directory", description = "Create the user directory")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user directory was created successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "A user directory with the specified ID or name already exists", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void createUserDirectory(@RequestBody(description = "The user directory to create", required = true) @org.springframework.web.bind.annotation.RequestBody UserDirectory userDirectory) throws InvalidArgumentException, DuplicateUserDirectoryException, ServiceUnavailableException {
        this.securityService.createUserDirectory(userDirectory);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Delete the group", description = "Delete the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The group was deleted successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "409", description = "The group could not be deleted since it is still associated with 1 or more user(s)", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void deleteGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ExistingGroupMembersException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        this.securityService.deleteGroup(uuid, str);
    }

    @RequestMapping(value = {"/tenants/{tenantId}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Delete the tenant", description = "Delete the tenant")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The tenant was deleted successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void deleteTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        this.securityService.deleteTenant(uuid);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users/{username}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Delete the user", description = "Delete the user")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user was deleted successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void deleteUser(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        this.securityService.deleteUser(uuid, str);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Delete the user directory", description = "Delete the user directory")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user directory was deleted successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void deleteUserDirectory(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        this.securityService.deleteUserDirectory(uuid);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the group", description = "Retrieve the group")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public Group getGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getGroup(uuid, str);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/group-names"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the group names", description = "Retrieve the group names")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public List<String> getGroupNames(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getGroupNames(uuid);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users/{username}/group-names"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the names of the groups the user is a member of", description = "Retrieve the names of the groups the user is a member of")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public List<String> getGroupNamesForUser(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getGroupNamesForUser(uuid, str);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the groups", description = "Retrieve the groups")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public Groups getGroups(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @RequestParam(value = "filter", required = false) @Parameter(name = "filter", description = "The optional filter to apply to the groups") String str, @RequestParam(value = "sortDirection", required = false) @Parameter(name = "sortDirection", description = "The optional sort direction to apply to the groups") SortDirection sortDirection, @RequestParam(value = "pageIndex", required = false, defaultValue = "0") @Parameter(name = "pageIndex", description = "The optional page index", example = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") @Parameter(name = "pageSize", description = "The optional page size", example = "10") Integer num2) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 10;
        }
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getGroups(uuid, str, sortDirection, num, num2);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/members"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the group members", description = "Retrieve the group members")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public GroupMembers getMembersForGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str, @RequestParam(value = "filter", required = false) @Parameter(name = "filter", description = "The optional filter to apply to the group members") String str2, @RequestParam(value = "sortDirection", required = false) @Parameter(name = "sortDirection", description = "The optional sort direction to apply to the group members") SortDirection sortDirection, @RequestParam(value = "pageIndex", required = false, defaultValue = "0") @Parameter(name = "pageIndex", description = "The optional page index", example = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") @Parameter(name = "pageSize", description = "The optional page size", example = "10") Integer num2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 10;
        }
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getMembersForGroup(uuid, str, str2, sortDirection, num, num2);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/role-codes"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the codes for the roles that have been assigned to the group", description = "Retrieve the codes for the roles that have been assigned to the group")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public List<String> getRoleCodesForGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getRoleCodesForGroup(uuid, str);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/roles"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve all the roles", description = "Retrieve all the roles")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public List<Role> getRoles() throws ServiceUnavailableException {
        return this.securityService.getRoles();
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/roles"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the roles that have been assigned to the group", description = "Retrieve the roles that have been assigned to the group")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public List<GroupRole> getRolesForGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getRolesForGroup(uuid, str);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/tenants/{tenantId}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the tenant", description = "Retrieve the tenant")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public Tenant getTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        return this.securityService.getTenant(uuid);
    }

    @RequestMapping(value = {"/tenants/{tenantId}/name"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the name of tenant", description = "Retrieve the name of the tenant")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public String getTenantName(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        return ApiUtil.quote(this.securityService.getTenantName(uuid));
    }

