package io.phasetwo.service.resource;

import io.phasetwo.service.Orgs;
import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.model.OrganizationRoleModel;
import io.phasetwo.service.representation.BulkResponseItem;
import io.phasetwo.service.representation.Organization;
import io.phasetwo.service.representation.OrganizationRole;
import io.phasetwo.service.representation.SwitchOrganization;
import io.phasetwo.service.util.ActiveOrganization;
import io.phasetwo.service.util.TokenManager;
import jakarta.validation.Valid;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.PATCH;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;

/* loaded from: input_file:io/phasetwo/service/resource/UserResource.class */
public class UserResource extends OrganizationAdminResource {
    private static final Logger log = Logger.getLogger(UserResource.class);

    public UserResource(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @Produces({"application/json"})
    @GET
    @Path("/{userId}/orgs")
    public Stream<Organization> listUserOrgs(@PathParam("userId") String str) {
        log.debugv("Get org memberships for %s %s", this.realm.getName(), str);
        return this.orgs.getUserOrganizationsStream(this.realm, this.session.users().getUserById(this.realm, str)).filter(organizationModel -> {
            return ((OrganizationAdminAuth) this.auth).hasViewOrgs() || ((OrganizationAdminAuth) this.auth).hasOrgViewOrg(organizationModel);
        }).map(organizationModel2 -> {
            return Converters.convertOrganizationModelToOrganization(organizationModel2);
        });
    }

    @Produces({"application/json"})
    @GET
    @Path("/{userId}/orgs/{orgId}/roles")
    public Stream<OrganizationRole> listUserOrgRoles(@PathParam("userId") String str, @PathParam("orgId") String str2) {
        log.debugv("Get org roles for %s %s %s", this.realm.getName(), str, str2);
        UserModel userById = this.session.users().getUserById(this.realm, str);
        OrganizationModel organizationById = this.orgs.getOrganizationById(this.realm, str2);
        if (!((OrganizationAdminAuth) this.auth).hasViewOrgs() && !((OrganizationAdminAuth) this.auth).hasOrgViewRoles(organizationById)) {
            throw new NotAuthorizedException("Insufficient permissions", new Object[0]);
        }
        if (organizationById.hasMembership(userById)) {
            return organizationById.getRolesStream().filter(organizationRoleModel -> {
                return organizationRoleModel.hasRole(userById);
            }).map(organizationRoleModel2 -> {
                return Converters.convertOrganizationRole(organizationRoleModel2);
            });
        }
        throw new NotFoundException("User is not a member of the organization");
    }

    @Produces({"application/json"})
    @PUT
    @Path("/switch-organization")
    @Consumes({"application/json"})
    public Response switchActiveOrganization(@Valid SwitchOrganization switchOrganization) {
        OrganizationModel organizationById = this.orgs.getOrganizationById(this.realm, switchOrganization.getId());
        if (organizationById == null) {
            throw new NotFoundException(String.format("%s not found", switchOrganization.getId()));
        }
        if (!organizationById.hasMembership(this.user)) {
            throw new NotAuthorizedException("Not a member of this organization.", new Object[0]);
        }
        String firstAttribute = this.user.getFirstAttribute(Orgs.ACTIVE_ORGANIZATION);
        this.user.setAttribute(Orgs.ACTIVE_ORGANIZATION, Collections.singletonList(switchOrganization.getId()));
        TokenManager tokenManager = new TokenManager(this.session, ((OrganizationAdminAuth) this.auth).getToken(), this.realm, this.user);
        new EventBuilder(this.realm, this.session, this.connection).event(EventType.UPDATE_PROFILE).user(this.user).detail("new_active_organization_id", switchOrganization.getId()).detail("previous_active_organization_id", firstAttribute).success();
        return Response.ok(tokenManager.generateTokens()).build();
    }

    @Produces({"application/json"})
    @GET
    @Path("/active-organization")
    public Organization getActiveOrganization() {
        ActiveOrganization fromContext = ActiveOrganization.fromContext(this.session, this.realm, ((OrganizationAdminAuth) this.auth).getUser());
        if (fromContext.isValid()) {
            return Converters.convertOrganizationModelToOrganization(fromContext.getOrganization());
        }
        throw new NotAuthorizedException("Action not allowed.", new Object[0]);
    }

