package org.keycloak.authorization.admin;

import java.util.Arrays;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/authorization/admin/ScopeService.class */
public class ScopeService {
    private final AuthorizationProvider authorization;
    private final RealmAuth auth;
    private ResourceServer resourceServer;

    public ScopeService(ResourceServer resourceServer, AuthorizationProvider authorizationProvider, RealmAuth realmAuth) {
        this.resourceServer = resourceServer;
        this.authorization = authorizationProvider;
        this.auth = realmAuth;
    }

    @POST
    @Produces({MediaType.APPLICATION_JSON})
    @Consumes({MediaType.APPLICATION_JSON})
    public Response create(ScopeRepresentation scopeRepresentation) {
        this.auth.requireManage();
        scopeRepresentation.setId(Models.toModel(scopeRepresentation, this.resourceServer, this.authorization).getId());
        return Response.status(Response.Status.CREATED).entity(scopeRepresentation).build();
    }

    @Path("{id}")
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public Response update(@PathParam("id") String str, ScopeRepresentation scopeRepresentation) {
        this.auth.requireManage();
        scopeRepresentation.setId(str);
        Scope findById = this.authorization.getStoreFactory().getScopeStore().findById(scopeRepresentation.getId());
        if (findById == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        findById.setName(scopeRepresentation.getName());
        findById.setIconUri(scopeRepresentation.getIconUri());
        return Response.noContent().build();
    }

    @Path("{id}")
    @DELETE
    public Response delete(@PathParam("id") String str) {
        this.auth.requireManage();
        StoreFactory storeFactory = this.authorization.getStoreFactory();
        if (!storeFactory.getResourceStore().findByScope(new String[]{str}).isEmpty()) {
            return ErrorResponse.exists("Scopes can not be removed while associated with resources.");
        }
        Scope findById = storeFactory.getScopeStore().findById(str);
        PolicyStore policyStore = storeFactory.getPolicyStore();
        for (Policy policy : policyStore.findByScopeIds(Arrays.asList(findById.getId()), this.resourceServer.getId())) {
            if (policy.getScopes().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.removeScope(findById);
            }
        }
        storeFactory.getScopeStore().delete(str);
        return Response.noContent().build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("{id}")
    public Response findById(@PathParam("id") String str) {
        this.auth.requireView();
        Scope findById = this.authorization.getStoreFactory().getScopeStore().findById(str);
        return findById == null ? Response.status(Response.Status.NOT_FOUND).build() : Response.ok(Models.toRepresentation(findById, this.authorization)).build();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    public Response findAll() {
        this.auth.requireView();
        return Response.ok(this.authorization.getStoreFactory().getScopeStore().findByResourceServer(this.resourceServer.getId()).stream().map(scope -> {
            return Models.toRepresentation(scope, this.authorization);
        }).collect(Collectors.toList())).build();
    }
}