    @RequestMapping(value = {"/tenants"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the tenants", description = "Retrieve the tenants")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public Tenants getTenants(@RequestParam(value = "filter", required = false) @Parameter(name = "filter", description = "The optional filter to apply to the tenants") String str, @RequestParam(value = "sortDirection", required = false) @Parameter(name = "sortDirection", description = "The optional sort direction to apply to the tenants") SortDirection sortDirection, @RequestParam(value = "pageIndex", required = false, defaultValue = "0") @Parameter(name = "pageIndex", description = "The optional page index", example = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") @Parameter(name = "pageSize", description = "The optional page size", example = "10") Integer num2) throws InvalidArgumentException, ServiceUnavailableException {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 10;
        }
        return this.securityService.getTenants(str, sortDirection, num, num2);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/tenants"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the tenants the user directory is associated with", description = "Retrieve the tenants the user directory is associated with")
    @ResponseStatus(HttpStatus.OK)
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public ResponseEntity<List<Tenant>> getTenantsForUserDirectory(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (!isSecurityEnabled() || hasAccessToUserDirectory(uuid)) {
            return new ResponseEntity<>(this.securityService.getTenantsForUserDirectory(uuid), HttpStatus.OK);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users/{username}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the user", description = "Retrieve the user")
    @ResponseStatus(HttpStatus.OK)
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public User getUser(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!hasRole("Administrator")) {
            if (isSecurityDisabled() || hasAccessToFunction("Security.TenantAdministration") || hasAccessToFunction("Security.UserAdministration") || hasAccessToFunction("Security.ResetUserPassword")) {
                if (isSecurityEnabled() && !hasAccessToUserDirectory(uuid)) {
                    throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
                }
            } else if (authentication == null || !authentication.getName().equalsIgnoreCase(str)) {
                throw new AccessDeniedException("Access denied to the user (" + str + ")");
            }
        }
        User user = this.securityService.getUser(uuid, str);
        user.setPassword((String) null);
        user.setPasswordAttempts(0);
        user.setPasswordExpiry((LocalDateTime) null);
        return user;
    }

    @RequestMapping(value = {"/user-directories"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the user directories", description = "Retrieve the user directories")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public UserDirectories getUserDirectories(@RequestParam(value = "filter", required = false) @Parameter(name = "filter", description = "The optional filter to apply to the user directories") String str, @RequestParam(value = "sortDirection", required = false) @Parameter(name = "sortDirection", description = "The optional sort direction to apply to the user directories") SortDirection sortDirection, @RequestParam(value = "pageIndex", required = false, defaultValue = "0") @Parameter(name = "pageIndex", description = "The optional page index", example = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") @Parameter(name = "pageSize", description = "The optional page size", example = "10") Integer num2) throws InvalidArgumentException, ServiceUnavailableException {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 10;
        }
        return this.securityService.getUserDirectories(str, sortDirection, num, num2);
    }

    @RequestMapping(value = {"/tenants/{tenantId}/user-directories"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the user directories the tenant is associated with", description = "Retrieve the user directories the tenant is associated with")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public ResponseEntity<List<UserDirectory>> getUserDirectoriesForTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        List<UserDirectory> userDirectoriesForTenant = this.securityService.getUserDirectoriesForTenant(uuid);
        if (hasRole("Administrator") || hasAccessToFunction("Security.TenantAdministration")) {
            return new ResponseEntity<>(userDirectoriesForTenant, HttpStatus.OK);
        }
        ArrayList arrayList = new ArrayList();
        for (UserDirectory userDirectory : userDirectoriesForTenant) {
            if (hasAccessToUserDirectory(userDirectory.getId())) {
                arrayList.add(userDirectory);
            }
        }
        return new ResponseEntity<>(arrayList, HttpStatus.OK);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the user directory", description = "Retrieve the user directory")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public UserDirectory getUserDirectory(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        return this.securityService.getUserDirectory(uuid);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/capabilities"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the capabilities the user directory supports", description = "Retrieve the capabilities the user directory supports")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration') or hasAuthority('FUNCTION_Security.UserAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration') or hasAuthority('FUNCTION_Security.ResetUserPassword')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public UserDirectoryCapabilities getUserDirectoryCapabilities(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getUserDirectoryCapabilities(uuid);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/name"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the name of the user directory", description = "Retrieve the name of the user directory")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public String getUserDirectoryName(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        return ApiUtil.quote(this.securityService.getUserDirectoryName(uuid));
    }