    @Produces({"application/json"})
    @PUT
    @Path("/{userId}/orgs/{orgId}/roles")
    @Consumes({"application/json"})
    public Response grantUserOrgRoles(@PathParam("userId") String str, @PathParam("orgId") String str2, List<OrganizationRole> list) {
        log.debugf("Grant user organization roles for %s %s %s", this.realm.getName(), str, str2);
        UserModel userById = this.session.users().getUserById(this.realm, str);
        OrganizationModel organizationById = this.orgs.getOrganizationById(this.realm, str2);
        canManage(str, str2, userById, organizationById);
        ArrayList arrayList = new ArrayList();
        list.forEach(organizationRole -> {
            OrganizationRoleModel roleByName;
            BulkResponseItem status = new BulkResponseItem().status(Response.Status.CREATED.getStatusCode());
            try {
                roleByName = organizationById.getRoleByName(organizationRole.getName());
            } catch (Exception e) {
                status.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                status.setError(e.getMessage());
            }
            if (roleByName == null) {
                throw new NotFoundException(String.format("Organization %s doesn't contain role %s", str2, organizationRole.getName()));
            }
            if (!roleByName.hasRole(userById)) {
                roleByName.grantRole(userById);
                this.adminEvent.resource(OrganizationResourceType.ORGANIZATION_ROLE_MAPPING.name()).operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri()).representation(str).success();
            }
            status.setItem(Converters.convertOrganizationRole(roleByName));
            arrayList.add(status);
        });
        return Response.status(207).location(this.session.getContext().getUri().getAbsolutePathBuilder().build(new Object[0])).entity(arrayList).build();
    }

    @Produces({"application/json"})
    @PATCH
    @Path("/{userId}/orgs/{orgId}/roles")
    @Consumes({"application/json"})
    public Response revokeUserOrgRoles(@PathParam("userId") String str, @PathParam("orgId") String str2, List<OrganizationRole> list) {
        log.debugf("Revoke user organization roles for %s %s %s", this.realm.getName(), str, str2);
        UserModel userById = this.session.users().getUserById(this.realm, str);
        OrganizationModel organizationById = this.orgs.getOrganizationById(this.realm, str2);
        canManage(str, str2, userById, organizationById);
        ArrayList arrayList = new ArrayList();
        list.forEach(organizationRole -> {
            BulkResponseItem status = new BulkResponseItem().status(Response.Status.NO_CONTENT.getStatusCode());
            OrganizationRoleModel roleByName = organizationById.getRoleByName(organizationRole.getName());
            try {
            } catch (Exception e) {
                status.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                status.setError(e.getMessage());
            }
            if (roleByName == null) {
                throw new NotFoundException(String.format("Organization %s doesn't contain role %s", str2, organizationRole.getName()));
            }
            if (roleByName.hasRole(userById)) {
                roleByName.revokeRole(userById);
                this.adminEvent.resource(OrganizationResourceType.ORGANIZATION_ROLE_MAPPING.name()).operation(OperationType.DELETE).resourcePath(this.session.getContext().getUri()).representation(str).success();
            }
            status.setItem(Converters.convertOrganizationRole(roleByName));
            arrayList.add(status);
        });
        return Response.status(207).location(this.session.getContext().getUri().getAbsolutePathBuilder().build(new Object[0])).entity(arrayList).build();
    }

    private void canManage(String str, String str2, UserModel userModel, OrganizationModel organizationModel) {
        if (userModel == null) {
            throw new NotFoundException(String.format("User %s doesn't exist", str));
        }
        if (organizationModel == null) {
            throw new NotFoundException(String.format("Organization %s doesn't exist", str2));
        }
        if (!organizationModel.hasMembership(userModel)) {
            throw new BadRequestException(String.format("User %s must be a member of %s to be granted roles.", str, organizationModel.getName()));
        }
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs() && !((OrganizationAdminAuth) this.auth).hasOrgManageRoles(organizationModel)) {
            throw new NotAuthorizedException("Insufficient permissions", new Object[0]);
        }
    }
}
