From 6383c6110a8bdd3c1e3bb28c3220bdfc6d660645 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 08:53:14 -0800
Subject: [PATCH 01/36] Update versions for hotfix

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b9e9ec79..5db2d732 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 
     <groupId>ubc.pavlab</groupId>
     <artifactId>rdp</artifactId>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
 
     <developers>
         <developer>

From 1e6dc02027657a7b48690b3294cef290e5525933 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 08:54:22 -0800
Subject: [PATCH 02/36] Fix taxon ordering when the field is null

---
 src/main/java/ubc/pavlab/rdp/model/User.java | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/model/User.java b/src/main/java/ubc/pavlab/rdp/model/User.java
index 30c1c0ae..f406c466 100644
--- a/src/main/java/ubc/pavlab/rdp/model/User.java
+++ b/src/main/java/ubc/pavlab/rdp/model/User.java
@@ -159,10 +159,13 @@ public boolean hasTaxon( @NonNull Taxon taxon ) {
 
     @JsonIgnore
     @Transient
-    public SortedSet<Taxon> getTaxons() {
-        return this.getUserGenes().values().stream().map( Gene::getTaxon )
-                .sorted() // taxon are ordered by the ordering field
-                .collect( Collectors.toCollection( TreeSet::new ) );
+    public Set<Taxon> getTaxons() {
+        return this.getUserGenes().values().stream()
+                .map( UserGene::getTaxon )
+                // taxon are ordered by the ordering field, however the ordering field is not set for remote users
+                // because it is ignored in JSON serialization
+                .sorted( Comparator.comparing( Taxon::getOrdering, Comparator.nullsLast( Comparator.naturalOrder() ) ) )
+                .collect( Collectors.toCollection( LinkedHashSet::new ) );
     }
 
     /**

From 37d6548bae5c0afc132629320c7862ffa6e9c16f Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 10:03:08 -0800
Subject: [PATCH 03/36] Add a test for viewing remote users with taxon

---
 .../rdp/controllers/SearchControllerTest.java | 44 +++++++++++++++++--
 1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
index 878f73e1..e3d5d691 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
@@ -1,10 +1,11 @@
 package ubc.pavlab.rdp.controllers;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.assertj.core.util.Lists;
+import org.hamcrest.Matchers;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.mockito.ArgumentCaptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
@@ -16,7 +17,6 @@
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import ubc.pavlab.rdp.WebSecurityConfig;
-import ubc.pavlab.rdp.events.OnRequestAccessEvent;
 import ubc.pavlab.rdp.exception.RemoteException;
 import ubc.pavlab.rdp.listeners.UserListener;
 import ubc.pavlab.rdp.model.*;
@@ -27,6 +27,7 @@
 import ubc.pavlab.rdp.settings.ApplicationSettings;
 import ubc.pavlab.rdp.settings.SiteSettings;
 
+import java.io.IOException;
 import java.net.URI;
 import java.util.Collections;
 import java.util.UUID;
@@ -48,6 +49,9 @@ public class SearchControllerTest {
     @Autowired
     private MockMvc mvc;
 
+    @Autowired
+    private ObjectMapper objectMapper;
+
     @MockBean(name = "applicationSettings")
     private ApplicationSettings applicationSettings;
 
@@ -203,6 +207,31 @@ public void viewUser_whenUserIsRemote_thenReturnSuccess() throws Exception {
         verify( remoteResourceService ).getRemoteUser( user.getId(), URI.create( "example.com" ) );
     }
 
+    @Test
+    public void viewUser_whenUserIsRemoteAndHasTaxonWithoutOrdering_thenReturnSuccess() throws Exception {
+        Taxon humanTaxon = createTaxon( 9606 );
+        Taxon mouseTaxon = createTaxon( 12145 );
+        humanTaxon.setOrdering( 1 );
+        mouseTaxon.setOrdering( 2 );
+        Gene cdh1 = createGene( 1, humanTaxon );
+        Gene brca1 = createGene( 2, mouseTaxon );
+        User user = createUserWithGenes( 1, cdh1, brca1 );
+        user.setOrigin( "Example Partner" );
+        user.setOriginUrl( URI.create( "http://example.com/" ) );
+        assertThat( user.getTaxons() ).hasSize( 2 );
+        User remoteUser = remotify( user, User.class );
+        assertThat( remoteUser.getTaxons() ).hasSize( 2 ).extracting( "ordering" ).containsOnly( (Integer) null );
+        when( remoteResourceService.getRemoteUser( user.getId(), URI.create( "example.com" ) ) ).thenReturn( remoteUser );
+        when( privacyService.checkCurrentUserCanSearch( true ) ).thenReturn( true );
+        mvc.perform( get( "/userView/{userId}", user.getId() )
+                        .param( "remoteHost", "example.com" ) )
+                .andExpect( status().isOk() )
+                .andExpect( view().name( "userView" ) )
+                .andExpect( model().attribute( "viewUser", Matchers.hasProperty( "taxons",
+                        Matchers.everyItem( Matchers.hasProperty( "ordering", Matchers.nullValue() ) ) ) ) );
+        verify( remoteResourceService ).getRemoteUser( user.getId(), URI.create( "example.com" ) );
+    }
+
     @Test
     public void viewUser_whenRemoteUserIsNotFound_thenReturnNotFound() throws Exception {
         when( remoteResourceService.getRemoteUser( 1, URI.create( "example.com" ) ) ).thenReturn( null );
@@ -381,5 +410,14 @@ public void requestAccess_whenUserHasPermission_thenRedirectToUserProfile() thro
                 .andExpect( flash().attributeExists( "message" ) );
     }
 
-
+    /**
+     * Emulate the behaviour of an object retrieved from a partner API.
+     * <p>
+     * Note: this is obviously incomplete, a better way to do this would be to inject an {@link ApiController}, but that
+     * is not appropriate for unit testing. Keep in mind that varying versions of the software will produce different
+     * serialization.
+     */
+    private <T> T remotify( Object object, Class<T> objectClass ) throws IOException {
+        return objectMapper.readValue( objectMapper.writeValueAsBytes( object ), objectClass );
+    }
 }

From 97adc657ba51103cd6307fb2122a4ed28f7b768f Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 10:19:57 -0800
Subject: [PATCH 04/36] Fix all tests in SearchController to use remotified
 users

---
 .../rdp/controllers/SearchControllerTest.java | 21 +++++++++----------
 .../java/ubc/pavlab/rdp/util/TestUtils.java   |  6 ++++++
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
index e3d5d691..40dedb69 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
@@ -197,8 +197,8 @@ public void viewUser_whenUserIsNotFound_thenReturnSuccess() throws Exception {
 
     @Test
     public void viewUser_whenUserIsRemote_thenReturnSuccess() throws Exception {
-        User user = createUser( 1 );
-        when( remoteResourceService.getRemoteUser( user.getId(), URI.create( "example.com" ) ) ).thenReturn( user );
+        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
+        when( remoteResourceService.getRemoteUser( user.getId(), URI.create( "example.com" ) ) ).thenReturn( remotify( user, User.class ) );
         when( privacyService.checkCurrentUserCanSearch( true ) ).thenReturn( true );
         mvc.perform( get( "/userView/{userId}", user.getId() )
                         .param( "remoteHost", "example.com" ) )
@@ -216,8 +216,7 @@ public void viewUser_whenUserIsRemoteAndHasTaxonWithoutOrdering_thenReturnSucces
         Gene cdh1 = createGene( 1, humanTaxon );
         Gene brca1 = createGene( 2, mouseTaxon );
         User user = createUserWithGenes( 1, cdh1, brca1 );
-        user.setOrigin( "Example Partner" );
-        user.setOriginUrl( URI.create( "http://example.com/" ) );
+        user.setOriginUrl( URI.create( "https://example.com/" ) );
         assertThat( user.getTaxons() ).hasSize( 2 );
         User remoteUser = remotify( user, User.class );
         assertThat( remoteUser.getTaxons() ).hasSize( 2 ).extracting( "ordering" ).containsOnly( (Integer) null );
@@ -254,10 +253,10 @@ public void viewUser_whenRemoteIsUnavailable_thenReturnNotFound() throws Excepti
 
     @Test
     public void searchItlUsersByNameView_thenReturnSuccess() throws Exception {
-        User user = createUser( 1 );
+        User user = createRemoteUser( 1, URI.create( "http://example.com/" ) );
         when( permissionEvaluator.hasPermission( any(), isNull(), eq( "international-search" ) ) ).thenReturn( true );
         when( remoteResourceService.findUsersByLikeName( "Mark", true, null, null, null ) )
-                .thenReturn( Collections.singleton( user ) );
+                .thenReturn( Collections.singleton( remotify( user, User.class ) ) );
         mvc.perform( get( "/search/view/international" )
                         .param( "nameLike", "Mark" )
                         .param( "prefix", "true" ) )
@@ -267,7 +266,7 @@ public void searchItlUsersByNameView_thenReturnSuccess() throws Exception {
 
     @Test
     public void viewUser_whenRemoteUserCannotBeRetrieved_thenReturnNotFound() throws Exception {
-        User user = createUser( 1 );
+        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
         when( remoteResourceService.getRemoteUser( user.getId(), URI.create( "example.com" ) ) ).thenThrow( RemoteException.class );
         when( privacyService.checkCurrentUserCanSearch( true ) ).thenReturn( true );
         mvc.perform( get( "/userView/{userId}", user.getId() )
@@ -297,10 +296,10 @@ public void previewUser_whenUserProfileIsEmpty_thenReturnNoContent() throws Exce
 
     @Test
     public void previewUser_whenUserIsRemote_thenReturnSuccess() throws Exception {
-        User user = createUser( 1 );
+        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
         user.getProfile().setDescription( "This is a description." );
         when( userService.findUserById( 1 ) ).thenReturn( user );
-        when( remoteResourceService.getRemoteUser( 1, URI.create( "http://localhost/" ) ) ).thenReturn( user );
+        when( remoteResourceService.getRemoteUser( 1, URI.create( "http://localhost/" ) ) ).thenReturn( remotify( user, User.class ) );
         mvc.perform( get( "/search/view/user-preview/{userId}", user.getId() )
                         .param( "remoteHost", "http://localhost/" ) )
                 .andExpect( status().isOk() );
@@ -336,10 +335,10 @@ public void previewAnonymousUser_whenUserProfileIsEmpty_thenReturnNoContent() th
 
     @Test
     public void previewAnonymousUser_whenUserIsRemote_thenReturnSuccess() throws Exception {
-        User anonymousUser = createAnonymousUser();
+        User anonymousUser = createAnonymousRemoteUser( URI.create( "http://example.com/" ) );
         anonymousUser.getProfile().getResearcherCategories().add( ResearcherCategory.IN_SILICO );
         when( remoteResourceService.getApiVersion( URI.create( "http://localhost/" ) ) ).thenReturn( "1.4.0" );
-        when( remoteResourceService.getAnonymizedUser( anonymousUser.getAnonymousId(), URI.create( "http://localhost/" ) ) ).thenReturn( anonymousUser );
+        when( remoteResourceService.getAnonymizedUser( anonymousUser.getAnonymousId(), URI.create( "http://localhost/" ) ) ).thenReturn( remotify( anonymousUser, User.class ) );
         mvc.perform( get( "/search/view/user-preview/by-anonymous-id/{anonymousId}", anonymousUser.getAnonymousId() )
                         .param( "remoteHost", "http://localhost/" ) )
                 .andExpect( status().isOk() )
diff --git a/src/test/java/ubc/pavlab/rdp/util/TestUtils.java b/src/test/java/ubc/pavlab/rdp/util/TestUtils.java
index 578f8dd2..ac88dc4e 100644
--- a/src/test/java/ubc/pavlab/rdp/util/TestUtils.java
+++ b/src/test/java/ubc/pavlab/rdp/util/TestUtils.java
@@ -106,6 +106,12 @@ public static User createAnonymousUser() {
                 .build();
     }
 
+    public static User createAnonymousRemoteUser( URI originUrl ) {
+        User user = createAnonymousUser();
+        user.setOriginUrl( originUrl );
+        return user;
+    }
+
     @SneakyThrows
     public static Taxon createTaxon( int taxonId ) {
         return createTaxon( taxonId, TAXON_COMMON_NAME, TAXON_SCIENTIFIC_NAME, new URL( "ftp://ftp.ncbi.nlm.nih.gov/gene/DATA/GENE_INFO/Invertebrates/Caenorhabditis_elegans.gene_info.gz" ) );

From 266da45587b31f1a99d936f8f9639f2c4c049fe0 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 11:23:48 -0800
Subject: [PATCH 05/36] Add spring.datasource.driver-class-name in docs and
 exaple application.properties

---
 docs/installation.md                      | 1 +
 src/main/resources/application.properties | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/installation.md b/docs/installation.md
index 1696fc69..b9c3be7f 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -42,6 +42,7 @@ file that contains at least the following entries:
 spring.profiles.active=prod
 
 spring.datasource.url=jdbc:mysql://<database host>:3306/<database name>
+spring.datasource-driver-class-name=com.mysql.cj.jdbc.Driver
 spring.datasource.username=<database username>
 spring.datasource.password=<database password>
 
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index e7642522..41e3555d 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -9,6 +9,7 @@ spring.profiles.active=prod
 # 2) Creating a properties file elsewhere and setting spring.config.name and spring.config.location
 #
 # spring.datasource.url = jdbc:mysql://localhost:3306/{database_name}
+# spring.datasource.driver-class-name = com.mysql.cj.jdbc.Driver
 # spring.datasource.username = {username}
 # spring.datasource.password = {password}
 

From 5f1e7eb6bb77e36a12a902c4353f3909e4eddced Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 11:13:20 -0800
Subject: [PATCH 06/36] Improve cache names with namespace and cleaner keys

Add a namespace to the 'stats' cache.

Remove @Cacheable on UserRepository.count() in favour of UserService.countResearchers().

Add a specialized cache for storing partner API versions.
---
 .../ubc/pavlab/rdp/repositories/UserRepository.java  |  1 -
 .../ubc/pavlab/rdp/services/PrivacyServiceImpl.java  |  4 ++--
 .../rdp/services/RemoteResourceServiceImpl.java      |  2 +-
 .../ubc/pavlab/rdp/services/UserGeneServiceImpl.java | 12 ++++++------
 .../ubc/pavlab/rdp/services/UserServiceImpl.java     |  2 ++
 src/main/resources/ehcache.xml                       | 10 +++++++++-
 6 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java b/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java
index fff0deb0..b32c4f0d 100644
--- a/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java
+++ b/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java
@@ -25,7 +25,6 @@ public interface UserRepository extends JpaRepository<User, Integer> {
 
     @SuppressWarnings("SpringCacheAnnotationsOnInterfaceInspection")
     @Override
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
     long count();
 
     long countByProfilePrivacyLevel( PrivacyLevelType aPublic );
diff --git a/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
index f870d9ed..c080a278 100644
--- a/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
@@ -104,12 +104,12 @@ private boolean checkUserCanSeeOtherUserContentWithPrivacyLevel( User currentUse
                 || ( profile.isShared() && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && currentUser.getId().equals( applicationSettings.getIsearch().getUserId() ) ); // data is designated as remotely shared and there is an admin logged in who is the remote admin
     }
 
-    @Cacheable
+    @Cacheable(value = "ubc.pavlab.rdp.model.Role.byRole", key = "'ROLE_ADMIN'")
     public Role getAdminRole() {
         return roleRepository.findByRole( "ROLE_ADMIN" );
     }
 
-    @Cacheable
+    @Cacheable(value = "ubc.pavlab.rdp.model.Role.byRole", key = "'ROLE_SERVICE_ACCOUNT'")
     public Role getServiceAccountRole() {
         return roleRepository.findByRole( "ROLE_SERVICE_ACCOUNT" );
     }
diff --git a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
index 4adce6ac..92b05842 100644
--- a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
@@ -58,7 +58,7 @@ public class RemoteResourceServiceImpl implements RemoteResourceService {
     private AsyncRestTemplate asyncRestTemplate;
 
     @Override
-    @Cacheable
+    @Cacheable(value = "ubc.pavlab.rdp.services.RemoteResourceService.apiVersionByRemoteHostAuthority", key = "#remoteHost.authority")
     public String getApiVersion( URI remoteHost ) throws RemoteException {
         // Ensure that the remoteHost is one of our known APIs by comparing the URI authority component and always use
         // the URI defined in the configuration
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
index 26bc22ce..22ea258b 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
@@ -81,32 +81,32 @@ public Page<UserGene> findAllByPrivacyLevel( PrivacyLevelType privacyLevelType,
         return userGeneRepository.findAllByPrivacyLevelAndUserProfilePrivacyLevel( privacyLevelType, pageable );
     }
 
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     @Override
     public Integer countUniqueAssociations() {
         return userGeneRepository.countDistinctGeneByTierIn( TierType.MANUAL );
     }
 
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     @Override
     public Integer countAssociations() {
         return userGeneRepository.countByTierIn( TierType.MANUAL );
     }
 
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     @Override
     public Map<String, Integer> researcherCountByTaxon() {
         return taxonRepository.findByActiveTrueOrderByOrdering().stream()
                 .collect( Collectors.toMap( Taxon::getCommonName, userGeneRepository::countDistinctUserByTaxon ) );
     }
 
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     @Override
     public Integer countUsersWithGenes() {
         return userGeneRepository.countDistinctUser();
     }
 
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     @Override
     public Integer countUniqueAssociationsAllTiers() {
         return userGeneRepository.countDistinctGeneByTierIn( tierService.getEnabledTiers() );
@@ -118,7 +118,7 @@ public Integer countUniqueAssociationsAllTiers() {
      * <p>
      * This is also known as the "human gene coverage".
      */
-    @Cacheable(cacheNames = "stats", key = "#root.methodName")
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     @Override
     public Integer countUniqueAssociationsToHumanAllTiers() {
         Collection<Integer> humanGenes = new HashSet<>( userGeneRepository.findAllHumanGenes() );
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
index 366df538..54139c75 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
@@ -5,6 +5,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.MessageSource;
 import org.springframework.data.domain.Page;
@@ -360,6 +361,7 @@ public Collection<User> findByDescription( String descriptionLike, Set<Researche
     }
 
     @Override
+    @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     public long countResearchers() {
         return userRepository.count();
     }
diff --git a/src/main/resources/ehcache.xml b/src/main/resources/ehcache.xml
index 92156290..cc17c8c1 100644
--- a/src/main/resources/ehcache.xml
+++ b/src/main/resources/ehcache.xml
@@ -26,6 +26,10 @@
            maxElementsInMemory="10"
            eternal="true"/>
 
+    <cache name="ubc.pavlab.rdp.model.Role.byRole"
+           maxElementsInMemory="10"
+           eternal="true"/>
+
     <cache name="ubc.pavlab.rdp.model.UserGene"
            maxElementsInMemory="10000"
            timeToLiveSeconds="600"/>
@@ -47,7 +51,11 @@
            timeToLiveSeconds="3600"
            memoryStoreEvictionPolicy="FIFO"/>
 
-    <cache name="stats"
+    <cache name="ubc.pavlab.rdp.stats"
            maxElementsInMemory="10"
            timeToLiveSeconds="30"/>
+
+    <cache name="ubc.pavlab.rdp.services.RemoteResourceService.apiVersionByRemoteHostAuthority"
+           maxElementsInMemory="10"
+           timeToLiveSeconds="10"/>
 </ehcache>
\ No newline at end of file

From c98b283661adc5baaa3e08ff362d025c270a6d6c Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 12:25:26 -0800
Subject: [PATCH 07/36] Handle missing routes with an ApiException (fix #126)

It's not exactly a friendly JSON response at this stage, but that will
have to wait until the next minor release.
---
 .../ubc/pavlab/rdp/controllers/ApiController.java   | 13 ++++++++++++-
 .../pavlab/rdp/controllers/ApiControllerTest.java   |  7 +++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 77934bae..66ba2832 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -67,7 +67,18 @@ public ResponseEntity<?> handleAuthenticationException() {
 
     @ExceptionHandler({ ApiException.class })
     public ResponseEntity<String> handleApiException( ApiException e ) {
-        return ResponseEntity.status( e.getStatus() ).body( e.getMessage() );
+        return ResponseEntity
+                .status( e.getStatus() )
+                .contentType( MediaType.TEXT_PLAIN )
+                .body( e.getMessage() );
+    }
+
+    /**
+     * Handle all unmapped API requests with a 404 error.
+     */
+    @RequestMapping(value = "/api/*")
+    public void handleMissingRoute() {
+        throw new ApiException( HttpStatus.NOT_FOUND, "No endpoint found for your request URL." );
     }
 
     /**
diff --git a/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
index 70a25949..cf9c8be3 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
@@ -84,6 +84,13 @@ public void setUp() {
         when( messageSource.getMessage( eq( "rdp.site.shortname" ), any(), any() ) ).thenReturn( "RDMM" );
     }
 
+    @Test
+    public void accessUnmappedRoute_thenReturn404() throws Exception {
+        mvc.perform( get( "/api/notfound" ) )
+                .andExpect( status().isNotFound() )
+                .andExpect( content().contentType( MediaType.TEXT_PLAIN ) );
+    }
+
     @Test
     public void searchGenes_withSearchDisabled_thenReturnServiceUnavailable() throws Exception {
         when( iSearchSettings.isEnabled() ).thenReturn( false );

From dca11d24c737039b8b06b1bd9a0f9044bd3c031a Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 13:39:20 -0800
Subject: [PATCH 08/36] Fix NullPointerException when orthologTaxonId does not
 refer to an existing taxon

---
 .../rdp/controllers/SearchController.java     | 21 ++++++-------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
index 4d1021fa..35f447d6 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
@@ -232,11 +232,8 @@ public ModelAndView searchUsersByGene( @RequestParam String symbol,
                 .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
                 .collect( Collectors.toSet() );
 
-        if (
-            // Check if there is a ortholog request for a different taxon than the original gene
-                ( orthologTaxonId != null && !orthologTaxonId.equals( gene.getTaxon().getId() ) ) &&
-                        // Check if we got some ortholog results
-                        ( orthologs == null || orthologs.isEmpty() ) ) {
+        // Check if there is an ortholog request for a different taxon than the original gene
+        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
             modelAndView.setStatus( HttpStatus.NOT_FOUND );
             modelAndView.addObject( "message",
                     messageSource.getMessage( "SearchController.errorNoOrthologs", new String[]{ symbol, orthologTaxon.getScientificName() }, locale ) );
@@ -303,11 +300,8 @@ public ModelAndView searchUsersByGeneView( @RequestParam String symbol,
                 .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
                 .collect( Collectors.toSet() );
 
-        if (
-            // Check if there is a ortholog request for a different taxon than the original gene
-                ( orthologTaxonId != null && !orthologTaxonId.equals( gene.getTaxon().getId() ) )
-                        // Check if we got some ortholog results
-                        && orthologs.isEmpty() ) {
+        // Check if there is an ortholog request for a different taxon than the original gene
+        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
             modelAndView.setViewName( "fragments/error::message" );
             modelAndView.addObject( "errorMessage",
                     messageSource.getMessage( "SearchController.errorNoOrthologs", new String[]{ symbol, orthologTaxon.getScientificName() }, locale ) );
@@ -364,11 +358,8 @@ public ModelAndView searchOrthologsForGene( @RequestParam String symbol,
                 .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
                 .collect( Collectors.toSet() );
 
-        if (
-            // Check if there is a ortholog request for a different taxon than the original gene
-                ( orthologTaxonId != null && !orthologTaxonId.equals( gene.getTaxon().getId() ) )
-                        // Check if we got some ortholog results
-                        && orthologs.isEmpty() ) {
+        // Check if there is an ortholog request for a different taxon than the original gene
+        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
             modelAndView.setStatus( HttpStatus.BAD_REQUEST );
             modelAndView.setViewName( "fragments/error::message" );
             modelAndView.addObject( "errorMessage",

From ebbf20bf38960a33683fd4eae14a46741dd3512e Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 14:11:29 -0800
Subject: [PATCH 09/36] Fix SonarQube warnings for missing assertions in tests

---
 .../rdp/repositories/UserRepositoryTest.java  |  2 ++
 .../rdp/services/UserServiceImplTest.java     | 29 +++++++++++++------
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java b/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java
index 3c8dea10..46db7fa8 100644
--- a/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java
+++ b/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java
@@ -478,6 +478,8 @@ public void save_whenUserHasMultipleResearcherCategories_thenSucceed() {
         user.getProfile().getResearcherCategories().add( ResearcherCategory.IN_SILICO );
         user.getProfile().getResearcherCategories().add( ResearcherCategory.IN_VIVO );
         user = entityManager.persistAndFlush( user );
+        assertThat( user.getProfile().getResearcherCategories() )
+                .containsExactly( ResearcherCategory.IN_SILICO, ResearcherCategory.IN_VIVO );
     }
 
     @Test
diff --git a/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java b/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java
index fff2dacb..4261870c 100644
--- a/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java
+++ b/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java
@@ -156,7 +156,7 @@ public void setUp() {
         when( applicationSettings.getPrivacy() ).thenReturn( privacySettings );
         when( applicationSettings.getProfile() ).thenReturn( profileSettings );
 
-        when( geneInfoService.load( anyCollection() ) ).thenAnswer(
+        when( geneInfoService.load( anyCollectionOf( Integer.class ) ) ).thenAnswer(
                 a -> a.getArgumentAt( 0, Collection.class ).stream()
                         .map( o -> geneInfoService.load( (Integer) o ) )
                         .filter( Objects::nonNull )
@@ -229,9 +229,7 @@ private void setUpRecommendTermsMocks() {
         termFrequencies.put( t99, 1L );
         when( goService.getDescendants( t98 ) ).thenReturn( Collections.singleton( t99 ) );
 
-        termFrequencies.forEach( ( key, value ) -> {
-            when( goService.getSizeInTaxon( key, taxon ) ).thenReturn( value + 9 );
-        } );
+        termFrequencies.forEach( ( key, value ) -> when( goService.getSizeInTaxon( key, taxon ) ).thenReturn( value + 9 ) );
 
         Map<String, GeneOntologyTermInfo> termMap = termFrequencies.keySet().stream()
                 .collect( Collectors.toMap( GeneOntologyTerm::getGoId, Function.identity() ) );
@@ -551,16 +549,29 @@ public void updateUserProfileAndPublications_whenPublications_thenReplaceAll() {
 
     @Test
     public void updateUserProfileAndPublication_whenOrgansIsEnabled_thenSaveOrgans() {
+        when( applicationSettings.getOrgans().getEnabled() ).thenReturn( true );
         User user = createUser( 1 );
-        userService.updateUserProfileAndPublicationsAndOrgans( user, user.getProfile(), null, null, Locale.getDefault() );
-        // assertThat( user.getUserOrgans() ).containsValue( userOrgan );
+        //noinspection unchecked
+        when( organInfoService.findByUberonIdIn( anyCollectionOf( String.class ) ) )
+                .thenAnswer( a -> ( (Collection<String>) a.getArgumentAt( 0, Collection.class ) ).stream()
+                        .map( id -> createOrgan( id, null, null ) )
+                        .collect( Collectors.toSet() ) );
+        Set<String> organUberonIds = Sets.newSet( "UBERON:00001", "UBERON:00002" );
+        user = userService.updateUserProfileAndPublicationsAndOrgans( user, user.getProfile(), null, organUberonIds, Locale.getDefault() );
+        verify( organInfoService ).findByUberonIdIn( organUberonIds );
+        assertThat( user.getUserOrgans().values() )
+                .extracting( "uberonId" )
+                .containsExactlyInAnyOrder( "UBERON:00001", "UBERON:00002" );
     }
 
     @Test
     public void updateUserProfileAndPublication_whenOrgansIsNotEnabled_thenIgnoreOrgans() {
-        when( applicationSettings.getOrgans().getEnabled() ).thenReturn( true );
+        when( applicationSettings.getOrgans().getEnabled() ).thenReturn( false );
         User user = createUser( 1 );
-        userService.updateUserProfileAndPublicationsAndOrgans( user, user.getProfile(), null, null, Locale.getDefault() );
+        Set<String> organUberonIds = Sets.newSet( "UBERON:00001", "UBERON:00002" );
+        user = userService.updateUserProfileAndPublicationsAndOrgans( user, user.getProfile(), null, organUberonIds, Locale.getDefault() );
+        verifyZeroInteractions( organInfoService );
+        assertThat( user.getUserOrgans() ).isEmpty();
     }
 
     @Test
@@ -683,7 +694,7 @@ public void updateUserProfileAndPublicationsAndOrgans_whenResearcherCategoriesAr
     }
 
     @Test
-    public void createPasswordResetTokenForUser_hasCorrectExpiration() throws MessagingException {
+    public void createPasswordResetTokenForUser_hasCorrectExpiration() {
         User user = createUser( 1 );
         PasswordResetToken passwordResetToken = userService.createPasswordResetTokenForUser( user, Locale.getDefault() );
 

From e6ebf097a6ac2236610a79733a2265f63bb45b24 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 14:38:55 -0800
Subject: [PATCH 10/36] Handle AccessDeniedException in search views (fix #142)

Unfortunately, Spring does not support handlers for specific methods, so
we had to split all the search templates from the search views. In a
sense, it's a good thing as it provides a better code organization.
---
 .../rdp/controllers/SearchController.java     | 285 +--------------
 .../rdp/controllers/SearchViewController.java | 346 ++++++++++++++++++
 .../rdp/controllers/SearchControllerTest.java |  30 +-
 3 files changed, 377 insertions(+), 284 deletions(-)
 create mode 100644 src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
index 35f447d6..9f177922 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.MessageSource;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -13,10 +14,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
@@ -101,37 +99,6 @@ public ModelAndView searchUsersByName( @RequestParam String nameLike,
         return modelAndView;
     }
 
-    @PreAuthorize("hasPermission(null, 'search')")
-    @GetMapping(value = "/search/view", params = { "nameLike" })
-    public ModelAndView searchUsersByNameView( @RequestParam String nameLike,
-                                               @RequestParam Boolean prefix,
-                                               @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                               @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                               @RequestParam(required = false) Set<String> organUberonIds ) {
-        Collection<User> users;
-        if ( prefix ) {
-            users = userService.findByStartsName( nameLike, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) );
-        } else {
-            users = userService.findByLikeName( nameLike, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) );
-        }
-        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
-        modelAndView.addObject( "users", users );
-        return modelAndView;
-    }
-
-    @PreAuthorize("hasPermission(null, 'international-search')")
-    @GetMapping(value = "/search/view/international", params = { "nameLike" })
-    public ModelAndView searchItlUsersByNameView( @RequestParam String nameLike,
-                                                  @RequestParam Boolean prefix,
-                                                  @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                                  @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                                  @RequestParam(required = false) Set<String> organUberonIds ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
-        modelAndView.addObject( "users", remoteResourceService.findUsersByLikeName( nameLike, prefix, researcherPositions, researcherCategories, organUberonIds ) );
-        modelAndView.addObject( "remote", Boolean.TRUE );
-        return modelAndView;
-    }
-
     @PreAuthorize("hasPermission(null, #iSearch ? 'international-search' : 'search')")
     @GetMapping(value = "/search", params = { "descriptionLike" })
     public ModelAndView searchUsersByDescription( @RequestParam String descriptionLike,
@@ -154,29 +121,6 @@ public ModelAndView searchUsersByDescription( @RequestParam String descriptionLi
         return modelAndView;
     }
 
-    @PreAuthorize("hasPermission(null, 'search')")
-    @GetMapping(value = "/search/view", params = { "descriptionLike" })
-    public ModelAndView searchUsersByDescriptionView( @RequestParam String descriptionLike,
-                                                      @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                                      @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                                      @RequestParam(required = false) Set<String> organUberonIds ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
-        modelAndView.addObject( "users", userService.findByDescription( descriptionLike, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) ) );
-        return modelAndView;
-    }
-
-    @PreAuthorize("hasPermission(null, 'international-search')")
-    @GetMapping(value = "/search/view/international", params = { "descriptionLike" })
-    public ModelAndView searchItlUsersByDescriptionView( @RequestParam String descriptionLike,
-                                                         @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                                         @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                                         @RequestParam(required = false) Set<String> organUberonIds ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
-        modelAndView.addObject( "users", remoteResourceService.findUsersByDescription( descriptionLike, researcherPositions, researcherCategories, organUberonIds ) );
-        modelAndView.addObject( "remote", Boolean.TRUE );
-        return modelAndView;
-    }
-
     @PreAuthorize("hasPermission(null, 'search')")
     @GetMapping(value = "/search", params = { "symbol", "taxonId" })
     public ModelAndView searchUsersByGene( @RequestParam String symbol,
@@ -249,230 +193,6 @@ public ModelAndView searchUsersByGene( @RequestParam String symbol,
         return modelAndView;
     }
 
-    @PreAuthorize("hasPermission(null, 'search')")
-    @GetMapping(value = "/search/view")
-    public ModelAndView searchUsersByGeneView( @RequestParam String symbol,
-                                               @RequestParam Integer taxonId,
-                                               @RequestParam(required = false) Set<TierType> tiers,
-                                               @RequestParam(required = false) Integer orthologTaxonId,
-                                               @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                               @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                               @RequestParam(required = false) Set<String> organUberonIds,
-                                               Locale locale ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::usergenes-table" );
-
-        if ( tiers == null ) {
-            tiers = TierType.ANY;
-        }
-
-        // Only look for orthologs when taxon is human
-        if ( taxonId != 9606 ) {
-            orthologTaxonId = null;
-        }
-
-        Taxon taxon = taxonService.findById( taxonId );
-
-        if ( taxon == null ) {
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage",
-                    messageSource.getMessage( "SearchController.errorNoTaxon", new String[]{ taxonId.toString() }, locale ) );
-            return modelAndView;
-        }
-
-        GeneInfo gene = geneInfoService.findBySymbolAndTaxon( symbol, taxon );
-
-        if ( gene == null ) {
-            modelAndView.setStatus( HttpStatus.NOT_FOUND );
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage",
-                    messageSource.getMessage( "SearchController.errorNoGene", new String[]{ symbol, taxon.getScientificName() }, locale ) );
-            return modelAndView;
-        }
-
-        Taxon orthologTaxon = orthologTaxonId == null ? null : taxonService.findById( orthologTaxonId );
-        if ( orthologTaxonId != null && orthologTaxon == null ) {
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage", messageSource.getMessage( "SearchController.errorNoOrthologTaxonId", new String[]{ orthologTaxonId.toString() }, locale ) );
-            return modelAndView;
-        }
-
-        Collection<GeneInfo> orthologs = gene.getOrthologs().stream()
-                .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
-                .collect( Collectors.toSet() );
-
-        // Check if there is an ortholog request for a different taxon than the original gene
-        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage",
-                    messageSource.getMessage( "SearchController.errorNoOrthologs", new String[]{ symbol, orthologTaxon.getScientificName() }, locale ) );
-            return modelAndView;
-        }
-
-        modelAndView.addObject( "usergenes", userGeneService.handleGeneSearch( gene, tiers, orthologTaxon, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) ) );
-
-        return modelAndView;
-    }
-
-    @PreAuthorize("hasPermission(null, 'search')")
-    @GetMapping(value = "/search/view/orthologs")
-    public ModelAndView searchOrthologsForGene( @RequestParam String symbol,
-                                                @RequestParam Integer taxonId,
-                                                @RequestParam(required = false) Set<TierType> tiers,
-                                                @RequestParam(required = false) Integer orthologTaxonId,
-                                                @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                                @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                                @RequestParam(required = false) Set<String> organUberonIds,
-                                                Locale locale ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/ortholog-table::ortholog-table" );
-
-        // Only look for orthologs when taxon is human
-        if ( taxonId != 9606 ) {
-            orthologTaxonId = null;
-        }
-
-        if ( tiers == null ) {
-            tiers = TierType.ANY;
-        }
-
-        Taxon taxon = taxonService.findById( taxonId );
-        if ( taxon == null ) {
-            modelAndView.setStatus( HttpStatus.BAD_REQUEST );
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage",
-                    messageSource.getMessage( "SearchController.errorNoTaxon", new String[]{ taxonId.toString() }, locale ) );
-            return modelAndView;
-        }
-
-        GeneInfo gene = geneInfoService.findBySymbolAndTaxon( symbol, taxon );
-
-        if ( gene == null ) {
-            modelAndView.setStatus( HttpStatus.NOT_FOUND );
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage",
-                    messageSource.getMessage( "SearchController.errorNoGene", new String[]{ symbol, taxon.getScientificName() }, locale ) );
-            return modelAndView;
-        }
-
-        Taxon orthologTaxon = orthologTaxonId == null ? null : taxonService.findById( orthologTaxonId );
-        Collection<GeneInfo> orthologs = gene.getOrthologs().stream()
-                .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
-                .collect( Collectors.toSet() );
-
-        // Check if there is an ortholog request for a different taxon than the original gene
-        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
-            modelAndView.setStatus( HttpStatus.BAD_REQUEST );
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage",
-                    messageSource.getMessage( "SearchController.errorNoOrthologs", new String[]{ symbol, orthologTaxon.getScientificName() }, locale ) );
-            return modelAndView;
-        }
-
-        SortedMap<Taxon, Set<GeneInfo>> orthologMap = orthologs.stream()
-                .collect( Collectors.groupingBy( GeneInfo::getTaxon, TreeMap::new, Collectors.toSet() ) );
-
-        modelAndView.addObject( "orthologs", orthologMap );
-
-        return modelAndView;
-    }
-
-    @PreAuthorize("hasPermission(null, 'international-search')")
-    @GetMapping(value = "/search/view/international", params = { "symbol", "taxonId", "orthologTaxonId" })
-    public ModelAndView searchItlUsersByGeneView( @RequestParam String symbol,
-                                                  @RequestParam Integer taxonId,
-                                                  @RequestParam(required = false) Set<TierType> tiers,
-                                                  @RequestParam(required = false) Integer orthologTaxonId,
-                                                  @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
-                                                  @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
-                                                  @RequestParam(required = false) Set<String> organUberonIds ) {
-        // Only look for orthologs when taxon is human
-        if ( taxonId != 9606 ) {
-            orthologTaxonId = null;
-        }
-
-        if ( tiers == null ) {
-            tiers = TierType.ANY;
-        }
-
-        Taxon taxon = taxonService.findById( taxonId );
-        Collection<UserGene> userGenes = remoteResourceService.findGenesBySymbol( symbol, taxon, tiers, orthologTaxonId, researcherPositions, researcherCategories, organUberonIds );
-
-        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::usergenes-table" );
-        modelAndView.addObject( "usergenes", userGenes );
-        modelAndView.addObject( "remote", Boolean.TRUE );
-
-        return modelAndView;
-    }
-
-    @GetMapping(value = "/search/view/user-preview/{userId}")
-    public ModelAndView previewUser( @PathVariable Integer userId,
-                                     @RequestParam(required = false) String remoteHost ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/profile::user-preview" );
-
-        User user;
-        if ( remoteHost != null ) {
-            try {
-                user = remoteResourceService.getRemoteUser( userId, URI.create( remoteHost ) );
-            } catch ( RemoteException e ) {
-                log.error( "Could not retrieve user {0} from {1}.", e );
-                modelAndView.setStatus( HttpStatus.INTERNAL_SERVER_ERROR );
-                modelAndView.setViewName( "fragments/error::message" );
-                modelAndView.addObject( "errorMessage", "Error querying remote user." );
-                return modelAndView;
-            }
-        } else {
-            user = userService.findUserById( userId );
-        }
-        if ( user == null ) {
-            modelAndView.setStatus( HttpStatus.NOT_FOUND );
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage", "Could not find user by given identifier." );
-        } else if ( userPreviewIsEmpty( user ) ) {
-            modelAndView.setStatus( HttpStatus.NO_CONTENT );
-            modelAndView.addObject( "user", user );
-        } else {
-            modelAndView.addObject( "user", user );
-        }
-        return modelAndView;
-    }
-
-    @GetMapping(value = "/search/view/user-preview/by-anonymous-id/{anonymousId}")
-    public ModelAndView previewAnonymousUser( @PathVariable UUID anonymousId,
-                                              @RequestParam(required = false) String remoteHost ) {
-        ModelAndView modelAndView = new ModelAndView( "fragments/profile::user-preview" );
-        User user;
-        if ( remoteHost != null ) {
-            URI remoteHostUri = URI.create( remoteHost );
-            try {
-                user = remoteResourceService.getAnonymizedUser( anonymousId, remoteHostUri );
-            } catch ( RemoteException e ) {
-                log.error( MessageFormat.format( "Failed to retrieve anonymized user {} from {}.", anonymousId, remoteHostUri.getAuthority() ), e );
-                modelAndView.setStatus( HttpStatus.INTERNAL_SERVER_ERROR );
-                modelAndView.setViewName( "fragments/error::message" );
-                modelAndView.addObject( "errorMessage", "Error querying remote anonymous user." );
-                return modelAndView;
-            }
-        } else {
-            user = userService.anonymizeUser( userService.findUserByAnonymousIdNoAuth( anonymousId ) );
-        }
-        if ( user == null ) {
-            modelAndView.setStatus( HttpStatus.NOT_FOUND );
-            modelAndView.setViewName( "fragments/error::message" );
-            modelAndView.addObject( "errorMessage", "Could not find user by given identifier." );
-        } else if ( userPreviewIsEmpty( user ) ) {
-            modelAndView.setStatus( HttpStatus.NO_CONTENT );
-            modelAndView.addObject( "user", user );
-        } else {
-            modelAndView.addObject( "user", user );
-        }
-        return modelAndView;
-    }
-
-    private boolean userPreviewIsEmpty( User user ) {
-        return ( user.getProfile().getDescription() == null || user.getProfile().getDescription().isEmpty() ) &&
-                user.getProfile().getResearcherCategories().isEmpty() &&
-                user.getUserOrgans().isEmpty();
-    }
-
     @GetMapping(value = "/userView/{userId}")
     public ModelAndView viewUser( @PathVariable Integer userId,
                                   @RequestParam(required = false) String remoteHost ) {
@@ -564,5 +284,4 @@ public ModelAndView requestGeneAccess( @PathVariable UUID anonymousId,
     private Collection<UserOrgan> organsFromUberonIds( Set<String> organUberonIds ) {
         return organUberonIds == null ? null : userOrganService.findByUberonIdIn( organUberonIds );
     }
-
 }
diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
new file mode 100644
index 00000000..70aba4bb
--- /dev/null
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
@@ -0,0 +1,346 @@
+package ubc.pavlab.rdp.controllers;
+
+import lombok.extern.apachecommons.CommonsLog;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.MessageSource;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+import ubc.pavlab.rdp.exception.RemoteException;
+import ubc.pavlab.rdp.model.*;
+import ubc.pavlab.rdp.model.enums.ResearcherCategory;
+import ubc.pavlab.rdp.model.enums.ResearcherPosition;
+import ubc.pavlab.rdp.model.enums.TierType;
+import ubc.pavlab.rdp.services.*;
+
+import java.net.URI;
+import java.text.MessageFormat;
+import java.util.*;
+import java.util.stream.Collectors;
+
+@Controller
+@CommonsLog
+public class SearchViewController {
+
+    @Autowired
+    private MessageSource messageSource;
+
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private TaxonService taxonService;
+
+    @Autowired
+    private UserGeneService userGeneService;
+
+    @Autowired
+    private UserOrganService userOrganService;
+
+    @Autowired
+    private RemoteResourceService remoteResourceService;
+
+    @Autowired
+    private GeneInfoService geneInfoService;
+
+    @ExceptionHandler({ AccessDeniedException.class })
+    public ModelAndView handleAccessDeniedForViewTemplates( AccessDeniedException exception ) {
+        ModelAndView modelAndView = new ModelAndView();
+        modelAndView.setStatus( HttpStatus.UNAUTHORIZED );
+        modelAndView.setViewName( "fragments/error::message" );
+        modelAndView.addObject( "errorMessage", exception.getMessage() );
+        return modelAndView;
+    }
+
+    @PreAuthorize("hasPermission(null, 'international-search')")
+    @GetMapping(value = "/search/view/international", params = { "nameLike" })
+    public ModelAndView searchItlUsersByNameView( @RequestParam String nameLike,
+                                                  @RequestParam Boolean prefix,
+                                                  @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                                  @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                                  @RequestParam(required = false) Set<String> organUberonIds ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
+        modelAndView.addObject( "users", remoteResourceService.findUsersByLikeName( nameLike, prefix, researcherPositions, researcherCategories, organUberonIds ) );
+        modelAndView.addObject( "remote", Boolean.TRUE );
+        return modelAndView;
+    }
+
+    @PreAuthorize("hasPermission(null, 'search')")
+    @GetMapping(value = "/search/view", params = { "nameLike" })
+    public ModelAndView searchUsersByNameView( @RequestParam String nameLike,
+                                               @RequestParam Boolean prefix,
+                                               @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                               @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                               @RequestParam(required = false) Set<String> organUberonIds ) {
+        Collection<User> users;
+        if ( prefix ) {
+            users = userService.findByStartsName( nameLike, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) );
+        } else {
+            users = userService.findByLikeName( nameLike, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) );
+        }
+        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
+        modelAndView.addObject( "users", users );
+        return modelAndView;
+    }
+
+    @PreAuthorize("hasPermission(null, 'search')")
+    @GetMapping(value = "/search/view", params = { "descriptionLike" })
+    public ModelAndView searchUsersByDescriptionView( @RequestParam String descriptionLike,
+                                                      @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                                      @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                                      @RequestParam(required = false) Set<String> organUberonIds ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
+        modelAndView.addObject( "users", userService.findByDescription( descriptionLike, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) ) );
+        return modelAndView;
+    }
+
+    @PreAuthorize("hasPermission(null, 'search')")
+    @GetMapping(value = "/search/view")
+    public ModelAndView searchUsersByGeneView( @RequestParam String symbol,
+                                               @RequestParam Integer taxonId,
+                                               @RequestParam(required = false) Set<TierType> tiers,
+                                               @RequestParam(required = false) Integer orthologTaxonId,
+                                               @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                               @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                               @RequestParam(required = false) Set<String> organUberonIds,
+                                               Locale locale ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::usergenes-table" );
+
+        if ( tiers == null ) {
+            tiers = TierType.ANY;
+        }
+
+        // Only look for orthologs when taxon is human
+        if ( taxonId != 9606 ) {
+            orthologTaxonId = null;
+        }
+
+        Taxon taxon = taxonService.findById( taxonId );
+
+        if ( taxon == null ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage",
+                    messageSource.getMessage( "SearchController.errorNoTaxon", new String[]{ taxonId.toString() }, locale ) );
+            return modelAndView;
+        }
+
+        GeneInfo gene = geneInfoService.findBySymbolAndTaxon( symbol, taxon );
+
+        if ( gene == null ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage",
+                    messageSource.getMessage( "SearchController.errorNoGene", new String[]{ symbol, taxon.getScientificName() }, locale ) );
+            return modelAndView;
+        }
+
+        Taxon orthologTaxon = orthologTaxonId == null ? null : taxonService.findById( orthologTaxonId );
+        if ( orthologTaxonId != null && orthologTaxon == null ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage", messageSource.getMessage( "SearchController.errorNoOrthologTaxonId", new String[]{ orthologTaxonId.toString() }, locale ) );
+            return modelAndView;
+        }
+
+        Collection<GeneInfo> orthologs = gene.getOrthologs().stream()
+                .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
+                .collect( Collectors.toSet() );
+
+        // Check if there is an ortholog request for a different taxon than the original gene
+        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage",
+                    messageSource.getMessage( "SearchController.errorNoOrthologs", new String[]{ symbol, orthologTaxon.getScientificName() }, locale ) );
+            return modelAndView;
+        }
+
+        modelAndView.addObject( "usergenes", userGeneService.handleGeneSearch( gene, tiers, orthologTaxon, researcherPositions, researcherCategories, organsFromUberonIds( organUberonIds ) ) );
+
+        return modelAndView;
+    }
+
+    @PreAuthorize("hasPermission(null, 'search')")
+    @GetMapping(value = "/search/view/orthologs")
+    public ModelAndView searchOrthologsForGene( @RequestParam String symbol,
+                                                @RequestParam Integer taxonId,
+                                                @RequestParam(required = false) Set<TierType> tiers,
+                                                @RequestParam(required = false) Integer orthologTaxonId,
+                                                @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                                @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                                @RequestParam(required = false) Set<String> organUberonIds,
+                                                Locale locale ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/ortholog-table::ortholog-table" );
+
+        // Only look for orthologs when taxon is human
+        if ( taxonId != 9606 ) {
+            orthologTaxonId = null;
+        }
+
+        if ( tiers == null ) {
+            tiers = TierType.ANY;
+        }
+
+        Taxon taxon = taxonService.findById( taxonId );
+        if ( taxon == null ) {
+            modelAndView.setStatus( HttpStatus.BAD_REQUEST );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage",
+                    messageSource.getMessage( "SearchController.errorNoTaxon", new String[]{ taxonId.toString() }, locale ) );
+            return modelAndView;
+        }
+
+        GeneInfo gene = geneInfoService.findBySymbolAndTaxon( symbol, taxon );
+
+        if ( gene == null ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage",
+                    messageSource.getMessage( "SearchController.errorNoGene", new String[]{ symbol, taxon.getScientificName() }, locale ) );
+            return modelAndView;
+        }
+
+        Taxon orthologTaxon = orthologTaxonId == null ? null : taxonService.findById( orthologTaxonId );
+        Collection<GeneInfo> orthologs = gene.getOrthologs().stream()
+                .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
+                .collect( Collectors.toSet() );
+
+        // Check if there is an ortholog request for a different taxon than the original gene
+        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
+            modelAndView.setStatus( HttpStatus.BAD_REQUEST );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage",
+                    messageSource.getMessage( "SearchController.errorNoOrthologs", new String[]{ symbol, orthologTaxon.getScientificName() }, locale ) );
+            return modelAndView;
+        }
+
+        SortedMap<Taxon, Set<GeneInfo>> orthologMap = orthologs.stream()
+                .collect( Collectors.groupingBy( GeneInfo::getTaxon, TreeMap::new, Collectors.toSet() ) );
+
+        modelAndView.addObject( "orthologs", orthologMap );
+
+        return modelAndView;
+    }
+
+    @PreAuthorize("hasPermission(null, 'international-search')")
+    @GetMapping(value = "/search/view/international", params = { "descriptionLike" })
+    public ModelAndView searchItlUsersByDescriptionView( @RequestParam String descriptionLike,
+                                                         @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                                         @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                                         @RequestParam(required = false) Set<String> organUberonIds ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::user-table" );
+        modelAndView.addObject( "users", remoteResourceService.findUsersByDescription( descriptionLike, researcherPositions, researcherCategories, organUberonIds ) );
+        modelAndView.addObject( "remote", Boolean.TRUE );
+        return modelAndView;
+    }
+
+
+    @PreAuthorize("hasPermission(null, 'international-search')")
+    @GetMapping(value = "/search/view/international", params = { "symbol", "taxonId", "orthologTaxonId" })
+    public ModelAndView searchItlUsersByGeneView( @RequestParam String symbol,
+                                                  @RequestParam Integer taxonId,
+                                                  @RequestParam(required = false) Set<TierType> tiers,
+                                                  @RequestParam(required = false) Integer orthologTaxonId,
+                                                  @RequestParam(required = false) Set<ResearcherPosition> researcherPositions,
+                                                  @RequestParam(required = false) Set<ResearcherCategory> researcherCategories,
+                                                  @RequestParam(required = false) Set<String> organUberonIds ) {
+        // Only look for orthologs when taxon is human
+        if ( taxonId != 9606 ) {
+            orthologTaxonId = null;
+        }
+
+        if ( tiers == null ) {
+            tiers = TierType.ANY;
+        }
+
+        Taxon taxon = taxonService.findById( taxonId );
+        Collection<UserGene> userGenes = remoteResourceService.findGenesBySymbol( symbol, taxon, tiers, orthologTaxonId, researcherPositions, researcherCategories, organUberonIds );
+
+        ModelAndView modelAndView = new ModelAndView( "fragments/user-table::usergenes-table" );
+        modelAndView.addObject( "usergenes", userGenes );
+        modelAndView.addObject( "remote", Boolean.TRUE );
+
+        return modelAndView;
+    }
+
+    @GetMapping(value = "/search/view/user-preview/{userId}")
+    public ModelAndView previewUser( @PathVariable Integer userId,
+                                     @RequestParam(required = false) String remoteHost ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/profile::user-preview" );
+
+        User user;
+        if ( remoteHost != null ) {
+            try {
+                user = remoteResourceService.getRemoteUser( userId, URI.create( remoteHost ) );
+            } catch ( RemoteException e ) {
+                log.error( "Could not retrieve user {0} from {1}.", e );
+                modelAndView.setStatus( HttpStatus.INTERNAL_SERVER_ERROR );
+                modelAndView.setViewName( "fragments/error::message" );
+                modelAndView.addObject( "errorMessage", "Error querying remote user." );
+                return modelAndView;
+            }
+        } else {
+            user = userService.findUserById( userId );
+        }
+        if ( user == null ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage", "Could not find user by given identifier." );
+        } else if ( userPreviewIsEmpty( user ) ) {
+            modelAndView.setStatus( HttpStatus.NO_CONTENT );
+            modelAndView.addObject( "user", user );
+        } else {
+            modelAndView.addObject( "user", user );
+        }
+        return modelAndView;
+    }
+
+    @GetMapping(value = "/search/view/user-preview/by-anonymous-id/{anonymousId}")
+    public ModelAndView previewAnonymousUser( @PathVariable UUID anonymousId,
+                                              @RequestParam(required = false) String remoteHost ) {
+        ModelAndView modelAndView = new ModelAndView( "fragments/profile::user-preview" );
+        User user;
+        if ( remoteHost != null ) {
+            URI remoteHostUri = URI.create( remoteHost );
+            try {
+                user = remoteResourceService.getAnonymizedUser( anonymousId, remoteHostUri );
+            } catch ( RemoteException e ) {
+                log.error( MessageFormat.format( "Failed to retrieve anonymized user {} from {}.", anonymousId, remoteHostUri.getAuthority() ), e );
+                modelAndView.setStatus( HttpStatus.INTERNAL_SERVER_ERROR );
+                modelAndView.setViewName( "fragments/error::message" );
+                modelAndView.addObject( "errorMessage", "Error querying remote anonymous user." );
+                return modelAndView;
+            }
+        } else {
+            user = userService.anonymizeUser( userService.findUserByAnonymousIdNoAuth( anonymousId ) );
+        }
+        if ( user == null ) {
+            modelAndView.setStatus( HttpStatus.NOT_FOUND );
+            modelAndView.setViewName( "fragments/error::message" );
+            modelAndView.addObject( "errorMessage", "Could not find user by given identifier." );
+        } else if ( userPreviewIsEmpty( user ) ) {
+            modelAndView.setStatus( HttpStatus.NO_CONTENT );
+            modelAndView.addObject( "user", user );
+        } else {
+            modelAndView.addObject( "user", user );
+        }
+        return modelAndView;
+    }
+
+    private boolean userPreviewIsEmpty( User user ) {
+        return ( user.getProfile().getDescription() == null || user.getProfile().getDescription().isEmpty() ) &&
+                user.getProfile().getResearcherCategories().isEmpty() &&
+                user.getUserOrgans().isEmpty();
+    }
+
+    private Collection<UserOrgan> organsFromUberonIds( Set<String> organUberonIds ) {
+        return organUberonIds == null ? null : userOrganService.findByUberonIdIn( organUberonIds );
+    }
+}
diff --git a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
index 40dedb69..fbe312c3 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
@@ -42,7 +42,7 @@
 import static ubc.pavlab.rdp.util.TestUtils.*;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest(SearchController.class)
+@WebMvcTest({ SearchController.class, SearchViewController.class })
 @Import(WebSecurityConfig.class)
 public class SearchControllerTest {
 
