package org.keycloak.services.resources.admin;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;

/* loaded from: input_file:org/keycloak/services/resources/admin/UserClientRoleMappingsResource.class */
public class UserClientRoleMappingsResource {
    protected static final Logger logger = Logger.getLogger(UserClientRoleMappingsResource.class);
    protected RealmModel realm;
    protected RealmAuth auth;
    protected UserModel user;
    protected ClientModel client;
    protected AdminEventBuilder adminEvent;
    private UriInfo uriInfo;

    public UserClientRoleMappingsResource(UriInfo uriInfo, RealmModel realmModel, RealmAuth realmAuth, UserModel userModel, ClientModel clientModel, AdminEventBuilder adminEventBuilder) {
        this.uriInfo = uriInfo;
        this.realm = realmModel;
        this.auth = realmAuth;
        this.user = userModel;
        this.client = clientModel;
        this.adminEvent = adminEventBuilder;
    }

    @GET
    @Produces({"application/json"})
    @NoCache
    public List<RoleRepresentation> getClientRoleMappings() {
        this.auth.requireView();
        Set clientRoleMappings = this.user.getClientRoleMappings(this.client);
        ArrayList arrayList = new ArrayList();
        Iterator it = clientRoleMappings.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation((RoleModel) it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("composite")
    @NoCache
    @Produces({"application/json"})
    public List<RoleRepresentation> getCompositeClientRoleMappings() {
        this.auth.requireView();
        Set<RoleModel> roles = this.client.getRoles();
        ArrayList arrayList = new ArrayList();
        for (RoleModel roleModel : roles) {
            if (this.user.hasRole(roleModel)) {
                arrayList.add(ModelToRepresentation.toRepresentation(roleModel));
            }
        }
        return arrayList;
    }

    @GET
    @Path("available")
    @NoCache
    @Produces({"application/json"})
    public List<RoleRepresentation> getAvailableClientRoleMappings() {
        this.auth.requireView();
        return getAvailableRoles(this.user, this.client.getRoles());
    }

    public static List<RoleRepresentation> getAvailableRoles(UserModel userModel, Set<RoleModel> set) {
        HashSet hashSet = new HashSet();
        for (RoleModel roleModel : set) {
            if (!userModel.hasRole(roleModel)) {
                hashSet.add(roleModel);
            }
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation((RoleModel) it.next()));
        }
        return arrayList;
    }

    @POST
    @Consumes({"application/json"})
    public void addClientRoleMapping(List<RoleRepresentation> list) {
        this.auth.requireManage();
        for (RoleRepresentation roleRepresentation : list) {
            RoleModel role = this.client.getRole(roleRepresentation.getName());
            if (role == null || !role.getId().equals(roleRepresentation.getId())) {
                throw new NotFoundException("Role not found");
            }
            this.user.grantRole(role);
        }
        this.adminEvent.operation(OperationType.CREATE).resourcePath(this.uriInfo).representation(list).success();
    }

    @Consumes({"application/json"})
    @DELETE
    public void deleteClientRoleMapping(List<RoleRepresentation> list) {
        this.auth.requireManage();
        if (list == null) {
            for (RoleModel roleModel : this.user.getClientRoleMappings(this.client)) {
                if ((roleModel.getContainer() instanceof ClientModel) || roleModel.getContainer().getId().equals(this.client.getId())) {
                    this.user.deleteRoleMapping(roleModel);
                }
            }
        } else {
            for (RoleRepresentation roleRepresentation : list) {
                RoleModel role = this.client.getRole(roleRepresentation.getName());
                if (role == null || !role.getId().equals(roleRepresentation.getId())) {
                    throw new NotFoundException("Role not found");
                }
                this.user.deleteRoleMapping(role);
            }
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath(this.uriInfo).representation(list).success();
    }
}