    @RequestMapping(value = {"/user-directory-summaries"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the summaries for the user directories", description = "Retrieve the summaries for the user directories")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public UserDirectorySummaries getUserDirectorySummaries(@RequestParam(value = "filter", required = false) @Parameter(name = "filter", description = "The optional filter to apply to the user directories") String str, @RequestParam(value = "sortDirection", required = false) @Parameter(name = "sortDirection", description = "The optional sort direction to apply to the user directories") SortDirection sortDirection, @RequestParam(value = "pageIndex", required = false, defaultValue = "0") @Parameter(name = "pageIndex", description = "The optional page index", example = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") @Parameter(name = "pageSize", description = "The optional page size", example = "10") Integer num2) throws InvalidArgumentException, ServiceUnavailableException {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 10;
        }
        return this.securityService.getUserDirectorySummaries(str, sortDirection, num, num2);
    }

    @RequestMapping(value = {"/tenants/{tenantId}/user-directory-summaries"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the summaries for the user directories the tenant is associated with", description = "Retrieve the summaries for the user directories the tenant is associated with")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.ResetUserPassword') or hasAuthority('FUNCTION_Security.UserAdministration') or hasAuthority('FUNCTION_Security.UserGroups')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public ResponseEntity<List<UserDirectorySummary>> getUserDirectorySummariesForTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        List<UserDirectorySummary> userDirectorySummariesForTenant = this.securityService.getUserDirectorySummariesForTenant(uuid);
        if (hasRole("Administrator") || hasAccessToFunction("Security.TenantAdministration")) {
            return new ResponseEntity<>(userDirectorySummariesForTenant, HttpStatus.OK);
        }
        ArrayList arrayList = new ArrayList();
        for (UserDirectorySummary userDirectorySummary : userDirectorySummariesForTenant) {
            if (hasAccessToUserDirectory(userDirectorySummary.getId())) {
                arrayList.add(userDirectorySummary);
            }
        }
        return new ResponseEntity<>(arrayList, HttpStatus.OK);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/user-directory-type"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the user directory type for the user directory", description = "Retrieve the user directory type for the user directory")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration') or hasAuthority('FUNCTION_Security.UserAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user directory type could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public UserDirectoryType getUserDirectoryTypeForUserDirectory(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid) throws InvalidArgumentException, UserDirectoryNotFoundException, UserDirectoryTypeNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getUserDirectoryTypeForUserDirectory(uuid);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directory-types"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the user directory types", description = "Retrieve the user directory types")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public List<UserDirectoryType> getUserDirectoryTypes() throws ServiceUnavailableException {
        return this.securityService.getUserDirectoryTypes();
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users/{username}/name"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the name of the user", description = "Retrieve the name of the user")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration') or hasAuthority('FUNCTION_Security.ResetUserPassword')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public String getUserName(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (hasAccessToUserDirectory(uuid)) {
            return ApiUtil.quote(this.securityService.getUserName(uuid, str));
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users"}, method = {RequestMethod.GET}, produces = {"application/json"})
    @Operation(summary = "Retrieve the users", description = "Retrieve the users")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.UserAdministration') or hasAuthority('FUNCTION_Security.ResetUserPassword')")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "OK"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public Users getUsers(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @RequestParam(value = "filter", required = false) @Parameter(name = "filter", description = "The optional filter to apply to the users") String str, @RequestParam(value = "sortBy", required = false) @Parameter(name = "sortBy", description = "The optional method used to sort the users e.g. by name") UserSortBy userSortBy, @RequestParam(value = "sortDirection", required = false) @Parameter(name = "sortDirection", description = "The optional sort direction to apply to the users") SortDirection sortDirection, @RequestParam(value = "pageIndex", required = false, defaultValue = "0") @Parameter(name = "pageIndex", description = "The optional page index", example = "0") Integer num, @RequestParam(value = "pageSize", required = false, defaultValue = "10") @Parameter(name = "pageSize", description = "The optional page size", example = "10") Integer num2) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (num == null) {
            num = 0;
        }
        if (num2 == null) {
            num2 = 10;
        }
        if (hasAccessToUserDirectory(uuid)) {
            return this.securityService.getUsers(uuid, str, userSortBy, sortDirection, num, num2);
        }
        throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/members/{memberType}/{memberName}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Remove the group member from the group", description = "Remove the group member from the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The group member was successfully removed from the group"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group or group member could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void removeMemberFromGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str, @PathVariable @Parameter(name = "memberType", description = "The group member type", required = true) GroupMemberType groupMemberType, @PathVariable @Parameter(name = "memberName", description = "The name of the group member", required = true) String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, GroupMemberNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        this.securityService.removeMemberFromGroup(uuid, str, groupMemberType, str2);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}/roles/{roleCode}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Remove the role from the group", description = "Remove the role from the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The role was successfully removed from the group"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group or group role could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void removeRoleFromGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str, @PathVariable @Parameter(name = "roleCode", description = "The code for the role", required = true) String str2) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, GroupRoleNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (str2.equalsIgnoreCase("Administrator") && !hasRole("Administrator")) {
            throw new AccessDeniedException("Insufficient authority to remove the Administrator role from the group (" + str + ") for the user directory (" + uuid + ")");
        }
        this.securityService.removeRoleFromGroup(uuid, str, str2);
    }