@@ -251,6 +251,34 @@ public void viewUser_whenRemoteIsUnavailable_thenReturnNotFound() throws Excepti
         verify( remoteResourceService ).getRemoteUser( 1, URI.create( "example.com" ) );
     }
 
+    @Test
+    public void searchUsersByNameView_thenReturnSuccess() throws Exception {
+        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
+        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
+        when( remoteResourceService.findUsersByLikeName( "Mark", true, null, null, null ) )
+                .thenReturn( Collections.singleton( remotify( user, User.class ) ) );
+        mvc.perform( get( "/search/view" )
+                        .param( "nameLike", "Mark" )
+                        .param( "prefix", "true" ) )
+                .andExpect( status().isOk() )
+                .andExpect( view().name( "fragments/user-table::user-table" ) );
+    }
+
+    @Test
+    public void searchUsersByNameView_whenSearchIsUnavailable_thenReturnUnauthorized() throws Exception {
+        // The frontend cannot handle 3xx redirection to the login page as that would return a full-fledged HTML
+        // document, so instead it must produce a 401 Not Authorized exception
+        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
+        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( false );
+        when( remoteResourceService.findUsersByLikeName( "Mark", true, null, null, null ) )
+                .thenReturn( Collections.singleton( remotify( user, User.class ) ) );
+        mvc.perform( get( "/search/view" )
+                        .param( "nameLike", "Mark" )
+                        .param( "prefix", "true" ) )
+                .andExpect( status().isUnauthorized() )
+                .andExpect( view().name( "fragments/error::message" ) );
+    }
+
     @Test
     public void searchItlUsersByNameView_thenReturnSuccess() throws Exception {
         User user = createRemoteUser( 1, URI.create( "http://example.com/" ) );

From c98c58cf87f12a5f39c70a3612a75ed8f09bd478 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Wed, 9 Feb 2022 15:59:12 -0800
Subject: [PATCH 11/36] Add @PreAuthorize for all routes in SearchController
 and SearchViewController

---
 .../ubc/pavlab/rdp/controllers/SearchController.java  | 11 +++++++----
 .../pavlab/rdp/controllers/SearchViewController.java  |  2 ++
 .../pavlab/rdp/controllers/SearchControllerTest.java  | 10 +++-------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
index 9f177922..b02e31d2 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
@@ -6,7 +6,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.MessageSource;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -14,7 +13,10 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
@@ -193,6 +195,7 @@ public ModelAndView searchUsersByGene( @RequestParam String symbol,
         return modelAndView;
     }
 
+    @PreAuthorize("hasPermission(null, #remoteHost == null ? 'search' : 'international-search')")
     @GetMapping(value = "/userView/{userId}")
     public ModelAndView viewUser( @PathVariable Integer userId,
                                   @RequestParam(required = false) String remoteHost ) {
@@ -230,7 +233,7 @@ private static class RequestAccessForm {
         private String reason;
     }
 
-    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
+    @PreAuthorize("hasPermission(null, 'search') and hasAnyRole('USER', 'ADMIN')")
     @GetMapping("/search/gene/by-anonymous-id/{anonymousId}/request-access")
     public Object requestGeneAccessView( @PathVariable UUID anonymousId,
                                          RedirectAttributes redirectAttributes ) {
@@ -255,7 +258,7 @@ public Object requestGeneAccessView( @PathVariable UUID anonymousId,
         return modelAndView;
     }
 
-    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
+    @PreAuthorize("hasPermission(null, 'search') and hasAnyRole('USER', 'ADMIN')")
     @PostMapping("/search/gene/by-anonymous-id/{anonymousId}/request-access")
     public ModelAndView requestGeneAccess( @PathVariable UUID anonymousId,
                                            @Valid RequestAccessForm requestAccessForm,
diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
index 70aba4bb..6acc4baa 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
@@ -270,6 +270,7 @@ public ModelAndView searchItlUsersByGeneView( @RequestParam String symbol,
         return modelAndView;
     }
 
+    @PreAuthorize("hasPermission(null, #remoteHost == null ? 'search' : 'international-search')")
     @GetMapping(value = "/search/view/user-preview/{userId}")
     public ModelAndView previewUser( @PathVariable Integer userId,
                                      @RequestParam(required = false) String remoteHost ) {
@@ -302,6 +303,7 @@ public ModelAndView previewUser( @PathVariable Integer userId,
         return modelAndView;
     }
 
+    @PreAuthorize("hasPermission(null, #remoteHost == null ? 'search' : 'international-search')")
     @GetMapping(value = "/search/view/user-preview/by-anonymous-id/{anonymousId}")
     public ModelAndView previewAnonymousUser( @PathVariable UUID anonymousId,
                                               @RequestParam(required = false) String remoteHost ) {
diff --git a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
index fbe312c3..08c8d5fb 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/SearchControllerTest.java
@@ -118,11 +118,12 @@ public void setUp() {
         when( profileSettings.getEnabledResearcherPositions() ).thenReturn( Lists.newArrayList( "PRINCIPAL_INVESTIGATOR" ) );
         when( applicationSettings.getOrgans() ).thenReturn( organSettings );
         when( applicationSettings.getIsearch() ).thenReturn( iSearchSettings );
+        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
+        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "international-search" ) ) ).thenReturn( true );
     }
 
     @Test
     public void getSearch_return200() throws Exception {
-        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
         mvc.perform( get( "/search" ) )
                 .andExpect( status().isOk() )
                 .andExpect( view().name( "search" ) );
@@ -138,7 +139,6 @@ public void getSearch_withoutPublicSearch_redirect3xx() throws Exception {
 
     @Test
     public void getSearch_ByNameLike_return200() throws Exception {
-        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
         mvc.perform( get( "/search" )
                         .param( "nameLike", "K" )
                         .param( "prefix", "true" )
@@ -150,7 +150,6 @@ public void getSearch_ByNameLike_return200() throws Exception {
 
     @Test
     public void getSearch_ByDescriptionLike_return200() throws Exception {
-        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
         mvc.perform( get( "/search" )
                         .param( "descriptionLike", "pancake" )
                         .param( "iSearch", "false" ) )
@@ -161,7 +160,6 @@ public void getSearch_ByDescriptionLike_return200() throws Exception {
 
     @Test
     public void getSearch_ByGeneSymbol_return200() throws Exception {
-        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
         Taxon humanTaxon = createTaxon( 9606 );
         GeneInfo gene = createGene( 1, humanTaxon );
         when( taxonService.findById( 9606 ) ).thenReturn( humanTaxon );
@@ -254,7 +252,6 @@ public void viewUser_whenRemoteIsUnavailable_thenReturnNotFound() throws Excepti
     @Test
     public void searchUsersByNameView_thenReturnSuccess() throws Exception {
         User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
-        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( true );
         when( remoteResourceService.findUsersByLikeName( "Mark", true, null, null, null ) )
                 .thenReturn( Collections.singleton( remotify( user, User.class ) ) );
         mvc.perform( get( "/search/view" )
@@ -268,8 +265,8 @@ public void searchUsersByNameView_thenReturnSuccess() throws Exception {
     public void searchUsersByNameView_whenSearchIsUnavailable_thenReturnUnauthorized() throws Exception {
         // The frontend cannot handle 3xx redirection to the login page as that would return a full-fledged HTML
         // document, so instead it must produce a 401 Not Authorized exception
-        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
         when( permissionEvaluator.hasPermission( any(), isNull(), eq( "search" ) ) ).thenReturn( false );
+        User user = createRemoteUser( 1, URI.create( "https://example.com/" ) );
         when( remoteResourceService.findUsersByLikeName( "Mark", true, null, null, null ) )
                 .thenReturn( Collections.singleton( remotify( user, User.class ) ) );
         mvc.perform( get( "/search/view" )
@@ -282,7 +279,6 @@ public void searchUsersByNameView_whenSearchIsUnavailable_thenReturnUnauthorized
     @Test
     public void searchItlUsersByNameView_thenReturnSuccess() throws Exception {
         User user = createRemoteUser( 1, URI.create( "http://example.com/" ) );
-        when( permissionEvaluator.hasPermission( any(), isNull(), eq( "international-search" ) ) ).thenReturn( true );
         when( remoteResourceService.findUsersByLikeName( "Mark", true, null, null, null ) )
                 .thenReturn( Collections.singleton( remotify( user, User.class ) ) );
         mvc.perform( get( "/search/view/international" )

From 09e500e3d8b630259a3ebccbe31120c1a07d013f Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 11:18:17 -0800
Subject: [PATCH 12/36] Add problematic URL when partner fails to produce a
 successful response

---
 .../rdp/services/RemoteResourceServiceImpl.java      | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
index 92b05842..3a6c2e15 100644
--- a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
@@ -4,6 +4,7 @@
 import lombok.Builder;
 import lombok.Data;
 import lombok.extern.apachecommons.CommonsLog;
+import org.apache.commons.lang3.tuple.Pair;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.http.ResponseEntity;
@@ -191,14 +192,15 @@ private <T> Collection<T> getRemoteEntities( Class<T[]> arrCls, String path, Mul
                             .path( path )
                             .replaceQueryParams( apiParams )
                             .build().toUri();
-                } ).map( uri -> asyncRestTemplate.getForEntity( uri, arrCls ) )
+                } )
+                .map( uri -> Pair.of( uri, asyncRestTemplate.getForEntity( uri, arrCls ) ) )
                 // it's important to collect, otherwise the future will be created and joined on-by-one, defeating the purpose of using them
-                .collect( Collectors.toList() ).stream().map( future -> {
+                .collect( Collectors.toList() ).stream()
+                .map( uriAndFuture -> {
                     try {
-                        return future.get( applicationSettings.getIsearch().getRequestTimeout(), TimeUnit.SECONDS );
+                        return uriAndFuture.getRight().get( applicationSettings.getIsearch().getRequestTimeout(), TimeUnit.SECONDS );
                     } catch ( InterruptedException | ExecutionException | TimeoutException e ) {
-                        // TODO: indicate the origin of the unsuccessful response
-                        log.error( "Unsuccessful response received.", e );
+                        log.error( MessageFormat.format( "Unsuccessful response received for {0}.", uriAndFuture.getLeft() ), e );
                         return null;
                     }
                 } )

From a28ebef002fc08a8b581bec2744e0c7a37d6715c Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 11:22:11 -0800
Subject: [PATCH 13/36] Subject all public methods of RemoteResourceService to
 the international-search permission

Include missing getApiVersion() and findUsersByLikeName() from the
permission's purview.
---
 .../ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java   | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
index 3a6c2e15..49301d48 100644
--- a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
@@ -38,6 +38,7 @@
 
 @Service("RemoteResourceService")
 @CommonsLog
+@PreAuthorize("hasPermission(null, 'international-search')")
 public class RemoteResourceServiceImpl implements RemoteResourceService {
 
     private static final String API_URI = "/api";
@@ -97,7 +98,6 @@ public Collection<User> findUsersByLikeName( String nameLike, Boolean prefix, Se
     }
 
     @Override
-    @PreAuthorize("hasPermission(null, 'international-search')")
     public Collection<User> findUsersByDescription( String descriptionLike, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<String> organUberonIds ) {
         MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
         params.add( "descriptionLike", descriptionLike );
@@ -110,7 +110,6 @@ public Collection<User> findUsersByDescription( String descriptionLike, Set<Rese
     }
 
     @Override
-    @PreAuthorize("hasPermission(null, 'international-search')")
     public Collection<UserGene> findGenesBySymbol( String symbol, Taxon taxon, Set<TierType> tiers, Integer orthologTaxonId, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherCategories, Set<String> organUberonIds ) {
         List<UserGene> intlUsergenes = new LinkedList<>();
         for ( TierType tier : restrictTiers( tiers ) ) {
@@ -132,7 +131,6 @@ public Collection<UserGene> findGenesBySymbol( String symbol, Taxon taxon, Set<T
     }
 
     @Override
-    @PreAuthorize("hasPermission(null, 'international-search')")
     public User getRemoteUser( Integer userId, URI remoteHost ) throws RemoteException {
         // Ensure that the remoteHost is one of our known APIs by comparing the URI authority component and always use
         // the URI defined in the configuration
@@ -150,7 +148,6 @@ public User getRemoteUser( Integer userId, URI remoteHost ) throws RemoteExcepti
     }
 
     @Override
-    @PreAuthorize("hasPermission(null, 'international-search')")
     public User getAnonymizedUser( UUID anonymousId, URI remoteHost ) throws RemoteException {
         URI authority = getApiUri( remoteHost );
 

From afda9765f5ba821e6a0b799881db8ab7d95c0e17 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 11:29:34 -0800
Subject: [PATCH 14/36] api: Add AccessDeniedException to the list of exception
 producing a 401 Unauthorized

Similarly to the SearchViewController fix we introduced earlier, this
produces a suitable error response for the API.
---
 .../ubc/pavlab/rdp/controllers/ApiController.java     |  9 ++++++---
 .../ubc/pavlab/rdp/controllers/ApiControllerTest.java | 11 +++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 66ba2832..0407ff64 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -8,6 +8,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -60,9 +61,11 @@ public class ApiController {
     @Autowired
     private PermissionEvaluator permissionEvaluator;
 
-    @ExceptionHandler({ AuthenticationException.class })
-    public ResponseEntity<?> handleAuthenticationException() {
-        return ResponseEntity.status( HttpStatus.UNAUTHORIZED ).build();
+    @ExceptionHandler({ AuthenticationException.class, AccessDeniedException.class })
+    public ResponseEntity<?> handleAuthenticationExceptionAndAccessDeniedException( Exception e ) {
+        return ResponseEntity.status( HttpStatus.UNAUTHORIZED )
+                .contentType( MediaType.TEXT_PLAIN )
+                .body( e.getMessage() );
     }
 
     @ExceptionHandler({ ApiException.class })
diff --git a/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
index cf9c8be3..c135baad 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
@@ -10,6 +10,7 @@
 import org.springframework.context.MessageSource;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.test.context.junit4.SpringRunner;
@@ -91,6 +92,16 @@ public void accessUnmappedRoute_thenReturn404() throws Exception {
                 .andExpect( content().contentType( MediaType.TEXT_PLAIN ) );
     }
 
+    @Test
+    public void accessWithoutProperRole_thenReturn401() throws Exception {
+        when( userService.countResearchers() )
+                .thenThrow( AccessDeniedException.class );
+        mvc.perform( get( "/api/stats" ) )
+                .andExpect( status().isUnauthorized() )
+                .andExpect( content().contentType( MediaType.TEXT_PLAIN ) );
+        verify( userService ).countResearchers();
+    }
+
     @Test
     public void searchGenes_withSearchDisabled_thenReturnServiceUnavailable() throws Exception {
         when( iSearchSettings.isEnabled() ).thenReturn( false );

From 5f3eb7067d681fd1942b696a3305e07cbc2d032a Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 11:35:22 -0800
Subject: [PATCH 15/36] api: Simplify check for no orthologs found

---
 .../java/ubc/pavlab/rdp/controllers/ApiController.java     | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 0407ff64..9e2da921 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -233,11 +233,8 @@ public Object searchUsersByGeneSymbol( @RequestParam String symbol,
                 .filter( g -> orthologTaxon == null || g.getTaxon().equals( orthologTaxon ) )
                 .collect( Collectors.toSet() );
 
-        if (
-            // Check if there is a ortholog request for a different taxon than the original gene
-                ( orthologTaxonId != null && !orthologTaxonId.equals( gene.getTaxon().getId() ) )
-                        // Check if we got some ortholog results
-                        && ( orthologs == null || orthologs.isEmpty() ) ) {
+        // Check if there is an ortholog request for a different taxon than the original gene
+        if ( orthologTaxon != null && !orthologTaxon.equals( gene.getTaxon() ) && orthologs.isEmpty() ) {
             return new ResponseEntity<>( messageSource.getMessage( "ApiController.noOrthologsWithGivenParameters", null, locale ), null, HttpStatus.NOT_FOUND );
         }
 

From 6a0b5ffb7cdefa759b4086a2f78d8de9691afeb4 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 12:07:03 -0800
Subject: [PATCH 16/36] Handle unmapped routes in /search/view with an error
 fragment

---
 .../rdp/controllers/SearchViewController.java  | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
index 6acc4baa..0c1115e8 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
@@ -7,10 +7,7 @@
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
 import ubc.pavlab.rdp.exception.RemoteException;
 import ubc.pavlab.rdp.model.*;
@@ -58,6 +55,19 @@ public ModelAndView handleAccessDeniedForViewTemplates( AccessDeniedException ex
         return modelAndView;
     }
 
+    /**
+     * Usually, we would have this handled by a 404 error page, but in the case of this endpoint, it will break the
+     * client expecting a partial HTML fragment.
+     */
+    @RequestMapping("/search/view/*")
+    public ModelAndView handleMissingRoute() {
+        ModelAndView modelAndView = new ModelAndView();
+        modelAndView.setStatus( HttpStatus.NOT_FOUND );
+        modelAndView.setViewName( "fragments/error::message" );
+        modelAndView.addObject( "errorMessage", "No endpoint found for your request URL." );
+        return modelAndView;
+    }
+
     @PreAuthorize("hasPermission(null, 'international-search')")
     @GetMapping(value = "/search/view/international", params = { "nameLike" })
     public ModelAndView searchItlUsersByNameView( @RequestParam String nameLike,

From 58b69421721c477ea5395569b0bc3dbb66505dd4 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 13:38:51 -0800
Subject: [PATCH 17/36] Use Apache Maven Wrapper

---
 .mvn/wrapper/maven-wrapper.jar        | Bin 50710 -> 58727 bytes
 .mvn/wrapper/maven-wrapper.properties |  18 +-
 mvnw                                  |  18 +-
 mvnw.cmd                              | 370 +++++++++++++-------------
 4 files changed, 217 insertions(+), 189 deletions(-)

diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
index 2cc7d4a55c0cd0092912bf49ae38b3a9e3fd0054..c1dd12f17644411d6e840bd5a10c6ecda0175f18 100644
GIT binary patch
literal 58727
zcmb5W18`>1vNjyPv28mO+cqb*Z6_1kwr$(?#I}=(ZGUs`Jr}3`|DLbDUA3!L?dtC8
zUiH*ktDo+@6r@4HP=SCTA%WmZqm^Ro`Ls)bfPkcdfq?#g1(Fq27W^S8Cq^$TC?_c<
zs-#ROD;6C)1wFuk7<3)nGuR^#!H;n&3*IjzXg+s8Z_S!!E0jUq(`}Itt=YdYa5Z_s
z&e>2={<tquqY|Q&M$yQz&aSE?d@&bVOqslrBoxDL$idl^f@^%z6I7dI!gPq5LakD1
z+10>87knpF*P<S*n6|z%hjbw`>KNzU;lsb<EF~R3UU`DY`$iqp5;L2KnmKv`rO9z}
zRmGwIqoi(o7A5-2D5j7?;cr~ff8zrB_qhIs@?Q_s-_d`?^}maO{S~uwG^79DC1Cy`
zVPJ1yWNz{=1d;w((8j>k#P(l^WBvb$yEz)z+nYH43pKodrDkMp@h?;n{;K}hl>Fb^
zqx}C0|D7kg|Cj~3f7hn_zkAE}|6t|cZT|S5Hvb#3nc~C14u5UI{6#F<|FkJ0svs&S
zA}S{=DXLT*BM1$`2rK%`D@vEw9l9%*=92X_2g?Fwfi=6Zfpr7+<~sgP#Bav+Df2ts
zwtu~70zhqV?mrzM)}r7mMS`Hk_)NrI5K%CTtQtDxqw5iv5F0!ksIon{qqpPVnU?ds
zN$|Vm{MHKEReUy>1kVfT-$3)<J~lP&huHj`V_jMxAjJRaql~1msGO4MmZp}|#t53v
zbM2~QiIN4NB%8$o=QzCnFr-@8LZsc6JTa84j<6L_H%3Po@%hM`+U;Lt?DnQATf!=N
zvDSEemwlZz40GGwD@s3+jePA=&Q+?*bAQO6<g)I(fBt$d^dak7*aUI=c)qg3({9cV
z`<ba$`}F>)J<sN3)LM(Z{k!{@Kg@OQwU1`x@R?Lsw}#G->s0p2W_LFy3cjjZ7za0R
zPdBH>y&pb0vr1|ckDpt2p$IQ<P%oBrHOkf8ync?hUjtUm_Y@gWt%<TEnq=IJeUcC+
zS`@}=;q%UDwaCr&hRzj;s*lUcM&WuGx~P0w7VPTXSht=;*=6?9D&bRtRVw2`Js_{k
zQ5)GWa%tFn=I+x;MwK0V>hwnPs5G*^b-y}sg4W!ALn}a`pY0JIa$H0$eV2T8WjWD=
zWaENacQhlTyK4O!+aOXBurVR2k$eb8HVTCxy-bcHlZ4Xr!`juLAL#?t6|Ba!g9G4I
zSwIt2Lla>C?C4wAZ8cKsZ<ueYKJ6m?&Rab<7<F_XY<D-KJ)MhfVMk;fubA8G7iXq7
z5fgXV7t*`?*{Ie6^sI4%Or6jD<wgV`k%E#NJ?=vN3a8Z<rQvQ@IpNt{i9VX9Q4RZ)
zo4f6QZ>l9-Yd3kqE`%!5HlGdJJaFw0mu#--&**L-i|BcIdc3B$;0FC;FbE-dunVZ;
zdIQ=tPKH4iJQQ=$5BeEMLov_Hn>gXib|9nOr}>eZt@B4W^m~>Zp#xhn1<k|D9rz5X
zX$c+;xLfNI7o2Apivqa)h;(teP78_(@^lGbT+>dax+?hS!AchWJ4makWZs@dQUeXQ
zs<Q!W95pVefH~0IxzfSyrjYruZuG{niHM^Z<UDkfL{Jx&Um@tD_R+QJfxE3(5zA}S
z`U^bYzM|s-{sXVg$eNPh(n|BCesdhY2_6bWagNjLXNX^c9rkxU`p-HK32jE+yi^Bg
z8Hr3?BO$Dx(*#a1@jzyNwG<H3b1-smeJ7U+@W-~5)IWypPwtI;S)LZ4C@=P;=hN&V
zNq!XjT@5fAg4CUU)N5)0$MHyPjme_i@edY*%%OtTCGjO04+Z<#>I2+425_{X@t2KN
zIbqec#)Jg5==VY3^YBeJ2B+%~^Y8|;F!mE8d(`UgNl2B9o>Ir5)qbBr)a?f%n<KJw
z#{g{}bisX`c9XUUDtM9Lan%+oSJ@*(`Gnz*P;W+T2DjJkoI0lZ19MpUVFRUGECrIQ
z8KMSSc;!HXqqDJjfgo*9d9ZmHs2?Q-N)Vk(uTHWgq1MURxj=Mgy?vm@g32u=KF|-<
zzji$`WOQFkbk$<3Hvb&`Q0{I*r839h605ATgpY&RqF~wt6o4NTC02L9%B=v2w4{)s
zg%elC&y`U~<+~)6C$8)eC%t3)E+33?A}X<M&|}Y1XqOc$BA~L}LJiv=rAx#aud+2k
z`}j(|5=%z_EAI3y%lg@{+X8X(xPxsA&WUCu{^CP3CmFa!(M0N!Il5Z2j7LEeF<Hky
z@Gk62V@=z)xVtl1(w*E-H`PU7d54^+lVFYWTL!|!I0=rnri^()UvUxP8=2P9(?>rP
zQyW(>FYPZjCVKDOU;Bw#PqPF1CCvp)d<MW^7oZZ<RBa$ebA(_oTRuXBXLVCn7m})o
z|AKPmSLHLMiMKiuqi4cQ7ZEhIX~MDJbaYlevKURdnO_)-4RSAMDIe7jI@J*78Bo-&
zotTS)PiRekLJ`W9y`WT}J9=m#xd>GdA&57a5hD&*vIc)jA)Z-!y<iEBeR1J&9qXI<
znX~B^7JE5YVhHiu8g&RoK}=KvUh4S0h}8M46=}b;-$okr>5pS{5W6%#prH16zgD8s
zexvpF#a|=*acp>L^lZ(PT)GiA8BJL-9!r8S$ZvXRKMVtiGe`+!@O%j<1!@msc177U
zTDy>WOZu)W5anPrweQyjIu3<X+?2h$h8B1(3t}gP5^-FvveVA@UP%5%09u?8@5n9G
zJQ>IJC|ngdjZofGbdW&oj^DJlC7$;|xafB45evT|WBgGf-b|9y0J`fe0W-vw6xh}`
z=(Tnq(-K0O{;VUcKe2y63{HXc+`R_#HLwnZ0rzWO*b#VeSuC4NG!H_ApCypbt1qx(
z6y7Q$5(JOpQ&pTkc^0f}A0Kq*?;g9lEfzeE?5e2MBNZB)^8W1)YgdjsVyN+I9EZlh
z3l}*}*)<I<f!x_SN<2%woEMBM<aPZ8Dm^6NFTZ#ZRr!e+j37{l(DTY4WizC96<Irm
zu{Ds*wsa}1Z~RX}@Nv*aTwErzTB?G!WM49b$2iZC%5}u8EhFuz#tb}S7Gj6;A6Pu}
zq9o6@i=g<;idu9a`t^BU`(WZ_FSvb*viif>cFl=dOq|DvF=!ui$V%XhGQ%bDn3PK9
zV%{Y|VkAdt^d9~y4laGDqSwLd@pOnS&^@sI7}YTIb@El1&^_sq+{yAGf0|rq5TMp#
z6d~;uAZ(fY3(eH=+rcbItl2=u6mf|P{lD4kiRCv;>GtFaHR3gim?WU9RjHmFZLm+m
z+j<}_exaOQ1a}=K#voc~En+Mk_<(L!?1e#Uay~|H5q)LjD*yE6xFYQ-Wx{^iH1@pP
zC0De#D6I26&W{;J40sZB!=%{c?XdO?YQvnTMA3TwfhAm@bvkX*(x?JTs*dFDv^=2X
z284}AK)1nRn+8(Q2P?f)e>0~;NUI9%p%fnv1wBVpoXL+9OE`Vv1Y7=+nub$o7AN>y
zB?R(^G8PYcMk4bxe7XItq@48QqWKb8fa*i9-N)=w<I>dU-Q^=}!nFgTr_uT=Z=9pq
z`{7!$U|+fnXFcsJ4GNm3JQQCN+G85k$)ZLhF{NbIy{REj84}Zt;0fe#>MARW)AoSb
zrBpwF37ZVBMd>wZn_hAadI*xu8)Y#`aMbwRIA2n^-OS~M58_@j?#P1|PXJ1XBC9{4
zT^8*|xu<@(JlSOT*ILrVGr+7$nZN`Z3GxJJO@nY&mHsv^^duAh*lCu5q+S6zWA+`-
z%^*y#)O7ko_RwGJl;bcEpP03FOrhlLWs`V_OUCrR-g>NJz*p<S?JjJx2yCf4xQ7%4
zx}^tH{Lrkx2YM7orMSb=8q_9RL<R``>N|itmN6O@Hw05Zq;Xtif%+sp4Py0{<7<^c
zeoHHhRq>2EtYy9~2dZywm&OSk`u2ECWh6dJY?;fT-3-$U`!c(o$&hhPC%$~fT&bw3
zyj+8aXD;G!p*>BC6rpvx#6!|Qaic;KEv5>`Y+R(6F^1eIeYG6d1q3D3OL{7%7iw3R
zwO)W7gMh27ASSB>-=OfP(YrKqBTNFv4hL@Im~~ombbSu44p~VoH$H-6+L_JW>Amkl
zhDU~|r77?raaxD!-c$Ta?WAAi{w3T}YV=+S?1HQGC0+{B&#7ny_^b+4Jum}oW4c=$
z#?D<}Ds{#d5v`L`${Pee;W84X*osNQ96xsKp^EAzuUh9#&zDX=eqdAp$UY)EGrkU%
z(6m35n=46B$TNnejNSlih_!<)Iu@K<canEsde1i`*DL0qP~llXv~W=o+fv1j*ri=;
zT^{!hREo1B6{^p|{v(Ses48GvaR9iR#&E$uaXs<XdaPuZT@P+L38-Z;_jq55+cNuR
zz6G7Y-#0)9o)M~`A`_IoZqdUiGFjiROJYhoBLHpOfbUu7=Oc*AaDKl-WCnlq!9=(d
zy+aLn9KTl8up=)DKkf2_3&Yju(Pu0>!PW5S@Ya^0OK+EMWM=1w=GUKW^(r59U%i?d
zzbo?|V4tDWGHHsrAQ}}ma#<`9r=M8%XF#%a=@Hn(p3wFBlkZ2L@8=*@J-^zuyF0aN
zzJ7f!Jf8I+^6Tt$e<C$$f7E&Pc73M{oowCtxOD$nfk4+Cx!i}xecJonm)rDd>+IIh
zb80@?7y#Iz3w-0VEjgbHurqI>$qj<@n916)&O340!_5W9DtwR)P5mk6v2ljyK*DG5
zYjzE~m`>tq8HYXl%1JJ%e-%BqV4kRdPUZB1Cm$BQZr(fzp_@rn_W+;GwI$?L2Y4;b
z)}c5D$#LT}2W8Si<`EHKIa_X+>+2PF(C*u~F=8E!jL(=Id<KMrOh4ds6A6j`wsF8m
zy8bbc0@~xhd*b@x<-_nx?l%OyNx%fQEY5p4P`hf2BX{=R!P$+Jz%S0eN9gP2#tkzG
zO2QVeWIwPFvkrHn<6uD0NIK3*^nvAs+aL8|qv{c@g9EYDDo(K|tXG^Z4>QxY40%|(
zoNg2Z&Aob@LEui-lJ#@)Ts)tE0_!*3{Uk)r{;-IZpX`N4mZX`#E|A;viQWImB6flI
z?M_|x<Iq6(2Rej-eYztan+zFrRN=GeBrJbD!i@ph1>HCXV$5LOY-!U<RY92t`*pS5
z6QiBcQt@5Ib;vI~zBJsdowxJ}O=L6jfEP<1A2wv0*7R*yin@a+h-3e*QT7VU8O_80
zghzF&xV%|PU_mr$WD|5VV2jQbLbCG+t_z$@t<~J+Nu%%Sod*^)3cM{`Gol!(HfF(G
zV@AoE7Po71mUYEJ=4|an&nK$+#`b6Fr#zLGq1Y-Q6_HOYpoRUA!Sp28VdgU$aOz34
zIWy0cTAHo7fz}^cN}p?Q`az^fxH1<(l`U?yV3VGU3ra4m7BfYSpcuK(e*0&4T#RcL
z_(z;I_V@>1<VX~om=1?ut(uy;+Dtb<yqDhAZZH0be<u&dLK7(L*G(<`VeQqPUD0p8
zZL<EIPYgQB4=dCK3!%IvK*NX-4qs5YSUlIOW@U*Z2s9Weci<PmjtWiW&qb=98Pbb6
z(_ZBk5g1B-#r0c*+%G!18ky(NmmYzXLcy17I&hcs#S*SO3`8h_+d}*v?y=vluI!QR
z`|y6pvA4uY8NXD4>_O1k;OWa=EchwlDCK4xHwBW2jE-6&%}og+9NILu${v10Z^Z#*
zap|)B9a-AMU~>$r)3&|dQuP#MA$jnw54w*Ax~*_$iikp+j^OR8I5Fo<_UR#B-c>$?
zeg)=;w^sGeAMi<3RGDRj$jA30Qq$e|zf2z;JyQ}tkU)ZI_k6tY%(`#AvL)p)iYXUy
z5W9Su3NJ8mVyy)WqzFSk&vZM!;kUh8dVeA-myqcV%;xUne`PbHCPpvH?br`U2Y&dM
zV!nJ!^n%`!H&!QSlpzLWnZpgi;#P0OAleH+<<UBi+C9BmNba9sJ!s!!d;|Y;YM!G+
zxaj{kC9nDW{u2u#C$IcBIrpCAg&7cl_1oj^B`$=2va+{F>CfLa?&o|kyw1}W%6Pij
zp$Vv5=;Z0LFN|j9i&9>zqX>*VnV3h#>n!2L?<lcy2#Yc+zD?}p>5gO6HJS3~kpy5G
zYAVPMaB-FJOk3@OrxL(*-O~OB9^d<hahubTchQk5KbfGeFW*)Jx&i#Nx7!IO$<p9J
zK#_l$E#|)-{~JH`5BBLlSeyUkNQCU{oSmHiQbw`{7Pd;x29C}qj&w%W22M`Ns#<Of
zVu)Yp6DddmV2NO`;4(z|$A-YgsK^=UKPidiAQ^))W+Q3s4E<@_6L1r@DSveD(9?Tg
zO6UHP^KfwdP33*vd(wM?a#>{!G0K>wlzXuBm*$&%p1O#6SQ*?Q0CETLQ->XpfkW7<
zj&Nep(}eAH1u$wWFvLV*lA{JOl<yLk4B1mfSP+eiIcTWsDKZ3BDs~Z*U<|VoWkm0H
zM5&pWL;t$Th+0AG0_KhAn#DGx6zNBsG|&}egjSNVqm<Y!fsG_`{M{t$8$^^OGsPfL
zDCf`YY%G&0uPWtnrMrBOE@_B0I$Mpk#X8(Um-JC^%4m)?n!WPSV2j$WI*-v-z2*4m
znBKXLHG0dNi;mJ^VdlN{*v>tP_%xKXC*a8DB&;{fD&2bATy>rC^kFY+$hFS7us;Y)
zy_H?cv9XTHYz<4C<0b`WKC#{nJ15{F=oaq3x5}sYApT?Po+(Cmmo#dHZFO^{M#d~d
znRT=TFATGVO%z_FNG-@G;9az|udZ>t@5l+A-K)BUWFn_|T#K3=d3EXRNqHyi#>;hX
z*JQ`pT3#&tH>25laFlL6Rllu(seA*OboEd%rxMtz3@5v-+{qDP9&BcoS$2fgjgvp$
zc8!3=p0p@Ee1$u{Gg}Kkxg@M*qgZfYLlnD88{uwG1T?zxCbBR+x(RK$JB(eWJH#~;
zZoY6L+esVRV?-*QmRCG}h`rB*Lv=uE%URF@+#l-g!Artx<pt+>>Y9D;&G=jY2n2`J
z{6-J%WX~Glx*QBmOOJ(RDRIzhfk&ibsm1t&&7aU{1P3U0uM%F2zJb4~50uby_ng+#
zN)O9lK=dkJpxsUo7u8|e`Y~mmbxOTDn0i!i;d;ml#o<e7TI^C@ESs^!#Iqw*BvxZ`
z>rN(Lc=j+n422NoSnlH6?0<0?th-qB7u}`5My%#?ES}>@RldOQz}WILz<$+cN~&ET
zwUI01HCB((TyU$Ej8bxsE8oLm<LG*lj+~{WyQE+>T-c7gA1Js?Iq`QMzIHV|)v)n2
zT_L(9x5%8*wU(C`VapaHoicWcm|0X@9TiNtbc|<4N6_H1F6&qgEEj=vjegFt;hC7-
zLG7_=vedRFZ6Chbw!{#EpAlM?-sc#pc<~j#537n)M%RT)|L}y(ggi_-SLpsE3qi3V
z=EEASxc>a{Su)j<u8D>XcRS41Z@Mxk&0B7B<(?Izt5wpyyIBO|-M}ex8BhbIgi*X4
zDZ+Yk1<6&=PoZ=U-!9`!?sBVpYF#Y!JK<`fx}bXN651o0VVaW;t6ASVF@g<K4P|Hf
z74~V)O$2uz0|X^IV??-V{$%_F>q-mIDV_)?F^>rq1XX0NYy~(G=I6x%Fi5C2rMtvs
z%P`g2>0{xLUy~#ye)%QAz^NkD5GUyPYl}K#;e-~UQ96`I$U0D!sMdQ>;%+c0h>k*Y
z)sD1mi_@|rZnQ+zbWq~QxFlBQXj8WEY7NKaOYjUxAkGB8S#;l@b^C?;twRKl=mt0<
zazifrBs`(q7_r14u1ZS`66VmsLpV>b5U!ktX>g4Nq~VPq6`%`3iCdr(>nS~uxxylU
z>h(2p$XPJVh9BDpRLLzTDlNdp+oq8sOUlJ#{6boG`k)bwnsw5iy@<VpHs@nyywN9h
z);>#d{f_De-I|}vx6evw;ch97=;kLvM)-DBGwl6%fA%JItoMeyqjCR*_5Q70yd!KN
zh=>ek8>f#~^6CJR0DXp0;7ifZjjSGBn}Cl{HeX!$iXMbtAU$F+;`%A<3TqbN#PCM&
z&ueq$cB%pu2oMm_-@*aYzgn9`OiT@2ter*d+-$Aw42(@2Ng4mKG%M-IqX?q%3R|_(
zN|&n$e1L#Ev=YMX<AfAhRK_<YEBs*ONz2DuXWd9Q?Fhc9eGp{Kcme%T9N~sRMvc0w
zbGzzxy5=-9z4H0KJ;L!*;i<Pb!(_W!$LwzkPG`AVYl~fD`D4w~*A-2QuWA3o9k#p-
z<>5F53!O%))qDG3D(0rsOHblk;9ghWyqEOpg)mC$OduqpHAuIxr_>*|zy+|=EmOFn
zFM+Ni%@CymLS-3vRWn=rVk?oZEz0V#y356IE6HR5#>7EigxZ05=cA|4<_tC8jyBJ|
zgg!^kN<g_q4O<Wsr#O44m`6HTb*{2~>wP7S^ooIj6riI9x`jFeQfRr4JCPumr<82M
zto$j^Qb~MPmJ-|*2u{o7?yI8BI``zDaOCg2tG_5X;w<|uj5%oDthnLx-l4l)fmUGx
z6N^jR|DC);yLi4q-ztTkf>*U$@2^w5(lhxu=OC|=WuTTp^!?2Nn<z{69PlI%$v+ck
zKc#PMloB`5qQ`$BULb8GHbZ{MH`t}c*@$D&vCDexb><ewG0K2kZWwwVu>27R`2FY_
zLHY-zFS}r+4|XyZw9b0D3)DmS!Gr+-LSdI}m{@-gL%^8CFSIYL?UZaCVd)2VI3|ay
zwue39zshVrB+s2lp*};!gm<79@0HkjhgF^>`UhoR9Mi`aI#V#fI@x&1K3f&^8kaq%
zkHVg$CTBoaGqEjrL)k*Y!rtiD2iQLYZ%|B}oBl8GHvR%n>HiIQN*+$mCN>I=c7H2N
z&K4$4e@E^ff-cVHCbrHNMh4Dy|2Q;M{{xu|DYjeaRh2FK5QK!bG_K`kbBk$l$S4UF
zq?F-%7UrX_Q?9M)a#WvcZ^R-fzJB5IFP>3uEoeCAAhN5W-ELRB&zsCnW<Fo9PoRC&
zIT;d$BO=hu08^ASW(SOWC|c6GvMo>Y6#E?!)E56Pe+bxHjGF6;R9Hps)+t092-bf4
z_Wieg+0u5JL++k)#i0r?l`9*k)3ZlHOeMJ1DTdx9E1J2@BtdD3qX;&S_wMExOGv$T
zl^T%oxb+)vq6vJvR`8{+YOsc@8}wSXpoK%v0k@8X*04Se3<8f)rE|fRXAoT!$6M<!
z<UwbhGFiiGKm%Kn6KJkM|FjC<E$`Kf5NDwv8R!J8s3)$@Z~|ZB*cY_0K^GUmiRNUi
z!u{wha58HEwP_QToN<`JGsHQhJmhD!kTk)>drKSuzeK@L*yug?MQs8oTbofqW)Df#
zC2<sx!_d_;8$VkU<B}^u8|$PBdm1--;InnwY9euF@SORKnR4+PQABd3Hr26I7<NVs
zXhtK04~qnenv%UuJ24?KEG>J3irHAaX_e~SGlBoRhEW`W6Z}&YX|5IMfzskAt{B*m
z*w=3i!;x5Gfgc~>y9fPXFAPMhO@Si}SQESjh`P|d<IN$cULc~VZZg5gzeGqwFz^#B
z$SSJshP{22+!Ye7Tj!<-B&Old@=@SmnHv_en!Ne>lV5HPRo7j(hV=$o8UMIT7~7+k
z*@Sd>f%#{ARweJYhQs~ECpHie!~YXL|FJA;K<T5dczoqFtz$(4@L(W+AgWK2Icsj}
zLb4$vk1hK*ODK=P;Z*}HE|(@vUD5N4Y%-RoFN<t8No=h~El`l32PC@+MxZ1Q^eJrS
z-(@m$PUDxmW1D1!dY@gJ)|1f<VceOoeZL>S4m|CKFnT{fN`Ws>N?CcV@(>7WMPYN}
z1}Wg+XU2(Yjpq7PJ|aSn;THEZ{4s8*@N!dz&bjys_Zk7%H<bXsP>iD+56;cF26`-a
zEIo!B(T|L*uMXUvqJs&54`^@sUMtH-i~rOM9%$xGXTpmow$Dx<!7hRop>I>E5!csP
zAHe|);0w%`I<==_Zw9t$e}?R+lIu%|`coRum(1p~*+20mBc?Z=$+z<0n&qS0-}|L4
zrgq|(U*eB%l3nfC=U1Y?(Tf@0x8bhdtsU2w&Y-WvyzkiyJ>GZqUP6c+<_p0`ZOnIK
z#a~ynuzRWxO6c;S@*}B1pTjLJQHi(+EuE2;gG*p^Fq%6UoE1x95(^BY$<M&ABxsGj
zJ+GRMO|56-*ED)`G&yqa&1^>H$$soSf=vpJ)_3<bB~Ptu_`fX}6;h18p@iRimyU>E
zp&$l=SiNaeoNLAK8x%XaHp3<h=v=?_34E`<4()<|F7;iB`2%PYC8dX{R<P>-So@F7
z3NMRRa@%k+Z$a%yb25ud&>Cdcb<+}n>=jZ`91)<bZgpsyvYN~U36#xbmqdr;CmF>a
z{wcA(j$%z#RoyB|&Z+B4%7Pe*<Img&aEEBym2CW0AJ^#gobE8^-nz%fYv{g0c><?N
zeUfjxms@Wxv5D=mmFt)eUX+<`R0GI+=xkBrX(ZlM9}W(xk~1{tQ#K{&<-#YySi?P?
zuKGN`tm@Z|CT;M>No`pAX0Y;Ju4$wvJE{VF*Qej8C}uVF=xFpG^rY6Y+9mcz$T9<C
z>^x(VP3uY>G3Zt&eU{pF*Bu<4j9MPbi4NMC=Z$kS6DMW9yN#vhM&1gd1t}8m(*YY9
zh2@s)$1p4yYT`~lYmU>>wKu+DhlnI1#Xn4(Rnv_qidPQHW=w3ZU!w3(@jO*f;4;h?
zMH0!08(4=lT}#QA=eR(ZtW1=~llQij7)L6n#?5iY_p>|_mLalXYRH!x#Y?KHyzPB^
z6P3YRD}{ou%9T%|nOpP_??P;Rmra7$Q*Jz-f?42PF_y>d)+0Q^)o5h8@7S=je}xG#
z2_?AdFP^t{IZHWK)9+EE_aPtTBahhUcWIQ7Awz?NK)ck2n-a$gplnd4OKbJ;;tvIu
zH4vAexlK2f22gTALq5PZ&vfFqqERVT{G_d`X)eGI%+?5k6lRiHoo*Vc?ie6dx75_t
z6hmd#0?OB9*OKD7A~P$e-TTv3^aCdZys6@`vq%Vi_D8>=`t&q9`Jn1=M#ktSC>SO3
z1V?vuIlQs6+{aHDHL?BB&3baSv;y#07}(xll<T+I^;!5~W#nubhKZ{(3fMWAoSr^B
zbNp<MUTr(5wTb93LkpuQ;f;kx6k#E?{ek!v`Y>9vs9K_vs2f9gC9Biy+9DxS77=)c
z6dMbuokO-L*Te5JUSO$MmhI<q$>uFJRGR&9cDf)@y5OQu&Q$h@SW-yU&XQd9;_x;l
z<`{S&Hnl!5U@%I~5p)BZspK894y7kVQE7&?t7Z|OOlnrCkvEf7$J5dR?0;Jt6oANc
zMnb_Xjky|2ID#fhIB2hs-48Er>*M?56YFnjC)ixiCes%fgT?C|1tQupZ0Jon>yr|j
z6M66rC(=;vw^orAMk!I1z|k}1Ox9qOILGJFxU*ZrMSfCe?)w<F7j%oHQtcOnVx^Gl
z&_9*{fv{IyRBUTgS7-2R+s~nj4=JKtj~<k`cW=%!I<!(<A&rLX{cMSBS<vZ*1`dZQ
zIYINDJY{OST~+rdF5w`03&c%{xTcg^#K^mh(z>ByP=U73z+@Pfbcndc=VzYvSUnUy
z+-B+_n`=f>kS8QBPwk+aD()=#IqkdxHPQMJ93{JGhP=48oRkmJyQ@i$pk(L&(p6<0
zC9ZEdO*i+t`;%(Ctae(SjV<@i%r5aune9)T4{hdzv33Uo9*K=V18S$6VVm^wgEteF
za0zCLO(9~<xuKt%DFcjsRX#(uR*AW7OQl~kVCVN(icps<cjFd!WBqdW8p+vpPJ)_J
zRG6awW$RV3Aqsd6?cVo1i}}*s5|NPA5lL#8-swnP($t-m7?n#CDZx2Sj_#3Yfqr7Y
zaW`Ohoc6h?Cq!#E2H%BWeS0hdrzyVqQy@%`juUU<B`JoXyDmEtWUF@AKcLJzyf{Tg
zZ5m?rk0XDI_+xMxJ6(3}L~7s7=HLQVEHZ0P<xj;!jh@gYW@0%DRkoU4s?J2wwgtxb
zXwGfkRHL=Uj<-M9Hq~APNmh>!U9_z@Qrh&rS|L0xG}RWoE1jXiEsrTgIF4qf#{0rl
zE}|NGrvYLMtoORV&FWaFadDNCjMt|U8ba8|z&3tvd)s7KQ!Od*Kqe(<zUAh@G%O6j
zh9pnd)M0MU8fOUIr%>48&C7=V;?`SQV)Qc?6L^k<EMKUpaC8-3Gm%7!MFr7X2Fxv4
z3rp{?Ha9eZxN!FdDoFzlr&F&=o|WS`Tcu2AE^Rx1v}zi4{hStkHUPZTKs)fN5iKTP
zjWX$X!}NSq*wi!$zn(6*zQ<18P1@OBcIwoS4$<l*4q|BAP2Z_m=L;24TNCXLuno;Z
z_+JY_;yAz~+<kTeEAPQ&<<h77A`su5jX#HVdEaSFG+V6V(%YvHBk<4H=i4Bu*j&!!
zcT^v6260sG_1-i}jl+&cLpt#Y1VWVWBc3^=QC|x&@24F}Rpo_16a4IDUCWz<ek6xe
zyG5|;@n2JPoM?7Ix}<)<DeDbcm#l|8pgt>_vNUPbJ>>!5J?sDYm5kR&h_RZk)MfZ1
znOpQ|T;Me(%mdBJR$sbEmp3!HKDDSmMDnVpeo{S13l#9e6OImR$UPzjd-eCwmMwyT
zm5~g<OIW<(zB7LV5}LWg8aKLJYk7(ht<q|lgMFnbZk%Npm(3O?X<VGlQi0#a*#ifj
z94IaCYl*?t6Vm1q-5(~Suh<bfLK48WoiX~9FvFj^RnYQeX(~(DK&}lBA)Ygr#mA{N
zSU6<0&M9)L)f!51S08FNr;M$3&>6DIbY<_!8;xEUHdT(r_OQ<6QCE9Jy|QLoS>d(B
zW6GRzX)~&Mx}})ITysF<UfLvg<FHh&t(`DhIm)CLPhY$>zl5_6JM*~ciBfVP(WF_r
zY>z4gw&AxB%UV3Y{Y6z*t*o!p<qrZUC7{-1{`qLGUa>@~#u3X_t{Q9Us8ar8_9?N%
zN&M~6y%2R(mAZ~@Tg1Oapt?vDr&fHuJ=V<NX5;Yl#i426mM6e0;FtpQ^4uMX-r);2
zN9n$H@7z839`q#wv427TBJ(x88N6BuQfWG{sn?$>$wXstq|)eIG_4lB#@eU>fniJh
zwJY<8yH5(+SSQ=$Y=-$2f$@^Ak#~kaR^NYFsi{XGlFCvK(eu{S$J(owIv17|p-%0O
zL-@NyUg!rx0$Uh~JIeMX6JJE>*t<7vS9ev#^{AGyc;uio_-Je1?u#mA8+JVczhA2(
zhD!koe;9$`Qgaxlcly4rdQ1VlmEHUhHe9TwduB+hm3wH2o27edh?|vrY{=;1Doy4&
zIhP)IDd91@{`QQ<mLz=X%Qg8%@7`0w8GExABo#)7<n^N#6i{Un`&LHljZzI)S4K8Z
zvCVkwCJ-*)h=QbXcxy9#fl<*t*}ia5BJX;#_%q5ZiJPvdytwf->qVya(ASth4}6OY
z-9BQj2d-%+-N7jO8!$QPq%o$9Fy8ja{4WT$gRP+b=Q1I48g-g|iLNjbhYtoNiR*d-
z{sB}~8j*6*C3eM8JQj5Jn?mD#Gd*CrVEIDicLJ-4gBqUwLA-bp58UXko;M|ql+i5`
zym-&U5BIS9@iPg#fFbuXCHrprSQKRU0#@yd%qrX1hhs*85R}~hahfFDq=e@bX))mf
zWH%mXxMx|h5YhrTy;P_Xi_IDH*m6TYv>|hPX*_-XTW0G9iu!PqonQneKKaCVvvF^%
zgBMDpN7!N?|G5t`v{neLaCFB{OyIl><c(VtFPQlGfZQR7v|){r4gpUZ8y^4M{SC~G
z^U_!H`uBRnNdl$YBU#Yc`A7=T3tRCe*$##3h|tH!q^dH6-!+hElBAT>qJQ_^0MJXQ
zY2%-si~ej?F^%ytIIHU(pqT+3d+|<nj5(oTJ{s(5>IQ{ss#!c9<c{$@dPl%-JX|+I
zlEV+E-PZ<5#=}9Uw=?C18$)tlZR(6Jh&w`|ch5T7ACRD$H}`1RbFWS7eBrYShb;0N
zdt;xt;>1R{2l*00e3ry!ha|XIsR%!q=E^Fal`6Oxu`K0fmPM?P6ZgzH7|TVQhl;l2
z)2w0L9CsN-(adU5YsuUw19OY_X69-!=7MIJ^<d%leqrdETKDEXaj4qUt{TBLekvyC
zbIH^RAK_=J%g&VX{$BV#enl@x(Nzrt>(rUNr@#9l6aB8isAL^M{n2oD0FAHk97;X*
z-INjZ5li`a|NYNt9gL2WbKT!`?%?lB^)J)9|025nBcBtEmWBRXQwi2<YI%e}<?(}I
z?{Gk;+o~Xh3@CW7hifjLPOAUPnhJ)vQP@`=1_<4e(R<9Sd;;r7rG$2b0{RgiRf;u3
zg0}V3$0AW9oa%Mx$@L<d(?+S}L%4;ETwypSjH>1EGg8>!tU>6Wf}S3p!>7vHNFSQR
zgC>pb^&OHhRQD~7Q|gh5lV)F6i++k4Hp_F2L2WrcxH&@wK}QgVDg+y~o0gZ=$j&^W
zz1aP8*cvnEJ#ffCK!Kz{K>yYW`@fc8ByF9X4XmyIv+h!?4&$YKl*~`ToalM{=Z_#^
zUs<1Do+PA*XaH;&0GW^tDjrctWKPmCF-qo7jGL)MK=XP*vt@O4wN1Y!8o`{DN|Rh)
znK?nvyU&`ATc@U*l}=@+D*@l^gYOj&6SE|$n{UvyPwaiRQ_ua2?{Vfa|E~uqV$BhH
z^QNqA*9F@*1dA`FLbnq;=+9KC@9Mel*>6i_@oVab95LHpTE)*t@BS>}tZ#9A^X7nP
z3mIo+6TpvS$peMe@&=g5EQF9Mi9*W@Q`sYs=%<F7IUc$s-S~$HG`jd}77Hnr9J(E>
z`J{3llzn$q;2G1{N!-#oTfQDY`8>C|n=Fu=iTk443Ld>>^fIr4-!R3U5_^ftd>VU>
zij_ix{`V$I#k6!Oy2-z#QFSZkEPrXWsYyFURAo`Kl$LkN>@A?_);LE0rZIkmjb6T$
zvhc#L-Cv^4Ex*AIo=KQn!)A4;7K`pu-E+atrm@Cpmpl3e>)t(yo4gGOX18pL#xceU
zbVB`#5_@(k{4LAygT1m#@(7*7f5zqB)HWH#TCrVLd9}j6Q>?p7HX{avFSb?Msb>Jg
z9Q9DChze~0Psl!h0E6mcWh?<M)xLB@XS2G#pLgCmZVx~dgxxKZ)A9D$Y!j_TS7l|s
z)zEHWvyl=aJB87*XuCG1yzXA_o7&5Dg7B!?DpoB}=7y%U$Hj~q{w6$E{iQ#t&>ky!
z$p#@LxUe(TR5sW2tMb#pS1ng@>w3o|r~-o4m&00p$wiWQ5Sh-vx2cv5nemM~Fl1Pn
z@3ALEM#_3h4-XQ&z$#6X&r~U-&ge+HK6$)-`hqPj0tb|+kaKy*LS5@a9aSk!=WAEB
z7cI`gaUSauMkEbg?nl0$44TYIwTngwzvUu0v0_OhpV;%$5Qgg&)WZm^FN=PNstTzW
z5<}$*L;zrw>a$bG5r`q?DRc%V$RwwnGIe?m&(9mClc}9i#aHUKPLdt96(pMxt5u`F
zsVoku+IC|TC;_C5rEU!}Gu*`2zK<WZTzV8>nDQ`WtOc3i#v}_9p>fW{L4(`pY;?uq
z$`&LvOMMbLsPDYP*x|AVrmCRaI$UB?QoO(7mlBcHC};gA=!meK)IsI~PL<sd?%m8(
zd{BV{4QU&9eQ9l5og{t-dw4GM!@v`!4#hrDM)}1M7jLZWMlRTZuiB?>0y1&{Dfm6!
zxIajDc1$a0s>QG%WID%>A#`iA+J8HaAG<Mcn<}@?0olb&Jj(ntZw@UoqT@%%5<!@V
z2$efkY9^@yVtOEMv`FU^=6)Bg@W8KyvuE)_SEfVB{YklNJ)HAXM%qHp#`vMoE_;dv
z2dtL`!*m@n(grqkNODS!NfvKn|0+z2_9v<JICZCu{D!#;h-lmAmGsZgFGSp0oD>sH
z+1<UrJGNC{Q@jsJ-qw>JH=+eX5F(AjmZGk|`7}Gpl#jvD6<a{aVGC=xhCrE!p-ur_
zlCZlI=;qo|XrelRhsFC{BunLlU8Y9e+zn_nD|OJJVC|mU26Vu7V@0Svug+x^J}sSm
z8#OY-Nb!dK<Ff@q$b#9RnJB6Kgh@!zit>_Z!&{*kn@WkECV-~Ja@tmSR|e_L@9?N9
z3hyyry*D0!XyQh_V=8-SnJco#P{XBd1+7<5S3FA)2dFlkJY!1OO&M7z9uO?$#hp8K
z><}uQS-^-B;u7Z^QD!7#V;QFmx0m%{^xtl3ZvPyZdi;^O&c;sNC4CHxzvvOB8&uHl
zBN;-lu+P=jNn`2k$=vE0JzL{v67psMe_cb$<L<IOm3sD}(Ic}rbLz#Zmw$hZb#?{Z
zc4%2~pX`-9t#??NuSwoRY+Z5GxB5Z$OYzw1L^QZI8B}kSh1~+P?4&vNWJ<)!{Klk5
z_qg`PglmVeyY~0#!z9D}t5t(Ni5}pZ9`3!m4D!8WdZ$iOiINWFkcXY>LsmVfxA?yG
z^q7lR00E@Ud3)mBPnT<lmf9!OPSANp(sGQik4nZ=Q&>0KM~pwzZiBREupva^PE3~e
zBgQ9oh@kcTk2)px3Hv<fq;o$h1doT}p|M@7g-90>^VzTtMzCG?*X(TDZ1MJ6zx{v-
z;$oo46L#QNjk*1przHSQn~Ba#>3BG8`L)xla=P{Ql8aZ!A^Z6rPv%&@SnTI7FhdzT
z-x7F<IHP65H}{A|%@kjWU5#VzSGw$L^bPoXUaoG!9z`zDe9O(QvE}kzrgMdGiICLJ
zw>R0{9HZg8Bd(puRlmXB(tB?&pxM&<=cA-;RT5}8rI%~CSUsR^{Dr%I2WAQghoqE5
zeQ874<M&r!q~|;qh(@{09x`ViiGaCw$_7eOI(PMB0((+XD*_YgTod>(T`vBC+r<Ql
z%_JlSr%`s6puW|JV1sWK|7jB9Qpap87}vi?wbvl#bFZ*keXeFQ^A{4p{xnT+-V0X<
zF76%RSC_EqB)1>2Mi(w<G#;&erJ-0#h`q^)R~iJGkMgmikIeDtD^wL6sVzo!>`h|d
zA4x%EfH35I?h933@ic#u`b+%b+T?h=<}m@x_~!>o35p|cvIkkw07W=Ny7YcgssA_^
z|KJQrnu||Nu9@b|xC#C5?8Pin=q|UB?`CTw&AW0b)lKxZVYrBw+whPwZJCl}G&w9r
zr7qsqm>f2u_6F@FhZU0%1Ioc3X7bMP%by_Z?hds`Q+&3P9-_AX+3CZ=@n!y7udAV2
zp{GT6;VL4-#t0l_h~?J^;trk1kxNAn8jdoaqgM2+mL&?tVy{I)e`HT9#Tr}HKnAfO
zAJZ82j0+49)E0+=x%#1_D;sKu#W>~5HZV6AnZfC`v#unnm=hLTtGWz+21|p)uV+0=
zDOyrLYI2^g8m3wtm-=pf^6N4ebLJbV<y&+{i`NCI+n5c(jueR99fhSo&`|DR$`qLs
znQDDd$`*!$gCB^bd+rwno7bG*p$yy0sgqsJ$HG;j#O`tO>%x`J8yd1!3Avqgg6|ar
z=EM0KdG6a2L4YK~_<W1jFu?>kgr6w5OA;dvw0WPFhMF7`I5vD}#giMbMzRotEs&-q
z^ji&t1A?l%UJezWv?>ijh|$1^UCJYXJwLX#IH}_1K@sAR!*q@j(({4#DfT|nj}p7M
zFBU=FwOSI=xng>2lYo5*J9K3<!D=)R*=b158uU;bCn$6fJr+h&6RvxUP(HV!pR61o
zOB<epT1zTv%*Faj5Ya88g9p)Li0D7p(ybSYgMMfule{7aDFHsvZ`uUr2bhpz0<y`l
zQX>yZPwv(=7kbl8Xv0biOba>vik>6!sfwnH(pglq1mD-GrQi8H*AmfY*J7&;hny2F
zupR}4@kzq+K*BE%5$iX5nQza<TuPWU<h#mwPO;q7mJ{cFz9JX&Z|^Rx$O3dgRR#P6
z`rGpJ4QZxIx0<rTa1ZmPPaB7vvBW$cIH{A(aNmmW5(d@!*YP`$FI6yI{6_rk9F8Cz
zj`qbVYa7mx9C4f2edo6Sh-d}6g14W-QWqpUvzm5=+dPnUgp6H<W43q_QzCp?opN~*
zjW~b~p(EdlM;;tnQ%~`WNZlutmU~NPEqX69NnOPt%}c@T7a2*#D(w+bS41c|WJ!6+
zA$%pvMJicjmAq#avJ{fE3z|z$%(`cV>yWTCLJ^xTam-EEIH-L2;huPSy;32KLb>>4
z#l$W^Sx7Q5j+Sy*E;1eSQQuHHWOT;1#LjoYpL!-{7W3<g&`C&g&mBLt9W>SP4*MXf
z<~>V7^&sY|9XSw`B<^9fTGQLPEtj=;<#x^=;O9f<ssd1wQre#s^ToMkl4U$k{T|Sn
zU!i%xL(8Q~QY7u577|%zN=t`+Brlw#i<du~kSK5Q@jPiq{6WoEL}n>2{oR+{Ef^oZ
z@N>P$<tA#rA!dFdJ9gm?K6G^JSD2-k`Ea~c>>mypv%_#=lBS<y-eEIZi4T>Ir_5sn
zBF-F_WgYS81v<iXT$#{iDW>yW6$M;D_PoE&%OkNV1&-q+qgg~`A7s}>S`}cn#E$2m
z%aeUXwNA(^3tP=;y5%pk#5Yz&H#AD`Jph-xjvZm_3KZ|<k?&=hZVCPDKM}4Ab+_fc
zz5M9Jf_G+mNfY%-q+jqN))ha|hMpZYrS!z0If+cLbYeN#-KR=%W*5jplo(^T)lRL#
zoG^MrQM~c$b^Ck^?euE{LA+45z`C>J>_NR@croB^RUT~K;Exu5%wC}1D4nov3+@b8
zKyU5jYuQ*ZpTK23xXzpN51kB+r*ktnQJ7kee-gP+Ij0J_#rFTS4Gux;pkVB;n(c=6
zMks#)ZuXUcnN>UKDJ-IP-u2de1-AKdHxRZDUGkp)0Q#U$EPKlSLQSlnq)OsCour)+
zIXh@3d!ImInH7VrmR>p8p4%n;Tf6l2jx1qjJu>e3kf5aTzU)&910nXa-g0xn$tFa&
z2qZ7UAl*@5o=PAh`6L${6S-0?pe3thPB4pahffb$#nL8ncN(Nyos`}r{%{g64Ji^=
zK8BIywT0-g4VrhTt}n~Y;3?FGL74h?EG*QfQy0A8u>BtXuI{C-BYu*$o^}U1)z;8d
zVN(ssw?oCbebREPD~I$-t7}`_5{{<0d10So7Pc2%EREdpMWIJI&$|rq<0!LL+BQM4
zn7)cq=qy|8YzdO(?NOsVR<TpPS);rO5Ty0$`rblLi3WbNvow=$(=tahQMBHDnZx?}
zg<@_ATkJ+jxY9er!>k{rW)@e7g^S~r^SCa<Vhj*_oq^Av5G+2@9({1OvZt)l-7pHh
zRcaydAJZr;)HedM4YHHjF`P@GYa~5FYYhBOgRpu?Y^Y>wzq3kj#u(5@C!PKCK0cCy
zT@Tey2IeDYafA2~1{gyvaIT^a-Yo9kx!W#P-k6DfasKEgFji`hkzrmJ#JU^Yb%Nc~
zc)+cIfTBA#N0moyxZ~K!`^<>*Nzv-cjOKR(kUa4AkAG#vtWpaD=!Ku&;(D#(>$&~B
zI?V}e8@p%s(G|8L+B)&xE<({g^M`#TwqdB=+oP|5pF3Z8u>VA!=w6k)zc6w2=?Q2`
zYCjX|)fRKI1gNj{-8ymwDOI5Mx8oNp2JJHG3dGJGg!vK>$ji?n>5qG)`6lEfc&0uV
z)te%G&Q1rN;+7EPr-n8LpNz6C6N0*<PyHPA3p+*a+u4Ht6v;0QA2|`3C#R!)h!UEi
ze!$f%C}dd~Nz}-dfDZC#(Fe_le&Gi&pXJsOb&qobhL_6A!l$Q>v{_iIbta7OTukSY
zt5r@sO!)rj<zXZ)$q|Toyx^;y@rz_5D5_<3;9#U;Q~tQSB2B&bJMhyHj>h0aAmShx
zd3=DJ3c(pJXGXzIh?#RR_*krI1q)H$FJ#dwIvz);mn;w6Rlw+>LEq4CN6pP4AI;!Y
zk-sQ?O=i1Mp5lZX3yka>p+XCraM+a!1)`F`h^cG>0)f0OApGe(^cz-WoOno-Y(EeB
zVBy3=Yj}ak7OBj~V259{&B`~tbJCxeVy@OEE|ke4O2=TwIvf-=;Xt_l)y`wuQ-9#D
z(xD-!k+2KQzr`l$7dLvWf*$c8=#(`40h6d$m6%!SB1JzK+tYQihGQEwR*-!cM><fG
z-tnY|2{sx&`GBN#7g(Bwi}75vf^kp*o35PGyb*OAo!%_{vZ9hbbF#Z~5|#-ifg4=x
zC)wXNZu0)${<Kw#jeqM*0@a8((4+N^eTB#RN4uozoN2+yqHF4$l-7~;`R=$h5WJ$|
zA^g9jE;yVK5giC@_d|iL)PU@BBz=5=Tf1axXRR>#LD>x_J*w(LZbcvHW@LTjM?RSN
z0@Z*4$Bw~Ki3W|JRI-r3aMSepJNv;mo<Tzdh)mxSW&zJ@58_EmwSE(olx<%@se?3e
zAGMIhD~gj{z<Aq1hiZhcvJ#%)Sv!Za4{F;ob`IR#*&!X3@o4n^wE&49`M!QN;JYqV
zMO{&=?LbFU{B!&y80dF~5+4}jP<>|5yDfqNLHQ55&A>H5>_V9<_R!Ip`7^ylX=D<5
zr40z>BKiC@4{wSUswebDlvprK4SK2!)w4KkfX~jY9!W|xUKGTVn}g@0fG94sSJGV-
z9@a~d2gf5s>8XT@`If?Oway5SNZS!L5=jpB8mceuf2Nd%aK2Zt|2FVcg8~7O{VPgI
z#?H*_Kl!9!B}MrK1=O!Aw&faUBluA0v#gWVlAmZt;QN7KC<$;;%p`lmn@d(yu9scs
zVjomrund9+p!|LWCOoZ`ur5QXPFJtfr_b5%&Ajig2dI6}s&Fy~t^j}()~4WEpAPL=
zTj^d;OoZTUf<Lt-_8B%lgZbqYJH4A`CaiTVQTNrG?MncWMs+jRPn>?weuf2m?|R-7
z*C4M6ZhWF(F@2}nsp85rOqt+!+uZz3$ReX#{MP5-r6b`zt<Z$$UqYJEeGWm|g^DZR
zhzzKe(V%>XDWl$_mcjFn*{sEx7f*O(ck+ou8_?~a_2Ztsq6qB|SPw26k!tLk{Q~Rz
z$(8F1B;zK-#>AmmDC7;;_!;g&CU7a?qiIT=6Ts0cbUNMT6<dmPhjfw|Q%_G<ovVB(
z@;AzZ5#eU;(+Y2~;IOZ^TdrIX1MuH|nz`@!CkaUXe%QnDNVfXj<QPJCLN|0CjNHH_
z?CVO&;y5LENYK7x3h9UUq;B`VMquIcpjVHrxcqU3fzQKawKfPQWp)VqX=>yPRH9~g
zS%x{(kxYd=D&GKCkx;N21sU;OI8@4vLg2}L>Lb{Qv`B*O0*j>yJd#`R5ypf^lp<7V
zCc|+>fYgvG`ROo>HK+FAqlDm81MS>&?n2E-(;N7}oF>3T9}4^PhY=Gm`9i(DPpuS-
zq)>2qz!TmZ6q8;&M?@B;p1uG6RM_Y8zyId{-~XQD_}bXL{Jp7w`)~IR{l5a2?7!Vg
zp!OfP4E$Ty_<xYK)fy09TEkf1xj){=e>-K3VY!wdGj%2RL%QPHTL)uKfO5Am5<$`5
zHCBtvI~7q-ochU`=NJF*pPx@^IhAk&ZEA>w$%oPGc-}6~ywV~3-0{>*sb=|ruD{y$
ze%@-m`u28vKDaf*_rmN`tzQT>&2ltg-lofR8~c;p;E@`zK!<vegmRto>1lkgi?JR0
z+<61+rEupp7F=mB=Ch?HwEjuQ<A*@=5*84Il1P_iB-Jl|^btr$+usCZ>m}1KOh=o@
zMbI}0J>5}<T#CxGKVT`T9UePTD?j!p(eZ@}JXiIm3?;U`4mj6guhCuG$6JmqH+2dl
z>!koi&v9?!B?4FJR88jvyXR_v{YDm}C)lp@2G2{a{~6V5CwSrp6vHQsfb-U<{SSrQ
zhjRbS;qlDTA&TQ2#?M(4xsRXFZ^;3A+_yLw>o-9GJ5sgs<A2=bHp$*8&_1@q`P+6=
zBfrD=sa_gkcwZs|dbw`dsUEK7K7>auB`LnB-hGo9sJ~tJ`Q>=X7<x-P?*-)T++u6p
z<U4ES`!4y5{tsnu6;)ZZWNjvzB<^r<cM^AZcXxLV?(XjH?(PnWySux)CnS(Gx2yWE
zy0^Qky2dzTznr(dcB~aK*NiV@%(vsv0Z-5AbNa?j5_wHaVT01NhVbV3Z9nUprdlhD
zcYdAln@#xDUhw<o*8c9jzLw4HjlhwVe4h1(-$BGUmVN7hyaY5m=2_kL`qjFcx#rG<
z2P#`CkXWfnkxL9vD#}Ue?dZGOW}*<6J9qcwT>sVmg<=Fcv=JDe*DjP-SK-0mJ7)>I
zaLDLOU*I}4@cro&?@C`hH3tiXmN`!(&>@S2bFyAvI&axlSgd=!4IOi#+W;sS>lQ28
zd}q&dew9=x;5l0kK@1y9JgKWMv9!I`*C;((P>8C@JJRGwP5EL;JAPHi5fI|4MqlLU
z^4D!~w+OIklt7dx3^!m6Be{Lp55j{5gSGgJz=hlNd@tt_I>UG(GP5s^O{jFU;m~l0
zfd`QdE~0Ym=6+XN*P`i0ogbgAJVjD9#%eBYJGIbDZ4s(f-KRE_>8D1Dv*kgO1~NSn
zigx8f+VcA_xS)V-O^qrs&N9(}L!_3HAcegFfzVAntKxmhgOtsb4k6qHOpGWq6Q0RS
zZO=EomYL%;nKgmFqxD<68tSGFOEM^u0M(;;2m1#4GvSsz2$jawEJDNWrrCrbO<}g~
zkM6516erswSi_yWuyR}}+h!VY?-F!&Y5Z!Z`tkJz&`8AyQ=-mEXxkQ%abc`V1s>DE
zLXd7!Q6C)`7#dmZ4Lm?>CTlyTOslb(wZbi|6|Pl5fFq3y^VIzE4DALm=q$pK>-WM>
z@ETsJ<ZS*(N0c^!2sL}CP?bUZ%m}SJNwg7TM;vnXMhBe@076IzX$pF)I{m#mGLJ+&
zUUEKa1x4=<5!8x)!U$A_DrgaQmCYcG@&e&D<;?)KGQ%8sG=++Y*8*vMpss$)#6C8(
zL^6we`uZahEgs`WRAGEvzQ!|0KT3SzqcjcTYMiS<tZ7X1prJ<^7nX{BEo>j5=7=*4
z#Q8(b#+V=~6Gxl?$xq|?@_yQJ2+hAYmuTj0F76c(B8K%;DPhGGWr)cY>SQS>s7%O-
zr6Ml8h`}klA=1&wvbFMqk}6fml`4A%G=o@K@<W>8LHifs$)}wD?ix~Id@9-`;?+I7
zOhQN(D)j=^%EHN16(Z3@mMRM5=V)_z(6y^1b?@Bn6m>LUW7}?nupv*6MUVPSjf!Ym
zMPo5YoD~t(`-c9w)tV%RX*mYjAn;5MIsD?0L&NQ#IY`9k5}Fr#5{CeTr)O|C2fRhY
z4zq(ltHY2X)P*f?yM#RY75m8c<%{Y?5feq6xvdMWrNuqnR%(o(uo8i|36NaN<#FnT
ze-_O*q0DXqR>^*1sAnsz$Ueqe5*AD@Htx?pWR*RP=0#!NjnaE-Gq3oUM~Kc9MO+o6
z7qc6wsBxp7GXx+h<wRQ)K05<)jI$pGhoAWENXigA1CVAM4QVcNs9bjG<zk}<J%<a1
z6*S^i?1NXiji@H-oU28-nJ?3S_%D`_)7r#!x|>wEunnebz!|CX&`z{>loyCFSF-zg
za}zec;B1H7rhGMDfn+t9n*wt|C_0-MM~XO*wx7-`@9~-%t?IegrHM(6oVSG^u?q`T
zO<+YuVbO2fonR-MCa6@aND4dBy^~awRZcp!&=v+#<ipq|E3%|wl61@mr!EI-LN%E}
zb(Vs4`^`ZdUFd%=wq9t;O*<1#OrTSDAyY>kH@4jYvxt=)zsHV0;47XjlvDC8M1hSV
zm!GB(KGLwSd{F-?dmMAe%W0oxkgDv8ivbs__S{*1U}yQ=tsqHJYI9)jduSKr<63$>
zp;a-B^6Hg3OLUPi1<myv;<4+VhHyYbky1`#y9HwXZ>UwHnptVSH=_Km$SXrCM2w8P
z%F#Boi&CcZ5vAGjR1axw&YNh~Q%)VDYUDZ6f^0;>W7_sZr&QvRWc2v~p^PqkA%m=S
zCw<zC`_|N~=25$)mTaaBWEj_u>FUg2bNM(DaY>=TLmOLaDW&uH;Za?8BAwQo<wWRj
zn(}mw@yb!QkqKDR*M*sY$HKm!TYpQ^i#O#+GD1}59odgi3W&Ho&V<Hf$=V|~odFMq
zAL80DLk{P*$P!B{@&3iMRrXvzbB(y3r|V5?KIE%DSVu0sPqUx4%cgyMCp`k$jpxQ+
zQkm#JGE+J5V;)+(1wvD$FZf5}EOe-H1McqZc_Y)TyH0ZPLz#@Uq_;ebL9OZlQ{S@G
zLoVtOK;Jm1dS#Wz9W!>4+Xy4KXX;Z}@D5+}m)U#o?3UF}+(@jr$M4ja*`Y9gy~Y`0
z6Aex1*3ng@2er)@{%E9a3A;cts9cAor=RWt7ege)z=$O3$d5CX&hORZ3htL>jj5qT
zW#KGQ;AZ|YbS0fvG~Y)CvVwXnBLJkSps7d~v;cj$D3w=r<wKV?Ffg(=v7chz6k4Fb
zcc80qk~X|!PJxv%I3uAVQ{ad;L2cvqM*}d?iBN8kvDamXuo&^y@N?7%!yTN7P`C7r
zq*tz959>B9Tx>a&4>(x00yz!o*SOd*M!<Dw4c=q!EB)q~dl<;&#nV?F^4nvzbtQfA
za%Sva%8nr12!)&rn|1S2>yIwx;NgqW?(ysFv8XLxs6Lrh8-F`3FO$}V{Avztc4qmZ
zoz&YQR`*wWy_^&k-ifJ&N8Qh=E-fH6e}-}0C{h~hYS6L^lP>=pLOmjN-z4eQL27!6
zIe2E}knE;dxIJ_!>Mt|vXj%uGY=I^8(q<4zJy~Q@_^p@JUNiGPr!oUHfL~dw9t7<U
zH%Hk?0$JwaRPCPbAT_!iyFqxeQShh8W(N9P!l9PsS`t64uk*Ess}Sh6g!MRDsad#I
z20F$FP{JO;Ar)q|wUdp!j?};UhjvykDQ>C4I9$7RnG5p9wBpdw^)PtGwLmaQM=KYe
z;Dfw@%nquH^nOI6gjP+K@B~0g1+WROmv1sk1tV@SUr>YvK7mxV3$HR4WeQ2&Y-{q~
z4PAR&mPOEsTbo~mRwg&EJE2Dj?TOZPO_@Z|HZX9-6NA!%Pb3h;G3F5J+30BoT8-PU
z_kbx`I>&nWEMtfv(-m>LzC}s6q<hlC=^s<$5jntjc%3D@vi3(*Y^qRQ<BbA6vGk33
zGg_oMS>%VdBUVI_GUv3@^6SMkEBeVjWplD5y58LyJhikp4VLHhyf?n%gk0PBr(PZ3
z+V`qF971_d@rCO8p#7<!2cMRPR<O3fd=MrH(-|+&jsW>*#L0^v$DH>-qB!gy@ut`3
zy3cQ8*t@@{V7F*ti(u{G4i55*xY9Erw3{JZ8T4QPjo5b{n=&z4P^}wxA;x85^fwmD
z6mEq9o;kx<5VneT_c-VUqa|zLe+BFgskp_;A)b>&EDmmP7Gx#nU-T@;O+(&&n7ljK
zqK7&yV!`FIJAI+SaA6y=-H=tT`zW<H4B+sE#y&7P;X+vi{`OZj*pb`&Via%7AZ`t;
z`!Gg-8d~SocuRa*D!ibM)8>vBlaed!3X^_Lucc%Q=kuiG%65@@6IeG}e@`ieesOL}
zKHBJBso6u&7gzlrpB%_yy<>TFwDI>}Ec|Gieb4=0fGwY|3YGW2D<b3#oXiCr9Zi6S
zU&aR#X<H)$YhjD8MpO$!XD18Wf3GRB75}Zz$+h!RP$yqUevnQWiZZf|tOt>q46=a1
zVo`Vi%yz+L9)9hbb%FLTC@-G(lODgJ(f&WmSCK9zV3-IV7XI<{2j}ms_Vmb!os)06
zhVIZPZF)hW--kWTCyDVRd2<loL(Y#qD}>T&t|P&aDrtO5kzXy<*A+5$k7$>4+y%;%
znYN-t#1^#}Z6d+ahj*Gzor+@kBD<biHj=M2iC7A|SEy88vHRcZ1qwk$3!8NUI<r|w
z3`!~#U+Y(DBtBH=;}BIFJH%arRmt$kbci$LTbglwB2=4oYZ{Uey~LHuTT%KJHyc<=
zdXs%c@3;m^CO>7@f|IGNR$4U<dAA$G*<TW#oOIv=?1B#4`yeRxRsFuWdnNRM-jSl%
z(x9nNmGO+KJmI3L7bT$HvZG+W;c^G(wlvM%ue%p9G(;?(%V1F)c`87AOMmAOuw?<K
zdAIk-^QY!bV1b@pftfdIK{W3s(==CFJ(Khdp&X~-B7>=Y0J2#D2)YSxUCtiC1weJg
zLp0Q&JFrt|In8!~1?fY0?=fPyaqPy$iQXJDhHP>N%B42Yck`Qz-OM_~GMuWow)>=Q
z0pCCC7d0Z^Ipx29`}P3;?b{dO?7z0e{L|O*Z}nxi>X|RL8XAw$1eOLKd5j@f{RQ~Y
zG?7$`hy@s7IoRF2@KA%2ZM6{ru9T5Gj)iDCz};VvlG$WuT+>_wCTS~J6`I9D{nsrU
z2;X#OyopBgo778Q>D%_E>rMN~Po~d5H<`8|Zcv}F`xL5~NCVLX4Wkg007HhMgj9Pa
z94$km3A+F&LzOJlpeFR*j+Y%M!Qm42ziH~cKM&3b;15s)ycD@3_tL-dk{+xP@J7#o
z-)bYa-gd2esfy<&-nrj>1{1^_L>j&(MA1#WNPg3UD?reL*}V{ag{b!uT755x>mfbZ
z0PzwF+kx91`qqOn`1>xw@801XAJlH>{`~|pyi6J;3s=cTOfelA&K5HX#gBp6s<|r5
zjSSj+CU*-TulqlnlP`}?)JkJ_7fg){;bRlXf+&^e8CWwFqGY@SZ=%NmLCXpYb+}7*
z$4k}%iFUi^kBdeJg^kHt)f~<;Ovlz!9frq20cIj>2eIcG(dh57ry<wcNwb(|xv9I@
zEDOq9?D^R1#)Pd!8ja_QswmeGkM2wJLp@%nj;c<EG16(OWHrZ2ixKFqxWg;7EV(OH
zFDgqK?SrEZi>;^E^2T)E_8#;_9iJT>4sdCB_db|zO?Z^*l<f}$KY57QUt7STkd>BN
zNCs~f+Jkx%EUgkN2-xFF?B%TMr4#)%wq?-~+Nh;g9=n3tM>i5ZcH&nkVcPXgYRjG@
zf(Y7WN@hGV7o0bjx_2@bthJ`hjXXpfaes_(lWIw!(QK_nkyqj?{j#uFKpNVpV<!?Y
ztix4N9br?{?2%5|anYF_h$<|xAzA9ulCWk>@h?7_WC3~&%)xHR1kKo`Cypj15#%0m
z-o0GXem63g^|IltM?eZV=b+Z2e8&Z1%{0;*zmFc62mNqLT<GKz>y$Y_c|9HiH0l>K
z+mAx7DVYoHhXfdCE8Bs@j=t0f*uM++Idd25BgIm`Ad;<pETy2mqt;T)*3s;V(?-Mx
z<j7d11myn6&ON{&A+6a}smC6sLwlDL|20gFJpJ)&ih$-rbl4V6d+0#=f|AQ8!UDK4
z#Ms<aQH(QRvg`W7Q!46kSrtVKQM-o#{Wt8ZJ>I_{$mO?W%=JF82blr8rl>yMk6?pM
z^tMluJ-ckG_}OkxP91t2o>CQ_O8^VZn$s$M_APWIXBGBq0Lt^YrTD5(Vwe2ta4y<r
zpBD5rwC**OYw1liMvCDSqUtTid-9TUPR->#DEYa(W~=eLOy7<OXXqWma%)-PgTb<;
zdg}nhL5M*OwkK2;C0p;VcQc2K@E<Gc7rUuV9Q()y9>rD^%Vd$kL27M)MSpwgoP3P{
z!yS$zc|uP{yza<s*NSnLJKpg9@POTGjvoHgyYesbB+CHI%?68lP|~hnvUZUu%_2I!
z0o=Fni8I&|KYqhy8LA^(%kB3RG7*HtvhjGw`!Mi*1bb;Zo7Ye_uoLy)mriWI#|OF2
zBS|bmU|0X<UE@jDsh@Oau+?eNd>IqCwE!AfYNS;KW|OdP1Q%!LZviA0e^WDsIS5#=
z!B{TW)VB)VHg{LoS#W7i6W>*sFz!qr^YS0t2kh90y=Je5{p><G>8)~D@dLS@QM(F#
zIp{6M*#(@?tsu1Rq-Mdq+eV}ibRSpv#976C_5xlI`$#1tN`sK1?)5M+sj=OXG6dNu
zV1<or^9)wTLHa>K{y>!i0&9w8<vOh;#6eTOG01Aw$Vilsr_b1k7>O{a>`IA#mo(3a
zf*+Q=&HW7&(nX8~C1tiHZj%>;asBEp$p_Q!@Y0T8R~OuPEy3Lq@^t$8=~(FhPVmJJ
z#VF8`(fNzK-b%Iin7|cxWP0xr*M&zoz|fCx@=Y!-0j_~cuxsDHHpmSo)qOalZ$bRl
z2F$j0k3llJ$>28HH3l_W(KjF^!@LwtLej_b9;i;{ku2x+&WA@jKTO0ad71@_Yta!{
z2oqhO4zaU433LK371<?~V>>E{bZ?+3kLZ9WQ2+3PTZA<j7g-|Ebu#%?d!N(BfqLE(
z{XK!C*33b_F3f0yy=Rv=#Wfkx1_s04kh(p(CwNxk_<T`k<^G4mvXm#N9NPiN!5z~$
z`tZu|sK;3;!ots<P(Us|&*s#uFHCy+5YElBLJs*aqKtg#KZM+81$udxp-m(QSS;w&
zWoqt9sCu3>P90%P13Yy3lr3mhmy|>eN6(SHs1C%Q39p)YsUr7(kuaoIJGJhXV-PyG
zjnxhcAC;fqY@6;MWWBnRK6ocG`%T&0&*k95#yK7DFtZV?;cy;!RD_*YJjsb6Q`$;K
zy)&X{P`*5xEgjTQ9r=oh0|>Z_yeFm?ev!p<L-Vj_d{ATJFzoM&R0Hn*rr`EQ^@vO?
zFGQeoD|2;dFmUaitaG^eFTk$Opzp21&*QYn9tfR;WSR&0*)47_HgLB%*%{#WiRBIU
z$QLRfJgOkPA=0D@gARFtGisYeOLw}h(yz#-*xA94|8g?7)x%;^fAK=RzIY-30IvR*
zX4QXf1Qs{2G5$Z+)nwHRB@{K(PaScGfrfD*5Fv|Vbrx=;`Y_TkG!bDiO(PMS7M*?;
z4RMzPQ)2mz^-}MR*6QpSy^lozSGFi6)05|C!e6*&gPARUU16&+yX!4SpA+wAl3$+>
z7q;JA4mtu@qa39v%6i)Z4%qwdx<FfvbCi3LQV>cHuOMO;a1wFMP_290FqH1OsmCG{
zq^afYrz2BQyQ0*JGE}1h!W9fKgk$b!)|!%q(1x?5=}PpmZQ$e;2EB*k4%+&+u;(E*
z2n@=9HsqMv;4>Nn^2v&@4T-YTkd`TdWU^U*;sA5|r7TjZGnLY*xC=_K-GmDfkWEGC
z;o<y(ofJ{M0mY<={m?<FiY?+<b<!Sn&heZDfJS=*2mq@{unv{U>N&!c1xB-<4J7=9
zJ(BedZwZhG4|64<=wvCn4)}w%Z<o411~Ar?jfNDZ;0DL>x_TEs6ehmjVG&p5pi46r
zg=3-3Q~;v55KR&8CfG;`Lv6NsXB}RqPVyNeKAfj9=Ol>fQlEUl<Va+g=w-y1nh+I*
zIi$g$TuYQfL8);)Pm^pcpnwH4_-Z(2o|plInV`V93a_G|Sc=qaP13f~)2rX;dxFrI
z0T2aZ_qU*@lf#X`hYrOTSd<7H*Jba?IBFZ0L0>2cH7=mPV!68+;jgtKvo5F#8&9m?
z``w+#S5UR=QHFGM<q~UBiS|%vqQR&euWHxSz{((CQd`(d3{|!j?Xy^TDy6>~noocC
zVFa#v2%<t|N;YE2UfgML*lmc?Of+d?81|b-XRgzXX+9{;dgK_cmF_!t5ssOl+3wQ<
zW;bA)%e4U|p6@)kSBu}!ZgzFhZuX!@-l%wcLl=?J@C_7(MqY$P=y;FXD)yPiUUBs7
zyvp~fy{h-IwF`49UeI?KF8}<hWeryPBRV^X%91HSTXn06iyN)PFrhsfW3~V$nxWg#
zWgNwx0Zh<}?fKI%N5&=PO^3_gzGbWfXgL%KmJ%Y`jBiUP!p2K46j-(S{KH|bH=+qN
ztONhmfruCKd)+ieWZ_f~fkap=9ZJvy`gm}L*p%o@d5_RPbqg6!Gs3`Nq93h442|YI
zH}LMfy@3tAZ)Ke@RY_V(CQL-I6ZV8+ny!_`6$8?PzC^>oo{%;wi~_~R2ci}`=B|0@
zinDfNxV<nXy+pz4Ha3~o3P>3%iHIS(7{h_WEXqu!v~`CMH+7^SkvLe_3i}=pyDRah
zN#L)F-`JLj6BiG}sj*WBmrdZuVVEo86Z<6VB}s)T$ZcWvG?i0cqI}WhUq2Y#{f~x#
zi1LjxSZCwiKX}*ETGVzZ157=jydo*xC^}mJ<+)!DDCd4sx?VM%Y;&CTpw5;M*ihZ|
zJ!FBJj0&j&-oJs?9a_I$;jzd%7|pdsQ3m`bPBe$nLoV1!Y<UgaJH4-AGnm}0dk-Fr
zXB}`iyz$f^V-f7|XLiG}%}*cieul40_L?-Q8r~m&aAmj3pOLHz{dm+*b^J3M3!<!~
z*#KoWC+<XEd@2T4tP}cE5L~=6wav2(_M@oz`^=a3N?_g#UEq(jA=F77eyZI!HTtMZ
z_8=?FKDelT^q74!97kv_nIUT-FpaAc^#F51E07KyA*P`R<`4BwL0!+Y?>V8?Pw~0D
zmSD-5Ue60>L$Rw;yk{_2d~v@CnvZa%<w@Q~$7d}s8p=MLJY(3sZ~q2!#(@1E%Z@Zk
ztHJrs5j@H+dfg|LH9+fIm|~Q4Fq(_mEoM5BHO4L}8pF{#`|F<zBWf$s*z&KE+3gEC
z{@>!7{{7lb$kxWx!pzyh;6G~R<Rl%(by3t1y){fEng<i|@{3v$pi<O9nZ<fhwGw#)
zVYCtKB4*l4!6a6tI;D6N$)$v^65V>bN5+|mFTbxcxf!XyfbLI^zMQSb6P~xzES<j}
zH#ffDxJ8L$V0%*QaR(mQb@?NWzIU?G2YbOn*yxSF5QeCEb&wx8!@hZG9u9!uOL|dE
zl!=R54TU_HtXCydtzY{z%2!B@qV6;}mbj#?saDni)2?WLICiF-wM{x*R4uHKPJZwA
zYFD62Y3`y^Q9lXjcC<8&ZT5-(D&xdoYPy^aTxeV*8A?NhH01u&7^FAd<eHw>XmV{9
zCMp)baZSz%)j&JWkc|Gq;_*$K@zQ%tH^91X2|Byv>=SmWR$7-shf|_^>Ll;*9+c(e
z{N%43;&e8}_QGW+zE0m0myb-@QU%=Qo>``5UzB(lH0sK=E``{ZBl2Ni^-QtDp0ME1
zK88E-db_XBZQaU}cuvkCgH7crju~9eE-Y`os~0P-J=s;aS#wil<HqilPK7GII%{DT
zVcR}-5r0ueyYZ+cuh@vP27V7yKD*5}w=s3xx(3jjIVm*%agp-1xJ9Rp;Jl4<q-+c9
zL}vX|yCI>$HGdK;Ut?dSO71ssyrdm{QRpMAV2nXslvlIE#+Oh>l7y_~?;}F!;ENCR
zO+IG#NWIRI`FLntsz^FldCkky2f!d-%Pij9iLKr>IfCK);=}}?(NL%#4PfE(4kPQN
zSC%BpZJ*P+PO5mHw0Wd%!zJsn&4g<$n#_?(=)JnoR2DK(mCPHp6e6VdV>?E5KCUF@
zf7W9wm%G#Wfm*NxTWIcJX-qtR=~NFxz4PSmDVAU8(B2wIm#IdHae-F<Vb7)xf?vYV
z7n^!<4(VrKU6&)1qy_C!+-V~Y=`W<Fj_K`EBwg<FnWcYk=Y0eZs6hN<V&(Ty-Ba#3
ziuJ_MvE9OCyd*m#d=YsEyc>{3jKQFiX?8NlKEhXR2Z|JCUd@HMnNVwqF~V9YJtD+T
zQlOroDX-mg<BrQy_fqiDjCYxI*?ew85J|8g*N_9a5d(z>2<XHMWxloJ`dKSh*8~>%
zBKV^Q5m5ECK{nWjJ7FHOSUi*a-C_?S_yo~G5HuRZH6R``^dS3Bh6u!nD`kFbxYThD
zw~2%zL4tHA26rcdln4^=A(C+f9hLlcuMCv{8`u;?uoEVbU=YVNkBP#s3KnM@Oi)fQ
zt_F3VjY)zASub%Q{Y?XgzlD3M5#gUBUuhW;$>uBSJH9UBfBtug*S|-;h?|L#^Z&uE
zB&)spqM89dWg9ZrXi#F{KtL@r9g^xeR8J+$EhL~2u@cf`dS{8GUC76JP0hHtCKRg0
zt*rVyl&jaJAez;!fb!yX^+So4-8XMNpP@d3H*eF%t_?I|zN^1Iu5aGBXSm+}eCqn3
z^+vzcM*J>wV-FJRrx@^5;l>h0{OYT)lg{dr8!{s7(i{5T|3bivDoTonV1yo1@nVPR
zXxEgGg^x5KHgp?=$xBwm_cKHeDurCgO>$B$GSO`Cd<~J8@>ni>Z-Ef!3+ck(MHVy@
z@#<*kCOb5S$V+F<OK1EGQ52RAs<wwhl`di_RnSesjk{()X%~QzG%|EPLDhq78dM7L
zDvgPfrfkm|rFEy0|9(VYa@$O=+gC}Lr6k{3&$PX>vc@{Qv$oLfnOAG&YO5z_E2j6E
z7a+c(>-`H)>g+6DeY1Y*ag-B6<w}+F;?%;dGiMwCjXonk+d{a#w@_ziW_EM!<}0Ts
z#$ZySeiQPSws<IlVlN740=vNwT@?UP<I6E3J>>Cl@@VhkZ<Ux{kl3gryAToH9k%ah
zQwormn;tvN>Y@Uihe!{LlRpuTsmIsN4;+UDsHd954n9WZV6qq*{qZ5j<<h?}ZZ_iD
zY}au(w%%f>W)`UorOmXtVnLo3T{t#h3q^fooqQ~A+EY<$TDG4RKP*cK0liX95STt=
zToC<2M2*(H1tZ)0s|v~iSAa^F-9jMwCy4<fk8?_^T0t5rn{y~{EoT6^ntc~0Am;_z
zrUGNYzE+#C_68b-vg!e`D~>cK0HM*3$@1Q`Pz}FFYm`PGP0wuamWrt*ehz3<m~Ju+
ze-v~KvY|}hYLINj0%WiE?~%3d)SxyahyKARW1xam)@7uDwnISBl22Z&YSk;NKxT3_
zrmM$W(?z8Z4o=846~Opd&yAdPCe4JlWyE<aqgowdd#5P|JAw}bwl@}KtW?*rHx5wB
z%B>(|Fn%;0;K4}!Q~cx{0U0L=cs6lcr<ur~@i5K&X}AOoy(D_{vx!BlJV!=9OE{}g
zt$Vkeq)y{g?w>Y^Y%Vf_rXpQIw~DfxB<k4?uGhCUZ(ChZDb8Bys&OpS!qBv#CUkAi
zNEoimk&<a$-SuIpd|_=2ZU?SSvod9pTJ??DX_GZ*wLe5!7Kx<E&)PM!h<tx{mxeNJ
zn9yl#wW55~g!_1bpGuYV6yTx@0fDRC>-72tZU6gdK8C~ea6(2P@kGH}!2N?>r(Ca{
zsI!6B!alPl%j1CHq97PTVRng$!~?s2{+6ffC#;X2z(Xb#9GsSYYe@9zY~7Dc7Hfgh
z5Tq!})o30pA3ywg<9W3NpvUs;E%Cehz=s?EfLzcV0H?b{=q?vJCih2y%dhls6w3j$
zk9LB0L&(15mtul<NyG{%W@*qRn<GVuA0elrPv0eXO|^`WThaZ8Ygu3;34DlAKhb|J
z+<Mmk0eh}nATev2ObR>3T^QSK7KIZVTod#Sc)?1gzY~M=?ay87V}6G?F>~AIv()-N
zD3rHX`;r;L{9N|Z8REN}OZB&SZ|5a80B%dQd-CNESP7HnuNn43T~Agcl1YOF@#W03
z1b<m_@d+n*^lo10loz3Jd`Yf90{Cf5q@4AiO(P>*t!>t5G@XwVygHYczDIC|RdMB+
z$s5_5_W-<wSKNjc;e}gQNw#h&*XRtz=!lkM<4F8CcQ~e8u09o=$H}lkk{CEr85J`r
z28>EXN-u_5Pb{(<S*8Q%kjB5!Qg^EjJu;8?xGcHaj5(4O;f=c@)HTR(*}32rBUfgx
zbpHL{4P<h7u1homK)d4djF9p{jTeybDN#sAY|BCt<l1(j$P`n;$|dE<4%%UVNjGQ=
zkSq4z6s!6ChLQ>(!+8xa+?@_#dwtYHeJ_49Dql%3Fv0yXeV?!cC&Iqx@s~P%$X6%1
zYzS9<W-EI$IY0fa)9X!S)AshN_Mm5~_3N?KsuvMvKCdk%oSVX=)tt4~$6?j977R=}
zJ+8q<O9Dlg698lhuIV!?@`m@K1_UOSnP&xY{(O42tIC6&jnIvO(WdNDSx2Nc2nK}o
zblG5699qW65<H@!%j7%IBg1zEXapY3y=a&xmT{6_ibhT*OF1@j1nQT;w#5*lO|p9C
zhbLRH{wz-7l=YI)c^ik1fOK~t;tXGFVhCkD&gttiUjPUfM4QRu0(k>pqaUv&aBQqO
zBQs7d63FZIL1B&<8^oni%CZOdf6&;^oNqQ-9j-NBuQ^|9baQuZ^Jtyt&?cHq$Q9JE
z5D>QY1?MU7%VVbvjysl~-a&ImiE(uFwHo{!kp;Jd`OLE!^4k8ID{`e-&>2uB7XB~=
z+nIQGZ8-Sbfa}OrVPL}!mdieCrs3Nq8Ic_<jKr3J&S1c!z>lpTKMIJ{h>XS$C3`h~
z?p2AbK~%t$t(NcOq5ZB<t}SzWBWk#xIyu$-!l3*lw}#UhbXc+~OAdF!T0#lC4_d)W
z<6m$y+Or{^PbbM{N{cI$-blLfN%fS4Ouyy~>3V|`a0io8A))v_PMt)Hg3x+07RL>i
zGUq@t&+VV`kj55_snp?)Y@0rKZr`riC`9Q(B1P^nxffV9AvBLPrE<ivU%X<NdsO%G
