package io.phasetwo.service.resource;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import io.phasetwo.service.Orgs;
import io.phasetwo.service.importexport.KeycloakOrgsExportConverter;
import io.phasetwo.service.importexport.KeycloakOrgsImportConverter;
import io.phasetwo.service.importexport.representation.KeycloakOrgsRepresentation;
import io.phasetwo.service.importexport.representation.OrganizationRepresentation;
import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.model.OrganizationProvider;
import io.phasetwo.service.representation.Organization;
import io.phasetwo.service.representation.OrganizationsConfig;
import jakarta.validation.Valid;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.CollectionUtil;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.ErrorResponse;
import org.keycloak.utils.SearchQueryUtils;

/* loaded from: input_file:io/phasetwo/service/resource/OrganizationsResource.class */
public class OrganizationsResource extends OrganizationAdminResource {
    private static final Logger log = Logger.getLogger(OrganizationsResource.class);

    public OrganizationsResource(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @Path("{orgId}")
    public OrganizationResource getOrg(@PathParam("orgId") String str) {
        OrganizationModel organizationById = this.orgs.getOrganizationById(this.realm, str);
        if (organizationById == null) {
            throw new NotFoundException(String.format("%s not found", str));
        }
        if ((((OrganizationAdminAuth) this.auth).hasViewOrgs() || ((OrganizationAdminAuth) this.auth).hasOrgViewOrg(organizationById)) && ((OrganizationAdminAuth) this.auth).isOrgInRealm(organizationById)) {
            return new OrganizationResource(this, organizationById);
        }
        throw new NotAuthorizedException(String.format("Insufficient permission to access %s", str), new Object[0]);
    }

    @Produces({"application/json"})
    @GET
    @Path("me")
    public Response me() {
        HashMap newHashMap = Maps.newHashMap();
        this.orgs.getUserOrganizationsStream(this.realm, this.user).forEach(organizationModel -> {
            ArrayList newArrayList = Lists.newArrayList();
            organizationModel.getRolesStream().forEach(organizationRoleModel -> {
                if (organizationRoleModel.hasRole(this.user)) {
                    newArrayList.add(organizationRoleModel.getName());
                }
            });
            HashMap newHashMap2 = Maps.newHashMap();
            newHashMap2.put("name", organizationModel.getName());
            if (organizationModel.getDisplayName() != null) {
                newHashMap2.put("displayName", organizationModel.getDisplayName());
            }
            if (organizationModel.getUrl() != null) {
                newHashMap2.put("url", organizationModel.getUrl());
            }
            newHashMap2.put("attributes", organizationModel.getAttributes());
            newHashMap2.put("roles", newArrayList);
            newHashMap.put(organizationModel.getId(), newHashMap2);
        });
        return Response.ok(newHashMap).build();
    }

    @Produces({"application/json"})
    @GET
    @Path("")
    public Stream<Organization> listOrgs(@QueryParam("search") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2, @QueryParam("q") String str2) {
        Integer valueOf = Integer.valueOf(num != null ? num.intValue() : 0);
        Integer valueOf2 = Integer.valueOf((num2 == null || num2.intValue() > 100) ? 100 : num2.intValue());
        log.debugf("listOrgs realm: %s, search: %s, query: %s, first: %d, max: %d", new Object[]{this.realm.getName(), str, str2, valueOf, valueOf2});
        Map<String, String> newHashMap = str2 == null ? Maps.newHashMap() : SearchQueryUtils.getFields(str2);
        if (str != null) {
            newHashMap.put("name", str.trim());
        }
        return this.orgs.searchForOrganizationStream(this.realm, newHashMap, valueOf, valueOf2, ((OrganizationAdminAuth) this.auth).hasViewOrgs() ? Optional.empty() : Optional.of(((OrganizationAdminAuth) this.auth).getUser())).filter(organizationModel -> {
            return ((OrganizationAdminAuth) this.auth).hasViewOrgs() || ((OrganizationAdminAuth) this.auth).hasOrgViewOrg(organizationModel);
        }).map(organizationModel2 -> {
            return Converters.convertOrganizationModelToOrganization(organizationModel2);
        });
    }

    @Produces({"application/json"})
    @GET
    @Path("count")
    public Long countOrgs(@QueryParam("search") String str) {
        log.debugf("countOrgs %s %s", this.realm.getName(), str);
        if (((OrganizationAdminAuth) this.auth).hasViewOrgs()) {
            return this.orgs.getOrganizationsCount(this.realm, str);
        }
        throw new NotAuthorizedException("Insufficient permission to count organizations.", new Object[0]);
    }

    @Produces({"application/json"})
    @POST
    @Path("")
    @Consumes({"application/json"})
    public Response createOrg(@Valid Organization organization) {
        log.debugf("Create org for %s", this.realm.getName());
        if (!((OrganizationAdminAuth) this.auth).hasCreateOrg() && (!((OrganizationAdminAuth) this.auth).hasViewOrgs() || !((OrganizationAdminAuth) this.auth).hasManageOrgs())) {
            throw new NotAuthorizedException("Insufficient permission to create organization.", new Object[0]);
        }
        OrganizationModel createOrganization = this.orgs.createOrganization(this.realm, organization.getName(), ((OrganizationAdminAuth) this.auth).getUser(), ((OrganizationAdminAuth) this.auth).hasCreateOrg());
        createOrganization.setDisplayName(organization.getDisplayName());
        createOrganization.setUrl(organization.getUrl());
        if (organization.getAttributes() != null) {
            organization.getAttributes().forEach((str, list) -> {
                createOrganization.setAttribute(str, list);
            });
        }
        if (organization.getDomains() != null) {
            createOrganization.setDomains(organization.getDomains());
        }
        Organization convertOrganizationModelToOrganization = Converters.convertOrganizationModelToOrganization(createOrganization);
        this.adminEvent.resource(OrganizationResourceType.ORGANIZATION.name()).operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri(), convertOrganizationModelToOrganization.getId()).representation(convertOrganizationModelToOrganization).success();
        return Response.created(this.session.getContext().getUri().getAbsolutePathBuilder().path(convertOrganizationModelToOrganization.getId()).build(new Object[0])).build();
    }

