package org.keycloak.services.resources.admin;

import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.services.ForbiddenException;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.1.0.Beta1.jar:org/keycloak/services/resources/admin/RealmAuth.class */
public class RealmAuth {
    private Resource resource;
    private AdminAuth auth;
    private ApplicationModel realmAdminApp;

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.1.0.Beta1.jar:org/keycloak/services/resources/admin/RealmAuth$Resource.class */
    public enum Resource {
        APPLICATION,
        CLIENT,
        USER,
        REALM,
        EVENTS
    }

    public RealmAuth(AdminAuth adminAuth, ApplicationModel applicationModel) {
        this.auth = adminAuth;
        this.realmAdminApp = applicationModel;
    }

    public RealmAuth init(Resource resource) {
        this.resource = resource;
        return this;
    }

    public void requireAny() {
        if (!this.auth.hasOneOfAppRole(this.realmAdminApp, AdminRoles.ALL_REALM_ROLES)) {
            throw new ForbiddenException();
        }
    }

    public boolean hasView() {
        return this.auth.hasOneOfAppRole(this.realmAdminApp, getViewRole(this.resource), getManageRole(this.resource));
    }

    public boolean hasManage() {
        return this.auth.hasOneOfAppRole(this.realmAdminApp, getManageRole(this.resource));
    }

    public void requireView() {
        if (!hasView()) {
            throw new ForbiddenException();
        }
    }

    public void requireManage() {
        if (!hasManage()) {
            throw new ForbiddenException();
        }
    }

    private String getViewRole(Resource resource) {
        switch (resource) {
            case APPLICATION:
                return AdminRoles.VIEW_APPLICATIONS;
            case CLIENT:
                return AdminRoles.VIEW_CLIENTS;
            case USER:
                return AdminRoles.VIEW_USERS;
            case REALM:
                return AdminRoles.VIEW_REALM;
            case EVENTS:
                return AdminRoles.VIEW_EVENTS;
            default:
                throw new IllegalStateException();
        }
    }

    private String getManageRole(Resource resource) {
        switch (resource) {
            case APPLICATION:
                return AdminRoles.MANAGE_APPLICATIONS;
            case CLIENT:
                return AdminRoles.MANAGE_CLIENTS;
            case USER:
                return AdminRoles.MANAGE_USERS;
            case REALM:
                return AdminRoles.MANAGE_REALM;
            case EVENTS:
                return AdminRoles.MANAGE_EVENTS;
            default:
                throw new IllegalStateException();
        }
    }
}