zVoys=Euk#2#uAMEJ$yiBBk6j$<j3Zw6P_zut{B`(Yu2Dnwg0guk^P2*;-Q3;RUYfC
z4mSG=7Rdz*#Im@Rh$ArASY=287{`HZ%vMHB(%RrSIb><8D>ZP{HCDY@JIvYcYNRz8
z0Rf+Q0riSU@<d;bu&>KaVpK)0M{2}Wuh!o~t*6>)EZSCQD{=}N4Ox<?pF7@Zh*#8~
z$!>jo1KO-MNpPYuPABh}E|rM!<!Bqm=X31htq*DB=Q>=TSl^F%NV^dg+>WNGi@Q5C
z%JGsP#em`4LxDdIzA@VF&`2bLDv%J)(7vedDiXDqx{y6$Y0o~j*nVY73pINPCY?9y
z$Rd&^64MN)Pkxr-CuZ+WqAJx6vuIAwmjkN{aPkrJ0I4F5-Bl}$hRzhRhZ^xN&Oe5$
za4Wrh6PyFfDG+Nzd8NTp2})j>pGtyejb&;NkU3C5-_H;{?>xK1QQ9S`xaHoMgee=2
zEbEh+*I!ggW@{T{qENlruZT)ODp~ZXHBc_Ngqu{jyC#qjyYGAQsO8VT^lts$z0HP+
z2xs^QjUwWuiEh863(PqO4BAosmhaK`pEI{-geBD9UuIn8ugOt-|6S(xkBLeGhW~)<
z8aWBs0)bzOnY4wC$yW{M@&(iTe{8zhDnKP<1yr9J8akUK)1svAuxC)}x-<>S!9(?F
zcA?{_C?@ZV2Aei`n#l(9zu`WS-hJsAXWt(SGp4(xg7~3*c5@odW;kXXbGuLOFMj{d
z{gx81mQREmRAUHhfp#zoWh>z}GuS|raw1R#en%9R3hSR`qGglQhaq>#K!M%tooG;?
zzjo}>sL7a3M5jW*s8R;#Y8b(l;%*I$@YH9)YzWR!T6WLI{$8ScBvw+5&()>NhPzd!
z{>P(yk8{(G&2ovV^|#1HbcVMvXU&;0pk&6CxBT<!@9{a%ambKWt~)RU!ys$~CiFe*
z0?j7%iB=K`b4^(7R_JV&S({3+O{qjj1QIPy-}#zZI+W0nq5G#MS3`j1cl%N2As3yI
zhKYpsKi824%Q}^&YyoaV^gUL|z-v}qWHJ_~T=28rTUH+il`-32k+=FfKiBMhF+!5(
z;z<vh{q-ty7x{BQQhD>vBAB>#tK~qALsH`Ad1P0tAKWHv+BR8Fv4!`+>Obu1UX^Ov
zmOpuS@Ui|NK4k-)TbG?+9T$)rkvq+?=0RDa=xdmY#JHLastjqPXdDbShqW>7NrHZ7
z7(9(HjM1-Ef(^`%3TlhySDJ27vQ?H`xr9VOM%0ANsA|A3-jj|r`KAo%oTajX3>^E`
zq{Nq+*dAH{EQyjZw_d4E!54gka%phEHEm}XI5o%$)&Z+*4qj<_EChj#X+<oTq`PD#
zquZPq;c+HTSS97MO<aT*#9R+xMqiSNXDz9geAA&J%wKfSQd~c5M%oa><M4?9@Qeq^
z4gUU2fu!}&vVHjL`JJ?Hxnvh6BAgnHNzSoe!I$3L1h%jUr1kBr^|%cMvP<aA=mE4r
zvYxD&aX4MqmZ5=?TSkw6cUqQM9q6{Z2DQu&yh$tLqFaJjmlXxWk`Rg9;kT3oOLa`e
z!%4>kA1t|O3V@_RzoBA(&<eW?qU0JMQ(|11BLl7WkNEQ6bz9`nM5Gx-y3C?|a$3W_
z#wYxX4DCE!I?(q;r$qXq080G-jj8{jQvTP`)vc<bge`{nS5&ipz5%jG9npG!^^TNZ
z6n=P^RsTC!%TX9{JXoJgSn3iHdXbKa>rgxwAF+zhjMY6+Xi>tw<6k+vgz=?DPJS^!
zei4z1%+2HDqt}Ow+|2v^3IZQkTR<&IRxc0IZ_-Di>CErQ+oFQ~G{<hPIli=EZeoJp
zev@=X76pa6)#65~TaLV`A5RhU;Yr=@hU4Qm6@I7gdLXpTaUhQfQ~9ZaM2UnYw9#gB
zI!y~{TjU!rkjAJ~bR~Tn!kRi$W4SD3!XlI*->;lJSzvh9rKkAiSGHlAB$1}ZRdR^v
zs2OS)Pca>Ap(RaSs7lM2GfJ#%F`}$!)K4#RaGJ_tY}6PMzY{5uHi}HjU>Qb~wlXQ)
zdd(`#gdDgN_cat+Q#1q&iH{`26k}U3UR5(?FXM>Jm{W%IKpM4Jo{`3aEHN)XI&Bwx
zs}a_P|M)fwG1Tybl)Rkw#D__n_uM+eDn*}}uN4z)3dq)U)n>pIk&pbWpPt@TXlB?b
z8AAgq!2_g-!QL>xdU4~4f6CB06j6@M?60$f;<HgN2U8!hBv=x9JeHOOpqD1CFS=kP
zOY3H?jcH^6JDY;Au3FSdrg)Q@J-A^NYZ6?!>#gpb)X1N0YO*%fw2W`m=M@%ZGWPx;
z)r*>C$WLCDX)-_~S%jE<CajU|HD!P<joA1&3n}3$(zS&B$x981sXmqzFYIU7Rt)17
zr?fbxRq3pJxWcopk%qI^W0Wn3&97Xpjbi%;nmh}w{-@Emjxabt=IAK<j95b+D#G<a
zckSv$kVep0wS*7J0H{eAF>x%dBpzU6HNHNQ%gLO~*egm7li)zfi|oMBt1pwzMA$x@
zu{Ht<ka|Zpu;?qF39xDE;&CeaZ7?K}&wiW_kHDVMH2+#<%AWi%K=0I4A%&rQXzvaG
zh~NE<t=sPPIbj8@6X%;s?w&YIq)S|E1&lT4Js-G|YXSfd$9s#DE_q2zGhGY=XY1-Z
zTfjP`;%8fs&4b{)Lbbu|MRL|fO@{omh|e#?A;<NYgPs7qxz1rbt^%8)rtDXi5WB+J
zgLlS>#H}ZBZwaf0Ylus3KCZ*qfyfbTUYGuOQI9>??gLrBPf-0XB84}sCqt5Q(O$M&
zoJ+1hx4Wp#z?uex+Q1crm2ai?kci;AE!yriBr}c@tQdCnhs<Kjx(OJN-h6$Hm$($Y
zncC>$P-CE8jdP&uriF`WFt>D9wO9fCS0WzaqUKjV_uRWg>^hIC!n-~q=1K87<QlN^
z*8UhQ30_YI2{`qiV&EycLVsGwD)PY;UZr?LwXtO(mjpDU-(Hgo%!%6>NAECZb^W?R
zjbI&9pJ)4SSxiq06Zasv*@ATm7ghLgGw3coL-dn6@_D-UhvwPXC3tLC)q3xA2`^D{
z&=G&aeSCN)6{2W6l@cg&2`cCja~D2N{_>ZQ)(5oSf!ns1i9szOif~I8@;2b)f2yQ5
zCqr{lGy5(^+d!<0g??wFzH^wuv=~0)g55&^7m<DsPYct!WP5y<6>8Ptk3y$OU|eI7
zIovLvNCoY%N(aW#=_C%GDqEO|hH3O9&iCp+LU=&CJ(=JYDGI;&ag&NKq}d;B`TonC
zK+-t8V5KjcmDyMR@jvDs|7lkga4>TQej$5B+>A`@{zE&?j-QbQWk4J*eP2@%RzQ{J
z?h`1~zwArwi^D7k9~%xtyf(2&$=GsP*n-fTKneej-y6y(3nNfC7|0{drDx{zz~cSs
z<_+d2#ZDst@+`w{mwzmn?dM2aB;E;bS-Opq$%w@WnDwa$hUGL90u9c=as)+_6aO10
zLR|CR8nr<2DQTvkaH0QDsy<FuSTOH^5?3Cb$+zEPuta-4-PC@P<w;1ulPV$&2m3G@
zz9DSl@p<jUo+{}Q(T+HWgr<(k$DL?a^WZU)G0mKX$)@U~V5R|FqPZCjT+%z)B6sJ<
zLC<SyJq#Fy5E2fG3zYW9TQqn~&nCAiBN~#Pjv&hYi;(G&Uz$6n&SXd0iJhzF6-OL~
z=P&<y<0VK{Rs$5dClR!Bt(1L!Kuf%VI+xTk&-CcQb<6sR<LE~auF*nxFblc~by{ao
zx)Ov-^$^d7&d0xymzPM8Sj4~9tMg0aXZxSdwg0qU|B@pnC+tXq3ZM?pq;*()Uh;MO
z>n@TYCs7Nk3lN}Ix$)JM0*zf=0Ad$w9j723W#%{r8V&`{wx-8kSv#)mZ{FU%UZDIi
zvbgLHyJ>z0BZe`GNM$Q;D6D48#zc9s(4^SGr>u-arE}okN62N{zuwX)@FL5>$ib=b
z5Wtm~!ojD3X|g59lw%^hE?dL;c^bgVtBOkJxQR{Eb*nR1wVM&fJQ{<))bn9e3bSlu
z3E-qpLbAE(S^I4mVn`?lycoV!yO!Qj_4qYgsg7tXR)Gu2%1)5FZu&lY7x>bU`eE}x
zSZ5c`z~^&$9V?eEH!^Rp-Fz3WiCvEgf`Tq}CnWRZY+@jZ{2NewmyGUM6|xa3Sh7)v
zj6d&NWUVqu9f-&W)tQ>Y%Ea!e76@y!Vm*aQp|wU5u<%knNvHZ!U}`fp*_)mIWba=j
z*w9~{f5pD;zCmEWePjM#ERNiNjv!SnM-&rGpB9Nmiv}J<DT?p;P)W=dKgI=$la*i`
zPC>+hwB&0f_+x?%*lgJFRHsqfFDPwyvh8<*xLT0u_BeEHw{q+UGj=$4udEx)Vq#sV
zKB3+_C!RUKy?ac3-`+}dL2!D_2(5=8&@hBf`-AbU`-<_3>Ilqkg6qSI>9<E3ytGyA
zNuw&;O7=UvKKvuF2_ID&oj9Z>G(@Kx?g<0h0K&31$AR>R%d}{%DyXPss$&c^ja7NR
z$0<Hya;i9mane7`1O?>AN7Fl$>VpGxqHW15CjxAa6DUVmCpQNbOwBv8D^Y{bXg28>
zEQE9xl?CWh0gS6%Y=G4Cy($Vb>jBb2f_dm#0_B<_Ce`|~Obt<Ekuh|D&M@6s%NU|4
zrfEsS@fZ0&6%CvWZow{wY8ACoi2DLcOAcdj@U#H*GbtHOvD+Y`U6O(J65>_Xp^nkR
zK%o_`{h1XkWn}i|5Dp#q8D(;k;2|+{DAG{2gJgPNQ=KZ=FKY@d>QEu6W;oLsE(1}<
zpnwSEj(K{Bu^#CXdi7L_$!X`QOx^tA1c{&-XTHo3G?3(H*&VM~*Aud?8%FU=dE&kV
zJ$SqZoj^g@(q9x;7B30J$<UP-pIg(n4HwN(fr)f0>(-qUml{?3e+I^Cf?X0PpLr}m
zS}W9`QaCwINRU&D5>j9O*j6S}R1`7{5+{d-xUlI~)U!^4+*b5tkuon-Msz03Z{{Kp
zH!GAXoyr#1K;t5o#h#a%Lzj3XQGqM0TRnfu$(fsQe^wb_?W!m!+7r55q>svWN`k~T
zS(gk9bi|@+8wg;dR<&0f;MpwQbY27$N{{laPQk3@3uCz$w1&jq)`uW*yn!Pe-V^%Q
zR9)cW;UB~ODlwolWFAX?ik#_|v)AtHNwoq72E9Jg#v2e5SErf+7nTleI8&}%tn6hf
zuz#5YtRs94Ui&E_1PakHfo+^t-{#ewhO*j5ls-zhm^C{kCARNEB1aORsxE!1SXBRz
z6Oc-^#<Vv3lIJqk6HI0$x+Z6<)X}m&+0F@!RM;4h`x>|0W6=7AJ;I|}pH#qby@<Un
zF4x}0X1kntcG(YNuPMcJN8yTOU4X0o>i^C+Vsu9?zdtkE{0`oO_Hw|N=Lz9Is8j}R
zI+8<Fwu{u_FkiTf5p=xI*U$GCb?+w)kI&u6@1R?wsF^GISDXXO?|&p{BJ3~4kWsww
zhAy=IgS@qa>thGK?(KSZ5ZW4nQG1`v(=0Jd*<e|?hhD@Ty7HZJLxgCdDqTO`CF&~f
zTQMJ5W869tw8tK8#vZuX^e1U^H@OcR%JyA7&C~?Q+StNfUy=wy+lh?=?!?1}!fFpj
zYk%C<ePdd#55P+iEC$jyxnPcj+ZWIdGxR8F4nDF*a%_o4363V}-ZO|!1TMN6LUhxf
z<eJS#!5~$KEP3P`MtsDR%dMonU;BrfofaznF&j1C<!B1RQL8ryH#+1n3|Hy8M-%*-
z8>0gIlavVihzo#fPaa=}(Rqdxl3^6O8K+{MqU`;1iTJ$<^k)Nms(A$j?A-wHJKvh9
zUHW3}JkE;x?FETPV8DFTxFLY8eSAd%C8vp?P_EuaMakmyFN_e?Hf|LBctnncUb}zF
zIGP4WqtKCydoov~Bi<_I%y%$l+})!;SQVcP?>)9wM3q-GE6t9*Lfoe<EtNNILEL(Q
zS<eJ-q{hN;C1CsAoP&Qw2X!&*OS<>PBlo{gx~~e{g_XM5PQ8Y5dsuG%3Xq}I&qcY6
z<g~P$>TCo?<6E%)O$A2torq3-g8j3?GGd){+VHg@gM6Kw|E($M9}3HVIyL1D9321C
zu#6~~h<<*=V7*ria%j^d5A;S^E;n!mOnFppfi+4)!BQ@#O2<|WH$RS~)&2Qol|@ff
zFR#zmU(|jaqCXPA@q?UhrgbMO7zNXQYA@8$E+;4Bz7g=&zV-)=&08J_noLAz#ngz$
zA)8L8MrbXIDZuFsR_M(DsdX)s$}yH!*bLr{s$YWl5J?alLci=I#p`&MbL4`5bC}=2
z^8-(u4v2hs9*us}hjB!uiiY6vvv&Q<TQH_?9?<*B8_K?VbN|Ph`2YPD1WdmqCQ%Cq
zM<*p`!+-z#-yGFbs#^b;BJ#IH8L|Zp8hZN%Egzy~u~Vf;`KM$)g=GIhU6o1wCF_RB
zJMo{q9=GrrOcq`7C|k0>WJcVLTJ=SFG=lpR+S4Cd91l}oZ+B-*ehY2Ic_85)SRSa%
zMEL~a3xrvH8ZnMIC!{9@pfOT7lrhxMf^8N20{CJXg}M35=`50S;6g-JYwjwj!K{^)
z5Bohf6_G6z=+0V8&><Q1$0xxYi7e9I+N-2nvhmj@1I$^vkkwnY_qj(p`RUNr$|EE~
z^hQ&su+a(hE%bcV8?8f5{uEOhQYgU^2G|aIWRNC?u$>F8xLbJ4mkCVu^g66#h&?tL
z9odv&iW21IAh~y9D-DupKP-NcernF2(*RsFkAsM<$<>@-Cl1?&XAi4+Mh2Zm@2x#u
zWH&J^1=8G|`|H2%94bnjUZyI>QACu9FS}^$lbtzzCz4AMspqGYEwFFM<%G!Oc$+;7
z3r_L!H~PR}5n8+3-&4v*fFr$uK{y_VamM0*TKn^))nQsn5U?7Iv?`4|Oy&m6himAG
z%=a;2ji3f_RtDPqkwR>ISxhnS0f)E`ITo}TR!zIxPwECZy#jzo%q{BNYtd!<<qkaJ
z=5qMooN4lT4%9-^V+L7-jSzObe4ca}j|Fv4OKY_wr*A87GAoO=D}T&6<$^o3%`<eV
zMCeFPhl{-RPT&zd(Qyj%klDra)I|uQ#xLN7v`8tAOHQ1oUW>IP_S+=*yDOk<mjf1n
zknxg9TR7ijfTu{SNx<dKp}e<~%r^U@d#$@q{ORH;&q0Mh%`EeuF(O3B&lW0yeqIp#
zpMZ6^g`SXOJDR`n{_0&1JeIl(yng6d*d(z$!|>1GgwLqe!d9esV@3$iVAm1!8RoE|
zqnTz;5a)<R9Jrp5z2CvP_zcCq>B(~~KcP)c>?+ysFAlAGF4EBor6)K{K*<bog`-~o
z8QN?=grpI&NP%2qVy-_iH=si@sok_Q%qdK^n`aL>Kn>B(&QtMAkR^ynG%k%UbJpKM
zI$}qQXXP3PISHe_vTFssbcL`irhG2zN7J((3ZFmh*bnPuiK~=#YG=820hX<bIr6mw
z^FAMS3vfza#pMM$nUTtgqe*`9`xGU%Nxvgbb;s%5k}&ptYhaFrOwRr1y$tcULrTL}
zwMPG?77P3@lFWbK%l_{u{<nnF@!z7iSrzydy@)=~njS}*<_ZE{Vj{tn4qZ@GWeN)6
z5+cY=;XYdHjae<8Q_pU9bO1g-TN12~g50kmKx-EovYO1~gsGR)lhfQYlUJA9A1|+G
z)P6stv1jf3_>qOON#HI<0bvIT{z&SaqRvqaMG-d5<06zdP?-kIH{%UMR$Xn@S}Hx3
zFjg}6no}vN_512D+RIn-mo9^_Li-)WI5%VigYt{Jd!RyI%d|-LqJU$y3aJ*a$y6$1
zjyTuIF2&t>1rPlw&k5OVLhrYBvk5Vl8T(*Gd?<s7HR#$EprY+NPpmwokE8>Alqi}>
z<@-`X_o@9EOB8Ik&?|;lvKHFU@#O+?T!kEf&oJUaLzN;>!}!!e1WIs(T}V#Irf$AK
z42`x`z-9ogxd@%CS;<CTW*qII=0!*AJk|?+T?H$dXR^{Lpf6?<TY+-q-DZASY>D5S
z2M^b;Pu)q)c&_KBO!va-4xnI57L7V@*_I_r4vU)z>xk5z6PDVqg92R7_iZH|VlO_B
z#8R`5HZVn?ou>czd>gZ~s;w4ZkzVXJNP8FiezlB5JXe6Z-OLsDw%N7!(135!Vl2Lb
zLYI79?U{h#W-_#W6hf`<$BQHJCu5ehv?IF+-uxUqt~j!ZW1cxfiEJal^q7~RMWQ0a
z2CEaPa1_p|P6qRmmeKgas*N}@(2tH%U37-<5i(DSnVOFFxg<Q906WYGTgb}L+?eCi
z=<z_^?=Frg3^#oyjBhIa21yCvVtx7TeIE>-Sv%7&{hPeRh{U`&ufGz=V|JdYQ2sG5
zk%3JimSwQFP=Yr?u_beSG^B$nnh$4hrxb4lpTTiUFRQEZ3ulr+L3m;>;Io<Xj0W-}
zYWg+)#G>?D;<H3)eP~zAtQT|5Uoh#cB6ofe<HSd5{e7Y+y?+h}xJNoh;xDN;@=NNK
z{ND$JpoyuigUSE*xu&+Igsp=5xi!^aoLLNqWUf%&G!H640P;>jG6Wjj!b)nsZds<6
zX@cD%<HD3#y!ib|1b5^+e%4*zXF&|7GJtP8>+aVr!ra~F7HYr`TB!|y-t)HSb^FQt
zbo+_XP44IWJGGxg73JyhBjKMSv`77ngDOw}6Eve6ZIol$Q5s65d(1-sP{BU{1_y)7
zF8sh5A~jxRHk=wq3c5i3*e&otCd9>cstT?IQ&D4slC-&^q!ut1;WAQ}fE}Y+jU}r{
zmpSI%sW?})RAm8}$WUU+V$PmQOF5gSKOGQ2;LF-E(gd<6<F!u{%xqLb4j>7rYu2K|
zom8mOppa%XJ6C(@I7-*opqLn73e9BMFStaBER?suJ{jte1$vA%z?$_`Em=a=(?T-q
z*A=VZOQ`P{co!*UUKyV@Rd-c#*wmb7v<%rN=TGFmWmqhbj#&+?X|3bZYAjbNGTv~O
zs7SIYi3VgW6@?=PGnbNNZIWaY^*+ChW&a)A$uqH8xxehwx2`<1w6m<KvH!d~&qb^u
zjeOitYpTE?N)k$9##zDaaX-JqUIaPN9h7oa+GqO7ivo+%S4>ag?zuHbsVJiO$a)tQ
zuBBoR>rLfhpA@)Qf`8BwRMx886%9HP5rOR%YCy9pQ|^Xw!=Mcnwx8j=(ZE)P-tJ&s
zON&Nsr%14jS@K+IvrJj720NkCR*C(j&aI$EFCV)w$9M<#LdihyRKdzTjJPI|t9_S}
z--#oF#;F?Y1KN%_yE);Bxv}9PWZphz_g5mReOKR`y%9UZ=n}GXWw?E$T1%NAfK1Ad
z|0$Lp^;sntA>}=y<U+KX)s0L<M4#0z80*fys?(H1f>bW)mkxNv1?hkZ`<8hCemcT5
zYl6$I^bhXDzPl<rd1|Pej=~$Q*Bi>z<>6zOy3Fu*3?>#q$;1fJ>nuxyx#&<&x6Y}j
zCU&VmtCJ`;a<Qka0@xRypZz5WHArBOY+FKndo;*Ma0#Y_;stsEdm5TLMb2TOEa;y|
ziZnT^!lzuCQf@Ilp+k6YP{2#0pfz&09P{obvG-H*wOiB0;IQFaBH5MV|BJJC46}vl
zk_8K=Y}>YN+qP}nwr%s2ZQC|Z**axS^?iGu+x^{{>FIv<uf6xr%#|6rB38s#2yD~5
zxwQc85Rx^LjZ{4z{<fIcA2NH0-XbH->!k0#HaXtEG=*C7kPe!mMnknbn}TKpp6Xv9
zVvq&%A3nmY^N*XTg&+=wO>(|{uTwm;<bcoY?ERm~`M#mPPaLuhbn*Ingws6(jPDyk
z--&S6SUmv*&`8z{SOpou^s4YefyPfsUZM=5aw)}T<$u{0elX(QHTYOWl8ckm5Y^%s
z&v!k}cQaJ~rI4J%l-auK6vTvr9K+~jF4*uTO4s@J9ERKovTnXZY}dL>ZP9@+M)6%T
zwXPh-&{+aAfv^ZCzOEb;yj>A=f5Pbu)7T{9PT3u>#w*%?K8jqEF%I>A?q;E%CXn)f
z|0ohNa5DMv@HVk^vT(L=HBtH*Vzo8<LE82PKl<GN9gL=B^>1L?)M=g7)>@j*vUx?S
zxqZo23n3vn@K-Q@bx3lLT+5=fB_oz8+p?P;@*UU<-u)jb5WFEXzoc+8*EC5P6(HWr
zY$mfFr=L&G>(jvl8US2fLQqTzHtAGizfR*;W4-kN2^I>L3KkXgx=e*}+i*N($}{?c
zi=Q67G)oEMW{|Gdsm{)|V)5Evo}KLj%}gIe>98<Hef8=Ger9ESWqctIYR!VwN~LEn
zpBj%-E6}on<he&$I3NKCE*U*H?VXdI0(-9yb@Jzu<IkSCn$;9qlc%-~Hl9m+9PsYH
zaDkXXS0Y@NmhDU2e@3^i9G4x8jBS_|ZRKNk;Yw;(rk#oW7Y|@Eo%C?A>FFoNTLrJX
z-ACRdewnT1w#Egct%wpGg~q%?!$}>$_UJPC4SP0^)G_$d4jN0jBEx}+rcd*^aDtnx
zewG{`m!oSbQ?A~FZ6L{&V0hUE+b$DxjO_;oskFha>@gzy(jDnzGO>z3Tzz|i&Dakg
zFid5$;SFxINis^4JzK5XIVabKoP`=ZWp|p|t{hTi8n|#XE=-rINwJ*blo?=%Se(qw
zkW7x5Qs(LV5RVGxu2e&4);c73lY#0(iZo1x=MY;7mW`uUQIY+$_PqH`4a`6O#urwU
zE6(FrvyExmB{c5z*YAj_P&t??F1t6TN2N!$N#~02u(t(PDVy<LpK@WVx(j}+B7TWE
zrxIq>D)$mL3hqKQ4E91N#GOIngP<l7#*J%609|^692@po)M9M)5$2THGY#wxT#fDY
zmz4WO9nvCAa@SzF8~h>r&pUb-f_Z4*XV8`p1pq+mzrUlUY=4~i|3RDo;Lo36U}uwm
zaOah}mO8c@%J*~~{Up7_7->8|3x<}WemgaMA}h>xD17Fey@V9;LgjQFSBS(<nyM*k
zqC3UL%KL8?)e4oWl@+O~h*T0}uRBzm?sp&F_wyvWPhPx_w~CXgDcaVU>A<+2kCP9(
zlkD%;oXzWtZ_hgu0IxeTjH`6=vi|t_04Btl32=g8swD1oZguWr4|lx0RuXoDHbh27
z+ks?gkVWYnr~_{h+PzQjQ(#8kaJai4We{F!JuqCzU0t*+H{n6i3;K<>_6XUn1n)})
zJ?}JCUPYhT9S1Hi-M+$(Z**%fz7Z%IiMN6%kD>wh%r4#C?Ge4{>w9o??Vbehy9!3@
zffZs8?LGxyWQr@yB(|%~Aa>fVj3$O=i{K*f;?h-a@-ce{(cY8qByOCA1r0;NC}}gr
zcC^f<Cg<<Xdf|!iNA;wn%#2Gm>Ca$Ot`42n>`ehclOAqBo7L&D6Mi=;M5!pd@jj$H
z?U7LQWX_u7bHpBzF7L-s4*`C)`dUrbEIgKy5=QHsi7%#&WYozvQOXrNcG{~HIIM%x
zV^eEHrB=(%$-FXVCvH@A@|nvmh`|agsu9s1UhmdPdKflZa7m&1G`3*tdUI5$9Z>*F
zYy|l8`o!QqR9?pP4D7|Lqz&~*Rl-kIL8%z?mi`BQh9Pk9a$Z}_#nRe4NIwqEYR(W0
z1l<M`*Uf_riEU?)Y;*Ms_!umw>AKVtT#ZTXK2pwfcCP%Apfo#EVU|strP=o4bbt3j
zP?k0Bn$A&Xv$GTun3!izxU#IX<e4YxN1*UTnGIlH@-c+>sK1GQt;F0k`<sZl2*EGk
zMfhRD^=_NpZ3wf?cXKmBU~pa@r-uf4{;_{D5bp<7M`TakFfZ+vt!A1U(kR=I#89vW
z=#*w5*IJS}I&HMLX3vsZdy4kpJ5VT>Tglr{z>v2>gCINX!vfs`aqag!S*AG5Z`y-#
zUv_u&J4r;|EA`r!-gsoYGn<^nSZLH-nj1SRGc0MRG%LWVL)PckFn9z!ebIJ}eg+ix
zIJo7GN;j1s$D6!({bYW)auypcB~eAWN;vhF%(l=|RR})$TOn;ldq^@8ZPi<%Xz~{Z
zQQ|KAJ@JHaX!Ka2nhP%Cb^I}V6_C|e1SjOQpcPMMwfNz#U@Az|+rmH*Zn=cYJu-KR
z{>f++Z~P=jm<b4v>)4-7^yc#52U4qeNcBRYb!hhT3Q7Ngu5t@CvY*ygxu^Eh?2l6=
zhdqN{QEaP(!p>1p1*toD!TllHH<QgisF38jv4UirRJ<V=<{MRo=v%h;JoN!L^$~}T
zIQPz1fdmBmn~LhUetmP_Mn4QO7hvmeJ}ih+Z8^&_!j@#PH|^~e?I?dsDpn|nH8pDk
z@OuIjI?Ty2I5L(>6EH~S%l9`mG62dyAd+?}1(vf@N*x^6vhEFU<-RqS7#12*q-xtU
z5d|F^n%WSAQHnm-vL)4L-VvoUVvO0kvhpIg57Wf@9p;lYS5YfrG9jtrr?E<_JL{q%
z7uPQ52{)aP{7<_v^&=J)?_|}Ep*`{dH-=cDt*65^%LodzPSH@+Z~;7sAL<dz%r&3w
zidoO0+O)dIC<a7$j>}ZECxQv+;z*f;(?k)>-Lp@jBh9%J`XotGJO(HcJc!21iZ98g
zS-O!L9vpE(xMx1mf9DIcy8J5)hGpT!o|C8H4)o-_$BR!bDb^zNiWIT6UA{5}dYySM
zHQT8>e*04zk1)?F9<pYQF%M?c=bz7S(m2gQTK-aQDgx%mAlw2%K-s4qdsien^r=9*
z?^z-f=rbr3`Kzqz=ybG=+`d|vW5n!*P0|F!ES7bQFB;;JER2SLnIm?FJyAIA6kkZ=
z1TJPJ=tLg3GFR!ney}EXKr1esDu@c9P!HW)7`$zW?lt7d9Km>9$dp5F^2Htt*jJ=(
zH(#XwfEZ`EErdI~k(THhgbwNK9a(()+Ha1EBDWVRLSB?0Q;=5Y(M0?PRJ>2M#uzuD
zmf5hDxfxr%P1;dy0k|ogO(?oahcJqGgVJmb=m16RKxNU3!xpt19>sEsWYvwP{J!u&
zhdu<cCDXAj<P84jT1Ob}z&QWPLKEq<Gwd*=u{=`*MoO2z*<Zt2b0}7U^<hSeDrIdd
z6kbI+icJvZg1bL*mK@$Y&P`R`A^~%oUlYvdRh~WmNgFqdQ5UUf5<LW16o@VH%V(dU
zfoAg)rsazIJgwp!tD!WXVA8`Eq`7Aa>+RFZ4v8PVYnw<mEO#bDUk&!h@j*btpHe^H
z1Mo(_UPX9|d{1SId2K0CWV`YED{IztR>c{fM7MuBs+<hYCY;$6!NgXBStQdZ6Am#2
zWZUNPq`oQ~o&>CsdV}`PdHl)2nn0;J!OA&)^P23|uK)87pmdZ@8~F$W)lLA}u#meb
zcl7EI?ng$CAA;AN+8y~9?aon#I*BgYxWleUO+W3YsQxAUF@2;Lu-m#U?F(tFRNIYA
zvXuKXpMuxLjHEn&4;#P|=^k+?^~TbcB2pzqPMEz1N%;UDcf{z2lSiwvJs(Kho<dm=
zyiz_0L8(49I0Fa--B7xu;4|U?aBi@}<+FBWbf7Efd!HZn3_k9kUOKZmIkKI>K+3^2
zfrmK%Z-ShDHo^OUl@cfy#(cE=fZvfHxbQ!Chs#(vIsL%hf55_zyx>0|h2JT=|7JWo
z+Uth3y@G;48O|plybV_jER4KV{y{$yL5wc#-5H&w(6~)&1NfQe9WP99*Kc+Z^!6u7
zj`vK@fV-8(sZW=(Si)<j`^0x<wk7Y|`vqJddy!Ld>_WUKp0uKT$p8mKTgi$@k}(Ng
z#xPo-5i8eZl6VB8Bk%2=&`o=v+G7g|dW47~gh}b3hDtjW%w)47v#X!VYM}Z7hG1GI
zj16;ufr@1^yZ*w3R&6pB8PMbuz%kQ%r=|F4+a!Gw2RBX6RD5c!3fU@+QCq#X7W@Q5
zuVQ}Uu0dzN+2mSX5)KV%CsU;2FL%B6YT`10$8JR^#;jOO1x?t()Q_<cia_Q8h}R*L
zn(sJUo5n$dC9MZ6PS#AXez;RvWg$=9_?*QgPk1wHIO|-|snSR)RLho2_Bs<<)D>gI
zxpQr2HI0_^@ge0hNt&MQAI`yJ1Zhd-fpR{rdNmRkEEDu7SpB)QOP4ajV;UBZZZK<6
zWds;!f+|}iP-kqWAH#1@QisJpjcg`+s80!LhAG@(eMad|zcln~oE8}9l5!K{^zf~(
zd=HArZ5+Mryc$uNa`@|GSdOX=y}8GZc-%p8W@OM)uk2DfmhQXCU1E#y3XJ>|+XdW2
z)FQLeK38}u<Xxg35zFW)fnx{GR}h>_D(5E{GV|YT^rI4qds2{-r<@@@@SG@u&4LbC
z5o|KKqVM{<TI`xhMf=P%FW8xb@ek=AO21C2yM(;4aEAA7%<Z1{eP7xF`syMspdBO^
zBq9^MaX$%OWYP6C11LrgeNSgo(HCXRJ1`CaXhX{-^xzbb4<7uE7MC5KpeUX;M==5n
z{3ioD>?wk$5>2?t*I?IHdh~gljn_2m2zqZNJEEz4Mb$o&I3_UAg#$B{0u$uF4-q}{
zzs5+k@qOe08!CGLGmy3eRrcuqsgB*B>i8c3>3=T^Hv>nL{{u)jtNc6tLbL7KxfUr;
z=Pp14Nz+ggjuwd~*oRJ)xWwGwdge+~b!E%c3Gzw6`vT>CCxE0t6v5Z`<IUShtqv4Q
z-Jh1j(R$<U^pu^U*X#H3i$3O+SP@;NU_Wz9N9~NM)DYVP1w@*>tw1oKCcm68A~Dbc
zgbhP6bkWwSQ=#5EsX*O9Sm^}EwmQQzt2V2phrqqe2y)w8;|&t6W?lUSOTjeU%PKXC
z3Kw$|>1YrfgUf6^)h(|d9SRFO_0&Cvpk<HwG~S{@{kr9%)P3fHW&v6mJE+xCTU`-0
znZbiT^s+J5jN|D86iwi|a+IgRD$ZsT8H(n*gY=aL(j#!IzfCzsI;;107BPg~W|)C_
z^?hWmQ}^&ysqSO23ESiW9eSZQGs&lq=v#ek_vIQFKn2f|8f+lcq#xax?*@8p-hHed
zPjB;5<swRGyYaZC=`*0TBqZj-m^pid7Ur9S;GhjORa?<Mttm<}%hW#ZprE+r109bN
zwZ_0><+i83DLS_}jgt~^YFwg0XWQSKW?cnBUVU}$R9F3Uo;N#%+js-gOY@`B4+9DH
zYuN|s&@2{9&>eH?p1WVQcdDx&V(%-kz&oSSnvqzcXC3VsggWet1#~bRj5lBJDo#zF
zSz))FHQd8>3iSw{63m`Pgy_jkkj9LTmJ&!J(V0E~&}HJ4@nXp<(miz$sb;(I<8s!7
zZyezu!-+X81r03486gA<CgY+EO}QW+Ia3G(Q%>lx@n#aKx_93DREBtNcYln*8oliQ
zbh0~SkAgHXX%C6}HwN(TRwaK2k_$Y}PxKId;jYt=S1Bf<8s@(IL?k3u1(f^V%TYO1
zA_jPf*V)SLEZFWS#y>M&p$LoSk+%ubs`)H%WEZf=F)RKh&x;i)uLIGJ94~A4m$(;S
z;1rQC{m>--`WHFcaFA&5#7~vz|5S;{fB(7pPnG;@$D~C0pZYNEG?B8X*GB2e4{Qk;
za1<kVte-EIP?EM3|7$~@)L`7XY27*&^@jFA(Dec&ia6NFH{o8|*)Lhuu+hZxJemD(
z<mA^8l|RT~VYm@vr0(l#5CzPlLit=#`fzrr2Mm;ga4~j&VyMYkPvL$<s0xe~w9ZAS
zNgEb)fwE_s!1Vfi;J#>oop8OvHqs1Lk6B`AuYOv4`y`IgM315iTr{VUVc9WeOG;xE
z%eDQgE4rb_B%<uh;bRAW+*RO}va{~N5paRpYeL=MR@mC*;G#4cp|UZ`)+dwsw5<v#
zvp<$2)IqAYlFBXF9j=^oa;)WkoN|wsq<o|FSj-=c?zyJQEXJ{40|b13I>vuT>N?^K
zRvPnQwG%7RjO26+DY!OXWjgBu4^!)W-+ob_G&nX++))pD->QdRCo0spZN?Y*J#@-q
z)fk-fJvZYz8)GSxYc^oXYIM;Pw}ftHW+a3dis#dXx^OS^m-~FlwcVr6MXv78fNI!i
z51K-2t&!&IZ4(GF=mT@;qIp!&R(I@UiWPPz)%Us&(FdAAGxZ-+6^UZ7em`J-F#_3r
zLkHym@VAnZFM$J~?0b@&O`l4YXyvOQ+OqalbZ0{g{qD{neY_xno1ZpXlSJWM=Mv(~
zvK{?O>AcXpbd}+hn{~*>weZwDTURX*M^9RkOO#DUfRW1;comKg1bn+mlsrNY8XDyW
zgWg9~AWb_1^D8zsD4bL(1J4oinVy0Fimrh&AC}Itl;IH*p4eU_I;SWkOI!9tAbi3B
zO@0=q#LHAc>z?ve8Q&hsF(sR9lgf_99_5Kvuug<^&0}Y&m)YjI?bITGIuh}AJO|>z
zc*`Mly$>TA={AIT#d%JuMpXHDt($qkc*3UTf-wS$8^awqDD^|EAeA{FoeyJfWM@QX
zk>vJ4L|8DU7jg_fB^3Qvz*V$QmDl*AXdw6@KSckh#qxjLCM8Nba!dTkJgr(S@~Z0a
zt8%|W!a~3zG4Y&X6xbLtt^JK5;JT($B`_9bv(BjRTfG_Y`tg3k-}%sQoY@F|=}}${
zwmW%Ub6jPd)$;NA0=b7w!^2dE-qvI4)AVr`yvkabJcGwvuQ2rAoRlTjvCC^-$2BG}
ziy0<6nt8;J67rymwm&wVZ8E7Krouv2Ir@-GQ%ui6PR42KHKms3MK&Z$zp{_XAVvrd
znK4cbg)Ggh5k(4SlFO<r%{EG(DxGjDtalNt6Hy;#N*O&Lm3-<a0?dLxtZF}ZXt~7H
zXa%>M9yyRUlVH1oo%|6Lu9%ZxZW28!c9Z%H5#E?B?7H7ulcUtirB<{s@jnS(-R@we
z^R#{Mn$#JXd~5sw9rU&~e3fYTx!T&hY{S<~7hviG-T$<4OPcG6eA0KOHJbTz^(`i~
z_WON4ILDLdi}Ra@cWXKLqyd0nPi06vnrU-)-{)Xp&|2gV>E{Uc>Td`@f@=WYJYZ^-
zw&+fjnmyeRoK-un<DiNcEKxg3*>BVvX>g>wO3!ey<+X#z@8GNc9MD}khMO>TV{4`z
zx4%!9|H6k|Ue;`M{G6d!p#LL+_@6WMpWgF7jk*%$D_JB3c%D`~YmHRJD1UNDLh;Tf
zYbbKcv9R(81c4yK+g+1Ril{5w#?E}+NVz>d@n48C-T-(L?9a9W`JV<tNi#VaTu!FP
zQ`cW#4+m)e6x7W{NF9=f+9HS?2FFP0@&@_&`Q?HFvf&a0rHJXM_0Pyt<nDd&N4gmV
z-3^1!Z3_Fc>*{dan-sH*P3_Hnt~iRv)}ye;7$b}^4l%ixphDK`G#b!4R4qoouT@*A
zZ)kQa)e94??k7N>tqoRl>h(9DFq&92=z|F!LJrh-97EoFL|Wt2v}>(zG1*#aiYA_^
zM_&%_G^g*O8x650e>m!#MDmwRub!irY>^^|L=!4^%lBr;?}mvg<wr}>P3y~<NB=B5
zy}L|n*?yr=;l0pRNL&W%FEps%u3E`mBD`q9<d6(MlRTV|LSSq%lh0z2iy%N=N$tpX
zG8Brd+d8vNxtoR_-7w%tgd&3|#mvR?G(**)w8iF?-nr<@^kJjWK4=Abmm4XGM;7U$
zfuRD>^mSdKSm^R~WAt7T0_ck0mA`GS)J^SYTo6^vQ|vuM7!92&@$BhtcQ^Z4h2)aN
zh~EQthyjn1(eI~$FtuHH!|x(iHU{9k4<z1rg~PoFbDNshz;YbUE<ky{jcpQ9N*bm3
zM3wRQgr#S30&&Kca5GSW*SHO>0k5nPBwB)X@8Lo$P6u81EeoNOGRct%a-LM_4y3Ts
z7ki0PWAO^Es6c%M*SSRn)2|NAoUsKyL%))uVx7?5lkrk`njxs4q@M~x+8%jr7xV;-
z|K<d0IWxF#_zRSQM_-7|J;{|pCFte~M23k|FuY!Q-eWGuKp6XQyG4)nhy2CJs0kw|
z3noXeK`PvfB^EX(LKk69>C=g3aTZO|y|g~oHXB6b42(|J_&fP2Y`*;L07H2d>{~JP
zFNGl$MYUG(Qy3dR?9Bfdg8#peGRiVP8VYn@)6T1bj*v)s6q<a(Cgk;0IwQ&OVui)x
zKna+Lolr&#w9Rc(x2P`|I?5q*TV2mPpa@dY+8-H|x0#j#wPmLJng`#pM{jP%I^FJ$
z->*7<6P(ZVm4ZnTA;rOHSd>P`_5uT0+azWdV`gIvLaJ1o*DB}&W6LCgX|BycgF5qd
z!)}dT#A~4*6{1=Bd5VV(Qa2h4x9m#2X711z(ZN>i&cn`BopG*5P`CD*HfYiQmXNGk
zhgqcHPBrJP$Z@PLZ4}d-8^}%X^LtUDHq&;~3}lUyrxxl@|IS={GP&6-qq&Iy5gKW-
zC@$}`EEZd}DOSeSD+v_x5r_tpBWfN0gDa21p(@TAIrgWQFo7NO@slI6XOAML_lN;3
zEv~}LlMbGWKu}0s$tO-vR<bxDk5q&78=lmHUSk#OYc>)wD!=olGcA?}vU;lRu4+Zf
z?nCD7hBmA5`U9P#W8-*0V1=OT-NI0k&_`UZ87DbpYq_=DBdyNDchZ<|V1f%dbaa7i
zf~R+6Xt%G)VXlM@8REfP3u#7UPadWYOBMsQ56fHRv!0p9R6q>Rbx!n|IY0goLb%{+
zzy|5WXk+(d@ChzOWatIV1lc1F!(uEOfEmMd;v`|$Kt3X2Uws;%@OV!E86PN?CeHV&
z=4#TX{J8RWaH`)!J<8AUs#<vYyoO@nWe_+P3W@Ua?$N%|^1Ax`9udL!kV+H0i4#`F
zDQxQUuz{hdn<88=5?9=`zhr9m2`wO5TKyHY3$r1l|1ermTI8RGJ7oEU^lwz*Y85$*
za2{+Cdxsl4lYT;MQ2T_PT78BjnRkYyH<58l*d{1*1~)81#IypAeug=Ks9Ep@TLJna
zt^#v}I1!7D@5UjAieshSs^iHd31SxQ0{-VmDFPyM1Hw;5F#c2o|9>Ar{6Am^8M{S(
zc%K7y2YbcLUz+*eDT<N{b8Y_Y{FK4U0l~;DDL_2-{2RnoLn>XdthNE)Lm^P&*e^eV
zilOS9)TVKgr9_^_M!TJ^44v<<hX*wOvhsFuqiGRPD~&C;`dBbnTuyQ%My{UwqO@S;
zc1Qj?x4{}>YF2NO=h(oOr5j<dz63?0%kchyxgL$UAlId5vEZ$qIid=!gmCtBzpCV=
zPGAO1iJdKr;Et1sg44exXyHZ`U2>YxVTxWk0XJ8n0{F_SOH%49WMk*Sg7`g6B(=^<
z*rLAW;8I5;1?;Fh{N=f;kxjLpj}u^mD|k8lih|G4#}wEG1j<O(u#~}ufAY=>`HIG(
z8y;BMR3cE01e?(+k<Q*5J39BEg;)SRes{pKLd;G)H1O7BQ5pK|kaB16rR}v05N#*e
zc{{nKmeI2;y5Yh$c>8NLR|Z+)#>qR^iMZc=BkcixWSKYmkaHpIFN?s%*74kc&wxwB
zrtbYBGz9%pvV6E(uli6j)5ir%#lQkjb3dvlX*rw5tLv#Z>OZm@`Bf2t{r>u^&lRCg
z11*w4A;Lyb@q~I(UQMdvrmi=)$OCVYnk+t;^r>c#G8`h!o`<w203{a5Hn*~B#L9P;
z>YcqH8gU}9po>S=du9c*l_g~>doGE0IcWrED`rvE=z~Ywv@;O-##+DMmBR>lb!~_7
zR`BUxf?+5fruGkiwwu|HbWP^Jzui=9t^Pmg#NmGvp(?<C&9rQ$UICTx4`Wdlwn!PY
zS85AG+zATC|00R(!QPP3u$g7uq`5u+z7rr!8v^t5=bK<R>!d)5EY<%rIhD=9w5u)G
z%IE9*4yz9o$1)VZJQuppnkY)lK!TBiW`sGyfH16#{EV>_Im$y783ui)a;-}3CPRt-
zmxO@Yt$vIOrD}k_^|B2lDb2%nl2OWg6Y)59a?)gy#YtpS+gXx?_I|RZ&XPO`M!yl7
z;2IS@aT4!^l`Tped5UGWStOw5PrH#`=se%(ox%gmJUBk18PsN$*-J8S%r51Y$i!4N
zQ!rW%cgj44jA~_x%%smSTU2WG_W0c&PB$A5*kl8{$<pJeZdAOGMk3u*o=t?_7=w!C
z;F-WeQ5R(D8<1M+wh+s4L|hq?oOS$WqOpNT)oL9(fmjRPoc6UQ7BOrv4I9Q3s6V6b
zI5~m|F74*yB)O(9Z+UL{D!UARR>|865+lSIX~uyDT`uI7qnS!BPAg1Wwrc0e)8Usf
zv9^E38H<XLAaHcV&*$a}i~v3rrq0s`i^xw!c)rCZM{kQoib>&hWSp5!@K8Qinl|)9
zEB?NMaxZK^GB!PUf1TBw+`H&jFSNI=Q@v5$Ryf-y^#IuXO#vsM5R+9@qz#z0fD0GP
z9|Hj#E>?<=HTcsF$`xn`je~D&3<u8|3YUL99}<W>kF1Qi%dfH{sKh!~(IpgjkDGQn
zQx2F9rv{*x2$(@P9v?|JZY)^b9cd+SO6_1#63n-HAY3fE&s(G031g2@Q^a@63@o?I
zE_^r%aUvMhsOi=tkW;}Shom;+Nc%cdktxtkh|>BIneNRGIK{m_1`lDB*U=m|M^HGl
zWF#z8NRBduQcF-G43k2-5YrD}6~rn2DKdpV0gD%Kl{02J{G3<4zSJ1GFFSXFehumq
zyPvyjMp2SLpdE5dG#@%A>+R3%Ah<AiUpqidtCZSGqApl7O^h4d{4aQBSPh6$8vy_S
zhw{HSZuHNw{SUVPt>LAwyqxjvGd{I7J`Iw{?=KKPRzyrdFeU}Qj{rm{351DoP_;vx
zMo*s+!Gwgn;${(LXXO(xyI@$ULPZI|uzYR%`>MmW6Hcr1y2aM5b$grFwW_(9Fzz$Q
z$&8dKNdWvBkK=iYWA|0}<lXm#i_8w&>s1B7>8J$g*Ij_+S9vC1#jy~uA8nr)yY)a+
zoJ=e>Lp`7v3^tQN<&6UpDi{c1b}F~fJ<J_)q?$Kr<S@Mgv9A!MbaJEyd59s(1UN=T
zra~xkMw>$9r=p=@U^J_7bOck$5}ncVjYB0yEjbWrhe@E`j64yN3X?=k_F3BalH$aN
zV=94?wDNv=BKLB<1*xU|65Zl!%51r5sHQ?qCggCw;$2QfCZ$lN40WPL=n^{Prf^QS
zjbZ&1MRGgiZ2T)}DpiluFr#q*!AZJ$1v#d10YQ{>wQ5px!y28-1hCZ7lwvQnQYN*U
zOg9BpvB0A$W<w=B+IYLKhRv8qWv6Ha?=Br0InL@^iNdEXqj63I74pHOVLchz!qr4D
zm2oHm+G~l%x_y0w>UzFs+KWk1qLiGTrDT-0>DUpFl??l(FqWVz_3_Xzqg9vTpagp-
zZcJ!5W?|0G%W|AJVVHJ7`u6@<4yyqMGHj@kpv`P+LV<)%PM__Rz&oq~t-*vV12@NR
zoEVPz<2D>O==MlNI`;l8Gmv49&|1`FR!}2`NLRCqA{@`imL<DLE(JGc({LK}BC#15
zQKP%#Yt{2*i?Gdc{g6fqM3;sU7z-JWeBVwS7skUD2uLQ-u~EtARDI<klx{;aOXDk4
zuPmKK9Jo+R%&VH=z`$dDv9(w?u?jn<W9yuECgU(JOKs4oRnbBm7T2`xmi3CWrdE#q
z%qxY?s>z6zrjS4ui0)O;!Pu&?KPAcX)?tDPS26uKvR(ry(p{6kiXPoZbnQ!vx6dLu
zZCaj~Ocr$h##KqsD;9;ZiUwhmUd%5lrwczWr1Yn6V>+IK=>51;N7JDkrm1NY-ZBes
z;FxeOTb^HAyA+~P2}WvSSu_fzt<C4Z<)Hr^Vgsufxm0Rd+6FF>_K=(m4wUp%c*^hF
zEJ+1dP0{0B8bryXR+qApLz43iu?ga<5QQxTa$1gMCBq0W=4|DTv4nY4T*-^Im%>U~
z)98;hc(d7vk0zAML$WnPWsqK>=O-FZSLI3_WQKr*PCK=(i6LelZ$$}XXrD5cb~VXz
zT%egX>8e;KZs@jcD>cL9VP(Q}b0r~ST$Mc%mr1cC8mqRUQc|N^9@Weu$Z|Kec<H!I
z*2odXm&TQL5>zK7HhSFeFV0i)MQmwrn7CBL=p`_9n?nh320m}6-MSv3L7I*<*56GR
zZ`zI^1zyC7F#*zVL@M)F2+oqxydaiQz?|ODmqs|Ub8%&KXk9P3P7<4tM?X{~!;Ygw
zt=h7)AYGDO9F&wV=BhCyD9exr#YM_-<;Fo~iE>IBEXK$%;JCUAEr;lR&3S_DUy_E)
z#!oCYdENVE9OaaeaIrPk-odMtvdFG;ocA#`L6AifMu0<I2)%ACF25?SrG5(k-6|X?
z9M^Hr+yj#!KW4E==mh8rD}8^Dte}t%tA3%`8XpnJ#)Bbc<J1Ce>og^?Oy9F|Et9q6
z8;3_|9+Io@hqYoN;58x1K&OP!9Vd#dzhTRjB2kI?%31ceHb#Q~WqJV5lw;@b>4@Rd
z={z1S`d05YdWC*RLc7sR0bVGSytn-a3`JZL3|d8KC?vj_70Vi4ohP9QbU&Q4?Zjd0
zSZA?KbqLBsJg(qj>fycto3`zN-)lDe4{Ij-QfoBn@rT_tTszA+CnM~xWmE(4zfpCQ
z;zPJfl3=ctrggYM!KQg;V{J;utMMF9&BfOe!<{wU0ph?-VQ%cv3B%fFiW?6xBPdf0
zD-HhEU?0C`G@7e+b-=8fj=TP3mdz&SIQ}Nd`*G#DTz9Y<e{=*ED(l!t#5yAVvrexf
zPIsGfn1!*ryqu=jd^nMjx<$yQe($kvGLCi_mFg|gCS_{qI$kX)Wt*~z+<%q2Mc~E=
z{Wm$YAIDM*=BuX1QI$lA?}}X<wX3RdUVJIBGkN16lu(F%sfJ(3e0|$7jzllji{>@b
zaoDF}Gx7ZhPzpDhi^fA7WZ)EAEFv;N2*b<GVacJ*O*mnZ@*cF-U_!-9xiRg<YJBjg
z_a8bGfV6YoR7QB8G-w0f0$(UA)qQzUL=rb)gi%uwCwi50&U|QKFn%!c;GtrI>Kp0T
za0t<^1|Zc#`A+?s$!$8eO4CK~PUFECC3BwNR4f)!V&-Y>$xg(%T{MtrH|CPcO(Lf>
z<J_IFYpgspF|h<Bm8-zT#`;{KKh_xe#nGSKlo)5fYY?Wc>E_meE1?6S-qlV^p2fh!
zT11Ub)hHw!_mpFDMIAFB`%Yal+`1IXV>b?%!q^Ps%8nh8wtjVGlF-!5x*D29WJ4=M
zZ7X(QvKe$YZNgM(HibD7+VO5Q29?@HzS?k$c|3B@JI6dlLgu5S&LbU4=4p-Yn||z@
z4p05vq*k*pbOV9QjVTMp8`c$?t@~!$8&5AP_sz@tk%a$nWHMh-Gm{WS5+q)5W6pU#
za@YZXJCLTpZ}zb=$HCYbIm->?Hu6XIBz_d7)n1+3eSLzGVoNQCTHcu9qS2@({0sxc
zu<-mhx@Xz_*(S1DEL|<T0s%I=07i{7dfGcg5YsbUCnMIii(8x8XJfN2iO}Ow1)j9c
z{Tj3wF`M4<MAnshQX^4KUX%KT=fK-&`hBGKb5x<Mmsyo(O87_;nW2S8Z00B9<AS41
zD^8>d0`YV7uNevL*Y6|DAQmvSp{4DzPL@>hqJ?`FjvIU;<<gRjR*o=_yyL`s2s<Sr
zq{3y_Q?|;ILEq&u&liTkeOI&54w)_0%udme{>&}YEKDmFUGSBYjRm<f2?H%+?AD<D
zHIVb>K{Km-1m%-t=fFfI9kV|POH|SxvO=P+><+1JK_lt5F6fTPf8PXU+lYEJz__**
z&>`4F2F8EWE+k7ZsZx9%!?A56{lsk1juYw5zN)V+g$d^Q^Gm}fnHKA6L^36=`e;p%
zp{;JD$X3%}O7qINR*2<>a422}_hmc=)-A7B-1#2v85jN5K31t0DtmqON-Dim`XIR;
zOo`KRv)gtn?stp*`^f>}UDnGYGnJAbl(4srd>(5fo2#oqi>#bus86EHfeItFIu$+%
z;lE|3gjQA`BXHEE5JdcjCoethN`@NEc~zm6CYf@LJ|hT^1>l}gR<j519ngD!EAn;6
zTJzp|ZWqx}4J>l7oD<tCmYC{h*W&iDis-%uEUE(Aw|Nib?L+^z$Cr<>HMnw!*5*IC
z@@Mi=gO=lZSnWln`dX^4Bd{9zYG{HNIX-87A#5OM%xu*%V?7K3j3CHcN*t!zNK4N4
z!U2?a>0`8m8}UQshILC0g6-k>8~;SR<bhd5;Alz+eLYHHwruUK$y2Sgo>IJ?vQKDj
z@U{DrstWIT7ufyRYox^&*IyHYb$3wtB}V^0sS|1OyK#sDc%sh+(gy&NT9j4Aa7J0C
zPe$02TylMjad&|{_oe3`zx)Cqns?6qThYue6U=~j5+l0Po4`bX*&9V@a<-O;;vCzm
z(af&;e<^}?5$7&MRW$eb*P<<o+v7l#S_NtV+RZ2GdYcB!mQa%nLyK7biU#oWs9CX^
zY&T~?Q#lnev(SuV6Oe2HtfdoSdj(Ox7NMvxOZ23J1d|_*sr-UXi!Wa(n}U6LW1xzg
z!K`wBMMP|Nb*Jj@T$xK24ZJ@-2V9Duzf5fOVh}@^JsZ}3%+b7nd+}nhgOddMDsEQ>
zX|33QmDvFSDFK-<fqF6^`2B~@WHnloDXAnw-=b7~#%@CepJ!C>qMz|RF|Eedum@~W
zt~8C1@i8@LammTr)rAgKm8X_SczCg@+@LeWpcmx;VL;iLQJ;t%Z*|XbNWUnHX|o=Q
z%bsXc%bw=pk~8%3aV-w(7E$co9_cHQ$!}Ep6YcoCb7~GQBWl#4D!T8A5!P*tSl4FK
zK2CX0mjmosg6TSK@-E-He{dm0?9h{&v~}OX15xgF<1-w4DCypYo22%@;uRq`ZFld-
z{Uqof@a@P5dW@kfF-`1B1(!R>(DHb&$UXY%Gd+6r?w8klhP&ldzG*6#l#VuM&`)ki
z)f$+Rp?YYog9u==<#MC%1daG#%3EOX9A{7$`_(s#_4mV`xZaB+6YlX`H4{}vq;)TF
zo~fR@do6EZIR?413A$V6o^fq&QV7P(bB(9m196<lScB34I}G=oz5t?hyS<PG52g_u
z0S+&*`q1A2XmRpIgX*5>9szOosyhZRYciAWXe4@u-}s(LeJpuIkSx)XvjXmvVEseG
zJvWN4s|$6r;s(3F+cgeh4DMEq??h!$eb^5h#`whT5d03qfYpol8dCim)A^NG1-H}}
z!b)V8DTL2Q8@R2p`y4@CeSVj9;8B5#O?jfl-j<$Quv?Ztwp*)GvQ~|W8i6?-ZV@Lf
z8$04U_1m{2|AIu+rd8<vRh~h4h3cN$m+a4{rut+Alkup3zxQ{jU~x1L`bBDnFBpnE
zgtA)2T2HLtxEoDWf(VQ|Akcq3uGCwEkIOGWP2hslq;X-UEMLOPt@NCviAl1XvIq@(
z;0<Ia_kd4LiWa-0n5y}Z@F>KW`Qk|P1w(}d%}cjG6cxsTJ3Y&*J^_@bQgXwILWY7w
zx+z)v81rZv-|mi>y#p$4S7AA760X?)P&0e{iKcWq4xvv@KA@EWjPGdt8CKvh4}p}~
zdUVzuzkBlU2Z+*hTK214><61~h~9zQ3k+-{Pv~w`#4|YdjTFKc{===9Ml7EMFmE!f
zH}U3O{Z`DuJrBZbz~OjSVlD6uZSEeNK8epja_LanEh8v;_$Eg9?g*9ihMoat$#qd^
z?;x?a*y3-pW#6|kF^<$w;2^~s!fc;3D~#&#WYZfK@3;bO{MvmN?>qy%_%v`BVCgfC
zdwL~(H14Gr6w(1CX|R;zhZh%?*Q{hxJH`MV2)@Jg$pbqjZeL+LO7^vwgi!@3yn@NT
zU91-{;BWIi8bV-j-YR|A9Qs?M?e7Ru&Onl1(Sz(kxAw?LEbd+Le%Z43rZgb2h2m|e
z^rblc;4r+}?@tC(YIBB_qpQL?_kg{;zO#6JD9{;HSUgf@zIZ)}Bh4wFZIs>meSd}f
z<u7uY&_GnUqxd@OC2<7Rs&u~=au4j7d@uWh%u_+Zf_CnZ5@n*1p@tbDRTQJw88M-X
zkta>4iF~nD$KAV6CVEw<gLVwOJyLX|>+{YOPrW~~y~Y=?snG4dE3edN$~SXh`!c_F
zUsQ1M;ARz&v0mIbfP}aLWZ&cBPU+DU{l+0}_>9DZGL{@}lF6QCtgAg;EWUu`D$Evm
znblG}kC!}Mw)bR~U;+S}T9TVc6lXWR!LNMm)nmxr*ORkv#&UO$_WQpt0WdX{A=bjC
zV^lB~(r;y!C4$Rk0fWUR|0<I>9O?KBos@aFQjUx{ODABcj}h5~ObwM_cS>5;iI^I-
zPVEP9qrox2CFbG`T5r_GwQQpoI0>mVc_|$o>zdY5vbE~B%oK26jZ)m=1nu_uLEvZ<
z8QI_G?ejz`;^ap+REYQ<f7Bw8Nx}45(j~8Q&l)ecPcF<L(*Xtsw!gGW?-fKnG)5h6
zMSYW%9d;=tee}Ng#11<`CSpX~l+cnq{Dqd+M!XzG#f8qrb-&jWJ_;a+&UL!sUvb<Y
zdiQ*Tqh3Vbi8V9;{k<Zoo65-$fR1H+#u_jz46pN{J7|}jfOo()ld}C``;abNh(F1Z
z6pmxOZ=9$GpLgI*(Yt!*#na2?ey_d(;(&B!cl?aHphK+tky5+&{V&oMg(6UTksnzL
z^iRj;zch#WUo9Hr|1g99Pq!vV?bYoky6j6dN-UMkwVK#6yR;&6IMrmBGKQk!iqmDG
z&B2n3gqGEof<Be>zBo}7CnlSHE_DI5qrR!yVx3J1Jl;`UaLnKp2G$R__fAe;R(9%n
zC)#)tvvo-9WUBL~r_=XlhpWhM=WS6B0DItw{1160xd;M(JxX_-a&i%PXO@}rnu73_
zObHBZrH%R!#~pjEp~P?qIj4MdAx@sv;E96Doi$eO-~)oUz%Z0Tr4K`-jl06Il!9{s
zdjF*1r{XU?)C(%XKPm;UnpnDGD%QL3pgo0ust~+sB0pa|v37>E1dp*Odn)n=DY;5j
zDzSAkU9B6F$;|##_mrDe#%hd7pC1u`{9ZKeDdtkyl&4>H=e)Fq@}$UffPt1#cjYZg
zd%O%xpg4~brEr>AnKT)kF@`cdX4tMlZ#Vk!l1Xz!G970p`Gkv^lk-|<r4$`^&`24P
zFNFyse8=SAy)Gd*=rXz}a_!M9=D^(O5VaYo2A6tYt!JfQX0%R~HWTj08D{}Hh&8x)
z05K|e6BRg3Phk?Sn=-A`%x1eB9nJ_`3r<;vV(PGo>>jmt0W5<em^)MoP)&tz$0u*|
zb8=^NoNTne0n@r&gyDcPJrZKc@>Wu6woGf?hNA<y6O~V$V9_7(J`A&Cb9OM%D#hV>
zXO2?BG)<{`NsYAY#3|L^x*=rS7uWU~s<*Uh<XOM)%9>TC8AYc#lGP-=Aw1I)@y(<`
znQb^nL~$rlDbsdAc4nc#{+$_;Z4iY;Pi0i9Q;>ZB3+IjWLg_r40-Fso^xF<*_s7Tj
zujFrMH{vW3PmCndjQIscnQE%`Qj|E2kidi#c&Pc<z?3|C)EGe@(xJ}~lwxl<R`ZLX
zFW%1wV{Ecd#dT{l*JGHImktP&s+8FcjOFd2E&LoBPg*jXnbVNUdcgbY)!Ra^9m!YB
z4>WIMyH+e#7!l`<$_)*pDP$!49pY6w!bN)j8~A1wV%gIakf+vA<hM-N7tOi3xadHe
zDzKuK-*gZFEZ)DK9q`RxXlWfO&E2tX%wKSOYV*IJ8dT})GOAfV0Qi*eh<Z|14r>04
zV)_Q=QMPSj6$M2Ar#KhhxsbZUOq3nZHh8m0?<a@m?VosS*wEu5|5|{6>Fr}I6N(Fk
zkhXM(f57yOa8vn^97J+g9ISPa=-**6^8ZX&g=z+m&6~x<1>)MyM&tpb<cUZ;B6b|X
zFwML`OB?a_E!uB&R~x*!T?*UZ{DqcP=z+MLey>WhSf8#+Pcd4rVK#)NSw>1eLKHTO
z44A@sc_}Ypi#ggFRbDRFV(IhOnRU&XPrQYh9`mVMo-^U$&AwsXooSRUFqJ7)XUXCK
zFpt;gJ}9QTN9xy9$=3OnRkjgUuQZ`X)!}LBm~WUIEKuK-Z%}f?2?+MKucWU<3)>9G
zxsz~2pHut1AmH<@66;LdCB9+dSpojE4ggrYS?%icv*Rpi?G0Q($^`(g<eM))Mm|VN
z_KD(Zez7e+y&FtF6?g)4l65;!igB><1&Z){O_5B$@f#;I2-+Qa1P$a@=u-vOY5vqo
z|6G67X;*A|V86ZET9OpFB&02twZtc2K}~ASoQpM_p{vJ{-XvA8UmQa4Ed%fS{D@g(
zr_aY<K7XCl{YE&k^mT~b%&AjsrjEYsTocwX6IO%!%{u_ldBKWz`d|Z1_JK!%XnLXJ
z(QP6B9~a<ccWk2H4lW#UNu08te1cTLl;wuf!$g$7_fb1ke$rXSxBccm^$1T4U&&qA
z>0gKw*=2SIGznXXKFo$r0x3)@bq8@4od^U(L0-jvTsK@qYOWX?2G_>N+?;r{<H+|#
zu;7WNx+%JT_?VaW09wIrD@Nu&x}*By{uBYY@X27#FEy<QGNadBk=u=DYdVf+khSX|
zVyS9h2|bZKX{!Z%1K-AC@Fu?`2vbN|!{|k=@d#weUa&?bzDP6tU_ObT{xC=elfbeR
z%N-mbo`ILh8D-vyReZAZ_IIhxqbV}szHz~Kg``JngsATd3l5X*o_w>TU2{M>V0zid
zB_Zu?WSn<KcA9~#1QQ|jm2mbbP|yo4nVJ+ks1@MqkyRPRA0vB1%6X9Y4zdh2r;S`|
zD4lm&mh{+A4kPY*A?(kU9Hsby(Jl8!P5wR6Xy6!d2rX&q`@>Rl@k?oE*gsgv;jH@+
z-}BDGyR-ls<fIW7A2X1x05N*I%B1Wex|SR+3~jAvq41Onw41IEpNn+SZ*&H0jSr0r
zK5=-BO!5Y^<2$p5x-1l&os`K%Jxpcc1pQKxXKe&tCws%8?6TS)ng-~I)N>7$dz{e(
ztv7lI2|OxNkLD4zc3xGA`!d7LiSdOys4H!8aA(_c0Nm*uLjS4TW%Z3v>am1nwQ_lI
zIs85Uufd;cv-(4wi(Js;QsL#|qdv)n;r_?puaK*1>zTC@d=#sK+q1YF_Q(<u3`qHZ
zRUzc#x5`R>5B%%3TtI8&bNs_e8vIb;oc|Rk`F~u?|A?jj{c={?{E<l^>nv{mW#q@8
z)#WEgt4B6b&X2?o3=b`ilz;)<g}svCV$ZQKEhYDcoF(mf@sE&<7xsB7ihiGhmXGX8
zFFk26%WGcMe9zwX>-h$t4;hsxPDo-%5C(7m#c9tZF-U`v<X|o_WX~1C)rK{ioL*)!
z70y8y>cx0HnVtf_X(}4Tg}4wx(=y!@T7{)4;I_p95mBhikg-|U9z35q`|!1+Zz@97
z(PFE5jCv|=t;^=(CLqYp)k90rV4ZSiFDAhD8YOCzv{}1WDuB?epORibW36);q(Aig
ze27@D?lN-ZyjuB4GsebA$;+(KGiOtCe6Bfd%GKRty>dBS1GUe}MXgnu61UdgO=m1&
zE(eECPF_%J-lU{;R)eQJot;;}Wch$-8Z|lxN*AAdc;bkpbD`W}F=Z}^Cy(SKyfF#+
zQSalA%JDDAu|77$M3E|kv==3vx~pFPw_<+9xgcE#oigh*>#QsA2}sTYO7uY(h@dhR
zHJBi^bb-`1?<1cGFZJa8Akzs{H^$N<)5@hlXeKwt9hD5^5K&`pdHOI92p<7XhS?>|
z(5h9KYctN|H+W~Xh2N4W+yjMyBm(AdewjX?PBu<aX=C$GjWLDqho_xANma~>RU$^J
zS#+U($<c61@0uH^-bgy}E@maFZf^9#H&illaT{dZCGAnJ1kOZ~R+a!UY2*$5^uPU`
zuK^UV!3$!5gL?_@*C%_Vi`*Oe`3TYbP&6rgd20%12X9830j${iCQf<?I>K6rhFFzf
z0q*kJ>B6xI1qAti?H@X@dxtB7_vT+Nj@PNxr?CSK#xqE6jh5S{`nH#zzvjOId=i1X
zK(Yjl!7KF(73GXYLVkQA5irn|v-ArCqwi)CM8X&m!#@NQ3bqmQlfurU4qT`zl_m^C
zhpk?mfVvy9L|)*+bW8&NY4lG$@0_PKfO9+~(zrbn?wECGi7472W{H&dRPZ<EAw2N=
z7XgW9-tB$pj|7$F$5u-GzpNfdJ4+KI=l?%0%O#1EvIG3cp|kdA3cv0G9TeC=!{<Vz
z=pqEQ5lH&$@Fwb^Ex4xX_1&p-GTLqdy~z(Kl#S{XkUH7@PHw()I2NZaHXon>um^Qf
z73C-TR6$#q>XJgYnUgV!WkbmRas;`TY#7CxPXIEGwT6VPBDKbyr#|C2M%q|7l#Ql<
zuM}j=2{D+?SxT8?ZJn&Z%cRN8Gu@y(`zV(lfj1T%g44(d#-g&@O0FL5;I9=?bW>!M
z%c3J&e}GThdean-<||jUh<Q)Qgn6~BFH5?!icIbn(kyASv+LL4-Pu@EAh=Gs9tmr>
zlLP`UeKBhhrQ?HHjM3}kfO7Z=EKB%+rs*t+nuBoeuD2yk%n32SA?-s)4+DsTV7U&K
zyKQO2b2*tQT}#((<dc4Xhd^iYv9_PaHUH^#2>=#fkb%hkRkt^%tY&VK$hcs91+hld
zJ%lgC!ooILC&|(Z9$zzk=Q0*%&l7wwyf%nv=`C=OcPjb|Q%@9*XkPGFrn+bxp?t^D
z!_qO=e-;bnT)^0d|Ex9X&svN9S8M&R>5l*5Df2H@r2l)VfBO@LqeVw`Fz6TSwAt^I
z5Wu6A>LNnF7hq4Ow=7D7LEDv3A))d5!<l3Y8bPxT4gCxxJ<R^BHd992Y^xgpd+0XM
zVSZ_UDX12v^@#x)oC{Dp(=n5W0RFc56NE9RclfUf)Q3CMOBngB#ek~h%3+)HrwaXf
zPE;nxAweLVD5%k5z-BRXPv^j%S7LMce0rO-jBX3^`A#Hlh(v?6{amq6183o|cO;TR
zb`p69`H|8y8+?psh$T#!iv-#7GsRs7FGc!Yg_SotD>M=lT3ConlFN`5eTQMexVVs*
zH0tx-*R+-B@&Lp`0V4j6Uy=LJmLQRY_6tH4vnV{_am%kkv|{CYkF}4Wn6U+|9Xre$
zJkO;_=dtw`@aEs|^GlO-zvpp-73H;PYk}V5RrH83G4SVkRJ0YSluQa8pKejcqB4u~
z^9^lDR|?7vEo|jITtaIFI6}1;vTI6n(d0kDGQUJuk>>sqdd7#VBF;?_dM5i<+VMEq
zc>habJK}_0eEsOkdwv48d43jKMnqYFMnYDU&c?vi#Fp+S)sxo1-oVJ*g!X^^K<nmc
zU~g~Y_|M-o|Mxe0I~!Ve8|!8@8K+HF`0fWaYZe}2CPIq!4B3&A6a`*x6-y}`rJ5`v
zVL@bTM16p{#Emn*8z5p5#bgvbOFe69JlEYG9sT{iK~kyx2+84Jy_YcE0&wJU!c*>!
z>z!G8?KfU{qOnLHhaEF4QRHgOpfvoo<k3!u`?d1akD20-YK40Y^QRCy(Sud3{!)|z
z_UGUb8T{hJZK>7@=FG(<T=)^i%thK%aQMYbZ@DwaNpgDn<BI1)(kWT=e>2ZefYJk-
z<Kyat`G{jPAS4y_v0*Yw_QW&cE$;jBUsW57O9ZMpN;?cWL^HFX2dXkdDZ4lP(|1*o
zQ9eaWQviHk8j+!Ax&XTb{1>ZuA9ubiTTP9jw9Uzpx8FfJBFt+NNE9dTlM!$g$|lTD
za4LMNxWhw8!AV(x;U`I<!(Fla@={h_LvCtUt>V-(bK@iQ%#QSmq8D$YqLgt?V#|~%
z;{ST}6aQbOoew<J_aDcPik6WIg;E(?3WuWNXt?9fpL5)$6xPw<a-4Q2`LpVNOB1nJ
zg^4C7Wl2U$(%-R0|5mb5ij)?nv6is#``m8sbN3nFbM<{ZJRFb5`}O>MKYzZT@8|Qq
z@9SNBu1UErolMjr<Bh{D;=Yb+G7SFx3^5}1ZVV%!BgDFYM&n6~#t(7UhAo|`&RM(d
z2Ucl(#9a8|qnE8AF}%u!t&h@*Ue;x5hMetX+YA%3y+Y{z0avyU-5mVPYPdx;d1#Yn
zRbAoZw5i#5(tb>hJW-Id&7y<0I<+Z-lr`IHMh1;M)n@g|hx_T-maO`s{Tuhax}EjC
zS;1kdL*A3BW5YZXgD|0zm)g3_3vMs>5xgHUhQDl19lfQWMc<r0SHE^!7(M^hx!PQH
z73a~?oNmpPAvG+2c7s}_dzl(5^;g61gn^njzTai5(tNyfMU~F;$5kt@o_fz}RzpQs
zd-|}>fLTsw$)am<Jp1n=bc}qo28|5zTWyKDT(hz-j=%p#&%1r^Jr2b%bx(#<BG0{4
z(26@?R~#P3f1$2^B#xam5Wn=+d#w>gDs>bW*Oe+$UK^`ioL%F0Ua5vb%II+EGS>*I
zw)AmqcWBZpWH&Aswk_FJT=J|^Gn=MfnDTIzMdnoRUB91MeW?e>+C)g3_FDN8rN$(?
zL+kH!*L}rq`MK<kdU~wbC94`#t;3eBU97?4P6wx+7awZY(G!#SdgcOlaa8<Z4CUII
zr@Z8EI&-w^4A~D4xA}eUuhnn#Fh6D_*?;*gdn+@lPl-k3?(!bjdV`9;MqPD6DSI+A
z!(UW=#d&af4(E3DCxO|^>`KDt^v4nUJg3Ce-`IW0Ph<OfdXmpk#=?7US|(|($puzk
z6vi4t66qL6Da5o|m{OdR(c56}l@^dx;=53z`f+b<bNk!`jxccn@5~9eX2Rj56<ljO
z{MHKlvU$r}LW4rq9BOmYe&eJj$TSEHp4s>0?|}Puq5WIS_a7iEO;~mGQqqo=Ey;ND
zhBX<s@rGC3*~{nGTkbEk$y_{Reu>A^$ZrCc#&0}dMA&@)&TCq5PMzgJPafZCg-6$R
zRqJ2+_t+dGUAY@~xPzU3`od7-(8nnuMfM-4#u`Q~`l-CUGC7u*^5VwH`ot;Ck#R1%
zRr%?;!NrB$w^}NW=GGR}m!3a9bh#wXrq?fF7j-IS?E_!GaD3KYzcXhCUHhjEl-6b#
zCmIF#4y@HN=^<Lh&hKe9|G7H*r)S}B)_<^Lq=?Z{{j@Ivf8kH1Ui`&^4VA%p>#uIz
zRFl8D)Ri1<(Kr~Hoi_MtXWP8^AyTKxi1)ew88bV{*Ok8w8YLXBFW0sRJ<(vU{$ym|
zz)feLQbz3k;_}2_{<L)XbObTseBAFq_!wMJMR!ZYce=1feaZz_Tt1t{b2nXD=i%;Q
z-se$v)6>-bW`h~t&2$ObtlbS?k2k|5Kbu?FZLDMTVW_Z6p#A)c)`3DD?a*hxHS2Zj
zcIiebfsINfWvwY7Z{YOlIQ61b`j=%6{>MPs+`()Q{wq0z0?|jwRN(1IrMQsj40BHx
zvBC_Xfcr;55&}MeoP_@#nz$avCh%FJfE5NNAE~fW@L7~f8Y=?Wno31128EYOK8+O!
zc4Vaj-DCsB6CPH$?pQQVbb_(tg^x{$STYM_WKLtrh-_-Hq-M%Ubpt6$mCHY!B{ISD
zz}grIo^bNVDw4={SA2*nDNq5`e@ZO5r4Tb<U(Io?RoV)K)xb#tk0Qw-6o^bRB_$`4
zXe26;M0KW+=%_?RMf;uzP-TIpIM9Od5DI+3t*%7EgW^o0(n)A^9(~b00SGz;eqg=h
za6&=fY^i9f7X!qj!H+Un2i?KWLkbu=qIA7uhfr{2j!gFzH``b@a^iCNqBKxZo=kQm
zFiL>QpHM)~qfD9!s0h(Jf>vYd;I~j<2fD4)_>ct<Ss~154xb3zn>bwNX6S*8>i^*4
zYKI5<4}d;hM!!N|A$@eg09J|HV;!UUVIau_I~dxZp#?a3u<h(#;QaVN4_Kng6o6r%
zNCCuqIH<Z>0G)pts6GKdCNk>FKxdh_`Xu!>zO3Kv?u+W6cYJPy!@=PuY868>3|Zg}
z$7galV~M`d!q(`I{;CJsq6G9>W0}H6gVY`q7S@9s8ak1r{>}*Q0JyH&f!f8(NZxhC
zkn|KS64r^A1fniFel2KkxYB<W4BH)`ybdzrbEz2OG$udHk;h|21c90`^56zDIYc%X
z4eX$3n1}?en^PoJTN-%!_7bdTK+8!Ep}?9pS=RVxQCar>yk%erCx9UgFLI)`yuA)X
z8SU?6kj!numPNCAj}>1ipax(t{%rxU;6`(Nqt$~Z4~76TQ$9d8l`yJ}rniII%HbH=
zlS_7o!qB{55at^>N!Voer%)`KMh9Yd@Z?~nc19*hs)NGN954`O9zA&&vJHbm&|D@E
za(&z6A=3NfC;>I)hlI@ulP8E@W-ziGe{iCf_mHvWGldxw8{ng-hI({EtOdALnD9zG
ze)fU?I(DNt)Bzdd9Cs^>!|+2!xv1SK<lab9m^&%+Q?vxAJtZtbUW&pcz%r{u!Km34
z1lN6~Fc`!73gx0ULXi90A%(f((djs@sSpZAomn7Q{p+^`qdqMt67{!$NZZ`EM2fE#
zQr2Q96E#nOOz$Ia$&|KIKym0R=@7T&=sV%$)h+twF9atPDh!retLTfLkk(zKFb(@P
zP_%~8m*gPY_FF~K<IgeZ7rP+gd9@tEf1W3gPe7khL&DA)MG06lGWs+RaxPqx$C>=I
zJ+y_;=Sq-zqD~GKy@{5(my&aPgFfGY&_mayR_)?dF_^Fwc-n!UAG+fQQGfjWE-1MF
YM{}PByk10KD_nuQ4E7Du?}+~TKh4V)`~Uy|

