package org.keycloak.services.resources.admin.permissions;

import org.jboss.logging.Logger;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ForbiddenException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/services/resources/admin/permissions/RealmPermissions.class */
public class RealmPermissions implements RealmPermissionEvaluator {
    private static final Logger logger = Logger.getLogger(RealmPermissions.class);
    protected final KeycloakSession session;
    protected final RealmModel realm;
    protected final AuthorizationProvider authz;
    protected final MgmtPermissions root;

    public RealmPermissions(KeycloakSession keycloakSession, RealmModel realmModel, AuthorizationProvider authorizationProvider, MgmtPermissions mgmtPermissions) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.authz = authorizationProvider;
        this.root = mgmtPermissions;
    }

    public boolean canManageRealmDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_REALM);
    }

    public boolean canViewRealmDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_REALM, AdminRoles.VIEW_REALM);
    }

    public boolean canManageIdentityProvidersDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_IDENTITY_PROVIDERS);
    }

    public boolean canViewIdentityProvidersDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_IDENTITY_PROVIDERS, AdminRoles.VIEW_IDENTITY_PROVIDERS);
    }

    public boolean canManageAuthorizationDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_AUTHORIZATION, AdminRoles.MANAGE_CLIENTS);
    }

    public boolean canViewAuthorizationDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_AUTHORIZATION, AdminRoles.VIEW_AUTHORIZATION);
    }

    public boolean canManageEventsDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_EVENTS);
    }

    public boolean canViewEventsDefault() {
        return this.root.hasOneAdminRole(AdminRoles.MANAGE_EVENTS, AdminRoles.VIEW_EVENTS);
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canListRealms() {
        return canViewRealm() || this.root.hasOneAdminRole(AdminRoles.QUERY_REALMS);
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireViewRealmNameList() {
        if (!canListRealms()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canManageRealm() {
        return canManageRealmDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireManageRealm() {
        if (!canManageRealm()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canViewRealm() {
        return canViewRealmDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireViewRealm() {
        if (!canViewRealm()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canManageIdentityProviders() {
        return canManageIdentityProvidersDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canViewIdentityProviders() {
        return canViewIdentityProvidersDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireViewIdentityProviders() {
        if (!canViewIdentityProviders()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireManageIdentityProviders() {
        if (!canManageIdentityProviders()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canManageAuthorization() {
        return canManageAuthorizationDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canViewAuthorization() {
        return canViewAuthorizationDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireManageAuthorization() {
        if (!canManageAuthorization()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireViewAuthorization() {
        if (!canViewAuthorization()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canManageEvents() {
        return canManageEventsDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireManageEvents() {
        if (!canManageEvents()) {
            throw new ForbiddenException();
        }
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public boolean canViewEvents() {
        return canViewEventsDefault();
    }

    @Override // org.keycloak.services.resources.admin.permissions.RealmPermissionEvaluator
    public void requireViewEvents() {
        if (!canViewEvents()) {
            throw new ForbiddenException();
        }
    }
}