    @RequestMapping(value = {"/tenants/{tenantId}/user-directories/{userDirectoryId}"}, method = {RequestMethod.DELETE}, produces = {"application/json"})
    @Operation(summary = "Remove the user directory from the tenant", description = "Remove the user directory from the tenant")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user directory was successfully removed from the tenant"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant or tenant user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void removeUserDirectoryFromTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid, @PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid2) throws InvalidArgumentException, TenantNotFoundException, TenantUserDirectoryNotFoundException, ServiceUnavailableException {
        this.securityService.removeUserDirectoryFromTenant(uuid, uuid2);
    }

    @RequestMapping(value = {"/users/{username}/reset-password"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @Operation(summary = "Initiate the password reset process for the user", description = "Initiate the password reset process for the user")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The password reset process was initiated successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void resetPassword(@PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str, @RequestParam("resetPasswordUrl") @Parameter(name = "resetPasswordUrl", description = "The reset password URL") String str2) throws InvalidArgumentException, ServiceUnavailableException {
        try {
            this.securityService.initiatePasswordReset(str, str2, true);
        } catch (UserNotFoundException e) {
        }
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/groups/{groupName}"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Operation(summary = "Update the group", description = "Update the group")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration') or hasAuthority('FUNCTION_Security.GroupAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The group was updated successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or group could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void updateGroup(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "groupName", description = "The name of the group", required = true) String str, @RequestBody(description = "The group to update", required = true) @org.springframework.web.bind.annotation.RequestBody Group group) throws InvalidArgumentException, UserDirectoryNotFoundException, GroupNotFoundException, ServiceUnavailableException {
        if (!hasAccessToUserDirectory(uuid)) {
            throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
        }
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("groupName");
        }
        if (group == null) {
            throw new InvalidArgumentException("group");
        }
        if (!str.equals(group.getName())) {
            throw new InvalidArgumentException("group");
        }
        this.securityService.updateGroup(group);
    }