literal 50710
zcmbTd1CVCTmM+|7+wQV$+qP}n>auOywyU~q+qUhh+uxis_~*a##hm*_WW<ixd#%is
z`MjA6Ps&LG0VDqa2M7Q0;|Knq_Mbn9KabMFO8nH~G9t7<Kjb9A{`%$z;6J~R`yU07
z|Er)hzl^wuu%Z%;v`A76KV%;ryzsN%20oftDT;7=Lp24s|6o<1QMlkbk(A-!`nrlz
zDWz-wcfaRHfQuSG+95`%;59>?9E7Pb7N%LRFiwbEGCJ0XP=%-6oeT$XZcYgtzC2~q
zk(K08IQL8oTl}>>+hE5YRgXTB@fZ4TH9>7=79e`%%tw*SQUa9~$xKD5rS!;ZG@ocK
zQdcH}JX?W|0_Afv?y`-NgLum62B&WSD$-w;O6G0Sm;SMX65z)l%m1e-g8Q$QTI;(Q
z+x$xth4KFvH@Bs6(zn!iF#nenk^Y^ce;XIItAoCsow38eq?Y-Auh!1in#Rt-_D>H^
z=EjbclGGGa6VnaMGmMLj`x3NcwA43Jb(0gzl;RUIRAUDcR1~99l2SAPkVhoRMMtN}
zXvC<<g{bxb|AsQDMm`XZKV7r`Y5()w1OItz>tOmX83grD8GSo_Lo?%lNfhD#EBgPo
z*nf@ppMC#B!T)Ae0RG$mlJWmGl7CkuU~B8-==5i;rS;8i6rJ=PoQxf446XDX9g|c>
zU64ePyMlsI^V5Jq5A+BPe#e73+kpc_r1tv#B)~EZ;7^67F0*QiYfrk0uVW;Qb=NsG
zN>gsuCwvb?s-KQIppEaeXtEMdc9dy6Dfduz-tMTms+i01{eD9JE&h?Kht*$eOl#&L
zJdM_-vXs(V#$Ed;5wyNWJdPNh+Z$+;$|%qR(t`4W@kDhd*{(7-33BOS6L$<Ec$2A*
zX%N|qCOg6KGF$}+*B^380SL};F@;W&Q<?0z(Oq^dk%=E)cjsZQ(gMT&6zL<+gbhl4
z-{UVq4~)HP%!ZmXZY9J@Xw|PJwn!aZq)jiuMZ6ECt21>UPDeE_53j${QfKN-0v-HG
z(QfyvFNbwPK%^!eIo4ac1;b<Cy0l6VBm^C{og@M3a>>c0vyf9}Xby@YY!lkz-UvNp
zwj#Gg|4B~?n?G^{;(W;|{SNoJbHTMpQJ*Wq5b{l9c8(%?Kd^<m!CW)Ad5}K$XYWi?
zZwEOKN&q^+9hBBYC7XXr#u0ixOzV?1jg3MO39D_%q+<J|G{O*nW+DT+z8F(<3Bnkv
zSlB9^%x<GUn#O`lgPCJj?w)X_{z_WS8e)%4p`GSlxuznbiIOnnacE`#V5>1?H<bps
z^KeTf0dV|-IHDngtUt|}GO0TGt+B<O!zR!;4N9ibD3VBh9=!Oge|SWzP#76PYQ&fw
zSGRg*MtmCNuCYQX<-5@=g(G=1C529}G9p3Iqrp_2gmQ0*le|^QrC+c;3<gL|vr&yt
zG6f0UXl+0|y|Jc}f<e%(RLJiyPNiw&KIB(38Idi9W5HAsaSQhTg)zcvVTV?7VY`UD
znkpv_w)}zZ;`Ll9=IWo4jq47DdePy{f@LB0U^QiKIJOJKY`wy>1om1de0Da9M;Q=n
zUfn{f87iVb^>Exl*n<T%tK{W>Z0hs(Yt>&V9$Pg`zX`AI%`+0SWQ4Zc(8lUDcTluS
z5a_KerZWe}a-MF9#Cd^fi!y3%@RFmg&~YnYZ6<=L`UJ0v={zr)>$A;x#MCHZy1st7
ztT+N07NR+vOwSV2pvWuN1%lO!K#Pj0Fr>Q~R40{bwdL<wm-z-wIVsTI!*3O}o;9&;
z5cTXH{O&r)mqB^q;ZeHbw*+WCuHGZ`k`go4maB>%u9i`DSM4RdtEH#cW)6}+I-eE<
z&tZs+(Ogu(H_;$a$!7w`MH0r%h&@KM+<>gJL@O~2K2?VrSYUBbhCn#yy?P)uF3qWU
z0o09mIik+kvzV6w>vEZy@&Mr)SgxPzUiDA&%07m17udz9usD82afQEps3$pe!7fUf
z0eiidkJ)m3qhOjVHC_M(RYCBO%CZKZXFb8}s0-+}@CIn&EF(rRWUX2g^yZCvl0bI}
zbP;1S)iXnRC&}5-Tl(hASKqdSnO?ASGJ*MIhOXIblmEudj(M|W!+I3eDc}7t`^mtg
z)PKlaXe(OH+q-)qcQ8a@!llRrpGI8DsjhoKvw9T;TEH&?s=LH0w$EzI>%u;oD@x83
zJL7+ncjI9nn!TlS_KYu5vn%f*@<tbI*y@KgQh-P7aV}+H4c#hKvqbJDWNeG;NaGF$
zMTU6#bBwO^n6QwXYLBOA2YCufAq_E+w1$LAL-}@2CC4-3sCkqZUuVj<&^C6hk%$w$
zPP?9f6VuIO?HcPHWY#R#)X3kV9^1Vn_}NE5?_^n&XKDWM`!%O0dq<z;PMi?H^2G{8
z_p{E&25ba{PO30LY-Sf$;Tu^*%Y$C^$EmZ2c?xntQ^!q}WXvun+UdJ5z+ZmB+{(w0
z0LYIYdXWG1Z2Iq8G{fI*(L%;1`p#BPLbk3pR<`;^#tuaE|J<P!t!0t;;eC>qa5F;|
zEFxY&B?g=IVlaF3XNm_03PA)=3|{n-UCgJoTr;|;1AU9|kPE_if8!Zvb}0q$5okF$
zHaJdmO&gg!9oN|M{!qGE=tb|3pVQ8PbL$}e;NgXz<6ZEggI}wO@aBP**2Wo=yN#ZC
z4G$m^yaM9g=|&!^ft8jOLuzc3Psca*;7`;gnHm}tS0%f4{|VGEwu45KptfNmwxlE~
z^=r30gi@?cOm8kAz!EylA4G~7kbEiRlRIzwrb~{_2(x^$-?|#e6Bi_**(vyr_~9Of
z!n>Gqf+Qwiu!xhi9f53=PM3`3tNF}pCOiPU|H4;pzjcsqbwg*{{kyrTxk<;mx~(;;
z1NMrpaQ`57yn34>Jo3b|HROE(UNcQash!<Gjf_cVClc1kwaATyDY}hUB4bg-($uix
zY7hSo_UKzVd>0p2-!Cz;{IRv#Vp5!3o$P8!%SgV~k&Hnqhp<btp}}6$qI7*vS&uZ9
zbAG2@x&Wej)TNX_!V+>`5eLjTcy93cK!3Hm-$`@yGnaE=?;*2uSpiZTs_dDd51U%i
z{|Zd9<WeM#Riq}sK3q2TIdY0+FBz3Lfj#({d`K!z8Ua*IIK2|>ou-;laGS_x=O}a+
zB<rH*!qsToxVXoFgi-Pc3Kx6-c39DfRyNjH)CeNcV1Xdn;EeR<ltYsqb^qiQ<}buC
zUkK(S{&Bhwf&LD0ivJqo6x|)2jIHJV!(sdL<mS%r>||za<795A?_~Q=r=coQ+ZK@@
zId~hWQL<%)fI_WD<Nc6^qCzK4PYOIL3}S7FBJ6Y#SwyX2B6c-zB!;1kwRv^`ZzqOf
z>IX#=(WNl!Dm$a&ROfLTd&B$vatq!M-2Jcs;N2vps$b6P1(N}=oI3<3luMTmC|0*{
zm1w8bt7vgX($!0@V0A}XIK)w!AzUn7vH=pZEp0RU0p?}ch2XC-7r#LK&vyc2=-#Q2
z^L%8)JbbcZ%g0Du;|8=q8B>X=mIQirpE=&Ox{TiuNDnOPd-FLI^KfEF729!!0x#Es
z@>3ursjFSpu%C-8WL^Zw!7a0O-#cnf`HjI+AjVCFitK}GXO`ME&on|^=~Zc}^LBp9
zj=-vlN;Uc;IDjtK38l7}5xxQF&sRtfn4^TNtnzXv4M{r&ek*(eNbIu!u$<N>>Ed%`
z5x7+&)2P&4>0J`N&ZP8$vcR+@FS0126s6+Jx_{{`3ZrIMwaJo6jdrRwE$>IU_JTZ}
z(||hyyQ)4Z1@wSlT94(-QK<hEI4XkIQYLgX<8rwPmE+=t(|@!gs6@{ux=0Y}^8qrs
zNR`*CEQ2=*7ZvlR&k8I<4Yt`~Jd)19073U0T|q{zWz*53Z&*@&iN1K(x<XfVWOZnX
zwm+u4!rk54^>qkAatMmkT7pCycEB1U8KQbFX&?%|4$yyxCtm3=W`$4fiG0WU3yI@c
zx{wfmkZAYE_5M%4{J-ygbpH|(|GD$2f$3o_Vti#&zfSGZMQ5_f3xt6~+{RX=$H8at
z?GFG1Tmp}}lmm-R->ve*Iv+XJ@58p|1_jRvfEgz$XozU8#iJS})UM6VNI!3RUU!{5
zXB(+Eqd-E;cHQ>)`h0(HO_zLmzR3Tu-UGp;08YntWwMY-9i^w_u#wR?JxR2bky5j9
z3Sl-dQQU$xrO0xa&>vsiK`QN<$Yd%YXXM7*WOhnRdSFt5$aJux8QceC?lA0_if|s>
ze{ad*opH_kb%M&~(~&UcX0nFGq^MqjxW?HJIP462v9XG>j(5Gat_)#SiNfahq2Mz2
zU`4uV8m$S~o9(W>mu*=h%Gs(Wz+%>h;R9Sg)jZ$q8vT1HxX3iQnh6&2rJ1u|<wug5
zO)e@WFa;JSSOtFV-0$1cxPn+eBsruVvnW3#;>j>^Qf`A76K%_ubL`Zu<j0}PM%5V+
z#B3wIDk3d)A}ujNM$e1J#S|R8`VAjPvZ4v6coT~mCu??Es<%#hPD1!o_ov<SnL0mu
z^!v`RC5W;uz99#ol~55F7$`ujoGG`ZRzDIZM&yEIQOl9J3{<wJNFb~f8gny*6Yr<?
zs_6)-k-Dl0gKzc)CjZjN!Fvz`nCadt)7}gOxE-d<yj>?h4`b=IyL>1!=*%!_K)=XC
z6d}4R5L+sI5<whOgpIBMZ_g*Vfer)jb&n3G#%b!yE!3FnKQouNYbA2ajy{jd2R0Sw
z!>0Q4P3upXQ3Z!~1ZXLlh!^UNcK6#QpYt-YC=^H=EPg3)z*wXo*024Q4b2sBCG4I#
zlT<G;n{_4%D%EWXfOFqi>FFY=kQ>xvR+LsuDUAk)q%5pEcqr(O_|^spjhtpb1#aC&
zghXzGkGDC_XDa%t(X`E+kvKQ4zrQ*uuQoj>7@@ykWvF332)RO?%AA&Fsn&MNzmFa$
zWk&&^=NNjxLjrli_8ESU)}U|N{%j&TQmvY~lk!~Jh}*=^INA~&QB9em!in_<Qa?j<
zqmO#O!7*4ZUV(#aq_c@nOQK(XJ2W{=3awHW4{k_f!Y|o|_G0y-q}>X%Rl1&Kd~Z(u
z9mra#<@vZQlOY+JYUwCrgoea4C8^(xv4ceCXcejq84TQ#sF~IU2V}LKc~Xlr_P=ry
zl&Hh0exdCbVd^NPCqNNlxM3vA13EI8XvZ1H9#bT7y*U8Y{H8nwGpOR!e!!}*g;<eb
z;rNL4bptqUO;1s@{82O5gjua$jm<dekvS_LF}Ul@Hd1a?B8u&Yau`nJedp21-~Y(e
zt;Gh@iNFePt5|)BfT+>mJ#}T{ekSb}5zIPmye*If(}}_=PcuAW#yidAa^9-`<8Gr0
z)Fz=NiZ{)HAvw{Pl5uu)?)&i&Us$Cx4gE}cIJ}B4Xz~-q7)R_%owbP!z_V2=Aq%Rj
z{V;7#kV1dNT9-6R+H}}(ED*_!F=~uz>&nR3gb^Ce%+0s#u|vWl<~JD3MvS0T9thdF
zioIG3c#Sdsv;LdtRv3ml7%o$6LTVL>(H`^@TNg`2KPIk*8-IB}X!MT0`hN9Ddf7yN
z?J=GxPL!uJ7lqwowsl?iRrh@#5C$%E&h~Z>XQcvFC*5%0RN-Opq|=IwX(dq(*sjs+
zqy99+v~m|6T#zR*e1AVxZ8djd5>eIeCi(b8sUk)OGjAsKSOg^-ugwl2WSL@d#?mdl
zib0v*{u-?cq}dDGy<uHZmO7`f4M%oin|l|K8(>Z%$XRY=UkQwt2oGu`zQneZh$=^!
zj;!pCBWQNtvAcwcWIBM2y9!*W|8LmQy$H~5BEx)78J`4Z0(FJO2P^!YyQU{*Al+fs
z){!4JvT1iLrJ8aU3k0t|P}{RN)_^v%$$r;+p0DY7N8CXzmS*HB*=?qaaF9D@#_$SN
zSz{moAK<*RH->%r7xX~9gVW$l7?b|_SYI)gcjf0VAUJ%FcQP(T<UI^GmLDW=>pBs;
zg$25D!Ry_`8xpS_OJd<NQAg}@GuM#Is%6^ePzKH)emeCFg+1`-FwdYjrXR}vx<@qK
z43RJ&FutS&7Y~Jw?2^674CW0rQY6&cbGNc2*L>eo$qh#7U+cepZ??TII7_%AXsT$B
z=e)Bx#v%J0j``00Zk5hsvv6%T^*xGNx%KN-=pocSoqE5_R)OK%-Pbu^1MNzfds)mL
zxz^F4lDKV9D&lEY;I+A)ui{TznB*CE$=9(wgE{m}`^<--OzV-5V4X2w9j(_!+jpTr
zJvD*y6;39&<tM)`(>T+==$F&tsRKM_lqa1HC}aGL0o`%c9mO=fts?36@8MGm7Vi{Y
z^<7m$(EtdSr#22<(rm_(l_(`j!*Pu~Y>>xc>I9M#DJYDJNHO&4=HM%YLIp?;iR&$m
z<T({U$v{GCBf+1{WW$hNjVxEbq#jLb*hb+kjl1Hara!d%A|`1T(i_is9wFMT$LvF#
z>#_$ZWYLfGLt5FJZhr3jpYb`*%9S!zCG6ivNHYzNHcI%khtgHBliM^Ou}ZVD7ehU9
zS+W@AV=?Ro!=%AJ>Kcy9aU3%VX3|XM_K0A+ZaknKDyIS3S-Hw1C7&BSW5)sqj5Ye_
z4OSW7Yu-;bCyYKHFUk}<*<(@TH?YZPHr~~Iy%9@GR2Yd}J2!N9K&CN7Eq{Ka!jdu;
zQNB*Y;i(7)OxZK%IHGt#Rt?z`I|A{q_BmoF!f^G}XVeTbe1Wnzh%1g>j}>DqFf;Rp
zz7>xIs12@Ke0gr+4-!pmFP84vCIaTjqFNg{V`5}Rdt~xE^I;Bxp4)|cs8=f)1YwHz
zqI`G~s2~qqDV+h02b`PQpUE#^^Aq8l%y2|ByQeXSADg5*qMprEAE3WFg0Q39`O+i1
z!J@iV!`Y~C$wJ!5Z+j5$i<1`+@)tBG$JL=!*uk=2k;T<@{|s1$YL079FvK%mPhyHV
zP8^KGZnp`(hVMZ;s<o6=bTk63a|d{gmA$-2FS<7$0eSF-TlR?AZ3IY<b6vyjlw+^*
zEwj5-yyMEI3=z&TduBb3HLKz9{|qCfLrTof>=n~3r2y;LTwcJwoBW-(ndU-$03{RD
zh+Qn$ja_Z^OuMf3Ub|JTY74s&Am*(n{J3~@#OJNYuEVVJd9*H%)oFoRBkySGm`hx!
zT3tG|+aAkXcx-2Apy)h^BkOyFTWQVeZ%e2@;*0DtlG9I3Et=PKaPt&<yF%{*Oa9Ou
z?0fv-L@Wq#aYQwg<&*FB!}27``9X-#8$sBgZY9F8F6O2!ko&pl;lM|sJGAG5mOc>K
zw?WI7S;P)TWED7aSH$3hL@Qde?H#tzo^<(o_sv_2ci<7M?F$|oCFWc?7@KBj-;N$P
zB;q!8@bW-WJY9do&y|6~mEruZAVe$!?{)N9rZZxD-|oltkhW9~nR8bLBGXw<632!l
z*TYQn^NnUy%Ds}$f^=yQ+BM-a<Z5BE&^HfASBBCSBYk?h>5X4^GHF=%PDrRfm_uqC
zh{sKwIu|O0&jWb27;wzg4w5uA<BJk(&g3ps<R=%CY(7QqFA5{FiGuP3;4S2PC(Mi$
zC5aTKLtzx{`nHq!$rlFcs-067FX2P^ATRXe26>@TO_j(1X?8E>5Zfma|Ly7Bklq|s
z9)H`zoAGY3n-+&JPrT!>u^qg9Evx4y@GI4$n-Uk_5wttU1_t?6><>}cZ-U+&+~JE)
zPlDbO_j;MoxdLzMd~Ew|1o^a5q_1R*JZ=#XXMzg?6Zy!^hop}qoLQlJ{(%!KYt`MK
z8umEN@Z4w!2=q_oe=;QttPCQy3Nm4F@x>@v4sz_jo{4m*0r%J(w1cSo;D_hQtJs7W
z><$QrmG^+<$4{d2bgGo&3-FV}avg9zI|Rr(k{wT<Sdtm!m&XN2&fW+_>yl3!M1q+a
zD9<of)}AueHsfP1J}234JKxcgvNA9NG}WeUj0Zbm5CmL#imino*M-yu8^dj56O^l1
zYWXWE2bd(44i?`S-6i^m({c6YwMb?3wJ)oXuwG6pkg#6OpBKYKULTjkOkS(Xk*Mz~
z7Q@V{ssRW3A8!L|*t2g!K5m7SODVEv1T?tvMEAnh%2B^+<pxcK*E^Zd6E`@?zc&{y
zX|_OJ8`w4kKd*`Rw)#C!x`_QSDAkTc6*9{J4R;Lc#MM<o0P57$n?bwwsG_|JFA+7_
z?h=+&W~by)*t5wwl<HMN8;WoZD%eD|3s6q@zGQ&~G9!L}|67$okU22M4*JIr6ZF4}
zX2}0Gn)#0u&OgE!;pkr2UOxEX@4UqLShpWwXf!NST?BDrM1k)Xq>W{pCd%il*j&Ft
z5H$nENf>><Y)QWN-8+C%b1(A+(9Im-8IpSA2E~smh4hWm>k$;SONGW`qo6`&qKs*T
z2^RS)pXk9b@(_Fw1bkb)-oqK|v}r$L!W&aXA>IpcdNZ_vWE#XO8X`#Yp1+?RshVcd
zknG%rPd*4ECEI0wD#@d+3NbHKxl}n^Sgkx==<uI|{1wy%+CL-K{xNd@Py3&PI<mi;
z25}olCw(ice=js-sk!T6A3A??n-{594W&d{Mf6jFzQ#K1VHw3n-Qr^i5vi*s53K1i
zE=3;<c5sg4CL2}%vPJ~o1sCrPw&R=v0G_X{N6^y%G*?_>Iu%}HvNliOqVBqG?P2va
zQ;kRJ$J6j;+<xEs^ttxF-^}UyLj8r}Fu@n57l(vrQE#yH8@Gep;Ig4Wy5F7>wP9cS
za#m;#GUT!qAV%+rdWolk+)6kkz4@Yh5LXP+LSvo9_T+M<xuU7dbbaY5s%w3%#p&{F
ztM*cZUwIhVTb2Pg9JUH!V&#Br+N^#Wvc!s(;)Q~g8eM`23D9;1BRUv|lC1QSt-zv6
zoq)4i%TUE(I#{SL`l7hrzsQtlSzBzh;LuWVR?Z<S_x%`~0^X%LGvyJ2D<d=aQjok{
zYGOc(|8&mS8wFk|<0el*^<FwP6+d+mA$(1{Y{Z7Mdy)XiIfqd%=)KZSET@5%dz2f$
z{Un~zG7b*I`W|M$n$o;wuExK@H`@C%?K^T(&x{PEB_5x&-9(+l2fxJJk<5y+qd5+M
zv)B^?$ftKB?B&R{Q;mp@^S%Ae)!O=eYp$cIKSZ*2h0j|4>miaP-eq6_k;)i6_@WSJ
zlT@wK$zqHu<83U2V*yJ|XJU4farT#pAA&@qu)(PO^8PxEmPD4;Txpio+2)#!9<es>
z>&=i7*#tc0`?!==v<bsniFv!RUA#@&Lyk@hN~=JDH*o=17Q463OwwFoplX_0NX6-o
zN1w#kEjtz1k+Zg;2pE57MgMenvk|UJ3o9Ef<%jZK@5Ne9Wa|yQ@G{H{smA=MpcE$t
zK;UDltfgiWtz8gFPj^Z}me|ICuRgJNi~+fgFp&$hxgOe#Rv)}-!4N-L2pTTKFK0GE
zL6;4olJ-fYa99o=tKLV@_S1xzq$ZN){E)+e#JR?p5SNk%W<_FCc@~h9E}h;!E#r9}
z-x7!Cd3qJE1zvPl0-r~j9?;WZ@j7-xzypJVH(S;^!3KL5vO0V&t0)qOKBs#UBu-~X
z6PpHB39RQgJ4P3*+EhDJFeZzeUwYTWHCGM$zF|;;LEVMcEWyyVWYsT)Tv8YOp`m?r
z)^LN!x{w5kg4lRZ1O`7dDYq^>k>s7V+PL#S1;PwSY?NIXN2=Gu89x(cToFm))7L;<
z+bhAbVD*bD=}iU`+PU+SBobTQ%<B$L&s0ur8SOhLIn6@U0dzLRHz5^E5p#yPL9a;0
z8_Y=7KwxWWl2J`f>S!=VL!>q$rfWsaaV}Smz>lO9JXT#`CcH_mRCSf4%YQAw`$^yY
z3Y*^Nzk_g$xn7a_NO(2Eb*I=^;4f!Ra#Oo~LLjlcjke*k*o$~U#0ZXOQ5@HQ&T46l
z7504MUgZkz2gNP1QFN8Y?nSEnEai^Rgyvl}xZfMUV6QrJcXp;jKGqB=D*tj{8(_pV
zqyB*DK$2lgYGejmJUW)*s_Cv65sFf&pb(Yz8oWgDtQ0~k^0-wdF|tj}MOXaN@ydF8
zNr={U?=;&Z?wr^VC+`)S2xl}QFagy;$mG=TUs7Vi2wws5zEke4hTa2)>O0U?$WYsZ
z<8bN2bB_N4AWd%+kncgknZ&}bM~eDtj#C5uRkp21hWW5gxWvc6b*4+dn<{c?w9Rmf
zIVZKsPl{W2vQAlYO3yh}-{Os=YBnL8?uN5(RqfQ=-1cOiUnJu>KcLA*tQK3FU`_bM
zM^T28w;nAj5EdAXFi&Kk1Nnl2)D!M{@+D-}bIEe+Lc4{s;YJc-{F#``iS2uk;2!Zp
zF9#myUmO!wCe<Ub=&>JIoi^A+T^e~20c+c2C}XltaR!|U-HfDA=^xF97ev}$l6#oY
z&-&T{egB)&aV$3_<F_@%fux9my8>aVA51XGiU07$s9vubh_kQG?F$FycvS6|IO!6q
zq^>9|3U^*!X_C~SxX&pqUkUjz%!j=VlXDo$!2VLH!rKj@61mDpSr~7B2yy{>X~_nc
zR<ohS^J`dGk6dIaG_i)Gd;aTd3dt9wue4&7p50t#3MF3fEaQm_e(!eLi>I+7g2V&k
zd**H++P9dg!-AOs3;GM`(g<+GRV$+&DdMVpUxY9I1@uK28$az=6oaa+PutlO9?6#?
zf-OsgT>^@8KK>ggkUQRPPgC7zjKFR5spqQb3ojCHzj^(UH~v+!y*`Smv)VpVoPwa6
zWG18WJaP<b8NF3dd`4EQ>KMi*F6Zdk*kU^`i~NNTfn3BkJniC`yN98L-Awd)Z&mY?
zprBW$!qL-OL7h@O#kvYnLsfff@kDIegt~?{-*5A7JrA;#TmTe?jICJqhub-G@e??D
zqiV#g{)M!kW1-4SDel7TO{;@*h2=_76g3NUD@|c*WO#>MfYq6_YVUP+&8e4|%4T`w
zXzhmVNziAHazWO2qXcaOu@R1MrPP{t)`N)}-1&~mq=ZH=w=;-E$IO<yffr9?K?92P
z0((ND@f`e{B%~;??Ny|=P=KRtI%m@6cA`)Elro^w{wSOJ>k=y$dOls{6sRR`I5>|X
zpq~XYW4sd;J^6OwOf**J>a7u$S>WTFPRkjY;BfVgQst)u4aMLR1|6%)CB^18XCz+r
ztkYQ}G43j~Q&1em(_EkMv0|WEiKu;z2zhb(L%$F&xWwzOmk;VLBYAZ8lOCziNoPw1
zv2BOyXA`A8z^WH!nXhKXM`t0;6D*-uGds3TYGrm8SPnJJOQ^fJU#}@aIy@MYWz**H
zvkp?7I5PE{$$|~{-ZaFxr6ZolP^nL##mHOErB^AqJqn^hFA=)HWj!m3WDaHW$C)i^
z9@6G$SzB=>jbe>4kqr#sF7#K}W*Cg-5y6kun3u&0L7BpXF9=#7IN8FOjWrWwUBZiU
zT_se3ih-GBKx+Uw0N|CwP3D@-C=5(9T#BH@M`F2!Goiqx+Js5xC9<T}`<iuZU?7g^
zD&=BWAh8}H)`P!JCWQ=&H_mj>2|Sy0%WWWp={$<c=m>(am!#l~f^W_oz78HX<0X#7
zp)p1u<E)S<Hy%f8)p*25ts$LSDkSe5AWt`*emazpyN;Hy&qA}+%@Pz^XW|M^4@iA_
z#*l+8z%;N~x^mcao{KKyg-Erj_CzJY1ma9CD7bb%0b5IFy_$k!3U=_aCQRg<4PRg@
z7VqLss(vcTz8~Pb55$JJ@2ARmDt7;jiJ!E~Ou-7*YBx0W>~M*o9W@O8P{0Qkg@Wa#
z2{Heb&oX^CQSZWSFBXKOfE|tsAm#^U-WkDnU;IowZ`Ok4!mwHwH=s|AqZ^YD4!5!@
zPxJj+Bd-q6w_YG`z_+r;S86zwXb+EO&qogOq8h-Ect5(M2+>(O7n7)^dP*ws_3U6v
zVsh)sk^@*c>)3EML|0<-YROho{lz@Nd4;R9gL{9|64xVL`n!m$-Jjrx?-Bacp!=^5
z1^T^eB{_)Y<9)y{-4Rz@9_>;<Ni;e7a(v#>_7h;5D+@QcbF4Wv7hu)s0&==&6u)33
zHRj+&Woq-vDvjwJCYES@$C4{$?f$Ibi4G()UeN11rgjF+^;YE^5nYprYoJNoudNj=
zm1pXSeG64dcWHObUetodRn1Fw|1nI$D9z}dVEYT0lQnsf_E1x2vBLql7NrHH!n&Sq
z6lc*mvU=W<?&3Y7tNdrmhnHR-*#=c(@8+WX>S6=v9Lrl}&zRiu_6u;6g%_DU{9b+R
z#YHqX7`m9eydf?KlKu6Sb%j$%_jmydig`B*TN`cZL-g!R)iE?+Q5oOqBF<tbk>Khx
z%MW>BC^(F_JuG(ayE(MT{S3eI{cKiwOtPwLc0XO*{*|(JOx;uQOfq@lp_^cZo=FZj
z4#}@e@dJ>Bn%2`2_WPeSN7si^{U#H=7N4o%Dq3NdGybrZgEU$oSm$hC)uNDC_M9xc
zGzwh5Sg?mpBIE8lT2XsqTt3j3?We8}3bzLBTQd639vyg^$0#1epq8snlDJP2(BF)K
zSx30RM+{f+b$g{9usIL8H!hCO117Xgv}ttPJm9wVRjPk;ePH@zxv%j9k5`TzdXLeT
zFgFX`V7cYIcBls5WN0Pf6SMBN+;CrQ(|EsFd*xtwr#$R{Z9FP`OWtyNsq#mCgZ7+P
z^Yn$haBJ)r96{ZJd8vlMl?IBxrgh=fdq_NF!1{jARCVz>jNdC)H^wf<?2G!*f3zl;
zdyVT?9`x`+G$!^eYN@PUum|5;j8$+`cBrBI`k*I0!jRt1BR=3gh&7e8U#!mamgR&_
z3Z&@9rms~l@GlsEKduCfx9Wt{o>y?R94#MPdUjcYX>#wEx+LB#P-#4S-%YH>t-j+w
zOFTI8gX$ard6fAh<H75EJ<)LuH_auhegZ+2E4B~a%IAJaFMvo?e6^A8l)Wuy^I?pi
zZF>&g=u&56%3^-6E2t<Yn^f-uPCm9NB$suTK>pk*wx<W&S3r;(8>3HSCQ+t7+*iOs
zPk5ysqE}i*cQocFvA68xHfL|iX(C4h*67@3|5Qwle(8wT&!&{8*{f%0(5gH+m>$tq
zp;AqrP7?XTEooYG1Dzfxc>W%*CyL16q|fQ0_jp%%Bk^k!i#Nbi(N9&T>#M{gez_Ws
zYK=l}adalV(nH}I_!hNeb;tQFk3BHX7N}}R8%pek^E`X}%ou=cx8InPU1EE0|Hen-
zyw8MoJqB5=)Z%JXlrdTXAE)eqLAdVE-=>wGHrkRet}>3Yu^lt$Kzu%$3#(ioY}@Gu
zjk3BZuQH&~7H+C*uX^4}F*|P89JX;Hg2U!pt>rDi(n(Qe-c}tzb0#6_ItoR0->LSt
zR~UT<-|@TO%O`M+_e_J4wx7^)5_%%u+J=yF_S#2Xd?C;Ss3N7KY^#-vx+|;bJX&8r
zD?|Met<uN>fhdC;^2WG`7MCgs>TKKN=^=!x&Q~Bzm<ft$_V>Qio_^l~LboTN<PA~s
ztvhkHV^TX6A<gyPqRneP;k-V;s*DXI`}cJ$*6E%w9XQN&$K(|;D9!d;Dz*l664jkU
zH#;2-C(!ut!I4z@rO6NomJDRcU5l|T$u40Cy)I1oatN8UM8v!=v?@wZKtav91=kx1
z4-I*8uU&4aiIm8&k*~&8?yrs}Q*4zuFw(bo3D%Hqk;QI)VqJr)PN^o{UIT(vi#=H=
z9m2cfv@TkDR+$~#OedTM8bgUKdawh=YD1?-b=GGS!rs?U9*&_9`8Hi1QB^7;1>T=I
zC5pme^P@ER``p$2md9>4!K#vV-Fc1an7pl>_|&>aqP}+zqR?+~Z;f2^`a+-!Te%V?
z;H<Wc=_RRR*LGsBEHu3xAdt&PDAh@%hvU_KO?Qc0RkblthZye3kgC5ar|FAvvzZzy
z5dZN1Mxh)MzaIl)qcT=a4!-}50&|$B3AXWv`5KD%cNqiXzsnd%*_xXEd%7U#59?)K
z4xQT-%Tjgh_pV$q1N?wB#Ut@8)BrjJ2?<CfBk^uTTg9@%T+@9s&TYvH;{b3J-Uq-J
z*}h{(Fj`2RxTo#3WA^-gW^<3v_Y1@hLbe$h9TVZHy4UYbApOTzxxl5kg8;wSWE}VG
zSWF3M#t^TOs$U`5P3xS<HhsD5nzlL@E-mOQJOSOipgt$0)9B$<&HZv~ky}tW35}9Q
z5*_5Aj_a$do+-~5sY56*jA#QLIeS76(hGFsa!*18efa$r<2<6`g?Jw4m-ZukILk~E
z+Da1^B-Mu5cDMA0{2yabgybylROn|Z=GUsf?fM6R$Drq%@xrqjw~_9suR#_R8wgXt
zU{ku=r+e>2SbF>jP^GE(R1@%C==<Y8b3&KH&O-3=eOv7*kQd9tI?UwT<t28PMVWZ(
zb&yE$i+8*sa|7NnujnUq6j*M5P(EydLP83}pABbYnp}h#9fwL9pl^~TRlA*50Fa8B
zEF<GcBFn{f69flKgt-u(%$yjN&TL{r%853aEKFRNX78M-GIhf%{FZJ{4g;ImRS71`
z3Yyo6P*Ki0@e;hhPWD(bhz2*>XQ@J=G9<S3k+D*)z%97N7^1&&l9}OAEHi077O(On
z7noWoH(DE8z|Ah_o?LvO$02OkEQ~{&Ha}?tE!dW%$NLAI0!b<NKmM?+t^bzaLi=}c
zlKzW%t@;mw^IyEz{~#53VX0z#_pH<z9o8RkgfU_gPu3c1j+xCdiHBHG4%}8=t~k#v
zX&p3FDYYxgltjWp7V)VY*Dyd9$+4J2)t8zpsz4cE%Rg-q^7#P<eRm`@QDNP`6SsR_
zcRx>lKX+Z<@5}PO(EYkJh=GCv#)Nj{DkWJM2}F&oAZ6xu8&g7pn1ps2U5srwQ7CAK
zN&*~@t{`31lUf`O;2w^)M3B@o)_mbRu{-`PrfNpF!R^q>yTR&ETS7^-b2*{-tZAZz
zw@q5x9B5V8Qd7dZ!Ai$9hk%Q!wqbE1F1c96&zwBBaRW}(^axoPpN^4Aw}&a5d<X6d
zH@0s>Me+*Gomky_l^54*rz<JzyAnm5XmBkSe<g?3k}Pfe82t7g;_<e&aU+v+4)y$m
zeRb}%59lYn5f}Nk?%BSnMqF!Ws^_X#@=Md_1O^7%$uR2oA!FtlReDyCcd=Q;>Xro$
z>LL)U5Ry>~FJi=*{JDc)_**c)-<XP_l4Gyvx}^77eE5(E^L$hk;37Mzdo6^f)`}K#
z{THLSWCZ0(xW^hpwR%@^?}>&faPz`6v`YU3HQa}pLtb5K)u%K+BOqXP0)rj5Au$zB
zW1?vr?mDv7Fsxtsr+S6ucp2l#(4dnr9sD*v+@*>g#M4b|U?~s93>Pg{{a5|rm2xfI
z`>E}?9S@|IoUX{Q1zjm5YJT|3S>&09D}|2~BiMo=z4YEjXlWh)V&qs;*C{`UMxp$9
zX)QB?G$fPD6z5_pNs>Jeh{^&U^)Wbr?2D6-q?)`*1k@!UvwQgl8eG$r+)NnFoT)L6
zg7lEh+E6J17krfYJCSjWzm67hEth24pomhz71|Qod<y$kjUFGaYg({=ldyCfYpI@C
zyQ_HeVXg^DSqhfa!y3S&hsT8J`qen*_5BW6wev2f-(!PE#XLIRvJ}X&_<)kgBfX&i
zXBwmuwju7ZzI8>n#oAILN)*Vwu2qpJirG)4Wnv}9GWOFrQg%Je+gNrPl8mw7ykE8{
z=|B4+uwC&bpp%eFcRU6{mxRV32VeH8XxX>v$du<$(Dfin<wZp$Q4H)Pfaukv*H0sf
z)WRtvk$o*4iMkf%^PAH#OI%3p*MbxQ{|t!*E9l0YI=&v-fja=}q?f)Qn_@69k!D6S
zU&b#%z(rw9E4Sc?(mn@@6~ZbrsZ)CkrY_Z_{e}wQyVA*eEj2w{-Fk?e+oaUR*{gY?
zEa8nD&St2JfiZ`&wn?g&EX9U~E9THj#k{MW89{=ii7l$h{u>aaWxP<+Y97Z#n#U~V
zVEu-GoPD=9$}P;xv+S~Ob#mmi$JQmE;Iz4(){y*9pFyW-jjgdk#oG$fl4o9E8bo|L
zWjo4l%n51@Kz-n%<M_TV#ts1K0mYf1F47fBmqr!jgmKJ;=;j+@iNEaC9YoqI$#UMP
z_DaJ2MCm5+3Oh~T3-;SBiloB1nPS#zeR<eAGEaOf_{>zeSCD`uB?T%FVk+KBI}=ve
zvlcS#wt`U6wrJo}6I6Rwb=1GzZfwE=I&Ne@p7*pH84XShXYJRgvK)UjQL%R9Zbm(m
zxzTQsLTON$WO7vM)*vl%Pc0JH7WhP;$z@j=y#avW4X8iqy6mEYr@-}PW?H)xfP6fQ
z&tI$F{NNct4rRMSHhaelo<5kTYq+(?pY)Ieh8*sa83EQfMrFupMM@nfEV@EmdHUv9
z35uzIrIuo4#WnF^_jcpC<Vx)$tdI1T+R0zF_1D69+(CLtgvu$DXs}SSIOZ=$O=$Tn
zaEnCWJLI`n(9-SZByUYExxoO5StnL+1}iT+O(sgx<tf>@uNN<y@{a4!Rk|T=JKwWu
z!7Ksm?(29@|82jxaWJ&J!h^=%7h_BILeeeVlcqsXEYb)h&nSL#k+zMZSWTVXSB1;v
zcincQjatdYZz&~RpYg)uv%?lxT?<Zsq?obm6opmdnN38QjL|d&ENMRSCHfKu#cN{A
z%39=~vu7H;eE>aYTQ~uZWOE6P@LFT^1@$o&q+9Qr8YR+ObBkpP9=F+$s5+B!mX2~T
zAuQ6<kEiwW$%NhT4*3<zOaDr}Z>RenX?O{IlLMl1%)OK{S7oL}X%;!XUxU~xJN8xk
z`xywS*naF(J#?vOpB(K=o~lE;m$zhgPWDB@=p#dQIW>xe_p1OLoWInJRKbEuoncf;
zmS1!u-ycc1qWnDg5Nk2D)BY%jmOwCLC+Ny>`f&UxFowIsHnOXfR^S;&F(KXd{ODlm
z$6#1ccqt-HIH9)|@fHnrKudu!6B$_R{fbCIkSIb#aUN|3RM>zuO>dpMbROZ`^hvS@
z$FU-;e4W<M6y)Im8hoQA=P7%y98J6KEu0HTxWM%F4mhK6fdz22r_7zojFNGozEHHo
zZ6t#r0+n!O8IcEbaV(>}!ubzKrU@R*dW*($tFZ>}dd*4_mv)#O>X{U@zSzQt*<TlT
z?xHfG&f%?cm8K`gA<4t?5S*}81_7DjS+k<qTYIP(W)#9ktlsV1(r@t))QC6{76sj<
zSDYlnN;zf1jb?p&^L1o92%17&l2%#SFX4ma`TR1OP=xe^Wo;nC57Jd4;a=hTEHIUo
zUTaP|OpJKI$FAQSAQg0isqRP6vdhWN{SUhKkmD}a0P9?^Y~x`OD0PxwVfo>83l9mI
zI$8O<5AIDx`wo0}f2fsPC_l>ONx_`E7kdXu{YIZbp1$(^oBAH({T~&oQ&1{X951QW
zmhHUxd)t%GQ9#a<w3bmSRr~u}n$(7~pxPXRs&HyeAkRa(uozm&0)oYXyEx}pl7@=l
zcIw|R0#t97`$=~Q6HK(sul=o>k5fTjk-cahWC;>^Rg7(`TVlvy0W@Y!Jc%QL3Ozu#
zDPIqBCy&T2PWBj+d-JA-pxZlM=9ja2ce|3B(^VCF+a*MMp`(rH>Rt6W1$;r{n1(VK
zLs>UtkT43LR2G$AOYHV<kZo|EwiHy^!;YnPn|GnJdBf0T_68MO4c!oFW%p6st$`xJ
zYNOt)N_;rcqascZwO7I=X9Bss)*~eA@TglO8}1LAmBDblZ!tTUnvDRn+;A?-M1X6K
z*8v^cV1c|Ue%9zi&ypq`xDaps;yjH)T{>ailiqk7naz2yZGLo*xQs!T9VN5Q>eE(w
zw$4&)&6xIV$IO^>1N-jrEUg>O8G4^@y+-hQv6@OmF@gy^nL_n1P1-Rtyy$Bl;|VcV
zF=p*&41-qI5gG9UhKmmnjs932!6hceXa#-qfK;3d*a{)BrwNFeKU|ge?N!;zk+kB!
zMD_uHJR#%b54c2tr~uGPLTRLg$`fupo}cRJ<c5uHhf<@e$Dvk#I8qC&ccQe;ntP%8
z_U(N)zE+)oc_Zr99;>eTwK;~}A>(Acy4k-Xk&Aa1&eWYS1ULWUj@fhBiWY$pdfy+F
z@G{OG{*v*mYtH3OdUjwEr6%_ZPZ3P{@rfbNPQG!BZ7lRyC^xlMpWH`@YRar`tr}d>
z#wz87t?#2FsH-jM6m{U=gp6WPrZ%*w0bFm(T#7m#v^;f%Z!kCeB5oiF`W33W5Srdt
zdU?YeOdPG@98H7NpI{(uN{FJdu14r(URPH^F6tOpXuhU7T9a{3G3_#Ldfx_nT(Hec
zo<1dyhsVsTw;ZkVcJ_0-<D$ec4j7wm40@(EHB@IX^JbTgh0!!UjeH%Uq#M*+_NKFU
z9zw+rX&^+LMjUjtp89z{*`hHlcg5sAPu<FN2>h-T3G1W@q)_Q30LNv)W?FbMH+XJ*
zy=$@39Op|kZv`Rt>X`zg&at(?PO^I=X8d9&myFEx#S`dYTg1W+iE?vt#b47QwoHI9
zNP+|3WjtXo{u}VG(lLUaW0&@yD|O?4TS4dfJI`HC-^q;M(b3r2;7|FONXphw-%7~*
z&;2!X17|05+kZOpQ3~3!Nb>O94b&ZSs%p)TK)n3m=4eiblVtSx@KNFgB<VaadJgM4
zYwK3786BD*n&~U4FFSBMq6kMim<E0!-4_#SX^f^<quJS?pI~}$8MxSe6;jUz^oUvA
zks*6R#kX+OB7|l8)A=WO2W{BRNM$YQ>Y_xV6ts;NF;GcGxMP8OKV^h6LmSb2E#Qnw
ze!6Mnz7>lE9u{AgQ~8u2zM8CYD5US8dMDX-5iMlgpE9m*s+Lh~A#P1er*rF}GHV3h
z=`STo?kIXw8I<`W0^*@mB1$}pj60R{aJ7<j>>C2m=oghKyxMbFNq#EVLgP0cH3q7H
z%0?L93-z6|+jiN|@v>ix?tRBU(v-4RV`}cQH*fp|)vd3)8i9hJ3hkuh^8dz{F5-~_
zUUr1T3cP%cCaTooM8dj|4*M=e6flH0&8ve32Q)0dyisl))XkZ7Wg~N}6y`+Qi2l+e
zUd#F!nJp{#KIjbQdI`%oZ`?h=5G^kZ_uN`<(`3;a!~EMsWV|j-o>c?x#;zR2ktiB!
z);5rrHl?GPtr6-o!tYd|uK;Vbsp4P{v_4??=^a>>U4_aUXPWQ$FPLE4PK$T^3Gkf$
zHo&9$U&G`d(Os6xt1r?sg14n)G8HNyWa^q8#nf0lbr4A-Fi;q6t-`pAx1T*$eKM*$
z|CX|gDrk#&1}>5H+`EjV$9Bm)Njw&7-ZR{1!CJTaXuP!$Pcg69`{w5BRHysB$<zDw
zcjqh1uY?!XAJULAYA!ToD2)^T*;)(9PK@sJOOPO&GSQY-0y+C95%=z!u)j<6o}I15
zC6AaHQ?N67s!g>(tWUes@@6aM69kb|Lx$%BRY^-o6bjH#0!7b;5~{6J+jKxU!Kmi#
zndh@+?}WKSRY2gZ?Q`{(Uj|kb1%VWmRryOH0T)f3cKtG4oIF=F7R<H74An-VM089e
zlN*A~TaQtgL_187UqCA>aRnH0Rc_&37<WST&k6<y-8Zx6Qq%dG7&LrD8erOLcploI
zf(w3f)N}iwyU98+CRV4Zke$fYA$6d$lyn3H3z8f~RO_cf+H?k7OD0jCwwoM;H<NIB
zbTo$@rlw2}>2={_3lRNsr95%ZO{IX{p@YJ^EI%+gvvKes5cY+PE@unghjdY5#9A!G
z70u6}?zmd?v+{`vCu<jrsG`-7e4C+GWyOg}Mw<0>-53_v5@z)X{oPC@P)iA3jK$`r
zSA2a7&!^zmUiZ82R2=1cumBQwOJUPz5<k9c_WcKM(Vn+kk3W1%7<t`tnq}-udm*5k
zR_|Ap%BL`4&Z2eie8rv>Ay<A3{M7#FkL;C&VH7xux0z`g&G=^Qj^-lpBpq9=z<Kn<
zZiDqJOJH9T@F_rI@?dfl*<BzjIsA<Yh4A%qCuUAs6^+5tLNuqUv2l1rbhICMg}5yb
zx`b?fvxVX0_5=sI^pJf$T-oyW=KY5HRKL_gO1`&?p>`RLfY(EiwKkrx%@YN^^X<Nj
zStykG?*NLV?~c;!i<JFWHMT*GPEThv<NV<3#lUiF#=F;M^K~Ij_}f)mB}`>uET;tE
zmr-6~I7j!R!KrHu5CWGSChO6deaLWa<u2N+!y-e&UAhtX)uSIDcFN$fk%4m8fwJ2Q
zOv9UZX-MbW_s!U!6lGksP$XN`(`3o78xr(sNUv$zhjcuMvy4&jdPT)knJ(%p?#Fi`
zTqYl(Vq?l)*m!!CB7!Q97y@}YmbaOaev`5Ta19gb;jh{rC=^#57s}&!X$+bU=u0j^
zA@<$7@i*QP;0Y_%>*9LLJbcAJsFd%Dy>a!>J`N)Z&oiU4OEP-!Ti^_!p<rXzhQC@3
zG;WLll1HMO<ei9MPYV(Rrra7syrY2Bi5NC~8Cmo;+l-aesVcl<ib{QIQxo*6a*exs
z5Qaf=Y{wbKv*_kEnMVhR;YYlSU;>}O?7`}i7Lsf$-g<xhdYrU`h00vC9X+sM3sx}r
zCPd*Kl0|Oh7<_e3w4PNWG*Q={KZh*(tt-K?n?m73ypPWZQYkyX9Xgy+j>BkuY*`Zb
z7=!nTT;5z$_5$=J=Ko+Cp|Q0J=%oFr>hBgnL3!tvFoLNhf#D0O=X^h+<D%s)KbSG+
zM{s4oZjjM2&HxP-;1<DeRGJkAY@dRP&>x08iB;@8pXdRHxX}6R4k@i6%vmsQwu^5z
zk1ip`#^N)^#Lg#HOW3sPI33xqFB4#bOPVnY%d6prwxf;Y-w9{ky4{O6&94Ra8VN@K
zb-lY;&`HtxW@sF!doT5T$2&lIvJpbKGMuDAFM#!QPXW87>}=<kY=DIbR`-HsR^z#P
z$j>Q4J3JeXlwHys?!1^#37q_k?N@+u&Ns20pEoBeZC*np;i;M{2C0Z4_br2gsh6eL
z#8`#sn41+$iD?^GL%5?cbRcaa-Nx0vE(D=*WY%rXy3B%gNz0l?#noGJGP728RMY#q
z=2&aJf@DcR?QbMmN)ItUe+VM_U!ryqA@1VVt$^*xYt~-qvW!J4Tp<-3>jT=7Zow5M
z8mSKp0v4b%a8bxFr>3MwZHSWD73D@+$5?nZAqGM#>H@`)mIeC#->B)P8T$zh-Pxnc
z8)~Zx?TWF4(YfKuF3WN_ckpCe5;x4V4AA3(i$pm|78{%!q?|~*eH0f=?j6i)n~Hso
zmTo>vqEtB)`%hP55INf7HM@taH)v`Fw40Ayc*R!T?O{ziUpYmP)AH`euTK!zg9*6Z
z!>M=$3pd0!&TzU=hc_@@^Yd3eUQpX4-33}b{?~5t5lgW=ldJ@dUAH%`l5US1y_`40
zs(X`Qk}vvMDYYq+@Rm+~IyCX;iD<kEtC|r#XuMTVlQJLByw3)=nc7jt^BNycu`#-Z
z9m4E2+1EzDuad50wi$^(+Hvb9$Eha2<sG<&CWgZd3<Q-qEaW+FG(V#0KfK;OWdSIX
ze%=;Qa8;`8Zx;tGw9w+hCfD9U`qwSbb|b=F-(0ywZ1mUE<SPxWg(nI#;e9b4;-cmC
zbkW@PY-|EL1~YUG#HK))B|}VGpDcA_PVjsz5|%*t-amcgeBTh2*yZ^93cTX|bufo`
zQReW1{rIs3`*(?amcKig|NA{cF?}1O|0Dt`t7{^uqWi=EgZ8!NmGTQO<imr@BQyb<
zFB%lVL<Hx{bwKZ?LX$A=8xhP*UR7Kw+dlM--*I*2cYzmi$#z}GSiENw#R40&w6U2^
zwPam;_8fkE4cGJluti-nSs}3*cZAjMqTd!mmqfkKK~8rB?~AcwYfiW^a9^!)xfM@n
zF;=c7Ix)WhyG&v{N7;?lBJS3uv12>~pMgq^KY)T*aBz@<c&T2fpNhg@IxXbO=$S4w
z9+<Ik6K+Bnk`RNW=eul(Nn=)*O$p~uOQvJ^G0uLUsS4@I3V39+0g7_uyW2{0dM!$g
zika@FK29jP4cL_~!!sf!?;2}w@jg7y{U6reF}Tup-5TwVI<{?V#<p$Sw%M_5+qP{x
z>DYEB={PxA>)mI6tM*sx-DmGQHEaHwRrAmNjO!ZLHO4b;;5mf@zzlPhkP($JeZGE7
z?^XN}Gf_feGoG~BjUgVa*)O`>l<h*IpQ!z2CW{ns`;EbZK%SB&68g{f@GzLs;1_hP
z3|8#wF*;&Im!eeBlov5`2~+&il<&t*jr$-3va7?Dy?*g>X=$BSR2)uD<<!f=iY_7+
zCx~VgL*7J|?j{<rG=oL^Y0X6hjaO<Iv?&cH7Aoxz;856j4%+M18L|=;(%P~v84U>9
z>o^|nb1^oVDhQbfW>>!;8-7<}nL6L^V*4pB=>wwW+RXAeRvKED(n1;R`A6<f&`KXK
zfD&?Dt(5bu;DN{UB7piRVUy%Z<Ey!ADARS8_d#8xObY02AD!+&INw_XsW544fRkiv
zsgN89xNO|AooI0A^u_oh*3HRu5%VnYg>v$6<SBgAN0_0JGCLdqq}<97hmgd=n75Q7
zOhTZ|s`O5g29c?$OeSv4RJAn%uB~Dve&?a)t$o2;<4XX)6*Yrots9mCjmaoXL^Nc~
z7AGnF^zS7wG1fC!o)f^`@k|@3oheBwS}G8pg}FkGEw{zNtmQiz$aA;JXH45T3+c-9
z!O<9l>gy0I(;Vf?!4;&sgn7F%LpM}6PQ?0%2Z@b{It<(G1CZ|>913E0nR2r^Pa*Bp
z@tFGi*<dAvc$qjHT6XD6wTz&&N_7u(Rl1@oBi^7tlbIL_CL@ADr>CQ~@Yc-?{cwu1
zsilf=k^+Qs>&WZG(3WDixisHpR>`+ihiRwkL(3T|=xsoNP*@XX3BU8hr57l3k;pni
zI``=3Nl4xh4oDj<%>Q1zYXHr%Xg_xrK3Nq?vKX3|^Hb(Bj+lONTz>4yhU-UdXt2>j
z<>S4NB&!iE+ao{0Tx^N*^|EZU;0kJkx@zh}S^P{ieQjGl468CbC`SWnwLRYYiStXm
zOxt~Rb3D{dz=nH<w<gcr0@Smh4?7*NpxM$L=7%^NSAFm@#nvp#8qWCc6XLxOp05m;
zm+Vq=;6Q;TxJ*@^XL*?^Xi4dI#=!F|B%y2um~UT1!6v(w_7D}&dy`}<a;f$Z+oyNl
zPr8sXY@0tTpl1$l?+9za&ct1tHK2{yCONrnRJqPnW$cjE{pEeqMN^ABAC6U)X#ni~
zUfB89Z_@>McY)#r^kF8|q8KZHVb9FCX2m^X*(|L9FZg!5a7((!J8%MjT$#Fs)M1Pb
zq6hBGp%O1A+&%2>l0mpaIz<Trj|_4|8tOfqtA{6qYlUp*AW=6wyaR8GVPG#YUBW`2
zz?f&&D9xup7E7}pxSU<br&5#ywm1K0k5E*vu$t7Enh18PU+-VB2_er`-mhr?sHL7j
zdNe0r@5Qcsr6&D*8};8txBQ2IC1`77Vs7f}p#Ogc;H1QDMJ#3HksdSw#QC5=kn+%`
zd5hJ-U>bo&jc^!oN^3zxap3V2dNj3x<=TwZ&0eKX5<Dl7;b^#b;I{(onaxeU`VFpo
z0#Bcu*HzEyqwUWRcPKs3DfD6V-^rWHZYg+KCu<bE3(}VxN1N3)mY&_z>PIso9j1;e
zwUg+C&}FJ`k(M|%%}p=6RPUq4sT3-Y;k-<68ciZ~_j|bt>&9ZLHNVrp#+pk}XvM{8
z`?k}o-!if>hVlCP9j%&WI2V`5SW)BCeR5>MQhF)po=p~AYN%cNa_BbV6EEh_kk^@a
zD>4&>uCGCUmyA-c)%DIcF4R6!>?6T~Mj_m{Hpq`*(wj>foHL;;%;?(((YOxGt)Bhx
zuS+K{{CUsaC++%}S6~CJ=|vr(iIs-je)e9uJEU8ZJAz)w166q)R^2XI?@E2vUQ!R%
zn@dxS!JcOimXkWJBz8Y?2JKQr>`~SmE2F2SL38$SyR1^yqj8_mkBp)o$@+3BQ~Mid
z9U$XVqxX3P=X<VH60STdy0sB@jX}+Y_TBg#FKwe*aYaFRRb%;;%q$^Iyf2|Z9YYlw
z%Jt8hwodbGdJaNxw5cPU2RS=7SORg_h_1qR>CKj0*W>}L0~Em`(vG<>srF8+*kPrw
z20{z(=^w+ybdGe~Oo_i|hYJ@kZl*(9sHw#Chi&OIc?w`nBODp?ia$uF%Hs(X>xm?j
zqZQ`Ybf@g#wli`!-al~3GWiE$K+LCe=Ndi!#C<Hn52U9|8K~Ro$I%*RemIf>VjzUZ
z!sD2O*;d28zk<D+-Enbah_#E$&gZ)`AdRl_O}jIQbDwnNAHN#Ci};At$G&3SwK=`P
zpl<2i0!g;rM|EdU74dfP@uV!%*6y8FWa~UFSiX{QU&G^{<bvxL*Ya&&SpTLG7}BO*
zVEuYNLK5?yLUyUVq~muHmVx1;3PYt2J_P<eP7KS>l))m)YN7HDi^z5IuNo3^w(zy8
zszJ<n=2-mJ3CZwLndLXzyBh4<7UNIu$A>G#mp#Cj)Q@E@r-=NP2FVxxEAeOI2e=<s
zqQBD3JtlZm1u~d=N%{y8-ymvOK+jMz2r(X*J0Ylh@G(QI7kZ%-a}ol+`87x|nnG+6
z{b(|BA>|KshybNB6HgE^(r>HD{*}S}m<qA!*hb9IzvC@5i1<u^W80An;lZADAm?KP
zko)m@6{ci~_>O>LuRGJT{*tfTzw_#+er-0${}%YPe@CMJ1Ng#j#)i)SnY@ss3gL;g
zg2D~#Kpdfu#G;q1qz_TwSz1VJT(b3zby$Vk&;Y#1(A)|xj`_?i5YQ;TR%jice5E;0
zYHg;`zS5{S*9xI6o^j>rE8Ua*XhIw{_-*&@(R|C(am8__>+Ws&Q^ymy*X4~hR2b5r
zm^p3sw}yv=tdyncy_Ui7{BQS732et~Z_@{-IhHDXAV`(W<!Q69%H#|w=%}3Kg=YWc
zt&hb~JKx8-xR1O(MbVHSG9)1(@!kVOhLD87%Fl_`7;R(RkjZ~i+x)8zFXU-77X{6f
zYPk%NpFBFvuuQH>lay<#hb>%H%WDi+K$862nA@BDtM#UCKMu+kM`!JHyWSi?&)A7_
z3{cyNG%a~nnH_!+;g&JxEMAmh-Z}rC!o7>OVzW&PoMyTA_g{hqXG)SLraA^OP**<7
zjWbr7z!o2n3hnx7A=2O=WL;`@9N{vQIM@&|G-ljrPvIuJHYtss0Er0fT5cMXNUf1B
z7FAwBDixt0X7C3S)mPe5g`YtME23wAnbU)+AtV}z+e8G;0BP=bI;?(#|Ep!vVfDbK
zvx+|CKF>yt0hWQ3drchU#XBU+HiuG*V^snFAPUp-5<#R&BUAzoB<hHU=m37G!KV!9
zs~61*+Hcg^$oOSo5g9ycnV9qCP&Q;3{o<yJQWFe=Yh1|Y)*C9d35V8SB$g)x4!&YT
z9d!w9=cZ#b{*g~^@EzhO7VrZ@nbuP0-lhv4I*V+9U65<q8FQ4Wa}XL)HtQO{P^VHi
zj-)s#FI|G`@U9{D_@sL{)yhu<Sb_Bt7ceo}s9YE~$iU7@K*Agnl+Zh7seWE5&R!S_
zCmI0O0@x~Z_p8Nlh6x&3>!aZ+e*KIxa26V}s6?nBK(U-7REa573wg-jqCg>H8~>O{
z*C0JL-?X-k_y%hpUFL?I>0WV{oV`Nb)nZbJG01R~AG>flIJf)3O*oB2i8~;!P?Wo_
z0|QEB*fifiL6E6%>tlAYHm2cjTFE@*<);#>689Z6S#BySQ@VTMhf9vYQyLeDg1*F}
zjq>i1*x>5|CGKN{l9br3kB0EHY|k4{%^t7-uhjd#NVipUZa=EUuE5kS1_~qYX?>hJ
z$}!jc9$O$>J&wnu0SgfYods^z?J4X;X7c77Me0kS-dO_VUQ39T(Kv(Y#s}Qqz-0AH
z^?WRL(4RzpkD+T5FG_0NyPq-a-B7A5LHOCqwObRJi&oRi(<;OuIN7SV5PeHU$<@Zh
zPozEV`dYmu0Z&Tqd>t>8JVde9#Pt+l95iHe$4Xwfy1AhI<n`R9oH@0SV-qw)kv`%>
zDM4XJ;bBTTvRFtW>E+GzkN)9k!hA5z;xU<Ypbch46*+?z6ODVueTOx78M~}ZZ>OL2
zq4}zn-DP{qc^i|Y%rvi|^5k-*8;JZ~9a;>-+q_EOX+p1Wz;>i7c}M6Nv`^NY&{J->
z`(mzDJDM}QPu5i4<c4By441WIqZqp>4**2Qbo(XzZ-ZDu%6vm8w@DUarqXj41VqP~
zs&4Y8F^Waik3y1fQo`bVUH;b=!^QrWb)3Gl=QVKr+6sxc=ygauUG|cm?|X=;Q)kQ8
zM(xrICifa2p``I7>g2R~?a{hmw@{!NS5`VhH8+;cV(F>B94M*S;5#O`YzZH1Z%yD?
zZ61w(M`#aS-*~Fj;x|J!KM|^o;MI#Xkh0ULJcA?o4u~f%Z^16ViA27FxU5GM*rKq(
z7cS~MrZ=f>_OWx8j#-Q3%!aEU2hVuTu(7`TQk-Bi6*!<}0WQi;_FpO;fhpL4`DcWp
zGOw9vx0N~6#}lz(r+dxIGZM3ah-8qrqMmeRh%{z@dbUD2w15*_4P?I~UZr^anP}DB
zU9CCrNiy9I3~d#&!$DX9e?A});BjBtQ7oGAyoI$8YQrkLBIH@2;lt4E^)|d6Jwj}z
z&2_E}Y;H#6I4<10d_&P0{4|EUacwFHauvrjAnAm6yeR#}f}Rk27CN)vhgRqEy<?cr
z6R5`U_Sc@<8Rnm)Sx4=ssMmH)((fLzBDe-8oZL2?8;gVE_E7eCE*q4brE|Rr5x0o2
z^Y;YlS3Tj6!|OE$_**V00k_c=V$Fb3v>PMMS7zvunj2?`f;%?alsJ+-K+IzjJx>h8
zu~m_y$!J5RWAh|C<6+uiCNsOKu)E72M3xKK(a9Okw3e_*O&}7llNV!=P87VM2DkAk
zci!YXS2&=P0}Hx|wwSc9JP%m8dMJA*q&VFB0yMI@5vWoAGraygwn){R+Cj6B1a2Px
z5)u(K5{+;z2n*_XD!+Auv#LJEM)(~Hx{$Yb^ldQmcYF2zNH1V30*)CN_<GsyFjVmb
zD)h_|Q}^G(^TxQkX_gf#v;s8zRbbF@HZgig3fX7Y_C%KW^4;Mzb1Q_mbv<K`san7p
zr<VAL=_8V?wGQ9W#OCB6w#j#s*xTCOq{>|1$v2|`LnFUT$%-tO0Eg|c5$BB~yDfzS
zcOXJ$wpzVK0MfTjBJ0b$r#_OvAJ3WRt+YOLlJPYMx~qp>^$$$h#bc|`g0pF-Ao43?
z>*A+8lx>}L{p(Tni2Vvk)dtzg$hUKjSjXRagj)$h#8=KV>5s)J4vGtRn5kP|AXIz!
zPgbbVxW{2o4s-UM;c#We8P&mPN|DW7_uLF!a|^0S=wr6Esx9Z$2|c1?GaupU6$tb|
zY<J=2bwPXwbBG}bpBO&`HtCU`sQ3|>_KU`(_29O_%k(;>^|6*pZURH3`@%EuKS;Ns
z1lujmf;r{qAN&Q0&m{wJSZ8MeE7RM5+Sq<f50&3KEB%;ap5IYu9&*^L3pcVFcAVGW
z04UqHZaI^y_@+2E#<{--P$9fmBw58@VQ=7%^zveD0O(QSrIoS+oGEl}3S0B`>;ul_
z`+ADrd_Um+G37js6tKsArNB}n{p*zTUxQ<D{*LSzTK#>r>3@wA;{EUbjNjlNd6$Mx
zg0|MyU)v`sa~tEY5$en7^PkC=S<2@!nEdG6L=h(vT__0F=S8Y&eM=hal#7eM(o^Lu
z2?<VnV9$|PdIge&&n55GFYu(+3gKo$EMBH)g%fG=d0l9?y&R{Xr=bU~d3k-ls||~Q
zdqZ2Ibd=svvcd-G9F6qP%UbDFL29x}6nCqava_&eR!Ou?Rs~d=hgF3;Q(KAtA|Qt@
z5PeHMC$T|!hzTOnXCt_0q;>^;05&|CNliYrq6gUv;|i!(W{0N)LWd*@{2q*u)}u*>
z7MQgk6t9OqqXMln?zo<KXCh}0JB2C8;d$OZ4?Q<ATC(JOVrvVRF?KkQ6^O&o2`<Q$
z-DPJRqChOl5!YowVXd(3%Ph16pi-d;JaH~r7U?lZJ2%#6uX=|Lcr}^Zli4ixQ1C%y
zu&(nSVW}d7kd1wVFUCOiEZW+4k^V(lOke1~%a8sQs^wAs8KLfUs=BxNe!(Y6_8ZZT
zCo;rs5WaGpeBh67<^|*xA#S65VbLU+e&jyIK!;_a^VJ`2wxD(4_GkoNZ>MAJcc<qR
zn=|0eY#rHX{fDEbS#wEN)PdQ$L3*RG1e}T^y9xXbBKsT-;}=KsEl9zS;lM1nZWo<>
zMKaof_Up})q#DzdF?w^%tTI7STI^@8=Wk#enR*)&%8yje>+tKvUYbW8UAPg55xb70
zEn5&Ba~NmOJlgI#iS8W3-@N%>V!#z-ZRwf<nAQuk$4XsbA2?xvz!lf8!A9&u)@oCJ
z>PO1)dQdQkaHsiqG|~we2ALqG7Ruup(DqSOft2RFg_X%3w?6VqvV1uzX_@F(diNVp
z4{I|}35=11u$;?|JFBEE*gb;T<e_J|zDJ1_W|BYXEUQsj_Ekmr-1GFuSJ!fD#Jwt6
z^IPIC_5NN>`dy+8gWJ9~pNsecrO`t#V9jW-6mnfO@ff9od}b(3<kFPLL`V`PrepA!
znVLswD&Ch_A#nGnS!pm`W^|6KlQj9e0x>s4>p0i30gbGIv~1@a^F2kl7YO;DxmF3?
zWi-RoXhzRJV0&XE@ACc?+@<sd-G9HF5dZ&*wEq(u_wO-RrDCaxC5-G7V)cvIY8~D$
zoG?hk!X_5=BuWn1Z*9@8ZV{ixBE=X&GGWu%bzo>6?)LQ2XNm4KfalMtsc%4!Fn0rl
zpHTrHwR>t>7W?t!Yc{*-^xN%9P0cs0kr=`?bQ5T*oOo&VRRu+1chM!qj%2I!@+1XF
z4GWJ=7ix9;Wa@xoZ0RP`NCWw0*8247Y4jIZ>GEW7zuoCFXl6xIvz$ezsWgKdVMBH>
z{o!A7f;R-@eK9V<P+C5DN?NK_qQ5=(jYExKglP|qB=@(M#QRp~t%BPwuyztnP9`ft
z1YRSG3otkYRhg1ElU)y#_?Pd>j7R40xx)T<2$?F2E<>Jy3F;;=Yt}WE59J!1WN367
zA^6pu_zLoZIf*x031CcwotS{L8bJE(<_F%j_KJ2P_IusaZXwN$&^t716W{M6X2r_~
