package org.fenixedu.bennu.oauth.api;

import com.google.gson.JsonElement;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.fenixedu.bennu.core.domain.User;
import org.fenixedu.bennu.core.groups.Group;
import org.fenixedu.bennu.core.rest.BennuRestResource;
import org.fenixedu.bennu.oauth.domain.ApplicationUserAuthorization;
import org.fenixedu.bennu.oauth.domain.ApplicationUserSession;
import org.fenixedu.bennu.oauth.domain.ServiceApplication;
import pt.ist.fenixframework.FenixFramework;

@Path("/bennu-oauth/sessions/")
/* loaded from: input_file:org/fenixedu/bennu/oauth/api/ExternalApplicationAuthorizationSessionResources.class */
public class ExternalApplicationAuthorizationSessionResources extends BennuRestResource {
    @GET
    @Produces({"application/json"})
    @Path("/{session}")
    public JsonElement authorizations(@PathParam("session") ApplicationUserAuthorization applicationUserAuthorization) {
        User verifyAndGetRequestAuthor = verifyAndGetRequestAuthor();
        if (!isManager(verifyAndGetRequestAuthor) && (applicationUserAuthorization.getApplication() instanceof ServiceApplication)) {
            return null;
        }
        if (applicationUserAuthorization.getUser() == verifyAndGetRequestAuthor || isManager(verifyAndGetRequestAuthor)) {
            return view(applicationUserAuthorization.getSessionSet());
        }
        return null;
    }

    @Path("/{session}")
    @DELETE
    public Response delete(@PathParam("session") ApplicationUserSession applicationUserSession) {
        User verifyAndGetRequestAuthor = verifyAndGetRequestAuthor();
        if (!isManager(verifyAndGetRequestAuthor) && (applicationUserSession.getApplicationUserAuthorization().getApplication() instanceof ServiceApplication)) {
            return null;
        }
        if (applicationUserSession.getApplicationUserAuthorization().getUser() != verifyAndGetRequestAuthor && !isManager(verifyAndGetRequestAuthor)) {
            return null;
        }
        FenixFramework.atomic(() -> {
            applicationUserSession.delete();
        });
        return ok();
    }

    private boolean isManager(User user) {
        return Group.managers().isMember(user);
    }
}