    @RequestMapping(value = {"/tenants/{tenantId}"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Operation(summary = "Update the tenant", description = "Update the tenant")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("isSecurityDisabled() or hasRole('Administrator') or hasAuthority('FUNCTION_Security.TenantAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The tenant was updated successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The tenant could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void updateTenant(@PathVariable @Parameter(name = "tenantId", description = "The Universally Unique Identifier (UUID) for the tenant", required = true) UUID uuid, @RequestBody(description = "The tenant to update", required = true) @org.springframework.web.bind.annotation.RequestBody Tenant tenant) throws InvalidArgumentException, TenantNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("tenantId");
        }
        if (tenant == null) {
            throw new InvalidArgumentException("tenant");
        }
        if (!uuid.equals(tenant.getId())) {
            throw new InvalidArgumentException("tenant");
        }
        this.securityService.updateTenant(tenant);
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}/users/{username}"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Operation(summary = "Update the user", description = "Update the user")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user was updated successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory or user could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void updateUser(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @PathVariable @Parameter(name = "username", description = "The username for the user", required = true) String str, @RequestBody(description = "The user to update", required = true) @org.springframework.web.bind.annotation.RequestBody User user, @RequestParam(value = "expirePassword", required = false) @Parameter(name = "expirePassword", description = "Expire the user's password") Boolean bool, @RequestParam(value = "lockUser", required = false) @Parameter(name = "lockUser", description = "Lock the user") Boolean bool2) throws InvalidArgumentException, UserDirectoryNotFoundException, UserNotFoundException, ServiceUnavailableException {
        if (!StringUtils.hasText(str)) {
            throw new InvalidArgumentException("username");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (isSecurityEnabled() && !hasRole("Administrator")) {
            if (hasAccessToFunction("Security.TenantAdministration") || hasAccessToFunction("Security.UserAdministration")) {
                if (!hasAccessToUserDirectory(uuid)) {
                    throw new AccessDeniedException("Access denied to the user directory (" + uuid + ")");
                }
            } else if (authentication == null || !authentication.getName().equalsIgnoreCase(str)) {
                throw new AccessDeniedException("Access denied to the user (" + str + ")");
            }
        }
        if (user == null) {
            throw new InvalidArgumentException("user");
        }
        if (!str.equals(user.getUsername())) {
            throw new InvalidArgumentException("user");
        }
        this.securityService.updateUser(user, bool != null && bool.booleanValue(), bool2 != null && bool2.booleanValue());
    }

    @RequestMapping(value = {"/user-directories/{userDirectoryId}"}, method = {RequestMethod.PUT}, produces = {"application/json"})
    @Operation(summary = "Update the user directory", description = "Update the user directory")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    @PreAuthorize("hasRole('Administrator') or hasAuthority('FUNCTION_Security.UserDirectoryAdministration')")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "The user directory was updated successfully"), @ApiResponse(responseCode = "400", description = "Invalid argument", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "403", description = "Access denied", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "404", description = "The user directory could not be found", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))}), @ApiResponse(responseCode = "500", description = "An error has occurred and the request could not be processed at this time", content = {@Content(mediaType = "application/problem+json", schema = @Schema(implementation = ProblemDetails.class))})})
    public void updateUserDirectory(@PathVariable @Parameter(name = "userDirectoryId", description = "The Universally Unique Identifier (UUID) for the user directory", required = true) UUID uuid, @RequestBody(description = "The user directory to update", required = true) @org.springframework.web.bind.annotation.RequestBody UserDirectory userDirectory) throws InvalidArgumentException, UserDirectoryNotFoundException, ServiceUnavailableException {
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        if (userDirectory == null) {
            throw new InvalidArgumentException("userDirectory");
        }
        if (!uuid.equals(userDirectory.getId())) {
            throw new InvalidArgumentException("userDirectory");
        }
        this.securityService.updateUserDirectory(userDirectory);
    }

    protected boolean hasAccessToUserDirectory(UUID uuid) throws InvalidArgumentException {
        if (!isSecurityEnabled()) {
            return true;
        }
        if (uuid == null) {
            throw new InvalidArgumentException("userDirectoryId");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return false;
        }
        try {
            if (!authentication.isAuthenticated()) {
                return false;
            }
            if (hasRole("Administrator")) {
                return true;
            }
            ArrayList arrayList = new ArrayList();
            Iterator it = getUUIDValuesForAuthoritiesWithPrefix(authentication, "TENANT_").iterator();
            while (it.hasNext()) {
                arrayList.addAll(this.securityService.getUserDirectoryIdsForTenant((UUID) it.next()));
            }
            Stream stream = arrayList.stream();
            Objects.requireNonNull(uuid);
            return stream.anyMatch((v1) -> {
                return r1.equals(v1);
            });
        } catch (Throwable th) {
            logger.error("Failed to check if the user (" + authentication.getName() + ") has access to the user directory (" + uuid + ")", th);
            return false;
        }
    }
}