zaiMwdISX7Y&Qi&Uh0upS3TyEIXNDICQlT5fHXC`aji-c{U(J@qh-mWl-uMN|T&435
z5)a1dvB|oe%b2mefc=Vpm0C%IUYYh7HI*;3UdgNIz}R##(#{(_<BD95FF;ZFGV&qz
z8Pn8EL}R(PV6KpLWp*(tnj`ERy@}m*TiM3BfE$7{gi4TPp(o3PTBV#018`5lT6LcC
z+PH<CSJwzhW!is6r}03ir}GTleL`F(Zdpu?5Nr&E5EjcwAj64ex8MP|*gW4nq?Q<t
z3@5`=_0esGb^Ece<ag$xQWKy^lIB?y(A?CgT;_3FV}1}aB!)jwA@T?(6XedlQ*(k9
zDadBI6m!U;qSg`{#7%mtl6VD&C{a5(&zN`4qOG(j4~hS{3H95A$%A5tpnCEbP+wqO
z>>82|zB0L*1i4B5j-xi9O4x10rs_J6*gdRBX=@VJ+==sWb&_Qc6tS<KlKZn<VwU!n
zLnOnI&WJ&J91(5%V9y=4Jq_eBfm9!BCKO-W6RKLW6dVby&S8C>OowM{BX@(zawtjl
zdU!F4OYw2@Tk1L^%~JCwb|e#3CC>srRHQ*(N%!7$Mu_sKh@|*XtR>)BmWw!;8-mq7
zBBnbjwx8Kyv|hd*`5}84flTHR1Y@@uqjG`UG+jN_YK&RYTt7DVwfEDXDW4U+iO{>K
zw1hr{_XE*S*K9TzzUlJH2rh^hUm2v7_XjwTuYap|>zeEDY$HOq3X4Tz^X}E9z)x4F
zs+T?Ed+Hj<#jY-`Va~fT2C$=qFT-5q$@p9~0{G&eeL~tiIAHXA!f6C(rAlS^)&k<-
zXU|ZVs}XQ>s5iONo~t!XXZgtaP$Iau;JT%h)>}v54yut~pykaNye4axEK#5@?TSsQ
zE;Jvf9I$GVb|S`7$pG)4vgo9NXsKr?u=F!GnA%VS2z$@Z(!MR9?EPcAqi5f<pK5;t
zb&cukw)8-|x31H1(Fj&i+kM40=Y04i9gus|j!y(ah9bVAH`yCx;#-MJ&6<Uo;364L
z>t)Iz6sNl`%kj+_H-X`R<>BFrBW=fSlD|{`D%@Rcbu2?%>t7i34k?Ujb)2@J-`j#4
zLK<69qcUuni<uOj0}C`gMaESz)GI|*Grst&fPD8oZr)bKc^}~YN0GER#uusn+Tc!q
zWrF<sBKhCak$)+P{0^qh)?a~|!fuAfcK>Ian-$A1+fR=?@+thwDIXtF1Tks@Br-xY
zfB+zblrR(ke`U;6U~-;p1Kg8Lh6v~LjW@9l2P6s+?$2!Z<IDB+yY4ox&h|I0y;-5?
z9m>RPX`(ZkRGe7~q(4&g<OcID-Zqc@__+obc6~O5DPU5>Ei<$ch`5kQ?*1=GSqkeV
z{SA1EaW_A!t{@^UY2D^YO0(H@+kFVzZaAh0_`A`f(}G~EP~?B|%gtxu&g%^x{EYSz
zk+T;_c@d;+n@$<>V%P=nk36?L!}?*=vK4>nJSm+1%a}9UlmTJTrfX4{Lb7smNQn@T
zw9<w{mDNj#YVY((v>p2%(Zjl^bWGo1;DuMHN(djsEm)P8mEC2sL@KyPjwD@d%QnZ$
zMJ3cnn!_!iP{MzWk%PI&D?m?C(y2d|2VChluN^yHya(b`h>~GkI1y;}O_E57zOs!{
zt2C@M$^PR2U#(dZmA-sNreB@z-yb0Bf7j*y<pBQ+k4*aVp?w`(S5_}b&kg4X@Sofy
zcqHS%!CX>ONhZG=onhx>t4)RB`<CY&xEoOnNq|`4TwO?Um+51s<NDq0^B>r6&TP$n
zgmN*)eCqvgriBO-a<gb-@gO7*f-;=;$N<27Yp)D7Ln4I)79>bHQ8ECN0bw?z5Bxpx
z=jF@?zFdVn?@gD5egM4o$m`}lV(CWrOKKq(sv*`mNcHcvw&Xryfw<{ch{O&qc<L-M
zVmpiaS&dR>#WCTXX6=#{MV@q#iHYba!OUY+MGeNTjP%Fj!WgM&`&RlI^=AWTOqy-o
zHo9YFt!gQ*p7{Fl86>#-JLZo(b^O`LdFK~OsZBRR@6P?ad^Ujbqm_j^XycM4ZHFyg
ziUbIFW#2tj`65~#2<ophCAkOZ($XwYEX-9Vd`-+%7JN?3GR#=*po_llExeP58!Yyh
zfBFZx*>V!4z7DM8Z;fG0|APaQ{a2VNYpNotB7eZ5kp+tPDz&Lqs0j%Y4tA*URpcfi
z_M(FD=fRGdqf430j}1z`O0I=;tLu81bwJXdYiN7_&a-?ly|-<ApEerJYO+vWo=kI`
z-rD}hhy8i~TGtoY4s6@Z3<13<OR9eqt4um=6eFf6$!!n)xzh=;tTHXN(UE;Xf=pU+
z`dE9RnW+)N$rd9fN@%&3A?!JdCd~nqX?>j*+=--XGvCq#32Gh(=|qj5F?kmihk{<M
zgEPC5kES)++<3TpUXV3Y3P48VdaIr-^IB0!+8~n0mjL`=xeqv8O-l|+H1rq)7sA{H
z^$*$;DIbhLHBWOj8khSs5o|aYh+3RPX=5iXJy_n`ZNI><Spn2FM>%M&$}udW5)DHK
zF_>}5R8&&API}o0osZJRL3n~>76nUZ&L&iy^s>PMnNcYZ|9*1$v-bzbT3rpWsJ+y{
zPrg>5Zlery96Um?lc6L|)}&{992{_$J&=4%nRp9BAC6!IB=A&=tF>r8S*O-=!G(_(
zwXbX_rGZgeiK*&n5E;f=k{ktyA1(;x_kiMEt0*gpp_4&(twlS2e5C?NoD{n>X2AT#
zY@Zp?#!b1zNq96MQqeO*M1MMBin5v#RH52&Xd~DO6-BZLnA6xO1$sou(YJ1Dlc{WF
zVa%2DyYm`V#81jP@70IJ;DX@y*iUt$MLm)ByAD$eUuji|5{ptFYq(q)mE(5bOpxjM
z^Q`AHWq44SG3`_LxC9fwR)XRVIp=B%<(-lOC3jI#bb@dK(*vjom!=t|#<@dZql%>O
z15y^{4tQoeW9L<H_624p3-b_rHm8YIC$k6&3$GlwdQslWx5!&!3m}i*?tl5@6;yzj
zoc!Vo*Hbq)-jJ59Sg;T*C)b6<j+VKKLixts|L96bm4=Is0j?L(vXBm$urwF-{$0-V
z<$e6HsrcrOqq`p)uFW!qJ}rO<YKXdHxyO`G#Bia+f>u%G&V$90x6F)xN6y_oIn;!Q
zs)8jT$;&;u%Y>=T3hg34A-+Y*na=|glcStr5D;&5*t5*DmD~x;zQAV5{}Ya`?RRGa
zT*t9@$a~!co;pD^!J5bo?lDOWFx%)Y=-fJ+PDGc0>;=q=s?P4aHForSB+)v0WY2JH
z?*`O;RHum6j%#LG)Vu#ciO#+jRC3!>T(9fr+XE7T2B7Z|0nR5jw@WG)kDDzTJ=o4~
zUpeyt7}_nd`t}j9<K48+u@DhA3`4r+FJ677MR6&8E4f2zla%l|D9N*11$;?agx3`X
zQKMo3I0~ZlYkbWEu`x`yJ@krOwxENL$Rt=$8{!>BKqryOha{34erm)RmST)_9Aw)@
zHbiyg5n&E{_CQR@h<}34d7WM{s{%5wdty1l+KX8*?+-YkNK2Be*6&jc>@{Fd;Ps||
z26LqdI3#9le?;}risDq$K5G3yoqK}C^@-8z^wj%tdgw-6@F#Ju{Sg7+y)L?)U$ez>
zoOaP$UFZ?y5BiFycir*pnaAaY+|%1%8&|(<reOyuH4oC{Ih*Lwy|NYzPCQRQ`ehMF
zEg-;Objn(%#1qC@!zAnKQl4zHMlo)Q+E4pW2QKLde|EyLnXTvQOMSI7T)74sZOfHC
z#$kL6q5^qb8eY0TS0xZc5`Q++ann{Wm9&lnoQ^h6%~gFm-4lj+U9&Zp#WzNXX62+9
zmFZ)1ML^9;#Ht15k!kkQ%3qdk7S&owgs=Ge>@VB)zweR%?IidwJyK5J!STzw&2RFx
zZV@qeaCB01Hu#U9|1#=Msc8Pgz5P*4Lrp!Q+~(G!OiNR{qa7|r^H?FC6gV<apFHH!
zvPyd+`3A>hkk3y7=uW#Sh;&>78bZ}aK*C#NH$9rX@M3f{nckYI+5QG?Aj1DM)@~z_
zw!UAD@gedTlePB*%4+55naJ8ak_;))#S;4ji!LOqY5VRI){GMwHR~}6t4g>5C_#U#
ztYC!tjKjrKvRy=GAsJVK++~$|+s!w9z3H4G^mACv=EErXNSmH<U!EM^MvZ)wb9KT%
z#OZQ%D1oeCN~H?$e4PM)Oo0Nf#@aY_z^1AJ$yBSx5w>7qN}%PKcN|8%9=i)qS5+$L
zu&ya~HW%RMVJi4T^pv?>mw*Gf<)-7gf#Qj|e#w2|v4#t!%Jk{&xlf;$_?jW*n!Pyx
zkG$<18kiLOAUPuFfyu-EfWX%4jYnjBYc~~*9JEz6oa)_R|8wjZA|RNrAp%}14L7fW
zi7A5Wym<E#i_(~)bst!ffFAM+k<@$mzUh70rTL<McKqdHe%2p~vi~IR0fXQ|S)y{r
z;Wp!8-s^RV8y06<5VY%~W5!C@67mJ2juFL?Aei!n9$#?Mxz(e*!?C%d!S^;<NyuK;
z=jOZo@63!X2t3{<2mbRO+M4mhSli$HyTwM2v=i7dSS7zmGorTVUNCfrp5V7W@5-EM
z9Ys`dT15QQomjL6GHVaWEvXi+QV5957MiWw!x~2qrLvvTs8)?0#wqmp4@3O@LG<r!
zk6}xyfn=$w96=KT^BPtNWe<ruqW3j0;LxgBeA49=6TD<@C_{gG$<X&CyDE03IM5)z
zgD@jrZu<T4d;HFH;~S7D52VZ#%z-INbhoB9d^{Iug5R?T=;fLQ(uh#mu6u`Ha62Gc
zoH09p_pkWwHF6o$jc2wh?8ZJGKMj7F>*<L$XY6i+<~=c|V{+>K+V8pkqq<QnfGNr(
zou6uoQ0mUzl`senrxj^LkjsGe;0#a$G>O-X#3ft{0qs?KVt^)?kS>AicmeO&q+~J~
z<sSV8bNrd3A9xC%f$yWrWh#?+O1^-<;70xvO=?7-Uc1E*o02qDCg>p0YJ_P~_a8j=
zsAs~G=8F=M{4GZL{|B__UorX@MRNQLn?*_gym4aW(~+i13knnk1P=khoC-ViMZk+x
zLW(l}oAg1H`dU+Fv**;qw|ANDSRs<RLAc%!hUu-WqF+F5Oeq^z)6;J*CN3_IJ2Nxe
z-;V6)AOdQ4T2Ukyh0P^3nCpm=n$E*LwA)q6EHoozsz{aE^r+ehzxp>>cGqL!Yw^`;
zv;{E&8CNJcc)GHzTYM}f&NPw<6j{C3gaeelU#y!M)w-utYEHOCCJo|Vgp7K6C_$14
zqIrLUB0bsgz^D%V%fbo2f9#yb#CntTX?55X<qx;!okXD~axKjmLH&*OdaOWEc{H0%
zi0MH-X|Jusi;#0rf&N*g-GE;RD$1qdO=oS*<<v&3;DB9~Mn>y|Kps&Xek*4_r=KDZ
z+`TQuv|$l}MWLzA5Ay6C<xwUE$SDueIt18G;rIq+PKrqK)-e%dH7kKgSCZrM6VWd%
zl2lnN?N}w!k%oj}Sb=F~WfJ?Oq-~KxZEt%C$Km;<HWP-Far<SWJWbkJ@m6yOcWFyW
z_Q8799P2jX-Hi_v*fxw=bGS(JHHq<82FgsB@wT053kvhY`h#<lj?p)b>vsa^7x<Dm
z7*W`&66pKXgHH%Ml6<<#8|Qv`3H|XpxHPw;J1j{B-l=VGuJ@O>vwXpy?`w(6vx4XJ
zWuf1bVSb#U8{xlY4<q^>+wlZ$9jjPk)X_;NFMqdgq>m&W=!KtP+6NL57`AMljW+es
zzqjUjgz;V*kktJI?!NOg^s_)ph45>4UDA!Vo0<s{;e|6~VP^gWUU3XjQk;=Xix6pU
zwO|=D;X5iLwh8JKU!FTBb9nZax_m$0O`m}PntuM|vT@{$W}A^6FgT)aaou}yP9OHt
z+BRQkg}S5r2LiCLG|3XarntT@bLzkEQWF1j1PB<L*g6>hn>KZ+h-3=?Y3*R=#!fOX
zP$Y~+14$f66ix?UWB_6r#fMcC^~X4R-<&OD1CSDNuX~y^YwJ>sW0j`T<2+3F9>cLo
z#!j57$ll2K9(%$4>eA7(>FJX5e)pR5&EZK!IMQzOfik#FU*o*LGz~7u(8}XzIQRy-
z!U7AlMTIe|DgQFmc%cHy_9^{o`eD%ja_L>ckU6$O4*U**o5uR7`FzqkU8k4gxtI=o
z^P^oGFPm5jwZMI{;nH}$?p@uV8FT4r=|#GziKXK07bHJLtK}X%I0TON$uj(iJ`SY^
zc$b2CoxCQ>7LH@nxcdW&_C#fMYBtTxcg46dL{vf%EFCZ~eErMvZq&Z%Lhumnkn^4A
zsx$ay(FnN7kYah}tZ@0?-0Niroa~13`?hVi6`ndno`G+E8;$<6^gsE-K3)TxyoJ4M
zb6pj5=I8^FD5H@`^V#Qb2^0cx7wUz&cruA5g>6>qR5)O^t1(-qqP&1g=qvY#s&{bx
zq8Hc%LsbK1*%n|Y=FfojpE;w~)G0-X4i*K3{o|J7`krhIOd*c*$y{WIKz2n2*EXEH
zT{oml3Th5k*vkswuFXdGDlcLj15Nec5pFfZ*0?XHaF_lVuiB%Pv&p7z)%38}%$Gup
z<b3uaN}F=Gim_ol$%3|sHjkH6w3NkSvTNg|$pNIrx_?n%{%+0R`;99PC4<xOluBpR
zU2O5CB{+faJ?d^o`6UNaOpdi{6Wxcn#ldUE@c7sS0hQ<d1bwc@5-Mup64Y_byI5~E
ze(1Scv9rryWVG=>VTa~C8=cw%6BKn_|4E?bPNW4PT7}jZQLhDJhvf4z;~L)506IE0
zX!tWXX(QOQPRj-p80QG79t8T2^az4Zp2hOHziQlvT!|H)jv{Ixodabzv6lBj)6WRB
z{)Kg@$~~(7$-az?lw$4@L%I&DI0Lo)PEJJziWP33a3azb?jyXt1v0N>2kxwA6b%l>
zZqRpAo)Npi&loWbjFWtEV)783BbeIAhqyuc+~>i7aQ8shIXt)bjCWT6$~ro^>99G}
z2<k!)pJyc8u<yVadbWX)2!_&!K=lyrD}wj>XfmT0(|l!)XJb^E!#3z4oEGIsL(xd;
zYX1`1I(cG|u#4R4T&C|m*9KB1`UzKvho5R@1e<V*TeB>YtUL9B72{i(ir&ls8g!pD
ztR|25xGaF!4z5M+U@@lQf(12?xGy`!|3E}7pI$k`jOIFjiDr{tqf0va&3pOn6Pu)%
z@xtG2zjYuJXrV)DUrIF*y<1O1<$#54kZ#2;=X51J^F#0nZ0(;S$OZDt_U2bx{RZ=Q
zMMdd<UQ`729gV*taE)yo&7I6$j1|A$UbHd&qQG|gUmni?yhum!iv{x|f0(p56<HNE
z{|r}=llKTf(UnY3B_)-{B&Ilhl?!Gt;#{A!Ik&y#y&po8@}lQ?&FRcs-Q>$fH|!s{
zXq#l;{`xfV`gp&C>A`WrQU?d{!Ey5(1u*VLJt>i27aZ-^&2IIk=zP5p+{$q(K?2(b
z8?<F{C+DO@u0&46j?yJ2$y`_qSmA<f41gBg&6I6Bc4WTi!On@`Kfs@;Mf4<#yYH%S
z3%=-9Vz2=GO0viySb&ugf@Mk8Vrw0#wF<}kN;VR}yEW9MNABqR`RZL=RHtZ4%8@`Y
zp#Ny|%!HB2ZzUgfDe)Mtj<}lnsKm*hSbL^-xJDeWiDv0GDklMm@t>9h)kvj9SF!Dr
zoyF}?V|9;6abHxWk2cEvGs$-}Pg}D+ZzgkaN&$Snp%;5m%zh1E#?Wac-}x?B<FLY5
z^#|qyQLq|K>YlGN#U#Mek*}kek#I9XaHt?mz3*fDrRTQ#&#~xyeqJk1QJ~E$7qsw6
z?sV;|?*=-{M<1+hXoj?@-$y+(^<DUw2Jr;Zm>BJ1H~wQ9G8C<M!|<37p=^5w$PQ1k
zI75RU({o}zBXPvTFlczyZ!+pcQxRXL4k5~P@IP4UP@{7*ml`gS8j=i(N(J0~3#|$W
z#`Dx?eM5{^y|kSL=^5rzID`fXlPhQ2@)omgy?3h*!>0#^aEAyhDduNX@haoa=PuPp
zYsGv8UBfQaRHgBgLjmP^eh>fLMeh{8ic)?xz?#3kX-D#Z{;W#cd_`9OMFIaJg<n@h
zIvM{(1~1i4U6GYhKf4MAnWumaiROMvmVJ+(p3e<6pce!gGy~U5HS%XPE9#Jf<W#m+
zb_QyVUZ<wCu_xG@9z9_*)RPK9x8IJ=-v7b-iuW|s!`IbP-rnHkSc}B#!RFNU;ClVO
zdDxXw<Lhw^{LS*V&7Z-qDtQxaWnLp+HwMlupdACRzR5|WWj`ztVcQA@+RUVWll~zq
z{qn?RDyo>-=t`_3*!YDgtNQ2+QUEAJB9M{~AvT$H`E)IKmCR21H532+ata8_i_MR@
z2Xj<3w<`isF~Ah$W{|9;51ub*f4#9ziKrOR&jM{x7I_7()O@`F*5o$KtZ?fxU~g`t
zUovNEVKYn$U~VX8eR)qb`7;D8pn*Pp$(otYTqL)5KH$lUS-jf}PGBjy$weoceAcPp
z&5ZYB$r&P$MN{0H0AxCe4Qmd3T%M*5d4i%#!nmBCN-WU-4m4Tjxn-%j3HagwTxCZ9
z)j5vO-C7%s%D!&UfO>bi2oXiCw<-w{vVTK^rVbv#W=WjdADJy8$khnU!`ZWCIU`>#
zyjc^1W~pcu>@lDZ{zr6gv%)2X4n27~Ve+cQqcND%0?IFSP4sH#yIaXXYAq^z3|cg`
z`I3$m%jra>e2W-=DiD@84T!cb%||k)nPmEE<W?@Vxzv1;a$T#%C913?i}`t+rADo#
zC7TuHDW#@wx#E3b<A)T6uJ>09NC%@PS_OLhkrX*U!cgD*;;&gIaA(DyVT4QD+q_xu
z>r`tg{hiGY&DvD-)B*h+YEd+Zn)WylQl}<4>(_NlsKXCRV;a)Rcw!wtelM2_rWX`j
zTh5A|i6=2BA(iMCnj_fob@*eA;V?oa4Z1kRBGaU07O70fb6-qmA$Hg$ps@^ka1=RO
zTbE_2#)1bndC3VuK@e!Sftxq4=Uux}fDxXE#Q5_<FeRxZ5dX0w7NJ1YRHU#Z$BTr$
z`)wN5bJJ+RrkSP-+5&DxF;{yTydOK?&E@|n6{$zZ<l<h_OVq<pLy3}Cs(@^!AKS3v
zs^%D02yP?T1JsVkG_$W1M_(HQj2}0PQ({upTh0DEflgHzkrq_3uQ#o~Xh$r*Hn#XK
z%fUd@E{I)?SYMJGeI}L~)B<FkO~@J|q(Wd60IQ&6Okb!cr?;u~jpWb%H+9jmSrjds
z{3hpy8rDopSBZ_GusW_B)^$dTmE4P&V_Eb^Ih;|L<NY!D5GPH#JeEzeTh$HO@A|Fn
zRc*;Ma?FBd&3c(9Zt!qaZlR5|nMqGrA2Lj7O7tMpWmQy_rjuK|B)Gc_ouOQrj6wEz
z32X<-{ytN?=>x=E1h>T5`D<dtR&xu@*|Ta7Hd8EJn!lw8o@cR!8z8eO@)Vx=X>PHz
zbH<_OjWx$wy7=%0!mo*qH*7N4tySm+R0~(rbus`7;+wGh;C0O%x~fEMkt!eV>U$`i
z5<d_k7|L{*P&u(7rQp7047h3UbY|wjh)RQP$TKl{D0~b7ZKVczu31g*{+{-g>>Q(o
z=t$<p=<~hN1+_h{HfNMhdBWq=6u*-jH!6viz%~sWI#`^RvV~7ac*8S<+(K#fxEe_p
zLbZpanYgH()OwCJr$ckxd~mD)xi7!XCK7P^_y9>gPjgGh0&I7KY#k50V7DJRX<%^X
z>6+ebc9efB3@eE2Tr){;?_w`vhgF>`-<wt92+tk>GDY(YkR{9RH(MiCny<y~1rmBT
z=dU8?rS7ETruzC)etiYZ9@H0U1&xhKdLlcsjIHpes0+3l0*A?A>Rtd!LxXJ75z+?2
zGi<cz0hpHP10;3BfW^UbK|?i^ifVMhOM5tgNDo@PRVaec;GG(&PVVC}!WSnGP1++_
zj7X7}wOo$N4wU`G{9dEHd)iC0+__;{cSTS$w5A&CA{~0{tkn5{Q%AiVsW(Kt{2;Uv
zBC}hb{rgu(YvCPnHSS0;+<C*VukDNqo3wS450JI-3281)fjd<)Bk-Ox`5w9XCzwi@
zp&5d0zI5lIy4<1UjOMJL%mwKt$VX@f5Kf1<C;xU5aS>@m^+2hKJ5sB<T$2V@SQod{
zRaF6_FrEJ05N9c3f!q*;Z05ZmkiEaIoL}q&R~{c5{BIXr)9*1zAB!J$KA+W@@dk7V
zW5l1MLb$_c=9n*)B;obV;jd(QuL`!dk1d-7e1RQ0`^&R)nTJ0daa%iDe~{YM@Qnb3
zu*hzH_KKQq>1@Xi@s_@p_Kwbc<*LQ_`mr^Y%j}(sV_$`J(?_FWP)4NW*BIL~sR>t6
zM;qTJZ~GoY36&{h-Pf}L#y2UtR}>ZaI%A6VkU>vG4~}9^i$5WP2Tj?Cc}5oQxe2=q
z8BeLa$hwCg_psjZyC2+?yX4*hJ58Wu^w9}}7X*+i5Rjqu5^@GzXiw#SUir1G1`jY%
zOL=GE_ENYxhcyUrEt9Xl<FD`E@a9>MNP6kx6h&%6^u3@zB8KUCAa18T(R2J`%JjWZ
z!{7cXaEW+Qu*iJPu+m>QqW}Lo$4Z+!I)0JNzZ&_M%=|B1yejFRM04bGAvu{=lNPd+
zJRI^DRQ(?FcVUD+bgEcAi@o(msqys9RTCG#)TjI!9~3-dc`>gW;HSJuQ<oHtTsmp-
zg)H_2N1wZGNAu6O_Xn(AY+RFAJ-6Mm_93j!W*X|0Ye@4;iY+s6<0b5MjXzo`6IJyz
zLtv`iatXFp+bzc4T?oIjwG<wve*Pc~KpyZ4DKvxF$C%dvH*(Xtf=8k-_oIQotfRTq
zi_<6B=B}307o+ji?B_%DCS{<<$aaC|iJtV&+ZKYGhX!7=v>vH~d`MQs86R$|SKXHh
zqS9Qy)u;T`>>a!$LuaE2keJV%;8g)tr&Nnc;EkvA-RanHXsy)D@XN0a>h}z2j81R;
zsUNJf&g&rKpuD0WD@=dD<sR9w8N7Z}d}V2@hrPnkI(}2BnH&b8WlGN_J`E#!LaROL
zT6x>rPHdBoK42WoBU|nMo17o(5^;M|dB4?|FsAGVrSyWcI`+FVw^vTVC`y}f(BwJl
zrw3Sp151^9=}B})6<JlvqOAvKIjM>@H*i4-dIN_o^br+BkcLa^H56|^2XsT0dESw2
zMX>(KqNl=x2K5=zIKg}2JpGAZu{I_IO}0$EQ5P{4zol**PCt3F4`GX}2@vr8#Y)~J
zKb)gJeHcFnR@4SSh%b;c%J`l=W*40UPjF#q{<}ywv-=vHRFmDjv<xPiJ;i|>)NtmC
zQx9qm)d%0zH&qG7AFa3VAU1S^(n8VFTC~Hb+HjYMjX8r#&_0MzlNR*mnLH5hi}`@{
zK$8qiDDvS_(L9_2vHgzEQ${DYSE;DqB!g*jhJghE&=LTnbgl&Xepo<*uRtV{2wDHN
z)l;Kg$TA>Y|K8Lc&LjWGj<+bp4Hiye_@BfU(y#nF{fpR&|Ltbye?e^j0}8JC4#xi%
zv29ZR%8%hk=3ZDvO-@1u8KmQ@6p%E|dlHuy#H1&MiC<*$YdLkHmR#F3ae;bKd;@*i
z2_VfELG=B}JMLCO-6UQy^>RDE%K4b>c%9ki`f~Z2Qu8hO7C#t%Aeg8E%+}6P7Twtg
z-)dj(w}_zFK&86KR@q9MHicUAucLVshUdmz_2@32(V`y3`&Kf8Q2I)+!n0mR=rrDU
zXvv^$ho;yh*kNqJ#r1}b0|i|xRUF6;lhx$M*uG3SNLUTC@<I49P80xma07<{`YgPN
z)(Ac#bc{dhY#Cu3)v`Q}DZFuLMQN2u7xe+7PIX*m0qDp<6Jkno{rglXV)U;4>|htC
z-=fsw^F%$qqz4%QdjBrS+ov}Qv!z00E+JWas>p?z@=t!WWU3K*?Z(0meTuTOC7OTx
zU|kFLE0bLZ+WGcL$u4E}5dB0g`h|uwv3=H6f+{5z9oLv-=Q45+n~V4WwgO=CabjM%
zBAN+RjM65(-}>Q2V#i1Na@a0`08g&y;W#@sBiX6Tpy8r}*+{RnyGUT`?XeHSqo#|J
z^ww~c;ou|iyzpErDtlV<Y_SCc(_7{}MrPO4rVB@7&Rjy#O2fj5to>U=`8N7JSu>4M
z_pr9=tX0edVn9B}YFO2y(88j#S{w%E8vVOpAboK*27a7e4Ekjt0)hIX99*1oE;vex
z7#%jhY=bPijA=Ce@9rRO(Vl_vnd00!^TAc<+wVvRM9{;hP*rqEL_(RzfK$er_^SN;
z)1a8vo8~Dr5?;0X0J62Cusw$A*c^Sx1)dom`-)Pl7hsW4i(r*^Mw`z5K>!2ixB_mu
z*Ddqjh}zceRFdmuX1akM1$3>G=#~|y?eYv(e-`Qy?bRHIq=fMaN~<jAL}PWcQidRH
zK2yekhS2Lj<8?b`xr58UAX4(T5E1^L&whVF<i9Q^ij@9ed9E_ifd+pE6vaZ5Ry#aY
zA}&HXAstN0LhSxhPG&s*OQPG{+rA08*@HqCho1SsE9gc)wqnJnfgB2HU^I0xnVxj*
zX4m!g{s6*{GQ|W6M46yH&8H0KRHzB%Hb1+zmame~q)Ue3wp6C<-<ZZK_M)*8T|>fB
zUa6I8Rt=)jnplP>yuS+P&PxeWpJ#1$F`iqRl|jF$WL_aZFZl@kLo&d$VJtu&w?Q0O
zzuXK>6gmygq(yXJy0C1SL}T8AplK|AGNUOhzlGeK_oo|haD@)5PxF}rV+5`-w{Aag
zus45t=FU*{LguJ11Sr-28EZkq;!mJO7AQGih1L4rEyUmp>B!%X0YemsrV3QFvlgt*
z5kwlPzaiJ+kZ^PMd-RRbl(Y?F*m`4*UIhIuf#8q<Nz@soPkY1ALkT*eHhnbbIB_gT
zwEAmPh9_mjMLG@Ns1qCf8u)<9ISwg$Bqf?2y^HBtk5P?|2w6>>H_M=fM*L_Op-<_r
zBZagV=4B|EW+KTja?srADTZXCd3Yv%^Chfpi)cg{ED${SI>InNpRj5!euKv?=Xn92
zsS&FH(*w`qLI<rdK|7Qb<c1TJj-yb9%q!4Kl-gZhZ0&i~?1Smlus~@u79ojelr}e=
z=(jH{&~FQJuR)VS@A!!<bs@smdUy8&t|3w(Ru!w~g8*dFaH0ct>y$doc>RE&A5R?u
zzkl1sxX|{*fLp<pkJUphzMYHr37AZg0<9Q!);Dms#VK@7w$(ZE_TiLt!QccO&=fNh
z83;??=IfxriuU6rn*5zF)5oJ^dWG?|gwh&}q9z`cmSZSRKGM<9JUXgj2HP@ki@EyB
zPj?ggbGP#(J(EMkDShSp(c?_>XvIW>9d<$ePROttn3oc6R!sN{&Y+>Jr@yeQN$sFR
z;w6A<2-0%UA?c8Qf;sX7>>uKRBv3Ni)E9pI{uVzX|6Bb0U)`lhLE3hK58ivfRs1}d
zNjlGK0hdq0qjV@q1qI%ZFMLgcpWSY~mB^LK)4GZ^h_@H+3?dAe_a~k*;9P_<R7XN(
z&HGNI!PYhVXyq^_=bMf}N6^ok_FD5wiKI-2%nC=ATeOPtc<W3f4qR0C>d7%NEFP6+
zgV(oGr*?W(ql?6SQ~`lUsjLb%MbfC4V$)1E0Y_b|OIYxz4?O|!kRb?BGrgiH5+(>s
zoqM}v*;OBfg-D1l`M6T6{K`LG+0dJ1)!??G5g(2*vlNkm%Q(MPABT$r13q?|+kL4-
zf)Mi5r$sn;u41aK(K#!m+goyd$c!KPl~-&-({j#D4^7hQkV3W|&>l_b!}!z?4($OA
z5IrkfuT#F&S1(`?modY&I40%gtroig{YMvF{K{>5u^I51k8RriGd${z<Y3I3im=|8
z%$wv|wOEi8mu|yn0sn9E+Qi~7!OCIls-XU^J6|DHO_&{OHFY6TnAa~}E2>)=5k2tG
zM|&Bp5kDTfb#vfu<Z8(fb`i1z5wam|g63@h@f<+rCe0^)xyy?F)?N0$kWv4tqkpY=
z|3gMq{41bNQKPxivJ4dRDGYL+wvozbM|9~2fRq%3DHYS}cYPOyWb;?dy#H5(Ih0qD
zkVJkMZ*Py0(6NmwNO)Lq$X1r;R}D>TTd?)a=>bX=lokw^y9+2LS?kwHQIWI~pYgy7
zb<qS%zT{Z;-?o6LsXKA|-3BgzAw}ClH1epD-+P;mIUo2I{0lLes<XJMvzg#Bbe7DY
zG_Uq)WFe{s;pIJbW*B(HF<&(BRKZq@PN5oU9?D1X>?A-RKVm_vM5!9?C%qYdfRAw&
zAU7`up~%g=p@}pg#b7E)BFYx3g%(J36Nw(Dij!b>cMl@CSNbrW!DBDbTD4OXk!G4x
zi}JBKc8HBYx$J~31PXH+4^x|UxK~(<@I;^3pWN$E=sYma@JP|8YL`L(zI6Y#c%Q{6
z*APf`DU$S4pr#_!60BH$FGViP14iJmbrzSrOkR;f3YZa{#E7Wpd@^4E-zH8EgPc-#
zKWFPvh%WbqU_%ZEt`=Q?odKHc7@SUmY{GK`?40VuL~o)bS|is$Hn=<=KGHOsEC5tB
zFb|q}gGlL97NUf$G$>^1b^3E18PZ~Pm9kX%*ftnolljiEt@2#F2R5ah$zbXd%V_Ev
zyDd{1o_uuoBga$fB@Fw!V5F3jIr=a-yk<G{P%>qrK?WWZ#a(bglI_-8pq74RK*KfQ
z0~Dzus7_l;pMJYf>Bk`)`S8gF!To-BdMnVw5M-pyu+aCiC5dwNH|6fgRsIKZcF&)g
zr}1|?VOp}I3)IR@m1&HX1~#wsS!4iYqES<Oq!z^aMIT{Q??S@v&*GbF7q97kSl@?K
zC$z`Bzx+I?h3E?|U&YSk%hU7kC(QpfpZ+&mhLZFbpGNmFX*V`jC*LO2kmEO_Z~=`>
zK}4J{Ei>;e3>LB#Oly>EZkW14^@YmpbgxCDi#0RgdM${&wxR+LiX}B+<h)+#yyKdg
zysFvW_W7nZ&<-(uGY@AGZ5D2!%>iRioOB0(pDKpVEI;ND?wNx>%e|m{RsqR_{(nmQ
z3ZS}@t!p4a(BKx_-CYwrcyJ5u1TO9bcXti$8sy>xcLKqKCc#~UOZYD{llKTSFEjJ~
zyNWt>tLU}*>^`TvPxtP%F`ZJQw@W0^>x;!^@?k_)9#bF$j0)S3;mH-IR5y82l|%=F
z2lR8zhP?XNP-ucZZ6A+o$xOyF!w;RaLHGh57GZ|TCXhJqY~GCh)aXEV$1O&$c}La1
zjuJxkY9SM4av^Hb;i7efiYaMwI%jGy`3NdY)+mcJhF(3XEiSlU3c|jMBi|;m-c?~T
z+x0_@;SxcoY=(6xNgO$bBt~Pj8`-<1S|;Bsjrzw3@zSjt^JC3X3*$HI79i~!$RmTz
zsblZsLYs7L$|=1CB$8qS!tXrWs!F@BVuh?kN(PvE5Av-*r^iYu+L^j^m9JG^#=m>@
z=1soa)H*w6KzoR$B8mBCXoU;f5^bVuwQ3~2LKg!yxo<XQ$IAc;ya0F4IP5hmZW0n(
zeoH>mG1#XPmn(?YH<r<yFVclsbGRF9L2n2S9>@E~_ED+W6mxs%x{%Z<$pW`~ON<jr
zb@Rh%`t#?I<L3yZl{J^|&N^NYcBZh%My>1~2XjP5v(0{C{+6Dm$00tsd3w=f=ZENy
zOgb-=f}|Hb*LQ$YdWg<(u7<GTVlvJ^WI42~hhU2v*|!uo(`G=2+{}i#sqV$xDASf<
z@BJ)K+GlMseqK(xbd0N8;flrWX{U|f6iVUhp2C8U6V%`<#w1zFsPHlj&@qhoQ^=nF
z6v6aigM_Vb$5&}LkM25m&fIkuPtbE8{LAP5`M)3J|2(|M4gtoWqx*l9ndfm(jDdbS
z;F;wqL8@O#jzJ_!L@a8Vr=(ty%9Ya<&mYkPK-upKKzu>x3`PKF)B7ZfZ6;1FrNM63
z?O6tE%EiU@6%rVuwIQjvGtOofZBGZT1Sh(xLIYt9c4VI8`!=UJd2BfLjdRI#SbVAX
ziT(f*RI^T!IL5Ac>ql7uduF#nuCRJ1)2bdvAyMxp-5^Ww5p#X{rb5)(X|fEhDHHW{
zw(Lfc$g;+Q`B0AiPGtmK%*aWfQQ$d!*U<|-@n2HZvCWSiw^<SosZid&Mq7{pz6&V3
zd@R%+SsepGL-*aKdhzR%Vvbs43uAoIdC_3qKoUK@QdY*}5w2umG!7DWQeEKlHV6q$
z_Vh)Q-FM<!WD1@h?zMdvF;}=nMKN{e&z-e2q1E@fiAqu40_=<UFNQe-L84I;Y_c%j
zXOf_0V-dW;=^lZ_p{hCK<*1Qn9RCXL-o=HCfl~b1_&}HQrR3DMhN0xaXs&X+H^PhX
zjG$NyjtoK3(r=AP7}oP%4fb^}B?XNlaB{n~xP1Xi9IZ>I>#vh+LyC;aaVWGbmkENr
z&kl*8o^_FW$T?rDYLO1Pyi%>@&kJKQoH2E0F`HjcN}Zlnx1ddoDA>G4Xu_jyp6vuT
zPvC}pT&Owx+qB`zUeR|4G;OH(<<^_bzkjln0k40t`PQxc$7h(T8Ya~X+9gDc8Z9{Z
z&y0RAU}#_kQGrM;__MK9vwIwK^aoqFhk~dK!ARf1zJqHMxF2?7-8|~yo<mfEO9=@^
zS^!0=f8b>O@_~Ed;_wvT%Vs{9RK$6uUQ|&@#6vyBsFK9eZW1Ft#D2)VpQRwpR(;x^
zdoTgMqfF9iBl%{`QDv7B0~8{8`8k`C4@cbZAXBu00v#kYl!#_Wug{)2PwD5cNp?K^
z9+|d-4z|gZ!L{57>!Ogfbzchm>J1)Y%?NThxIS8frAw@z>Zb9v%3_3~F@<=LG%r*U
zaTov}{{^z~SeX!qgSYow`_5)ij*QtGp4lvF`aIGQ>@3ZTkDmsl#@^5*NGjOuu82}o
zzLF~Q9SW+mP=>88%eSA1W4_W7-Q>rdq^?t=m6}^tDPaBRGFLg%ak93W!kOp#EO{6&
zP%}Iff5HZQ9VW$~+9r=|Quj#z*=YwcnssS~9|ub2>v|u1JXP47vZ1&L1O%Z1Ds<y1
zKGhYGqMl$%q``Pf)AeU^htE>OrDfSIMHU{VT>&>H=9}G3i@2rP+rx@eU@uE8rJNec
zij~#FmuEBj03F1~ct@C@$>y)zB+tVyjV3*n`mtAhI<Hd#M@#m|U%%fPzKpS=8^jh0
zL8{$eQBGDxNs#cZ9W_F*%I@t0Ecr241+VZB`dP=cQbRx5C6V0E8hva(E`B^pdHgL|
z{&5>M0$58vM9jOQC}JJOem|EpwqeMuYPxu3sv}oMS?S#o6GGK@8PN59)m&K4Dc&X%
z(;XL_kKeYkafzS3Wn5DD>Yiw{LACy_#jY4op(>9q>>-*9@C0M+=b#bknAWZ37^(Ij
zq>H%<@>o4a#6NydoF{_M4i4zB_KG)#PSye9bk0Ou8h%1Dtl7Q_y#7*n%g)?m>xF~(
zjqvOwC;*qvN_3(*a+w2|ao0D?@okOvg8JskUw(l7n`0fncglavwKd?~l_ryKJ^Ky!
zKCHkIC-o7%fFvPa$)YNh022lakMar^dgL=t#@XLyNHHw!b?%WlM)R@^!)I!smZL@k
zBi=6wE<uBK&#|s)0id-YUbF|8EPGSGH#_Nnlfmnx-A{yYewA#u&;8}f{mZTU`V%Vx
zw+kY#P{Vftbb_Kx6Y^&ExMgX^Mv0aE2ugq_I13BLg;kULC8h9=4mjSmMlD_q9Weew
zQP6=zR=$<}g~zzw5d*9AxF4p1bS)})m*Am0;N4P5h;=f3SqJHg(}O<h%;?&y!q3aJ
zM0lZW!Y2FVPfVs5!A8r2PY%jXR;(thZCy+-4If<jrsBG5eyH8BP$MdVS}wcThQNK)
zKIDBa>5)2v&!UNV(&)oOYW(6Qa!nUjDKKBf-~Da=#^HE4(@mWk)<uU{=obsLdUI3h
zHmqdEK8EB5g|CJ1waElw;@$z(IDUSb4jynL@<Dcx{+7nmSS)kq1|+E@VN%nmRkMiR
zs=e6GO30hK26C#QIG|w8+|fawvH;IKl%paiw=s1CoUBE@_O7IxK{t{GeiX5Bw#IBg
zy}V!1(_y)p_WaM*T{~mUh~q`irqOUPd<%ojktmiS@MD>LPvhyN3i4goB$3K8iV7uh
zsv+a?#c4&NWeK(3AH;ETrMOIFgu{_@%XRwCZ;L=^8Ts)hix4Pf3yJRQ<8xb^CkdmC
z?c_gB)XmRsk`9ch#tx4*hO=#qS7={~Vb4*tTf<5P%*-XMfUUY<TA8uu1Q&SE*j^Oz
z=-_T`Y_dFx=4yScs+$!sJ58a1Qi$jurfsZ>kI9T1cEF;ObfxxI-yNuA=I$dCtz3ey
znVkctYD*`fUuZ(5<dGK9+E5m(x+j!E1gBD<m;epCW&-dEFrxIWm6v|{RNP287N@@(
z&RwFD-KScCNJ<>7+^B*R=Q}~{1z#2!ca?)+YsRQb+lt^LmEvZt_`=j^wqig+wz@n@
z`LIMQJT3bxMzuKg8EGBU+Q-6cs5(@5W?N>JpZL{$9VF)veF`L5%DSYTNQEypW%6$u
zm_~}T{HeHj1bAlKl<bNiI7kGAT=WJaCg#3PHf(sw37beu4irZqPQM6)OVU((ZqiFe
zh7}c1t^`(7HQ`GHm>8ii92l9~$dm=UM21kLemA&b$;^!wB7#IKWGnF$TVq!!lBlG4
z{?Rjz?P(uvid+|i$VH?`-C&Gcb3{(~Vpg`w+O);Wk1|Mrjxrht0GfRUnZqz2MhrXa
zqgVC9nemD5)H$to=~hp)c=l9?#~Z_7i~=U-`FZxb-|TR9@YCxx;Zjo-WpMNOn2)z)
zFPGGVl%3N$f`gp$gPnWC+f4(rmts%fidpo^BJx72zAd7|*Xi{2VXmbOm)1`w^tm9%
znM=0Fg4bDxH5PxPEm{P3#A(mxqlM7SIARP?|2&+c7qmU8kP&iApzL|F>Dz)Ixp_`O
zP%xrP<k$wQk~?_FT73lz;bX*6=D5hHv{$OG+ESaX)ae8>1M6@oYhgo$ZWwrAsYLa4
z|I;DAvJxno9HkQrhLPQk-8}=De{9U3U%)dJ$955?_AOms!9gia%)0E$Mp}$+0er@<
zq7J&_SzvShM?e%V?_zUu{niL@gt5UFOjFJUJ}L?$f%eU%jUSoujr{^O=?=^{19`ON
zlRIy8Uo_nqcPa6@yyz`CM?pMJ^^SN^Fqtt`GQ8Q#W4kE7`V9^LT}j#pMChl!j#g#J
zr-=CCaV%xyFeQ9SK+mG(cTwW*)xa(eK;_Z(jy)wo<nmrLjO|ztv*nplaAl0pOFIhc
zZe;A@?4xmZHrI(+Y#%y4JBydr1g6#IYFihmK+)HufuUTxq$8qVOdp3boOq1P;Wv@K
zwXG&kim4YnysqJGu(l+!DM|q?7$}thxr;l?%GuKali@m896TRH<j~86OHh|?hFiON
zoVTO2Q4vtq%AS1ZzYe5%=fvKeF$UDaWs%{qd@6uW$5nPva?M$)-R6sQz?-*9>Zp~>
zA(4}-&VH+TEeLzPTqw&FOoK(ZjD~m{KW05fiGLe@E3Z2`rLukIDahE*`u!ubU)9`o
zn^-lyht#E#-dt~S>}4y$-mSbR8{T@}22cn^refuQ08NjLOv?JiEWjyOnzk<^R5%gO
zhUH_B{oz~u#IYwVnUg8?3P*#DqD8#X;%q%HY**=I>>-S|!X*-!x1{^l#OnR56O>iD
zc;i;KS+t$koh)E3)w0<sr_&V$&&^jwvKZE>OjWJl_aW2;xF=9D9Kr>)(5}4FqUbk#
zI#$N8o0w;IChL49m9CJTzoC!|u{Ljd%ECgBOf$}&jA^$(V#P#~)`&g`H8E{uv52pp
zwto`xUL-L&WTAVREEm$0g_gYPL(^vHq(*t1WCH_6alhkeW&GCZ3hL)|{O-jiFOBrF
z!EW=Jej|dqQitT6!B-7&io2K)WIm~Q)v@yq%U|VpV+I?{y0@Yd%n8~-NuuM*pM~KA
z85YB};IS~M(c<}4Hxx>qRK0cdl&e?t253N%vefkgds>Ubn8X}j6Vpgs>a#nFq$osY
z1ZRwLqFv=+BTb=i%D2Wv>_yE0z}+n<tX7=B(@omRDE4?_eQVXQv?Hdp3mP%L7_)rJ
zceU9n0F0eAb5q_*CY^$%aws@y6mOF934p6R@I02AiG$kI%gnd`UPSCop=0b3KK$X-
zk-)b~vVG#IP{XT_WwHf9Y*n)4+*X%H1=HFzGgIreH<FzmQ(C#KDP;be%rXl#(zren
z3;Gheo^MEIift!$({sqVYci@r6Dj9mg`Hdp*Tg83DVhi6WX!_~b2|?rFE`d=h~~1X
z6i36B4#G%u>iZ4?rE|*a3d7^kndWGwnFqt+iZ(7+aln<}jzbAQ(#Z2SS}3S$%Bd}^
zc9ghB%O)Z_mTZMRC&H#)I#fiLuIkGa^`4e~9oM5zKPx?zjkC&Xy0~r{;S?FS%c7w<
zWbMpzc(xSw?9tGxG~_l}Acq}zjt5ClaB7-!vzqnlrX;}$#+PyQ9oU)_DfePh2E1<7
ztok6g6K^k^DuHR*iJ?jw?bs_whk|bx`dxu^nC6#e{1*m~z1eq7m}Cf$*^Eua(oi_I
zAL+3opNhJteu&mWQ@kQWPucm<ysMdVUPHbq+gV?rGqRHPp%uV!-l3=Q6r-oAMj1Uf
z?b8Zw!CdncfJ4Z*7>iP)4|nFG`b2tpC;h{-PI@`+h?9v=9mn|0R-n8#t=+Z*FD(c5
zjj79Jxkgck*DV=wpFgRZuwr%}KTm+dx?RT@aUHJdaX-ODh~gByS?WGx&czAkvkg;x
zrf92l8$Or_zOwJVwh>5rB`Q5_5}ef6DjS*$x30nZbuO3dijS*wvNEqTY5p1_A0gWr
znH<(Qvb!os14|R)n2Ost>jS2;d1zyLHu`Svm|&dZD<e=++}X$(_vT!eDWbK#-aOcb
zi(KgPl`rO!O(9j=^cVi}IJNF4xy!cZ^|4Qs?8*Y{23A~ZFVr#LH`z~t(_yzQt&2M^
z#F0(lV{PSkxR!@r$_LIxAwOO4D~UhYNt;i4b$LF+l)!<Mlhtrc{(+#www<UPw<{4h
zpfbM!C=Fd%YcqvBrKlm>+PpP{Bh>U&`Md;gRl64q;>{8MJJM$?UNUd`aC>BiLe>*{
zJY15->yW+<3rLgYeTruFDtk1ovU<$(_y7#HgUq>)r0{^}Xbth}V#6?%5jeFYt;SG^
z3qF)=uWRU;Jj)Q}cpY8-H+l_n$2$6{ZR?&*IGr{>ek!69ZH0ZoJ*Ji+ezzlJ^%qL3
zO5a`6gwFw(moEzqxh=yJ9M1FTn<T5L*i(<zj`a8@-`*Y*d1O*$5VlE~&#SB+H9}iw
zB3)>!eo&qD#y5AZXErHs%22?A+JmS&GIolml!)rZTnUDM3YgzYfT#;OXn)`PWv3Ta
z!-i|-Wojv*k&bC}_JJDjiAK(Ba|YZgUI{f}TdEOFT2+}nPmttytw7j%@bQZDV1vvj
z^rp{gRkCDmYJHGrE1~e~AE!-&6B6`7UxVQuvRrfdFkGX8H~SNP_X4<w;C2T`tyKC_
zi-<IDL>EodVd;lXd^>eV1jN+Tt4}Rsn)R0LxBz0c=NXU|pUe!MQQFkGBWbR3&(jLm
z%RSLc#p}5_dO{GD<NWe-r|=Q6-4PleiDwT(2|~KO8GT0gfR~)=qKWhs>=DEFr=Fc%
z85CBF>*t!6ugI?soX(*JNxBp+-DdZ4<rEK)&M`6wOoocN!#y@nw+fsyKHosdUZSs#
zY>X0LldiK}+WWGvXV(C(Ht|!3$psR=&c*HIM=BmX;pRIpz@Ale{9dhGe(U2|Giv;#
zOc|;?p67J=Q(kamB*aus=|XP|m{jN^6@V*Bpm?ye56Njh#vyJqE=DweC;?Rv7faX~
zde03n^I~0B2vUmr;w^X37tVxUK?4}ifsSH5_kpKZIzpYu0;Kv}SBGfI2AKNp+VN<s
z&%`{SSX=7`cuk&HSpr5=9(NBlPiF6=d$2k4+qBuZEtEp{q9rXkkSlz~m$@K5d@1sb
zV&-+U{A<aWf$z&7U9^^scEEAOgD13Kt{%E-i<cL-_`0>#z`nI{UNDRbo-wqa4NEls
zICRJpu)??cj^*WcZ^MAv+;bDbh~gpN$1Cor<{Y2oyIDws^JsfW^5AL$azE(T0p&pP
z1Mv~6Q44R&RHoH95&OuGx2srIr<@zYJTOMKiVs;Bx3py89I87LOb@%mr`0)#;7_~Z
zzcZj8?w=)>%5@HoCHE_&hnu(n_yQ-L(~VjpjjkbT7e)Dk5??fApg(d>vwLRJ-x{um
z*Nt?DqTSxh_MIyogY!vf1mU1`Gld-&L)*43f6dilz`Q@HEz;+>MDDYv9u!s;WXeao
zUq=TaL$P*IFgJzrGc>j1dDOd<P6obJsU?i;%~VO18%pw+u7Z7zDM{)mIn14~Q_iX3
zT{Tx9IMu^l8)U&uPF2B_@;$LfUzf<C;nO$|L9fQPGc5pM<ix6!$F5fSR4J=#3pL1>
zed+=ZBo?w4mr$2)Ya}?vedDopomhW1`#P<%YOJ_j=WwClX0xJH-<Xq=YwhDDH5<ir
z)fn*!W2|$oe({@J6>f@s?<R{WuTm{#vF3!6EowIp1Yl(A5Iq}el2(>^tmzs_j7t!k
zK@j^zS0Q|mM4tVP5Ram$VbS6|YDY&y?Q1r1joe9dj08#CM{RSMTU}(RCh`hp_Rkl-
zGd|C<M{UA`Ev@3>v~G@F{DLhCizAm9AN!^{rNs8hu!G@8RpnGx7e`-+K$ffN<0qjR
zGq^$dj_Tv!n*?zOSyk5skI7JVKJ)3jysnjIu-@VSzQiP8r6MzudCU=~?v-U8yzo^7
zGf~SUTvEp+S*!X9uX!sq=o}lH;r{pzk~M*VA(uyQ`3C8!{C;)&6)95fv(cK!%Cuz$
z_Zal57H6kPN>25KNiI6z6F)jzEkh#%OqU#-__Xzy)KyH};81#N6OfX$$IXWzOn`Q&
z4f$Z1t>)8&8PcYfEwY5UadU1yg+U*(1m2ZlHoC-!2?gB!!fLhmTl))D@dhvkx#+Yj
z1O=LV{(T%{^IeCuFK>%QR!VZ4GnO5t<M8oXd(Iwnd!%6;G4+b$sfV@nF>K8a+thWE
zg4VytZ<!+^Z3OxbQ{Q^NT}C^&{w?l_efsLU3K<LxNcF3In!jBW`E4P@@Q>rwcS?7^
zuZfhYnB8dwd%VLO?DK7pV5Wi<(`~DYqOXn8#jUIL^)12*Dbhk4GmL_E2`WX&iT16o
zk(t|hok(Y|v-wzn?4x34T)|+SfZP>fiq!><*%vnxGN~ypST-FtC+@TPv*vYv@iU!_
z@2gf|PrgQ?Ktf*9^CnJ(x*CtZVB8!OBfg0%!wL;Z8(tYYre0vcnPGlyCc$V(Ipl*P
z_(J!a=o@vp^%Efme!K74(Ke7A>Y}|sxV+JL^<EBm?s93Gk}89>aYa{~m%5#$$+R1?
zGaQhZTTX!#s#=Xtpegqero$RNt&`4xn3g$)=y*;=N=Qai)}~`xtxI<AZ4F;JTD<8R
zj!)c(h~W5ym&ztJHonI$wOw!ilm$MYm9Bza-hgQlyVgU%3gL7ZR{DGw;SC3(2jmN#
zEN0r*A}At(0W#Ah$kNBdq7}-SmKb}m?}0D&ayCSIp<(7rh{N(>_N*#MMCIq#HFifT
zz(-*m;pVH&+4bixL&Bbg)W5FN^bH87pAHp)<cHV|Z#UZzRmhx)v+J#b;z4`Q?k?-R
z?Mwe6>zPkWNMfTFqS=l~AC$3FX3kQUSh_C?-ZftyClgM)o_D7cX$RGlEYblux0jv5
zTr|i-I3@ZPCGheCl~BGhImF)K4!9@?pC(gi3ozX=a!|r1)LFxy_8c&wY0<^{2cm|P
zv6Y`QktY*;I)IUd5y3ne1CqpVanlY45z8hf4&$EUBnucDj16pDa4&GI&TArYhf*xh
zdj>*%APH8(h~c>o@l#%T>R$e>rwVx_WUB|~V`p^JHsg*y12lzj&zF}w6W09HwB2yb
z%Q~`es&(;7#*DUC_w-Dmt7|$*?TA_m;zB+-u{2;Bg{O}nV7G_@7~<)Bv8fH^G$<M*
z&d&;aLbJI7DA_i+KF+_Y*db5T=T0$Yb3d-`R$T@3wLZQCDrGFAM6Hy)P81(B7I-}^
zZ#X&{ChGm1hJg}`oiCWrMyeKG-CKZgKD^F(ua7wxm46IP%8KAiuDjGgHkpHlqY{44
z6u+EZH5*`-Tmv@0q-e$H7@qYxb=7lP*Uw9V-%F*BSf3gnl(tEHIo~UWGwgNM?yNh+
z4`DXIz*~q@Zt5=B?(4}yS%0CI2f?0DXy#?0A|S`Rsho0pv40`;)dJpwh<81-^iiuK
z%Vi?_s~)&i)z1SmPY1<XW`lTd<YCBKxgcl4zKk4DeAbUOOvIYr?)CoiY>XG8$(&{A
zwXJK5LRK%M34(t$&NI~MHT{UQ9qN-V_yn|%PqC81EIiSzmMM=2zb`mIwiP_b)x+2M
z7Gd`83h79j#SItpQ}luuf2uOU`my_rY5T{6P#BNlb%h%<#MZb=m@y5aW;#o1^<f$w
z=h?@HX|<iV!fmbN2X4(oxX(FwV@xQ6hBb_M4Z>2Z)SWo+b`y0gV^iRcZtz5!-05vF
z7wNo=hc6h4hc&s@uL^jqRvD6thVYtbErDK9k!;+a0xoE0WL7zLixjn5;$fXvT=O3I
zT6jI&^A7k6R{&5#lVjz#8%_RiAa2{di{`kx79K+j72$H(!ass|B%@l%KeeKchYLe_
z>!(JC2fxsv>XVen+Y42GeYPxMWqm`6F$(E<6^s|g(slNk!lL*6v^W2>f6hh^mE$s=
z3D$)}{V5(Qm&A6bp%2Q}*GZ5Qrf}n7*Hr51?bJOyA-?B4vg6y_EX<*-e20h{=0Mxs
zbuQGZ$fLyO5v$nQ&^kuH+mNq9O#MWSfThtH|0q1i!NrWj^S}_P;Q1OkYLW6U^?_7G
zx2wg?CULj7))QU(n{$0JE%1t2dWrMi2g-Os{v|8^wK{@qlj%+1b^?<vxdN3hhv>NI
z$}l2tjp0g>K3O+p%yK<9!XqmQ?E9>z&(|^Pi~aSRwI5x$jaA62GFz9%fmO3t3a>cq
zK8Xbv=5Ps~4mKN5+Eqw12(!PEyedFXv~VLxMB~HwT1Vfo51pQ#D8e$e4pFZ{&RC2P
z5gTIzl{3!&(tor^BwZfR8j4k{<RRDK>7Rq#`riKXP2O-Bh66#WWK2w=z;iD9GLl+3
zpHIaI4#lQ&S-xBK8PiQ%dwOh?%BO~DCo06pN7<^dnZCN@NzY{_Z1>rrB0U|nC&+!2
z2y!oBcTd2;@lzyk(B=TkyZ)zy0deK05*Q0zk+<m@@d`~L>o$@nun`VI1Er7pjq>8V
zNmlW{p7S^Btgb(TA}jL(uR>`0w8gHP^T~Sh5Tkip^spk4SBAhC{TZU}_Z)UJw-}zm
zPq{KBm!k)?P{`-(9?LFt&YN4s%SIZ-9lJ!Ws~B%exHOeVFk3~}HewnnH(d)qkLQ_d
z6h><vmhITb#1N_8X1Z(L5Z-Mt1QD-4--ZSQa|I2k|2yb`=kK=Y{xq2W9@z8ykeYTE
z(sLIxoB*Jf@`g}u$%PTp1k#3_<Y0()`Q@U-raX1Vot0=ZY_hD?M86FdNIhTjrJxZ+
zJ((diYOZbq`Uha?I6CglyX`fAgexzumMOh3N@)+6OQ*_0dT^VSFf_smVHDjg55<Jl
zH2Ozsu;$G}j>O)pEE{vbOVw}E+jdYC^wM+AAhaI(YAibUc@B#_mDss0Ji&BK{WG`4
zOk>vSNq(Bq2IB@s>>Rxm6Wv?h;Z<HWsJXErNyl(WAMS;TU3O?s5_Llui-|!JglEvo
z$E2mYL3+SPK!E!7%WQv?cHL*#*)*5PhS)J5GV09TI$ZnD5J-@RK1t0}*-9n4F=AJg
z@YsA@xfMsv#w~_vqJq-JmLhW#heOMgz)(!epQo{MZD5-(_n`&FvWL)jB4Ys1EdZfI
zoaBo@7-CroK$CL=LyAo`ptq!pX?Uo!KIaWj7|yHs%MYw!l&%tFp^xeV$e}_JqO0pN
zNxaGWM<%{B0&9iTjFXOdP?w#{jHX>Xkpb1l8u|+_qXWdC*jjcPCixq;!%BVPSp#hP
zqo`%cNf&YoQXHC$D=D45RiT|5ngPlh?0T~?lUf*O)){K@*Kbh?3RW1j9-T?%lDk@y
z4+~?wKI%Y!-=O|_IuKz|=)F;V7ps=5@g)RrE;;tvM$gUhG>jHcw2Hr@fS+k^Zr~>G
z^JvPrZc}_&d_kEsqAEMTMJw!!CBw)u&ZVzmq+ZworuaE&TT>$pYsd9|g9O^0orAe8
z221?Va!l1|Y5X1Y?<Q2k@C>{G7rt1sX#qFA^?RLG^VjoxPf63;AS=_mVDfGJKg73L
zsGdnTUD40y(>S##2l|W2Cy!H(@@5KBa(#gs`vlz}Y~$ot5VsqPQ{{YtjYFvIumZzt
zA{CcxZLJR|4<x-MAle2Nd|D%3<KvN6^~LMtrTQKT11XTUTsz-QKf89?*YA3bbocsv
z<tG;Y1lpf_{>#{j7k~Tu*jkwz8QA|5G1$Cl895R`<bW@zkRsPYS`N#4&EBxmd{@y_
z#&U+_?ao#Kwx+DC{AN!PZYAX?2(H1uQyF~p>Zyp;irp1{KN){kB<t|Lg})VytK%aH
zCJdJ3Re6v<r!FVDLBzZp{ZdlRHq_XzsY7pir9Q3LQAJ+IOOcz}u=>30O8P1W5;@bG
znvX74roeMmQlUi=v9Y%(wl$ZC#9tKNFpvi3!C}f1m6Ct|l2g%psc{TJp)@yu)*e2>
z((p0Fg*8gJ!|3WZke9;Z{8}&NRkv7iP=#_y-F}x^y?2m%-D_aj^)f04%mneyjo_;)
z6qc_Zu$q37d~X``*eP~Q>I2gg%rrV8v=kD<S$$Du%7)9vB5*3kar-m(rC|$tWLh`b
zcoxYH(*j~EVZ>fpp$=%Vj}hF)^dsSWygoN(A$g*E=Do6FX?&(@F#7pbiJ`;c0c@Ul
zDqW_90Wm#5f2L<(Lf3)3TeXtI7nhYwRm(F;*r_G6K@OPW4H(Y3O5SjUzBC}<?|Tm0
zRP=fu|E~4-g)9SuK=BRizYL2M|GU<InE379H^~Fl#JuQ1SzKoHfLmc9R0#Sg+k((d
zhN8HzM*VhCp<uO4>u3d|eQ8<Ba^oJ-NVK>*8d@?;zUPE+i#QNMn=r(ap?2SH@vo*m
z3HJ%XuG_S6;QbWy-l%qU;8x;>z>4pMW7>R}J%QLf%@1BY(4f_1iixd-6GlO7Vp*yU
zp{VU^3?s?90i=!#>H`lxT!q8rk>W_$2~kbpz7eV{3wR|8E=8**5?qn8#n`*(bt1<M
zlk{?%Mh@~#mQl*b5K-2c;P;AWttPx=rB~Os`<u!ZxgjvPCt_!HNidwq(fg-i3DKTv
z?L6K*ehZ#KPjHDJ5vWuMs>xRQrdGxyx2y%B$qmw#>ZV$c7%cO#%JM1lY$Y0q?Yuo>
ze9KdJoiM)RH*SB%^;TAdX-zEj<!({s>A7@%<k)#%bD2GjyYCHnZiy-B)zMUf<(h`v
z6r)G0@ahyae4&QsKnOdXX44T}#dpO3&z>y=!0=Zg%iWK7jVI9b&Dk}0$Af&08KHo+
zOwDhFvA(E|ER%a^cdh@<ajPmA)cO>^wLUlmIv6?_3=BvX8jKk92L=Y}7Jf5OGMfh`
zBdR1wFCi-i5@`9km{isRb0O%TX+f~)KNaEz{rXQa89`YIF;EN&gN)cigu6mNh>?Cm
zAO&Im2f<R$(FpJ-`ul}(ek!d0=fY-I4EB1j^=!?42}Ai4Ov$fceybC`ldYb$wUO<g
zK&64tq3)(3caC8H2^0c!zYlKgzjgZ=)Y{6D!P?degl}(VWcMrIfg+afSq6y0%GTsh
zmAd<vAKnHjOx?5bKT7CX>lv6D{jwm+y<%WsPe4!89n~KN|7}Cb{Z;XweER73r}Qp2
zz}WP4j}U0&(uD&9yGy6`!+_v-S(yG*iytsTR#x_Rc>=6u^vnRD<C6c)4)B{t?-8)?
z2xp^$Jh2LbWBGv&x&py@L2t$XBoHw&)^o717Xj%jSXk*9f+X>nf1gP{#2>`ffrAC%
zTZ5WQ@hAK;P;>kX{D)mIXe4%a5p=LO1xXH@8T?mz<Y5Jb+5IA|K_bV-ptS8wKUIJe
zlnC^nSKzO2&(G!zwE~2?4Em$~2^|XeSLpxo+h4=3W@$d22XziXgrHPgKfxm4{Q?%G
z%VMu*@t=&O4_)C$NxOUvdcQ3}ZB70YssJb-`Tul<w3Ug8k?mhs6vf)^y%wk;2SMIt
z{0TA~lmzU5Ldx8AZhs^KyL&|c8vK4Lb%CG2#X<ed{{(-jXKyNKXJ=%o5Ap<=w3UIL
zg@_sGZ7|b!_^&MWL*Lxb4hwR|e+&o?;QOase|;DCb0ywom;GTt@W&#*Kz{hV|CDR?
zVeRjyW&63CPz0%4{!dT+(E^|;%)=av4+-w4Lb=QC_QQbS(xBkbza#iL*V}K{|6?S+
zOQ!N)<5u|v_FZa~ht<5F`r%Hy{D%R-1O5)`?-Q#$B)c!64)XGU3<!Rp{x|jhLH18R
zCmzz?7ykbF9x-(OhW6gH^?#_fKP0;^T79P_{=<OaQ@a10?7<xQA<2E2*1JuC9|i;u
z)c@xs_t!HXGTaxL{JE(vP5wE<?}3@W5PyA0dtcd4@W)+&u0Zhg*Z()#-*55{J<Er5
z_cg!n<N|*f5Ihs`ujzgv9{7;=zJ8O^4^q$-2!3MwuX+EGzSzSW+?Sq^`l$w44*$9a
zzfz5QNPPc<|IaQree<u0f1z{nkoW$v>7Q@d)$3pL{{B!2{-v70L*o1AO+|n5beiw~
zk@(>m?T3{2k2c;NWc^`4@P&Z?BjxXJ@;x1qhn)9Mn*IFdt_J-dIqx5#d`NfyfX~m(
zIS~5)MfZ2Uy?_4W`47i}u0ZgPh<{D|w_d#;D}Q&U<c9&l@uL4V+pkZUJoNDWE$N@f
z811-!Oa0gLy!-3)KQq|o{SCvP*5?13;r>$Q-G}xM1A@1f{#%A$jh6Qp&0hQ<0bPOM
z-{1Wm&p%%#eb_?x7i;bo<bD_s{JQdQSRc-n@6B`mH1&W2ZKd3Ot1yB=qk@55R^R>l
EfAhh=DF6Tf

diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
index 642d572c..e83fa695 100644
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -1,2 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar
diff --git a/mvnw b/mvnw
index 41c0f0c2..5643201c 100755
--- a/mvnw
+++ b/mvnw
@@ -36,6 +36,10 @@
 
 if [ -z "$MAVEN_SKIP_RC" ] ; then
 
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
   if [ -f /etc/mavenrc ] ; then
     . /etc/mavenrc
   fi
@@ -145,7 +149,7 @@ if [ -z "$JAVACMD" ] ; then
       JAVACMD="$JAVA_HOME/bin/java"
     fi
   else
-    JAVACMD="`which java`"
+    JAVACMD="`\\unset -f command; \\command -v java`"
   fi
 fi
 
@@ -212,9 +216,9 @@ else
       echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
     fi
     if [ -n "$MVNW_REPOURL" ]; then
-      jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+      jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
     else
-      jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+      jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
     fi
     while IFS="=" read key value; do
       case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
@@ -233,9 +237,9 @@ else
           echo "Found wget ... using wget"
         fi
         if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
-            wget "$jarUrl" -O "$wrapperJarPath"
+            wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
         else
-            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
         fi
     elif command -v curl > /dev/null; then
         if [ "$MVNW_VERBOSE" = true ]; then
@@ -305,6 +309,8 @@ WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
 
 exec "$JAVACMD" \
   $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
   -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
-  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  "-Dmaven.home=${M2_HOME}" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
   ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/mvnw.cmd b/mvnw.cmd
index 86115719..23b7079a 100644
--- a/mvnw.cmd
+++ b/mvnw.cmd
@@ -1,182 +1,188 @@
-@REM ----------------------------------------------------------------------------
-@REM Licensed to the Apache Software Foundation (ASF) under one
-@REM or more contributor license agreements.  See the NOTICE file
-@REM distributed with this work for additional information
-@REM regarding copyright ownership.  The ASF licenses this file
-@REM to you under the Apache License, Version 2.0 (the
-@REM "License"); you may not use this file except in compliance
-@REM with the License.  You may obtain a copy of the License at
-@REM
-@REM    http://www.apache.org/licenses/LICENSE-2.0
-@REM
-@REM Unless required by applicable law or agreed to in writing,
-@REM software distributed under the License is distributed on an
-@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-@REM KIND, either express or implied.  See the License for the
-@REM specific language governing permissions and limitations
-@REM under the License.
-@REM ----------------------------------------------------------------------------
-
-@REM ----------------------------------------------------------------------------
-@REM Maven Start Up Batch script
-@REM
-@REM Required ENV vars:
-@REM JAVA_HOME - location of a JDK home dir
-@REM
-@REM Optional ENV vars
-@REM M2_HOME - location of maven2's installed home dir
-@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
-@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
-@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
-@REM     e.g. to debug Maven itself, use
-@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
-@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
-@REM ----------------------------------------------------------------------------
-
-@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
-@echo off
-@REM set title of command window
-title %0
-@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
-@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
-
-@REM set %HOME% to equivalent of $HOME
-if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
-
-@REM Execute a user defined script before this one
-if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
-@REM check for pre script, once with legacy .bat ending and once with .cmd ending
-if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
-if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
-:skipRcPre
-
-@setlocal
-
-set ERROR_CODE=0
-
-@REM To isolate internal variables from possible post scripts, we use another setlocal
-@setlocal
-
-@REM ==== START VALIDATION ====
-if not "%JAVA_HOME%" == "" goto OkJHome
-
-echo.
-echo Error: JAVA_HOME not found in your environment. >&2
-echo Please set the JAVA_HOME variable in your environment to match the >&2
-echo location of your Java installation. >&2
-echo.
-goto error
-
-:OkJHome
-if exist "%JAVA_HOME%\bin\java.exe" goto init
-
-echo.
-echo Error: JAVA_HOME is set to an invalid directory. >&2
-echo JAVA_HOME = "%JAVA_HOME%" >&2
-echo Please set the JAVA_HOME variable in your environment to match the >&2
-echo location of your Java installation. >&2
-echo.
-goto error
-
-@REM ==== END VALIDATION ====
-
-:init
-
-@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
-@REM Fallback to current working directory if not found.
-
-set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
-IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
-
-set EXEC_DIR=%CD%
-set WDIR=%EXEC_DIR%
-:findBaseDir
-IF EXIST "%WDIR%"\.mvn goto baseDirFound
-cd ..
-IF "%WDIR%"=="%CD%" goto baseDirNotFound
-set WDIR=%CD%
-goto findBaseDir
-
-:baseDirFound
-set MAVEN_PROJECTBASEDIR=%WDIR%
-cd "%EXEC_DIR%"
-goto endDetectBaseDir
-
-:baseDirNotFound
-set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
-cd "%EXEC_DIR%"
-
-:endDetectBaseDir
-
-IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
-
-@setlocal EnableExtensions EnableDelayedExpansion
-for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
-@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
-
-:endReadAdditionalConfig
-
-SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
-set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
-set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
-
-set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
-
-FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
-    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
-)
-
-@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
-@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
-if exist %WRAPPER_JAR% (
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Found %WRAPPER_JAR%
-    )
-) else (
-    if not "%MVNW_REPOURL%" == "" (
-        SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
-    )
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Couldn't find %WRAPPER_JAR%, downloading it ...
-        echo Downloading from: %DOWNLOAD_URL%
-    )
-
-    powershell -Command "&{"^
-		"$webclient = new-object System.Net.WebClient;"^
-		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
-		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
-		"}"^
-		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
-		"}"
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Finished downloading %WRAPPER_JAR%
-    )
-)
-@REM End of extension
-
-@REM Provide a "standardized" way to retrieve the CLI args that will
-@REM work with both Windows and non-Windows executions.
-set MAVEN_CMD_LINE_ARGS=%*
-
-%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
-if ERRORLEVEL 1 goto error
-goto end
-
-:error
-set ERROR_CODE=1
-
-:end
-@endlocal & set ERROR_CODE=%ERROR_CODE%
-
-if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
-@REM check for post script, once with legacy .bat ending and once with .cmd ending
-if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
-if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
-:skipRcPost
-
-@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
-if "%MAVEN_BATCH_PAUSE%" == "on" pause
-
-if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
-
-exit /B %ERROR_CODE%
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%

From 7b90e9e4dc5829dfe8c0016dd121bea15de8de14 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Thu, 10 Feb 2022 13:48:40 -0800
Subject: [PATCH 18/36] Fix researcher category test failure

---
 .../java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java b/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java
index 46db7fa8..a5dfaf05 100644
--- a/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java
+++ b/src/test/java/ubc/pavlab/rdp/repositories/UserRepositoryTest.java
@@ -479,7 +479,7 @@ public void save_whenUserHasMultipleResearcherCategories_thenSucceed() {
         user.getProfile().getResearcherCategories().add( ResearcherCategory.IN_VIVO );
         user = entityManager.persistAndFlush( user );
         assertThat( user.getProfile().getResearcherCategories() )
-                .containsExactly( ResearcherCategory.IN_SILICO, ResearcherCategory.IN_VIVO );
+                .containsExactlyInAnyOrder( ResearcherCategory.IN_SILICO, ResearcherCategory.IN_VIVO );
     }
 
     @Test

From 4b3973d2f4410bd486d66c32695e5c5ff74145cd Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 11:01:45 -0800
Subject: [PATCH 19/36] api: Remove redundant routes for user and gene search

---
 .../pavlab/rdp/controllers/ApiController.java | 20 -------------------
 1 file changed, 20 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 9e2da921..62706921 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -144,26 +144,6 @@ public Object getGenes( @RequestHeader(value = HttpHeaders.AUTHORIZATION, requir
         }
     }
 
-    /**
-     * Hides the default users search 400 page when no parameters are provided.
-     *
-     * @return 404.
-     */
-    @GetMapping(value = "/api/users/search", produces = MediaType.APPLICATION_JSON_VALUE)
-    public Object searchUsers() {
-        return ResponseEntity.notFound().build();
-    }
-
-    /**
-     * Hides the default genes search 400 page when no parameters are provided.
-     *
-     * @return 404.
-     */
-    @GetMapping(value = "/api/genes/search", produces = MediaType.APPLICATION_JSON_VALUE)
-    public Object searchGenes() {
-        return ResponseEntity.notFound().build();
-    }
-
     @GetMapping(value = "/api/users/search", params = { "nameLike" }, produces = MediaType.APPLICATION_JSON_VALUE)
     public Object searchUsersByName( @RequestParam String nameLike,
                                      @RequestParam Boolean prefix,

From 55c1c958aee05f15aee516ace0a913e3fa67abc9 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 11:04:22 -0800
Subject: [PATCH 20/36] Improve check for remote search user

Rename UserService.getRemoteAdmin() to UserService.getRemoteSearchUser()
since that user is not necessarily an administrator.

Use an Optional in UserService.getRemoteUser() so that an unconfigured
remote search user can be handled nicely.

