package org.keycloak.services.resources.admin;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/GroupResource.class */
public class GroupResource {
    private final RealmModel realm;
    private final KeycloakSession session;
    private final AdminPermissionEvaluator auth;
    private final AdminEventBuilder adminEvent;
    private final GroupModel group;

    public GroupResource(RealmModel realmModel, GroupModel groupModel, KeycloakSession keycloakSession, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        this.realm = realmModel;
        this.session = keycloakSession;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder.resource(ResourceType.GROUP);
        this.group = groupModel;
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    public GroupRepresentation getGroup() {
        this.auth.groups().requireView(this.group);
        GroupRepresentation groupHierarchy = ModelToRepresentation.toGroupHierarchy(this.group, true);
        groupHierarchy.setAccess(this.auth.groups().getAccess(this.group));
        return groupHierarchy;
    }

    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void updateGroup(GroupRepresentation groupRepresentation) {
        this.auth.groups().requireManage(this.group);
        updateGroup(groupRepresentation, this.group);
        this.adminEvent.operation(OperationType.UPDATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(groupRepresentation).success();
    }

    @DELETE
    public void deleteGroup() {
        this.auth.groups().requireManage(this.group);
        this.realm.removeGroup(this.group);
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @Path("children")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response addChild(GroupRepresentation groupRepresentation) {
        GroupModel createGroup;
        this.auth.groups().requireManage(this.group);
        Iterator it = this.group.getSubGroups().iterator();
        while (it.hasNext()) {
            if (((GroupModel) it.next()).getName().equals(groupRepresentation.getName())) {
                return ErrorResponse.exists("Parent already contains subgroup named '" + groupRepresentation.getName() + "'");
            }
        }
        Response.ResponseBuilder status = Response.status(204);
        if (groupRepresentation.getId() != null) {
            createGroup = this.realm.getGroupById(groupRepresentation.getId());
            if (createGroup == null) {
                throw new NotFoundException("Could not find child by id");
            }
            this.adminEvent.operation(OperationType.UPDATE);
        } else {
            createGroup = this.realm.createGroup(groupRepresentation.getName());
            updateGroup(groupRepresentation, createGroup);
            status.status(201).location(this.session.getContext().getUri().getBaseUriBuilder().path((String) this.session.getContext().getUri().getMatchedURIs().get(2)).path(createGroup.getId()).build(new Object[0]));
            groupRepresentation.setId(createGroup.getId());
            this.adminEvent.operation(OperationType.CREATE);
        }
        this.realm.moveGroup(createGroup, this.group);
        this.adminEvent.resourcePath((UriInfo) this.session.getContext().getUri()).representation(groupRepresentation).success();
        return status.type(javax.ws.rs.core.MediaType.APPLICATION_JSON_TYPE).entity(ModelToRepresentation.toGroupHierarchy(createGroup, true)).build();
    }

    public static void updateGroup(GroupRepresentation groupRepresentation, GroupModel groupModel) {
        if (groupRepresentation.getName() != null) {
            groupModel.setName(groupRepresentation.getName());
        }
        if (groupRepresentation.getAttributes() != null) {
            HashSet hashSet = new HashSet(groupModel.getAttributes().keySet());
            hashSet.removeAll(groupRepresentation.getAttributes().keySet());
            for (Map.Entry entry : groupRepresentation.getAttributes().entrySet()) {
                groupModel.setAttribute((String) entry.getKey(), (List) entry.getValue());
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                groupModel.removeAttribute((String) it.next());
            }
        }
    }

    @Path("role-mappings")
    public RoleMapperResource getRoleMappings() {
        RoleMapperResource roleMapperResource = new RoleMapperResource(this.realm, this.auth, this.group, this.adminEvent, () -> {
            this.auth.groups().requireManage(this.group);
        }, () -> {
            this.auth.groups().requireView(this.group);
        });
        ResteasyProviderFactory.getInstance().injectProperties(roleMapperResource);
        return roleMapperResource;
    }

    @GET
    @NoCache
    @Path("members")
    @Produces({MediaType.APPLICATION_JSON})
    public List<UserRepresentation> getMembers(@QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        this.auth.groups().requireViewMembers(this.group);
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : 0);
        Integer valueOf2 = Integer.valueOf(num2 != null ? num2.intValue() : 100);
        ArrayList arrayList = new ArrayList();
        Iterator it = this.session.users().getGroupMembers(this.realm, this.group, valueOf.intValue(), valueOf2.intValue()).iterator();
        while (it.hasNext()) {
            arrayList.add(ModelToRepresentation.toRepresentation(this.session, this.realm, (UserModel) it.next()));
        }
        return arrayList;
    }

    @GET
    @Path("management/permissions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public ManagementPermissionReference getManagementPermissions() {
        this.auth.groups().requireView(this.group);
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        return !management.groups().isPermissionsEnabled(this.group) ? new ManagementPermissionReference() : toMgmtRef(this.group, management);
    }

    public static ManagementPermissionReference toMgmtRef(GroupModel groupModel, AdminPermissionManagement adminPermissionManagement) {
        ManagementPermissionReference managementPermissionReference = new ManagementPermissionReference();
        managementPermissionReference.setEnabled(true);
        managementPermissionReference.setResource(adminPermissionManagement.groups().resource(groupModel).getId());
        managementPermissionReference.setScopePermissions(adminPermissionManagement.groups().getPermissions(groupModel));
        return managementPermissionReference;
    }

    @Path("management/permissions")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public ManagementPermissionReference setManagementPermissionsEnabled(ManagementPermissionReference managementPermissionReference) {
        this.auth.groups().requireManage(this.group);
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        management.groups().setPermissionsEnabled(this.group, managementPermissionReference.isEnabled());
        return managementPermissionReference.isEnabled() ? toMgmtRef(this.group, management) : new ManagementPermissionReference();
    }
}
