package org.hawkular.accounts.backend.boundary;

import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.validation.constraints.NotNull;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.hawkular.accounts.api.NamedOperation;
import org.hawkular.accounts.api.OrganizationMembershipService;
import org.hawkular.accounts.api.OrganizationService;
import org.hawkular.accounts.api.PermissionChecker;
import org.hawkular.accounts.api.RoleService;
import org.hawkular.accounts.api.model.Operation;
import org.hawkular.accounts.api.model.Organization;
import org.hawkular.accounts.api.model.OrganizationMembership;
import org.hawkular.accounts.api.model.Persona;
import org.hawkular.accounts.api.model.Role;
import org.hawkular.accounts.backend.entity.rest.ErrorResponse;
import org.hawkular.accounts.backend.entity.rest.OrganizationMembershipUpdateRequest;

@Path("/organizationMemberships")
@PermitAll
@Stateless
/* loaded from: input_file:WEB-INF/classes/org/hawkular/accounts/backend/boundary/OrganizationMembershipEndpoint.class */
public class OrganizationMembershipEndpoint {

    @Inject
    OrganizationMembershipService membershipService;

    @Inject
    OrganizationService organizationService;

    @Inject
    RoleService roleService;

    @Inject
    PermissionChecker permissionChecker;

    @Inject
    @NamedOperation("organization-change-role-of-members")
    Operation changeMemberRole;

    @Inject
    @NamedOperation("organization-read")
    Operation readOrganization;

    @Inject
    Instance<Persona> personaInstance;

    @GET
    @Path("/{membershipId}")
    public Response getMembership(@PathParam("membershipId") String str) {
        if (null == str || str.isEmpty()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("The given membership ID is invalid (null).")).build();
        }
        OrganizationMembership membershipById = this.membershipService.getMembershipById(str);
        return null == membershipById ? Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified membership is invalid (not found).")).build() : !this.permissionChecker.isAllowedTo(this.readOrganization, membershipById.getOrganization().getId(), (Persona) this.personaInstance.get()) ? Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified organization could not be found for this persona.")).build() : Response.ok().entity(membershipById).build();
    }

    @GET
    public Response getOrganizationMembershipsForOrganization(@QueryParam("organizationId") String str) {
        Organization organization = this.organizationService.get(str);
        if (!this.permissionChecker.isAllowedTo(this.readOrganization, organization.getId(), (Persona) this.personaInstance.get())) {
            return Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified organization could not be found for this persona.")).build();
        }
        return Response.ok().entity(this.membershipService.getMembershipsForOrganization(organization)).build();
    }

    @Path("{membershipId}")
    @PUT
    public Response updateMembership(@PathParam("membershipId") String str, @NotNull OrganizationMembershipUpdateRequest organizationMembershipUpdateRequest) {
        if (null == str || str.isEmpty()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("The given membership ID is invalid (null).")).build();
        }
        if (null == organizationMembershipUpdateRequest.getRole() || null == organizationMembershipUpdateRequest.getRole().getName()) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse("The given role is invalid (null).")).build();
        }
        OrganizationMembership membershipById = this.membershipService.getMembershipById(str);
        Role byName = this.roleService.getByName(organizationMembershipUpdateRequest.getRole().getName());
        return null == membershipById ? Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified membership is invalid (not found).")).build() : null == byName ? Response.status(Response.Status.NOT_FOUND).entity(new ErrorResponse("The specified role is invalid (not found).")).build() : !this.permissionChecker.isAllowedTo(this.changeMemberRole, membershipById.getOrganization().getId()) ? Response.status(Response.Status.FORBIDDEN).entity(new ErrorResponse("Insufficient permissions to change the role of users of this organization.")).build() : Response.ok(this.membershipService.changeRole(membershipById, byName)).build();
    }
}