Cache the remote user since it's hard-coded in the configuration.
---
 .../ubc/pavlab/rdp/controllers/ApiController.java |  6 ++----
 .../pavlab/rdp/services/PrivacyServiceImpl.java   | 15 ++++++++++-----
 .../java/ubc/pavlab/rdp/services/UserService.java |  3 +--
 .../ubc/pavlab/rdp/services/UserServiceImpl.java  |  9 +++++++--
 src/main/resources/ehcache.xml                    |  4 ++++
 .../pavlab/rdp/controllers/ApiControllerTest.java | 10 ++++++----
 .../rdp/security/PrivacyServiceImplTest.java      |  1 +
 7 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 62706921..32ea9af0 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -317,10 +317,8 @@ private void checkAuth( String authorizationHeader, String authToken ) throws Au
             return;
         } else if ( applicationSettings.getIsearch().getAuthTokens().contains( authToken ) ) {
             // remote admin authentication
-            u = userService.getRemoteAdmin();
-            if ( u == null ) {
-                throw new ApiException( HttpStatus.SERVICE_UNAVAILABLE, messageSource.getMessage( "ApiController.misconfiguredRemoteAdmin", null, Locale.getDefault() ) );
-            }
+            u = userService.getRemoteSearchUser()
+                    .orElseThrow( () -> new ApiException( HttpStatus.SERVICE_UNAVAILABLE, messageSource.getMessage( "ApiController.misconfiguredRemoteAdmin", null, Locale.getDefault() ) ) );
         } else {
             // authentication via access token
             try {
diff --git a/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
index c080a278..5913fe71 100644
--- a/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
@@ -78,7 +78,7 @@ public boolean checkUserCanUpdate( User user, UserContent userContent ) {
 
     private boolean checkUserCanSeeOtherUserContentWithPrivacyLevel( User currentUser, User otherUser, PrivacyLevelType privacyLevel ) {
         // Never show the remote admin profile (or accidental null users)
-        if ( otherUser == null || ( applicationSettings.getIsearch() != null && otherUser.getId().equals( applicationSettings.getIsearch().getUserId() ) ) ) {
+        if ( otherUser == null || ( applicationSettings.getIsearch() != null && isRemoteSearchUser( otherUser ) ) ) {
             return false;
         }
 
@@ -94,14 +94,15 @@ private boolean checkUserCanSeeOtherUserContentWithPrivacyLevel( User currentUse
             return false;
         }
 
+
         // Either the user is looking at himself, or the user is public, or shared with registered users - check for any logged-in user, or private - check for admin; If logged-in user is admin, we have to
         // check whether this user is the designated actor for the authenticated remote search, in which case we have to check for remote search privileges on the user.
         return otherUser.equals( currentUser ) // User is looking at himself
                 || ( privacyLevel.equals( PrivacyLevelType.PUBLIC ) ) // Data is public
-                || ( privacyLevel.equals( PrivacyLevelType.SHARED ) && currentUser != null && !currentUser.getId().equals( applicationSettings.getIsearch().getUserId() ) )// data is accessible for registerd users and there is a user logged in who is not the remote admin
-                || ( privacyLevel.equals( PrivacyLevelType.PRIVATE ) && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && !currentUser.getId().equals( applicationSettings.getIsearch().getUserId() ) )// data is private and there is an admin logged in who is not the remote admin
-                || ( privacyLevel.equals( PrivacyLevelType.PRIVATE ) && currentUser != null && currentUser.getRoles().contains( getServiceAccountRole() ) && !currentUser.getId().equals( applicationSettings.getIsearch().getUserId() ) ) // user is a service account
-                || ( profile.isShared() && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && currentUser.getId().equals( applicationSettings.getIsearch().getUserId() ) ); // data is designated as remotely shared and there is an admin logged in who is the remote admin
+                || ( privacyLevel.equals( PrivacyLevelType.SHARED ) && currentUser != null && !isRemoteSearchUser( currentUser ) )// data is accessible for registerd users and there is a user logged in who is not the remote admin
+                || ( privacyLevel.equals( PrivacyLevelType.PRIVATE ) && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && !isRemoteSearchUser( currentUser ) )// data is private and there is an admin logged in who is not the remote search user
+                || ( privacyLevel.equals( PrivacyLevelType.PRIVATE ) && currentUser != null && currentUser.getRoles().contains( getServiceAccountRole() ) && !isRemoteSearchUser( currentUser ) ) // user is a service account
+                || ( profile.isShared() && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && isRemoteSearchUser( currentUser ) ); // data is designated as remotely shared and there is an admin logged in who is the remote search user
     }
 
     @Cacheable(value = "ubc.pavlab.rdp.model.Role.byRole", key = "'ROLE_ADMIN'")
@@ -113,4 +114,8 @@ public Role getAdminRole() {
     public Role getServiceAccountRole() {
         return roleRepository.findByRole( "ROLE_SERVICE_ACCOUNT" );
     }
+
+    private boolean isRemoteSearchUser( User user ) {
+        return userService.getRemoteSearchUser().filter( user::equals ).isPresent();
+    }
 }
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserService.java b/src/main/java/ubc/pavlab/rdp/services/UserService.java
index 92db57c9..df617ecd 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserService.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserService.java
@@ -3,7 +3,6 @@
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.transaction.annotation.Transactional;
 import ubc.pavlab.rdp.exception.TokenException;
 import ubc.pavlab.rdp.model.*;
 import ubc.pavlab.rdp.model.enums.PrivacyLevelType;
@@ -57,7 +56,7 @@ public interface UserService {
 
     AccessToken createAccessTokenForUser( User user );
 
-    User getRemoteAdmin();
+    Optional<User> getRemoteSearchUser();
 
     Collection<User> findAll();
 
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
index 54139c75..51209837 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
@@ -310,8 +310,13 @@ public AccessToken createAccessTokenForUser( User user ) {
     }
 
     @Override
-    public User getRemoteAdmin() {
-        return userRepository.findOneWithRoles( applicationSettings.getIsearch().getUserId() );
+    @Cacheable("ubc.pavlab.rdp.services.UserService.remoteSearchUser")
+    public Optional<User> getRemoteSearchUser() {
+        if ( applicationSettings.getIsearch().getUserId() == null ) {
+            // there is no configured remote search user
+            return Optional.empty();
+        }
+        return Optional.ofNullable( userRepository.findOneWithRoles( applicationSettings.getIsearch().getUserId() ) );
     }
 
     @Override
diff --git a/src/main/resources/ehcache.xml b/src/main/resources/ehcache.xml
index cc17c8c1..3ff16c5d 100644
--- a/src/main/resources/ehcache.xml
+++ b/src/main/resources/ehcache.xml
@@ -58,4 +58,8 @@
     <cache name="ubc.pavlab.rdp.services.RemoteResourceService.apiVersionByRemoteHostAuthority"
            maxElementsInMemory="10"
            timeToLiveSeconds="10"/>
+
+    <cache name="ubc.pavlab.rdp.services.UserService.remoteSearchUser"
+           maxElementsInMemory="1"
+           eternal="true"/>
 </ehcache>
\ No newline at end of file
diff --git a/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java b/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
index c135baad..9effc221 100644
--- a/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
+++ b/src/test/java/ubc/pavlab/rdp/controllers/ApiControllerTest.java
@@ -29,6 +29,7 @@
 import java.net.URI;
 import java.util.Collections;
 import java.util.EnumSet;
+import java.util.Optional;
 import java.util.UUID;
 
 import static org.mockito.Matchers.any;
@@ -83,6 +84,7 @@ public void setUp() {
         when( iSearchSettings.isEnabled() ).thenReturn( true );
         when( siteSettings.getHostUri() ).thenReturn( URI.create( "http://localhost/" ) );
         when( messageSource.getMessage( eq( "rdp.site.shortname" ), any(), any() ) ).thenReturn( "RDMM" );
+        when( userService.getRemoteSearchUser() ).thenReturn( Optional.empty() );
     }
 
     @Test
@@ -117,7 +119,7 @@ public void searchGenes_withSearchDisabled_thenReturnServiceUnavailable() throws
     public void searchGenes_withAuthToken_thenReturnSuccess() throws Exception {
         // configure remote authentication
         when( iSearchSettings.getAuthTokens() ).thenReturn( Collections.singletonList( "1234" ) );
-        when( userService.getRemoteAdmin() ).thenReturn( createUser( 1 ) );
+        when( userService.getRemoteSearchUser() ).thenReturn( Optional.of( createUser( 1 ) ) );
 
         // configure one search result
         Taxon humanTaxon = createTaxon( 9606 );
@@ -136,14 +138,14 @@ public void searchGenes_withAuthToken_thenReturnSuccess() throws Exception {
                         .param( "tier", "TIER1" ) )
                 .andExpect( status().is2xxSuccessful() );
 
-        verify( userService ).getRemoteAdmin();
+        verify( userService ).getRemoteSearchUser();
     }
 
     @Test
     public void searchGenes_withAuthTokenInQuery_thenReturnSuccess() throws Exception {
         // configure remote authentication
         when( iSearchSettings.getAuthTokens() ).thenReturn( Collections.singletonList( "1234" ) );
-        when( userService.getRemoteAdmin() ).thenReturn( createUser( 1 ) );
+        when( userService.getRemoteSearchUser() ).thenReturn( Optional.of( createUser( 1 ) ) );
 
         // configure one search result
         Taxon humanTaxon = createTaxon( 9606 );
@@ -162,7 +164,7 @@ public void searchGenes_withAuthTokenInQuery_thenReturnSuccess() throws Exceptio
                         .param( "auth", "1234" ) )
                 .andExpect( status().is2xxSuccessful() );
 
-        verify( userService ).getRemoteAdmin();
+        verify( userService ).getRemoteSearchUser();
     }
 
     @Test
diff --git a/src/test/java/ubc/pavlab/rdp/security/PrivacyServiceImplTest.java b/src/test/java/ubc/pavlab/rdp/security/PrivacyServiceImplTest.java
index cdd6c544..ce0a9531 100644
--- a/src/test/java/ubc/pavlab/rdp/security/PrivacyServiceImplTest.java
+++ b/src/test/java/ubc/pavlab/rdp/security/PrivacyServiceImplTest.java
@@ -78,6 +78,7 @@ public void setUp() {
         when( applicationSettings.getPrivacy() ).thenReturn( privacySettings );
         when( applicationSettings.getIsearch() ).thenReturn( iSearchSettings );
         when( privacySettings.isRegisteredSearch() ).thenReturn( true );
+        when( userService.getRemoteSearchUser() ).thenReturn( Optional.empty() );
     }
 
     @Test

From bc15d466569f4b675224689d702b771cff15a23a Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 11:12:27 -0800
Subject: [PATCH 21/36] Minor cleanups for PermissionEvaluatorImpl and its
 tests

---
 .../ubc/pavlab/rdp/security/PermissionEvaluatorImpl.java | 8 ++------
 .../pavlab/rdp/security/PermissionEvaluatorImplTest.java | 9 +++------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/security/PermissionEvaluatorImpl.java b/src/main/java/ubc/pavlab/rdp/security/PermissionEvaluatorImpl.java
index aac86597..5227583d 100644
--- a/src/main/java/ubc/pavlab/rdp/security/PermissionEvaluatorImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/security/PermissionEvaluatorImpl.java
@@ -8,7 +8,6 @@
 import ubc.pavlab.rdp.model.User;
 import ubc.pavlab.rdp.model.UserContent;
 import ubc.pavlab.rdp.model.UserPrinciple;
-import ubc.pavlab.rdp.repositories.RoleRepository;
 import ubc.pavlab.rdp.services.PrivacyService;
 import ubc.pavlab.rdp.services.UserService;
 
@@ -21,9 +20,6 @@ public class PermissionEvaluatorImpl implements PermissionEvaluator {
     @Autowired
     private UserService userService;
 
-    @Autowired
-    private RoleRepository roleRepository;
-
     @Autowired
     private PrivacyService privacyService;
 
@@ -42,11 +38,11 @@ public boolean hasPermission( Authentication authentication, Object targetDomain
             }
         }
 
-        throw new UnsupportedOperationException( "" );
+        throw new UnsupportedOperationException( "Permission " + permission + " is not supported." );
     }
 
     @Override
     public boolean hasPermission( Authentication authentication, Serializable targetId, String targetType, Object permission ) {
-        throw new UnsupportedOperationException( "" );
+        throw new UnsupportedOperationException( "Permission on target ID is not supported." );
     }
 }
diff --git a/src/test/java/ubc/pavlab/rdp/security/PermissionEvaluatorImplTest.java b/src/test/java/ubc/pavlab/rdp/security/PermissionEvaluatorImplTest.java
index 056369ca..310f4d44 100644
--- a/src/test/java/ubc/pavlab/rdp/security/PermissionEvaluatorImplTest.java
+++ b/src/test/java/ubc/pavlab/rdp/security/PermissionEvaluatorImplTest.java
@@ -38,15 +38,12 @@ public PermissionEvaluator permissionEvaluator() {
     @MockBean
     UserService userService;
 
-    @MockBean
-    RoleRepository roleRepository;
-
     @MockBean
     PrivacyService privacyService;
 
-    Authentication auth;
-
-    UserContent userContent;
+    /* fixtures */
+    private Authentication auth;
+    private UserContent userContent;
 
     @Before
     public void setUp() {

From 4bafade1dae8b6b4e7605de89de65136935cbece Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 11:18:45 -0800
Subject: [PATCH 22/36] Log unauthorized access to /search/view and /api

---
 src/main/java/ubc/pavlab/rdp/controllers/ApiController.java   | 4 +++-
 .../java/ubc/pavlab/rdp/controllers/SearchViewController.java | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 32ea9af0..1205b899 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -27,6 +27,7 @@
 import ubc.pavlab.rdp.settings.ApplicationSettings;
 import ubc.pavlab.rdp.settings.SiteSettings;
 
+import javax.servlet.http.HttpServletRequest;
 import java.text.MessageFormat;
 import java.util.*;
 import java.util.stream.Collectors;
@@ -62,7 +63,8 @@ public class ApiController {
     private PermissionEvaluator permissionEvaluator;
 
     @ExceptionHandler({ AuthenticationException.class, AccessDeniedException.class })
-    public ResponseEntity<?> handleAuthenticationExceptionAndAccessDeniedException( Exception e ) {
+    public ResponseEntity<?> handleAuthenticationExceptionAndAccessDeniedException( HttpServletRequest req, Exception e ) {
+        log.warn( "Unauthorized access to the API via " + req.getRequestURI() + ".", e );
         return ResponseEntity.status( HttpStatus.UNAUTHORIZED )
                 .contentType( MediaType.TEXT_PLAIN )
                 .body( e.getMessage() );
diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
index 0c1115e8..9b78f07f 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
@@ -16,6 +16,7 @@
 import ubc.pavlab.rdp.model.enums.TierType;
 import ubc.pavlab.rdp.services.*;
 
+import javax.servlet.http.HttpServletRequest;
 import java.net.URI;
 import java.text.MessageFormat;
 import java.util.*;
@@ -47,7 +48,8 @@ public class SearchViewController {
     private GeneInfoService geneInfoService;
 
     @ExceptionHandler({ AccessDeniedException.class })
-    public ModelAndView handleAccessDeniedForViewTemplates( AccessDeniedException exception ) {
+    public ModelAndView handleAccessDeniedForViewTemplates( HttpServletRequest req, AccessDeniedException exception ) {
+        log.warn( "Unauthorized access to the search view via " + req.getRequestURI() + ".", exception );
         ModelAndView modelAndView = new ModelAndView();
         modelAndView.setStatus( HttpStatus.UNAUTHORIZED );
         modelAndView.setViewName( "fragments/error::message" );

From d923a1df27f2edee6367bd445a3fb45c590639b6 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 11:47:27 -0800
Subject: [PATCH 23/36] Handle potential NullPointerException when sorting
 search results by taxon ordering

---
 src/main/java/ubc/pavlab/rdp/model/Taxon.java              | 7 +------
 .../java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java  | 2 +-
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/model/Taxon.java b/src/main/java/ubc/pavlab/rdp/model/Taxon.java
index 7cd42acc..63d87910 100644
--- a/src/main/java/ubc/pavlab/rdp/model/Taxon.java
+++ b/src/main/java/ubc/pavlab/rdp/model/Taxon.java
@@ -22,7 +22,7 @@
 @NoArgsConstructor
 @EqualsAndHashCode(of = { "id" })
 @ToString(of = { "id", "scientificName" })
-public class Taxon implements Comparable<Taxon>, Serializable {
+public class Taxon implements Serializable {
 
     @Id
     @Column(name = "taxon_id")
@@ -41,9 +41,4 @@ public class Taxon implements Comparable<Taxon>, Serializable {
 
     @JsonIgnore
     private Integer ordering;
-
-    @Override
-    public int compareTo( Taxon taxon ) {
-        return ordering.compareTo( taxon.ordering );
-    }
 }
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
index 22ea258b..7272abf4 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
@@ -141,7 +141,7 @@ public List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon or
         }
         return results.stream()
                 .sorted( comparing( UserGene::getAnonymousId, nullsFirst( naturalOrder() ) )
-                        .thenComparing( UserGene::getTaxon )
+                        .thenComparing( ug -> ug.getTaxon().getOrdering(), Comparator.nullsLast( naturalOrder() ) )
                         .thenComparing( UserGene::getTier )
                         .thenComparing( ug -> ug.getUser().getProfile().getFullName() ) )
                 .collect( Collectors.toList() ); // we need to preserve the search order

From 1fe909290847c57bbdb05ebee491c287a42c3af8 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 12:21:11 -0800
Subject: [PATCH 24/36] Use OrganInfo instead of UserOrgan for searching by
 organ systems

---
 .../pavlab/rdp/controllers/ApiController.java |  6 ++---
 .../rdp/controllers/SearchController.java     |  6 ++---
 .../rdp/controllers/SearchViewController.java |  6 ++---
 .../rdp/repositories/UserGeneRepository.java  |  2 --
 .../rdp/repositories/UserOrganRepository.java |  2 --
 .../pavlab/rdp/services/UserGeneService.java  | 18 ++++++++++-----
 .../rdp/services/UserGeneServiceImpl.java     | 20 +++++++++++-----
 .../pavlab/rdp/services/UserOrganService.java |  9 --------
 .../rdp/services/UserOrganServiceImpl.java    | 16 -------------
 .../ubc/pavlab/rdp/services/UserService.java  |  6 ++---
 .../pavlab/rdp/services/UserServiceImpl.java  | 23 ++++++++++++++-----
 .../repositories/UserOrganRepositoryTest.java |  3 ---
 12 files changed, 55 insertions(+), 62 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index 1205b899..ebdb03cb 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -52,7 +52,7 @@ public class ApiController {
     @Autowired
     private GeneInfoService geneService;
     @Autowired
-    private UserOrganService userOrganService;
+    private OrganInfoService organInfoService;
     @Autowired
     private UserGeneService userGeneService;
     @Autowired
@@ -380,8 +380,8 @@ private Set<TierType> restrictTiers( Set<TierType> tiers ) {
                 .collect( Collectors.toSet() );
     }
 
-    private Collection<UserOrgan> organsFromUberonIds( Set<String> organUberonIds ) {
-        return organUberonIds == null ? null : userOrganService.findByUberonIdIn( organUberonIds );
+    private Collection<OrganInfo> organsFromUberonIds( Set<String> organUberonIds ) {
+        return organUberonIds == null ? null : organInfoService.findByUberonIdIn( organUberonIds );
     }
 
 }
diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
index b02e31d2..399bf765 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchController.java
@@ -54,7 +54,7 @@ public class SearchController {
     private UserGeneService userGeneService;
 
     @Autowired
-    private UserOrganService userOrganService;
+    private OrganInfoService organInfoService;
 
     @Autowired
     private RemoteResourceService remoteResourceService;
@@ -284,7 +284,7 @@ public ModelAndView requestGeneAccess( @PathVariable UUID anonymousId,
         return modelAndView;
     }
 
-    private Collection<UserOrgan> organsFromUberonIds( Set<String> organUberonIds ) {
-        return organUberonIds == null ? null : userOrganService.findByUberonIdIn( organUberonIds );
+    private Collection<OrganInfo> organsFromUberonIds( Set<String> organUberonIds ) {
+        return organUberonIds == null ? null : organInfoService.findByUberonIdIn( organUberonIds );
     }
 }
diff --git a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
index 9b78f07f..f37381eb 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/SearchViewController.java
@@ -39,7 +39,7 @@ public class SearchViewController {
     private UserGeneService userGeneService;
 
     @Autowired
-    private UserOrganService userOrganService;
+    private OrganInfoService organInfoService;
 
     @Autowired
     private RemoteResourceService remoteResourceService;
@@ -354,7 +354,7 @@ private boolean userPreviewIsEmpty( User user ) {
                 user.getUserOrgans().isEmpty();
     }
 
-    private Collection<UserOrgan> organsFromUberonIds( Set<String> organUberonIds ) {
-        return organUberonIds == null ? null : userOrganService.findByUberonIdIn( organUberonIds );
+    private Collection<OrganInfo> organsFromUberonIds( Set<String> organUberonIds ) {
+        return organUberonIds == null ? null : organInfoService.findByUberonIdIn( organUberonIds );
     }
 }
diff --git a/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java b/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java
index d3819502..5772cfe4 100644
--- a/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java
+++ b/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java
@@ -67,8 +67,6 @@ public interface UserGeneRepository extends JpaRepository<UserGene, Integer> {
 
     UserGene findBySymbolAndTaxon( String symbol, Taxon taxon );
 
-    Collection<UserGene> findByGeneIdAndTierAndUserUserOrgansIn( int geneId, TierType tier, Collection<UserOrgan> organs );
-
     Collection<UserGene> findByGeneIdAndTierInAndUserUserOrgansIn( int geneId, Set<TierType> tiers, Collection<UserOrgan> organs );
 
     /**
diff --git a/src/main/java/ubc/pavlab/rdp/repositories/UserOrganRepository.java b/src/main/java/ubc/pavlab/rdp/repositories/UserOrganRepository.java
index 7b627403..80e5a13e 100644
--- a/src/main/java/ubc/pavlab/rdp/repositories/UserOrganRepository.java
+++ b/src/main/java/ubc/pavlab/rdp/repositories/UserOrganRepository.java
@@ -10,6 +10,4 @@
 public interface UserOrganRepository extends JpaRepository<UserOrgan, Integer> {
 
     Collection<UserOrgan> findByDescriptionContainingIgnoreCase( String description );
-
-    Collection<UserOrgan> findByUberonIdIn( Collection<String> organUberonIds );
 }
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java
index 47ded25d..fda52b88 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java
@@ -21,10 +21,7 @@
 
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
-import ubc.pavlab.rdp.model.Gene;
-import ubc.pavlab.rdp.model.Taxon;
-import ubc.pavlab.rdp.model.UserGene;
-import ubc.pavlab.rdp.model.UserOrgan;
+import ubc.pavlab.rdp.model.*;
 import ubc.pavlab.rdp.model.enums.PrivacyLevelType;
 import ubc.pavlab.rdp.model.enums.ResearcherCategory;
 import ubc.pavlab.rdp.model.enums.ResearcherPosition;
@@ -57,11 +54,20 @@ public interface UserGeneService {
     Integer countUniqueAssociationsToHumanAllTiers();
 
     /**
+     * Perform a search and retrieve all the user genes that match the provided gene description and optional
+     * constraints.
+     * <p>
      * Results are sorted by taxon (according to {@link Taxon#getOrdering()}), tier type, researcher last name and
      * first name. Anonymous results are always displayed last.
-     * @return
+     *  @param tiers               only retain results in the given {@link TierType}, or any if null
+     * @param orthologTaxon       only retain results in the given ortholog {@link Taxon}, or any if null
+     * @param researcherPositions only retain results where the corresponding {@link User} holds any given {@link ResearcherPosition},
+ *                            or any if null
+     * @param researcherTypes     only retain results where the corresponding {@link User} has any of the given {@link ResearcherCategory}
+*                            or any if null
+     * @param organs              only retain results where the corresponding {@link User} tracks any of the given {@link UserOrgan}
      */
-    List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<UserOrgan> organs );
+    List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<OrganInfo> organs );
 
     void updateUserGenes();
 }
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
index 7272abf4..90c75ac3 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
@@ -128,7 +128,7 @@ public Integer countUniqueAssociationsToHumanAllTiers() {
 
     @Override
     @PostFilter("hasPermission(filterObject, 'read')")
-    public List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<UserOrgan> organs ) {
+    public List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<OrganInfo> organs ) {
         Set<UserGene> results;
         if ( applicationSettings.getPrivacy().isEnableAnonymizedSearchResults() ) {
             Authentication auth = SecurityContextHolder.getContext().getAuthentication();
@@ -147,30 +147,38 @@ public List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon or
                 .collect( Collectors.toList() ); // we need to preserve the search order
     }
 
-    private Set<UserGene> handleGeneSearchInternal( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<UserOrgan> organs ) {
+    private Set<UserGene> handleGeneSearchInternal( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<OrganInfo> organs ) {
         Set<UserGene> uGenes = new LinkedHashSet<>();
 
+        // do this once to save time in the inner loop
+        final Set<String> organUberonIds;
+        if ( organs != null ) {
+            organUberonIds = organs.stream().map( Organ::getUberonId ).collect( Collectors.toSet() );
+        } else {
+            organUberonIds = null;
+        }
+
         // ortholog relationship is not reflexive (i.e. a gene is not its own ortholog), but we still want to display
         // that gene first when ortholog search is performed in the same MO
         if ( orthologTaxon == null || gene.getTaxon().equals( orthologTaxon ) ) {
             uGenes.addAll( userGeneRepository.findByGeneIdAndTierIn( gene.getGeneId(), tiers ).stream()
                     .filter( ug -> researcherPositions == null || researcherPositions.contains( ug.getUser().getProfile().getResearcherPosition() ) )
                     .filter( ug -> researcherCategories == null || containsAny( researcherCategories, ug.getUser().getProfile().getResearcherCategories() ) )
-                    .filter( ortholog -> organs == null || containsAny( organs, ortholog.getUser().getUserOrgans().values() ) )
+                    .filter( ortholog -> organUberonIds == null || containsAny( organUberonIds, ortholog.getUser().getUserOrgans().values().stream().map( UserOrgan::getUberonId ).collect( Collectors.toSet() ) ) )
                     .collect( Collectors.toSet() ) );
         }
 
-        uGenes.addAll( handleOrthologSearchInternal( gene, tiers, orthologTaxon, researcherPositions, researcherCategories, organs ) );
+        uGenes.addAll( handleOrthologSearchInternal( gene, tiers, orthologTaxon, researcherPositions, researcherCategories, organUberonIds ) );
 
         return uGenes;
     }
 
-    private Set<UserGene> handleOrthologSearchInternal( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<UserOrgan> userOrgans ) {
+    private Set<UserGene> handleOrthologSearchInternal( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherCategories, Collection<String> organUberonIds ) {
         return ( orthologTaxon == null ? userGeneRepository.findOrthologsByGeneId( gene.getGeneId() ) : userGeneRepository.findOrthologsByGeneIdAndTaxon( gene.getGeneId(), orthologTaxon ) ).stream()
                 .filter( ortholog -> tiers.contains( ortholog.getTier() ) )
                 .filter( ug -> researcherPositions == null || researcherPositions.contains( ug.getUser().getProfile().getResearcherPosition() ) )
                 .filter( ug -> researcherCategories == null || containsAny( researcherCategories, ug.getUser().getProfile().getResearcherCategories() ) )
-                .filter( ortholog -> userOrgans == null || containsAny( userOrgans, ortholog.getUser().getUserOrgans().values() ) )
+                .filter( ortholog -> organUberonIds == null || containsAny( organUberonIds, ortholog.getUser().getUserOrgans().values().stream().map( UserOrgan::getUberonId ).collect( Collectors.toSet() ) ) )
                 .collect( Collectors.toSet() );
     }
 
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserOrganService.java b/src/main/java/ubc/pavlab/rdp/services/UserOrganService.java
index 0054a98d..4b3e3fcb 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserOrganService.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserOrganService.java
@@ -1,15 +1,6 @@
 package ubc.pavlab.rdp.services;
 
-import ubc.pavlab.rdp.model.UserOrgan;
-
-import java.util.Collection;
-import java.util.Set;
-
 public interface UserOrganService {
 
-    Collection<UserOrgan> findByDescription( String description );
-
-    Collection<UserOrgan> findByUberonIdIn( Set<String> organUberonIds );
-
     void updateUserOrgans();
 }
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserOrganServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserOrganServiceImpl.java
index 31e29277..a574dea7 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserOrganServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserOrganServiceImpl.java
@@ -2,7 +2,6 @@
 
 import lombok.extern.apachecommons.CommonsLog;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PostFilter;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import ubc.pavlab.rdp.model.OrganInfo;
@@ -10,9 +9,6 @@
 import ubc.pavlab.rdp.repositories.OrganInfoRepository;
 import ubc.pavlab.rdp.repositories.UserOrganRepository;
 
-import java.util.Collection;
-import java.util.Set;
-
 @CommonsLog
 @Service("userOrganService")
 public class UserOrganServiceImpl implements UserOrganService {
@@ -20,18 +16,6 @@ public class UserOrganServiceImpl implements UserOrganService {
     @Autowired
     private UserOrganRepository userOrganRepository;
 
-    @Override
-    @PostFilter("hasPermission(filterObject, 'read')")
-    public Collection<UserOrgan> findByDescription( String description ) {
-        return userOrganRepository.findByDescriptionContainingIgnoreCase( description );
-    }
-
-    @Override
-    @PostFilter("hasPermission(filterObject, 'read')")
-    public Collection<UserOrgan> findByUberonIdIn( Set<String> organUberonIds ) {
-        return userOrganRepository.findByUberonIdIn( organUberonIds );
-    }
-
     @Autowired
     private OrganInfoRepository organInfoRepository;
 
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserService.java b/src/main/java/ubc/pavlab/rdp/services/UserService.java
index df617ecd..e49c357e 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserService.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserService.java
@@ -64,11 +64,11 @@ public interface UserService {
 
     Page<User> findAllByPrivacyLevel( PrivacyLevelType privacyLevel, Pageable pageable );
 
-    Collection<User> findByLikeName( String nameLike, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<UserOrgan> userOrgans );
+    Collection<User> findByLikeName( String nameLike, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<OrganInfo> userOrgans );
 
-    Collection<User> findByStartsName( String startsName, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<UserOrgan> userOrgans );
+    Collection<User> findByStartsName( String startsName, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<OrganInfo> userOrgans );
 
-    Collection<User> findByDescription( String descriptionLike, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<UserOrgan> userOrgans );
+    Collection<User> findByDescription( String descriptionLike, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<OrganInfo> userOrgans );
 
     long countResearchers();
 
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
index 51209837..cdc49cbb 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
@@ -337,34 +337,45 @@ public Page<User> findAllByPrivacyLevel( PrivacyLevelType privacyLevel, Pageable
 
     @Override
     @PostFilter("hasPermission(filterObject, 'read')")
-    public Collection<User> findByLikeName( String nameLike, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<UserOrgan> userOrgans ) {
+    public Collection<User> findByLikeName( String nameLike, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<OrganInfo> organs ) {
+        final Set<String> organUberonIds = organUberonIdsFromOrgans( organs );
         return userRepository.findByProfileNameContainingIgnoreCaseOrProfileLastNameContainingIgnoreCase( nameLike, nameLike ).stream()
                 .filter( u -> researcherPositions == null || researcherPositions.contains( u.getProfile().getResearcherPosition() ) )
                 .filter( u -> researcherTypes == null || containsAny( researcherTypes, u.getProfile().getResearcherCategories() ) )
-                .filter( u -> userOrgans == null || containsAny( userOrgans, u.getUserOrgans().values() ) )
+                .filter( u -> organUberonIds == null || containsAny( organUberonIds, u.getUserOrgans().values().stream().map( UserOrgan::getUberonId ).collect( Collectors.toSet() ) ) )
                 .collect( Collectors.toSet() );
     }
 
     @Override
     @PostFilter("hasPermission(filterObject, 'read')")
-    public Collection<User> findByStartsName( String startsName, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<UserOrgan> userOrgans ) {
+    public Collection<User> findByStartsName( String startsName, Set<ResearcherPosition> researcherPositions, Set<ResearcherCategory> researcherTypes, Collection<OrganInfo> organs ) {
+        final Set<String> organUberonIds = organUberonIdsFromOrgans( organs );
         return userRepository.findByProfileLastNameStartsWithIgnoreCase( startsName ).stream()
                 .filter( u -> researcherPositions == null || researcherPositions.contains( u.getProfile().getResearcherPosition() ) )
                 .filter( u -> researcherTypes == null || containsAny( researcherTypes, u.getProfile().getResearcherCategories() ) )
-                .filter( u -> userOrgans == null || containsAny( userOrgans, u.getUserOrgans().values() ) )
+                .filter( u -> organUberonIds == null || containsAny( organUberonIds, u.getUserOrgans().values().stream().map( UserOrgan::getUberonId ).collect( Collectors.toSet() ) ) )
                 .collect( Collectors.toSet() );
     }
 
     @Override
     @PostFilter("hasPermission(filterObject, 'read')")
-    public Collection<User> findByDescription( String descriptionLike, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<UserOrgan> userOrgans ) {
+    public Collection<User> findByDescription( String descriptionLike, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<OrganInfo> organs ) {
+        final Set<String> organUberonIds = organUberonIdsFromOrgans( organs );
         return userRepository.findByProfileDescriptionContainingIgnoreCaseOrTaxonDescriptionsContainingIgnoreCase( descriptionLike, descriptionLike ).stream()
                 .filter( u -> researcherPositions == null || researcherPositions.contains( u.getProfile().getResearcherPosition() ) )
                 .filter( u -> researcherTypes == null || containsAny( researcherTypes, u.getProfile().getResearcherCategories() ) )
-                .filter( u -> userOrgans == null || containsAny( userOrgans, u.getUserOrgans().values() ) )
+                .filter( u -> organUberonIds == null || containsAny( organUberonIds, u.getUserOrgans().values().stream().map( UserOrgan::getUberonId ).collect( Collectors.toSet() ) ) )
                 .collect( Collectors.toSet() );
     }
 
+    private Set<String> organUberonIdsFromOrgans( Collection<OrganInfo> organs ) {
+        if ( organs != null ) {
+            return organs.stream().map( Organ::getUberonId ).collect( Collectors.toSet() );
+        } else {
+            return null;
+        }
+    }
+
     @Override
     @Cacheable(cacheNames = "ubc.pavlab.rdp.stats", key = "#root.methodName")
     public long countResearchers() {
diff --git a/src/test/java/ubc/pavlab/rdp/repositories/UserOrganRepositoryTest.java b/src/test/java/ubc/pavlab/rdp/repositories/UserOrganRepositoryTest.java
index 495e1fee..8a1f38c8 100644
--- a/src/test/java/ubc/pavlab/rdp/repositories/UserOrganRepositoryTest.java
+++ b/src/test/java/ubc/pavlab/rdp/repositories/UserOrganRepositoryTest.java
@@ -22,9 +22,6 @@ public class UserOrganRepositoryTest {
     @Autowired
     TestEntityManager entityManager;
 
-    @Autowired
-    private UserRepository userRepository;
-
     @Autowired
     private UserOrganRepository userOrganRepository;
 

From fb835fdb0355d67ad599815e88d2f88d9c96306c Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 14:35:11 -0800
Subject: [PATCH 25/36] Fix anonymizeUser raising an AccessDeniedException on
 enabled users

This does however not cover the case where a user disabled, the
exception will still be raised.
---
 src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java     | 2 ++
 src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
index cdc49cbb..06941793 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
@@ -273,6 +273,8 @@ public User anonymizeUser( User user ) {
                 .id( 0 )
                 .anonymousId( UUID.randomUUID() )
                 .profile( profile )
+                // FIXME: a disabled user will still cause an AccessDeniedException
+                .enabled( user.isEnabled() )
                 .build();
         // TODO: check if this is leaking too much personal information
         anonymizedUser.getUserOrgans().putAll( user.getUserOrgans() );
diff --git a/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java b/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java
index 4261870c..28c991b0 100644
--- a/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java
+++ b/src/test/java/ubc/pavlab/rdp/services/UserServiceImplTest.java
@@ -1288,9 +1288,11 @@ public void anonymizeUser_thenReturnAnonymizedUser() {
         when( privacySettings.getDefaultLevel() ).thenReturn( 2 );
         when( privacySettings.isEnableAnonymizedSearchResults() ).thenReturn( true );
         User user = createUser( 1 );
+        user.setEnabled( true );
         user.getProfile().setPrivacyLevel( PrivacyLevelType.PRIVATE );
         User anonymizedUser = userService.anonymizeUser( user );
         assertThat( anonymizedUser )
+                .hasFieldOrPropertyWithValue( "enabled", true )
                 .hasFieldOrPropertyWithValue( "email", null )
                 .hasFieldOrPropertyWithValue( "profile.privacyLevel", PrivacyLevelType.PUBLIC );
         assertThat( anonymizedUser.getUserGenes() ).isEmpty();

From 53c761d49d3c9cf7782deac98131d3936b8d5b34 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Fri, 11 Feb 2022 22:02:29 -0800
Subject: [PATCH 26/36] Filter users by enabled before anonymyzing

Add a bit of documentation to explicit the possible AccessDeniedException
when providing an non-enabled user.
---
 .../pavlab/rdp/controllers/ApiController.java |  2 +-
 .../rdp/repositories/UserGeneRepository.java  |  5 +++
 .../rdp/repositories/UserRepository.java      |  6 +++-
 .../rdp/services/UserGeneServiceImpl.java     |  2 +-
 .../ubc/pavlab/rdp/services/UserService.java  | 34 ++++++++++++++++++-
 .../pavlab/rdp/services/UserServiceImpl.java  |  4 +--
 6 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
index ebdb03cb..c51a7121 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/ApiController.java
@@ -116,7 +116,7 @@ public Object getUsers( @RequestHeader(value = HttpHeaders.AUTHORIZATION, requir
         checkAuth( authorizationHeader, auth );
         if ( applicationSettings.getPrivacy().isEnableAnonymizedSearchResults() ) {
             final Authentication auth2 = SecurityContextHolder.getContext().getAuthentication();
-            return userService.findAllNoAuth( pageable )
+            return userService.findAllByIsEnabledNoAuth( pageable )
                     .map( user -> permissionEvaluator.hasPermission( auth2, user, "read" ) ? user : userService.anonymizeUser( user ) )
                     .map( user -> initUser( user, locale ) );
 
diff --git a/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java b/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java
index 5772cfe4..45c31544 100644
--- a/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java
+++ b/src/main/java/ubc/pavlab/rdp/repositories/UserGeneRepository.java
@@ -32,6 +32,11 @@ public interface UserGeneRepository extends JpaRepository<UserGene, Integer> {
     @Query("select count(distinct user) FROM UserGene")
     Integer countDistinctUser();
 
+    /**
+     * Find all genes from enabled users.
+     */
+    Page<UserGene> findAllByUserEnabled( Pageable pageable );
+
     /**
      * Select all user genes that fall within a given privacy level.
      * <p>
diff --git a/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java b/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java
index b32c4f0d..c89ee5b1 100644
--- a/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java
+++ b/src/main/java/ubc/pavlab/rdp/repositories/UserRepository.java
@@ -1,6 +1,5 @@
 package ubc.pavlab.rdp.repositories;
 
-import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -29,6 +28,11 @@ public interface UserRepository extends JpaRepository<User, Integer> {
 
     long countByProfilePrivacyLevel( PrivacyLevelType aPublic );
 
+    /**
+     * Find all enabled users.
+     */
+    Page<User> findAllByEnabled( Pageable pageable );
+
     Page<User> findAllByProfilePrivacyLevel( PrivacyLevelType privacyLevel, Pageable pageable );
 
     @Query("select user from User user left join fetch user.roles where lower(user.email) = lower(:email)")
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
index 90c75ac3..7ed0ea05 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
@@ -73,7 +73,7 @@ public class UserGeneServiceImpl implements UserGeneService {
 
     @Override
     public Page<UserGene> findAllNoAuth( Pageable pageable ) {
-        return userGeneRepository.findAll( pageable );
+        return userGeneRepository.findAllByUserEnabled( pageable );
     }
 
     @Override
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserService.java b/src/main/java/ubc/pavlab/rdp/services/UserService.java
index e49c357e..408a2748 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserService.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserService.java
@@ -48,8 +48,40 @@ public interface UserService {
 
     User findUserByAccessTokenNoAuth( String accessToken ) throws TokenException;
 
+    /**
+     * Anonymize the given user.
+     * <p>
+     * The {@link User#getId()} is replaced by zero, an {@link User#getAnonymousId()} is generated and the following
+     * fields are exposed in the returned object: researcher categories and organ systems.
+     * <p>
+     * The original user is stored in a cache so that it can be retrieved by {@link #findUserByAnonymousIdNoAuth(UUID)}
+     * using the anonymized ID.
+     * <p>
+     * Note: when using this, ensure that the user is enabled as per {@link User#isEnabled()}, otherwise a
+     * {@link org.springframework.security.access.AccessDeniedException} will be raised. That is because a non-enabled
+     * user will not satisfy the 'read' permission for any user as defined in {@link ubc.pavlab.rdp.security.PermissionEvaluatorImpl}
+     * and {@link PrivacyService#checkUserCanSee(User, UserContent)}.
+     *
+     * @throws org.springframework.security.access.AccessDeniedException if the user is not enabled
+     */
     User anonymizeUser( User user );
 
+    /**
+     * Anonymize the given gene.
+     * <p>
+     * The {@link UserGene#getUser()} is anonymized in the process as per {@link #anonymizeUser(User)}. the {@link UserGene#getId()}
+     * is set to zero, an {@link UserGene#getAnonymousId()} is generated. The following fields are preserved in the
+     * returned object: gene ID, symbol, name taxon, modification date, tier.
+     * <p>
+     * The original gene is stored in a cache so that it can be retrieved by {@link #findUserGeneByAnonymousIdNoAuth(UUID)}
+     * using the anonymized ID.
+     * <p></p>
+     * Note: when using this, ensure that the user associated to the gene is enabled as per {@link User#isEnabled()},
+     * otherwise a {@link org.springframework.security.access.AccessDeniedException} will be raised.
+     *
+     * @throws org.springframework.security.access.AccessDeniedException if the corresponding user of the gene is not
+     *                                                                   enabled
+     */
     UserGene anonymizeUserGene( UserGene userGene );
 
     void revokeAccessToken( AccessToken accessToken );
@@ -60,7 +92,7 @@ public interface UserService {
 
     Collection<User> findAll();
 
-    Page<User> findAllNoAuth( Pageable pageable );
+    Page<User> findAllByIsEnabledNoAuth( Pageable pageable );
 
     Page<User> findAllByPrivacyLevel( PrivacyLevelType privacyLevel, Pageable pageable );
 
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
index 06941793..8ad2c4c7 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserServiceImpl.java
@@ -328,8 +328,8 @@ public Collection<User> findAll() {
     }
 
     @Override
-    public Page<User> findAllNoAuth( Pageable pageable ) {
-        return userRepository.findAll( pageable );
+    public Page<User> findAllByIsEnabledNoAuth( Pageable pageable ) {
+        return userRepository.findAllByEnabled( pageable );
     }
 
     @Override

From 6eea007ed56e009397f97b04606585340a6ed768 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 09:08:27 -0800
Subject: [PATCH 27/36] Update spring-core to 4.3.30

---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index 5db2d732..e052461f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -176,6 +176,7 @@
     <properties>
         <java.version>1.8</java.version>
         <mysql.version>8.0.28</mysql.version>
+        <spring.version>4.3.30.RELEASE</spring.version>
         <!-- This specific version is hardened against JNDI-based attacks -->
         <logback.version>1.2.9</logback.version>
         <tomcat.version>8.5.73</tomcat.version>

From d551a3861cb73c33e1ae784afcd3a860824ea13e Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 09:08:41 -0800
Subject: [PATCH 28/36] Update Tomcat to 8.5.75

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e052461f..0affe240 100644
--- a/pom.xml
+++ b/pom.xml
@@ -179,7 +179,7 @@
         <spring.version>4.3.30.RELEASE</spring.version>
         <!-- This specific version is hardened against JNDI-based attacks -->
         <logback.version>1.2.9</logback.version>
-        <tomcat.version>8.5.73</tomcat.version>
+        <tomcat.version>8.5.75</tomcat.version>
     </properties>
 
     <build>

From 00de2b187027d66c58123822c282a5be22d2a550 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 09:46:11 -0800
Subject: [PATCH 29/36] Mark loadUserByUsername transaction as read-only

---
 .../java/ubc/pavlab/rdp/services/UserDetailsServiceImpl.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/UserDetailsServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserDetailsServiceImpl.java
index adeca100..b933a5c3 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserDetailsServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserDetailsServiceImpl.java
@@ -19,7 +19,7 @@ public class UserDetailsServiceImpl implements UserDetailsService {
     private UserRepository userRepository;
 
     @Override
-    @Transactional
+    @Transactional(readOnly = true)
     public UserPrinciple loadUserByUsername( String email ) {
         User user = userRepository.findByEmailIgnoreCase( email );
         if ( user == null ) {

From 966c23dfb90c21c2344bae0d709e4674365e60fb Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 09:49:54 -0800
Subject: [PATCH 30/36] Cleanup imports in controllers

---
 .../java/ubc/pavlab/rdp/controllers/LoginController.java  | 1 -
 .../ubc/pavlab/rdp/controllers/PasswordController.java    | 8 --------
 2 files changed, 9 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/controllers/LoginController.java b/src/main/java/ubc/pavlab/rdp/controllers/LoginController.java
index 4c375e6f..b71a5f80 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/LoginController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/LoginController.java
@@ -7,7 +7,6 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
-import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
diff --git a/src/main/java/ubc/pavlab/rdp/controllers/PasswordController.java b/src/main/java/ubc/pavlab/rdp/controllers/PasswordController.java
index e7c6cd21..7b6613e7 100644
--- a/src/main/java/ubc/pavlab/rdp/controllers/PasswordController.java
+++ b/src/main/java/ubc/pavlab/rdp/controllers/PasswordController.java
@@ -1,32 +1,24 @@
 package ubc.pavlab.rdp.controllers;
 
-import ch.qos.logback.core.joran.spi.EventPlayer;
 import lombok.extern.apachecommons.CommonsLog;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
-import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
-import ubc.pavlab.rdp.events.OnUserPasswordResetEvent;
 import ubc.pavlab.rdp.exception.TokenException;
 import ubc.pavlab.rdp.model.PasswordReset;
-import ubc.pavlab.rdp.model.PasswordResetToken;
 import ubc.pavlab.rdp.model.User;
 import ubc.pavlab.rdp.model.UserPrinciple;
-import ubc.pavlab.rdp.services.EmailService;
 import ubc.pavlab.rdp.services.UserService;
 
-import javax.mail.MessagingException;
 import javax.validation.Valid;
-import java.text.MessageFormat;
 import java.util.Locale;
 
 /**

From c649a79b8bac9d0a59bc69bbe860489e310463b0 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 10:10:31 -0800
Subject: [PATCH 31/36] Fallback on the taxon common name if ordering is null

---
 src/main/java/ubc/pavlab/rdp/model/User.java                   | 3 ++-
 src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/ubc/pavlab/rdp/model/User.java b/src/main/java/ubc/pavlab/rdp/model/User.java
index f406c466..464c842d 100644
--- a/src/main/java/ubc/pavlab/rdp/model/User.java
+++ b/src/main/java/ubc/pavlab/rdp/model/User.java
@@ -164,7 +164,8 @@ public Set<Taxon> getTaxons() {
                 .map( UserGene::getTaxon )
                 // taxon are ordered by the ordering field, however the ordering field is not set for remote users
                 // because it is ignored in JSON serialization
-                .sorted( Comparator.comparing( Taxon::getOrdering, Comparator.nullsLast( Comparator.naturalOrder() ) ) )
+                .sorted( Comparator.comparing( Taxon::getOrdering, Comparator.nullsLast( Comparator.naturalOrder() ) )
+                        .thenComparing( Taxon::getCommonName ) )
                 .collect( Collectors.toCollection( LinkedHashSet::new ) );
     }
 
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
index 7ed0ea05..6f28fe7e 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
@@ -142,6 +142,7 @@ public List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon or
         return results.stream()
                 .sorted( comparing( UserGene::getAnonymousId, nullsFirst( naturalOrder() ) )
                         .thenComparing( ug -> ug.getTaxon().getOrdering(), Comparator.nullsLast( naturalOrder() ) )
+                        .thenComparing( ug -> ug.getTaxon().getCommonName() )
                         .thenComparing( UserGene::getTier )
                         .thenComparing( ug -> ug.getUser().getProfile().getFullName() ) )
                 .collect( Collectors.toList() ); // we need to preserve the search order

From f16e6397aa1345f098e8a72c2a73730d4a120515 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 10:10:58 -0800
Subject: [PATCH 32/36] Use taxon ordering for populating remote user genes

Unknown or non-enabled taxon are not populated and will fallback on the
common name.
---
 .../rdp/services/RemoteResourceServiceImpl.java     | 13 +++++++++++--
 .../rdp/services/RemoteResourceServiceTest.java     |  3 +++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
index 49301d48..0c1fdb1d 100644
--- a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
@@ -59,6 +59,9 @@ public class RemoteResourceServiceImpl implements RemoteResourceService {
     @Autowired
     private AsyncRestTemplate asyncRestTemplate;
 
+    @Autowired
+    private TaxonService taxonService;
+
     @Override
     @Cacheable(value = "ubc.pavlab.rdp.services.RemoteResourceService.apiVersionByRemoteHostAuthority", key = "#remoteHost.authority")
     public String getApiVersion( URI remoteHost ) throws RemoteException {
@@ -125,8 +128,14 @@ public Collection<UserGene> findGenesBySymbol( String symbol, Taxon taxon, Set<T
                     .build().toMultiValueMap() );
             intlUsergenes.addAll( getRemoteEntities( UserGene[].class, API_GENES_SEARCH_URI, params ) );
         }
-        // add back-reference to user
-        intlUsergenes.forEach( g -> g.setUser( g.getRemoteUser() ) );
+        Map<Integer, Integer> taxonOrderingById = taxonService.findByActiveTrue().stream()
+                .collect( Collectors.toMap( Taxon::getId, Taxon::getOrdering ) );
+        for ( UserGene g : intlUsergenes ) {
+            // add back-reference to user
+            g.setUser( g.getRemoteUser() );
+            // populate taxon ordering
+            g.getTaxon().setOrdering( taxonOrderingById.getOrDefault( g.getTaxon().getId(), null ) );
+        }
         return intlUsergenes;
     }
 
diff --git a/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java b/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java
index 6abe3f63..bd698550 100644
--- a/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java
+++ b/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java
@@ -74,6 +74,9 @@ public ObjectMapper objectMapper() {
     @MockBean
     private RoleRepository roleRepository;
 
+    @MockBean
+    private TaxonService taxonService;
+
     @Autowired
     private ObjectMapper objectMapper;
 

From b61ce6c2c79d410b7cec72b21b45c1ceb027953b Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 10:24:27 -0800
Subject: [PATCH 33/36] Sort genes in RemoteResourceService

While individual results from partner might be sorted, they are not
sorted as a whole.
---
 .../rdp/services/RemoteResourceServiceImpl.java   | 10 +++++++++-
 .../ubc/pavlab/rdp/services/UserGeneService.java  |  7 +++----
 .../pavlab/rdp/services/UserGeneServiceImpl.java  | 15 ++++++++++-----
 .../rdp/services/RemoteResourceServiceTest.java   |  3 +++
 4 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
index 0c1fdb1d..14500275 100644
--- a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
@@ -34,6 +34,8 @@
 import java.util.concurrent.TimeoutException;
 import java.util.stream.Collectors;
 
+import static java.util.Comparator.*;
+import static java.util.Comparator.naturalOrder;
 import static java.util.function.Function.identity;
 
 @Service("RemoteResourceService")
@@ -53,6 +55,9 @@ public class RemoteResourceServiceImpl implements RemoteResourceService {
     @Autowired
     private UserService userService;
 
+    @Autowired
+    private UserGeneService userGeneService;
+
     @Autowired
     private RoleRepository roleRepository;
 
@@ -136,7 +141,10 @@ public Collection<UserGene> findGenesBySymbol( String symbol, Taxon taxon, Set<T
             // populate taxon ordering
             g.getTaxon().setOrdering( taxonOrderingById.getOrDefault( g.getTaxon().getId(), null ) );
         }
-        return intlUsergenes;
+        // sort results from different sources
+        return intlUsergenes.stream()
+                .sorted( userGeneService.getUserGeneComparator() )
+                .collect( Collectors.toList() ); // we need to preserve the search order
     }
 
     @Override
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java
index fda52b88..8b44a0c6 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneService.java
@@ -27,10 +27,7 @@
 import ubc.pavlab.rdp.model.enums.ResearcherPosition;
 import ubc.pavlab.rdp.model.enums.TierType;
 
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 /**
  * Created by mjacobson on 17/01/18.
@@ -69,5 +66,7 @@ public interface UserGeneService {
      */
     List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon orthologTaxon, Set<ResearcherPosition> researcherPositions, Collection<ResearcherCategory> researcherTypes, Collection<OrganInfo> organs );
 
+    Comparator<UserGene> getUserGeneComparator();
+
     void updateUserGenes();
 }
diff --git a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
index 6f28fe7e..484b8e1d 100644
--- a/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/UserGeneServiceImpl.java
@@ -140,11 +140,7 @@ public List<UserGene> handleGeneSearch( Gene gene, Set<TierType> tiers, Taxon or
             results = handleGeneSearchInternal( gene, tiers, orthologTaxon, researcherPositions, researcherCategories, organs );
         }
         return results.stream()
-                .sorted( comparing( UserGene::getAnonymousId, nullsFirst( naturalOrder() ) )
-                        .thenComparing( ug -> ug.getTaxon().getOrdering(), Comparator.nullsLast( naturalOrder() ) )
-                        .thenComparing( ug -> ug.getTaxon().getCommonName() )
-                        .thenComparing( UserGene::getTier )
-                        .thenComparing( ug -> ug.getUser().getProfile().getFullName() ) )
+                .sorted( getUserGeneComparator() )
                 .collect( Collectors.toList() ); // we need to preserve the search order
     }
 
@@ -183,6 +179,15 @@ private Set<UserGene> handleOrthologSearchInternal( Gene gene, Set<TierType> tie
                 .collect( Collectors.toSet() );
     }
 
+    @Override
+    public Comparator<UserGene> getUserGeneComparator() {
+        return comparing( UserGene::getAnonymousId, nullsFirst( naturalOrder() ) )
+                .thenComparing( ug -> ug.getTaxon().getOrdering(), Comparator.nullsLast( naturalOrder() ) )
+                .thenComparing( ug -> ug.getTaxon().getCommonName() )
+                .thenComparing( UserGene::getTier )
+                .thenComparing( ug -> ug.getUser().getProfile().getFullName() );
+    }
+
     @Override
     @Transactional
     public void updateUserGenes() {
diff --git a/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java b/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java
index bd698550..1951ca7f 100644
--- a/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java
+++ b/src/test/java/ubc/pavlab/rdp/services/RemoteResourceServiceTest.java
@@ -71,6 +71,9 @@ public ObjectMapper objectMapper() {
     @MockBean
     private UserService userService;
 
+    @MockBean
+    private UserGeneService userGeneService;
+
     @MockBean
     private RoleRepository roleRepository;
 

From aac022906a7d7a193b638f580fa2926bc6acacd5 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 10:41:27 -0800
Subject: [PATCH 34/36] Fix wrong locale for sendResetTokenMessage

---
 src/main/java/ubc/pavlab/rdp/services/EmailServiceImpl.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/EmailServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/EmailServiceImpl.java
index f081821d..21f746c1 100644
--- a/src/main/java/ubc/pavlab/rdp/services/EmailServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/EmailServiceImpl.java
@@ -113,7 +113,7 @@ public Future<Void> sendResetTokenMessage( User user, PasswordResetToken token,
 
         // password reset always go through the primary email
         InternetAddress to = new InternetAddress( user.getEmail() );
-        String shortName = messageSource.getMessage( "rdp.site.shortname", new String[]{ siteSettings.getHostUri().toString() }, Locale.getDefault() );
+        String shortName = messageSource.getMessage( "rdp.site.shortname", new String[]{ siteSettings.getHostUri().toString() }, locale );
         String subject = messageSource.getMessage( "EmailService.sendResetTokenMessage.subject", new String[]{ shortName }, locale );
         String content = messageSource.getMessage( "EmailService.sendResetTokenMessage", new String[]{
                 user.getProfile().getName(), url, dateTimeFormatter.format( token.getExpiryDate().toInstant() ) }, locale );

From 47d7751104c73acefbd66a70e08c484afc0ee55f Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 10:44:36 -0800
Subject: [PATCH 35/36] Fix warnings fom SonarQube

Remove needless boolean boxing when checking if a user can update some
content.

Use == on enum instances.
---
 .../ubc/pavlab/rdp/services/PrivacyServiceImpl.java    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
index 5913fe71..e22909e2 100644
--- a/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/PrivacyServiceImpl.java
@@ -73,7 +73,7 @@ public boolean checkCurrentUserCanSearch( boolean international ) {
     @Override
     public boolean checkUserCanUpdate( User user, UserContent userContent ) {
         // only admins or rightful owner can update user content
-        return user.getRoles().contains( getAdminRole() ) || userContent.getOwner().map( u -> u.equals( user ) ).orElse( false );
+        return user.getRoles().contains( getAdminRole() ) || userContent.getOwner().filter( user::equals ).isPresent();
     }
 
     private boolean checkUserCanSeeOtherUserContentWithPrivacyLevel( User currentUser, User otherUser, PrivacyLevelType privacyLevel ) {
@@ -98,10 +98,10 @@ private boolean checkUserCanSeeOtherUserContentWithPrivacyLevel( User currentUse
         // Either the user is looking at himself, or the user is public, or shared with registered users - check for any logged-in user, or private - check for admin; If logged-in user is admin, we have to
         // check whether this user is the designated actor for the authenticated remote search, in which case we have to check for remote search privileges on the user.
         return otherUser.equals( currentUser ) // User is looking at himself
-                || ( privacyLevel.equals( PrivacyLevelType.PUBLIC ) ) // Data is public
-                || ( privacyLevel.equals( PrivacyLevelType.SHARED ) && currentUser != null && !isRemoteSearchUser( currentUser ) )// data is accessible for registerd users and there is a user logged in who is not the remote admin
-                || ( privacyLevel.equals( PrivacyLevelType.PRIVATE ) && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && !isRemoteSearchUser( currentUser ) )// data is private and there is an admin logged in who is not the remote search user
-                || ( privacyLevel.equals( PrivacyLevelType.PRIVATE ) && currentUser != null && currentUser.getRoles().contains( getServiceAccountRole() ) && !isRemoteSearchUser( currentUser ) ) // user is a service account
+                || ( privacyLevel == PrivacyLevelType.PUBLIC ) // Data is public
+                || ( privacyLevel == PrivacyLevelType.SHARED && currentUser != null && !isRemoteSearchUser( currentUser ) )// data is accessible for registerd users and there is a user logged in who is not the remote admin
+                || ( privacyLevel == PrivacyLevelType.PRIVATE && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && !isRemoteSearchUser( currentUser ) )// data is private and there is an admin logged in who is not the remote search user
+                || ( privacyLevel == PrivacyLevelType.PRIVATE && currentUser != null && currentUser.getRoles().contains( getServiceAccountRole() ) && !isRemoteSearchUser( currentUser ) ) // user is a service account
                 || ( profile.isShared() && currentUser != null && currentUser.getRoles().contains( getAdminRole() ) && isRemoteSearchUser( currentUser ) ); // data is designated as remotely shared and there is an admin logged in who is the remote search user
     }
 

From f7782aea4d3d2c1933da169c397ddae962bf3154 Mon Sep 17 00:00:00 2001
From: Guillaume Poirier-Morency <guillaumepoiriermorency@gmail.com>
Date: Mon, 14 Feb 2022 10:51:20 -0800
Subject: [PATCH 36/36] Fix warning about thread interruption in
 RemoteResourceService

---
 .../rdp/services/RemoteResourceServiceImpl.java  | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
index 14500275..a55d2b6d 100644
--- a/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
+++ b/src/main/java/ubc/pavlab/rdp/services/RemoteResourceServiceImpl.java
@@ -87,8 +87,11 @@ public String getApiVersion( URI remoteHost ) throws RemoteException {
             } else {
                 return openAPI.getInfo().getVersion();
             }
-        } catch ( InterruptedException | ExecutionException e ) {
+        } catch ( ExecutionException e ) {
             throw new RemoteException( MessageFormat.format( "Unsuccessful response received for {0}.", uri ), e );
+        } catch ( InterruptedException e ) {
+            Thread.currentThread().interrupt();
+            throw new RemoteException( MessageFormat.format( "A thread was interrupted while waiting for {0} response.", uri ), e );
         }
     }
 
@@ -190,8 +193,11 @@ private User getUserByUri( URI uri ) throws RemoteException {
             User user = responseEntity.getBody();
             initUser( user );
             return user;
-        } catch ( InterruptedException | ExecutionException e ) {
+        } catch ( ExecutionException e ) {
             throw new RemoteException( MessageFormat.format( "Unsuccessful response received for {0}.", uri ), e );
+        } catch ( InterruptedException e ) {
+            Thread.currentThread().interrupt();
+            throw new RemoteException( MessageFormat.format( "A thread was interrupted while waiting for {0} response.", uri ), e );
         }
     }
 
@@ -213,9 +219,13 @@ private <T> Collection<T> getRemoteEntities( Class<T[]> arrCls, String path, Mul
                 .map( uriAndFuture -> {
                     try {
                         return uriAndFuture.getRight().get( applicationSettings.getIsearch().getRequestTimeout(), TimeUnit.SECONDS );
-                    } catch ( InterruptedException | ExecutionException | TimeoutException e ) {
+                    } catch ( ExecutionException | TimeoutException e ) {
                         log.error( MessageFormat.format( "Unsuccessful response received for {0}.", uriAndFuture.getLeft() ), e );
                         return null;
+                    } catch ( InterruptedException e ) {
+                        Thread.currentThread().interrupt();
+                        log.error( MessageFormat.format( "A thread was interrupted while waiting for {0} response.", uriAndFuture.getLeft() ), e );
+                        return null;
                     }
                 } )
                 .filter( Objects::nonNull )