package org.keycloak.services.resources.admin;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/RoleContainerResource.class */
public class RoleContainerResource extends RoleResource {
    private final RealmModel realm;
    protected AdminPermissionEvaluator auth;
    protected RoleContainerModel roleContainer;
    private AdminEventBuilder adminEvent;
    private UriInfo uriInfo;
    private KeycloakSession session;

    public RoleContainerResource(KeycloakSession keycloakSession, UriInfo uriInfo, RealmModel realmModel, AdminPermissionEvaluator adminPermissionEvaluator, RoleContainerModel roleContainerModel, AdminEventBuilder adminEventBuilder) {
        super(realmModel);
        this.uriInfo = uriInfo;
        this.realm = realmModel;
        this.auth = adminPermissionEvaluator;
        this.roleContainer = roleContainerModel;
        this.adminEvent = adminEventBuilder;
        this.session = keycloakSession;
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public List<RoleRepresentation> getRoles(@QueryParam("search") @DefaultValue("") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2, @QueryParam("briefRepresentation") @DefaultValue("true") boolean z) {
        this.auth.roles().requireList(this.roleContainer);
        new HashSet();
        Set<RoleModel> roles = (str == null || str.trim().length() <= 0) ? (Objects.isNull(num) || Objects.isNull(num2)) ? this.roleContainer.getRoles() : this.roleContainer.getRoles(num, num2) : this.roleContainer.searchForRoles(str, num, num2);
        ArrayList arrayList = new ArrayList();
        for (RoleModel roleModel : roles) {
            if (z) {
                arrayList.add(ModelToRepresentation.toBriefRepresentation(roleModel));
            } else {
                arrayList.add(ModelToRepresentation.toRepresentation(roleModel));
            }
        }
        return arrayList;
    }

    @POST
    @Consumes({MediaType.APPLICATION_JSON})
    public Response createRole(RoleRepresentation roleRepresentation) {
        this.auth.roles().requireManage(this.roleContainer);
        if (roleRepresentation.getName() == null) {
            throw new BadRequestException();
        }
        try {
            RoleModel addRole = this.roleContainer.addRole(roleRepresentation.getName());
            addRole.setDescription(roleRepresentation.getDescription());
            roleRepresentation.setId(addRole.getId());
            if (addRole.isClientRole()) {
                this.adminEvent.resource(ResourceType.CLIENT_ROLE);
            } else {
                this.adminEvent.resource(ResourceType.REALM_ROLE);
            }
            this.adminEvent.operation(OperationType.CREATE).resourcePath(this.uriInfo, addRole.getName()).representation(roleRepresentation).success();
            return Response.created(this.uriInfo.getAbsolutePathBuilder().path(addRole.getName()).build(new Object[0])).build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Role with name " + roleRepresentation.getName() + " already exists");
        }
    }

    @GET
    @Path("{role-name}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public RoleRepresentation getRole(@PathParam("role-name") String str) {
        this.auth.roles().requireView(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        return getRole(role);
    }

    @Path("{role-name}")
    @NoCache
    @DELETE
    public void deleteRole(@PathParam("role-name") String str) {
        this.auth.roles().requireManage(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        deleteRole(role);
        if (role.isClientRole()) {
            this.adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            this.adminEvent.resource(ResourceType.REALM_ROLE);
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath(this.uriInfo).success();
    }

    @Path("{role-name}")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public Response updateRole(@PathParam("role-name") String str, RoleRepresentation roleRepresentation) {
        this.auth.roles().requireManage(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        try {
            updateRole(roleRepresentation, role);
            if (role.isClientRole()) {
                this.adminEvent.resource(ResourceType.CLIENT_ROLE);
            } else {
                this.adminEvent.resource(ResourceType.REALM_ROLE);
            }
            this.adminEvent.operation(OperationType.UPDATE).resourcePath(this.uriInfo).representation(roleRepresentation).success();
            return Response.noContent().build();
        } catch (ModelDuplicateException e) {
            return ErrorResponse.exists("Role with name " + roleRepresentation.getName() + " already exists");
        }
    }

    @POST
    @Path("{role-name}/composites")
    @Consumes({MediaType.APPLICATION_JSON})
    public void addComposites(@PathParam("role-name") String str, List<RoleRepresentation> list) {
        this.auth.roles().requireManage(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        addComposites(this.auth, this.adminEvent, this.uriInfo, list, role);
    }

    @GET
    @Path("{role-name}/composites")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Set<RoleRepresentation> getRoleComposites(@PathParam("role-name") String str) {
        this.auth.roles().requireView(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        return getRoleComposites(role);
    }

    @GET
    @Path("{role-name}/composites/realm")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Set<RoleRepresentation> getRealmRoleComposites(@PathParam("role-name") String str) {
        this.auth.roles().requireView(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        return getRealmRoleComposites(role);
    }

    @GET
    @Path("{role-name}/composites/clients/{client}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Set<RoleRepresentation> getClientRoleComposites(@PathParam("role-name") String str, @PathParam("client") String str2) {
        this.auth.roles().requireView(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        ClientModel clientById = this.realm.getClientById(str2);
        if (str2 == null) {
            throw new NotFoundException("Could not find client");
        }
        return getClientRoleComposites(clientById, role);
    }

    @Path("{role-name}/composites")
    @Consumes({MediaType.APPLICATION_JSON})
    @DELETE
    public void deleteComposites(@PathParam("role-name") String str, List<RoleRepresentation> list) {
        this.auth.roles().requireManage(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        deleteComposites(this.adminEvent, this.uriInfo, list, role);
    }

    @GET
    @Path("{role-name}/management/permissions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public ManagementPermissionReference getManagementPermissions(@PathParam("role-name") String str) {
        this.auth.roles().requireView(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        return !management.roles().isPermissionsEnabled(role) ? new ManagementPermissionReference() : RoleByIdResource.toMgmtRef(role, management);
    }

    @Path("{role-name}/management/permissions")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public ManagementPermissionReference setManagementPermissionsEnabled(@PathParam("role-name") String str, ManagementPermissionReference managementPermissionReference) {
        this.auth.roles().requireManage(this.roleContainer);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        management.roles().setPermissionsEnabled(role, managementPermissionReference.isEnabled());
        return managementPermissionReference.isEnabled() ? RoleByIdResource.toMgmtRef(role, management) : new ManagementPermissionReference();
    }

    @GET
    @Path("{role-name}/users")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<UserRepresentation> getUsersInRole(@PathParam("role-name") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        this.auth.roles().requireView(this.roleContainer);
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : 0);
        Integer valueOf2 = Integer.valueOf(num2 != null ? num2.intValue() : 100);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = this.session.users().getRoleMembers(this.realm, role, valueOf.intValue(), valueOf2.intValue()).iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(this.session, this.realm, (UserModel) it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("{role-name}/groups")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public List<GroupRepresentation> getGroupsInRole(@PathParam("role-name") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2, @QueryParam("briefRepresentation") @DefaultValue("true") boolean z) {
        this.auth.roles().requireView(this.roleContainer);
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : 0);
        Integer valueOf2 = Integer.valueOf(num2 != null ? num2.intValue() : 100);
        RoleModel role = this.roleContainer.getRole(str);
        if (role == null) {
            throw new NotFoundException("Could not find role");
        }
        return (List) this.session.realms().getGroupsByRole(this.realm, role, valueOf.intValue(), valueOf2.intValue()).stream().map(groupModel -> {
            return ModelToRepresentation.toRepresentation(groupModel, !z);
        }).collect(Collectors.toList());
    }
}