    @Produces({"application/json"})
    @PUT
    @Path("config")
    @Consumes({"application/json"})
    public Response addOrganizationsConfig(@Valid OrganizationsConfig organizationsConfig) {
        log.debugf("Create org config for realm %s", this.realm.getName());
        if (!((OrganizationAdminAuth) this.auth).hasManageRealm()) {
            throw new NotAuthorizedException("Insufficient permission to update organization config.", new Object[0]);
        }
        resetIdentityProviders(organizationsConfig.isSharedIdps());
        this.realm.setAttribute(Orgs.ORG_CONFIG_CREATE_ADMIN_USER_KEY, Boolean.valueOf(organizationsConfig.isCreateAdminUser()));
        this.realm.setAttribute(Orgs.ORG_CONFIG_SHARED_IDPS_KEY, Boolean.valueOf(organizationsConfig.isSharedIdps()));
        return Response.ok(organizationsConfig).build();
    }

    private void resetIdentityProviders(boolean z) {
        if (!this.realm.getAttribute(Orgs.ORG_CONFIG_SHARED_IDPS_KEY, false).booleanValue() || z) {
            return;
        }
        this.realm.getIdentityProvidersStream().forEach(identityProviderModel -> {
            identityProviderModel.getConfig().put(Orgs.ORG_SHARED_IDP_KEY, "false");
            identityProviderModel.getConfig().put(Orgs.ORG_OWNER_CONFIG_KEY, null);
            this.realm.updateIdentityProvider(identityProviderModel);
        });
    }

    @Produces({"application/json"})
    @GET
    @Path("config")
    public Response getOrganizationConfig() {
        log.debugf("Create org config for realm %s", this.realm.getName());
        if (!((OrganizationAdminAuth) this.auth).hasManageRealm()) {
            throw new NotAuthorizedException("Insufficient permission to update organization config.", new Object[0]);
        }
        OrganizationsConfig organizationsConfig = new OrganizationsConfig();
        organizationsConfig.setCreateAdminUser(this.realm.getAttribute(Orgs.ORG_CONFIG_CREATE_ADMIN_USER_KEY, true).booleanValue());
        organizationsConfig.setSharedIdps(this.realm.getAttribute(Orgs.ORG_CONFIG_SHARED_IDPS_KEY, false).booleanValue());
        return Response.ok(organizationsConfig).build();
    }

    @Produces({"application/json"})
    @GET
    @Path("export")
    public Response exportOrgs(@QueryParam("exportMembersAndInvitations") Boolean bool) {
        log.debugf("Export org for %s", this.realm.getName());
        boolean z = bool != null && bool.booleanValue();
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs()) {
            throw new NotAuthorizedException("Insufficient permission to export organization.", new Object[0]);
        }
        List<OrganizationRepresentation> list = this.orgs.searchForOrganizationStream(this.realm, Map.of(), 0, Integer.MAX_VALUE, Optional.empty()).map(organizationModel -> {
            return KeycloakOrgsExportConverter.convertOrganizationModelToOrganizationRepresentation(organizationModel, z);
        }).toList();
        KeycloakOrgsRepresentation keycloakOrgsRepresentation = new KeycloakOrgsRepresentation();
        keycloakOrgsRepresentation.setOrganizations(list);
        Response.ResponseBuilder ok = Response.ok();
        ok.type("application/json");
        ok.entity(keycloakOrgsRepresentation);
        return ok.build();
    }

    @Produces({"application/json"})
    @POST
    @Path("import")
    @Consumes({"application/json"})
    public Response importOrgs(KeycloakOrgsRepresentation keycloakOrgsRepresentation, @QueryParam("skipMissingMember") Boolean bool, @QueryParam("skipMissingIdp") Boolean bool2) {
        log.debugf("Import orgs for %s", this.realm.getName());
        boolean z = bool != null && bool.booleanValue();
        boolean z2 = bool2 != null && bool2.booleanValue();
        if (!((OrganizationAdminAuth) this.auth).hasViewOrgs() || !((OrganizationAdminAuth) this.auth).hasManageOrgs()) {
            throw new NotAuthorizedException("Insufficient permission to import organization.", new Object[0]);
        }
        List<OrganizationRepresentation> organizations = keycloakOrgsRepresentation.getOrganizations();
        if (CollectionUtil.isEmpty(organizations)) {
            Response.ResponseBuilder noContent = Response.noContent();
            noContent.type("application/json");
            return noContent.build();
        }
        KeycloakModelUtils.runJobInTransaction(this.session.getKeycloakSessionFactory(), keycloakSession -> {
            organizations.forEach(organizationRepresentation -> {
                createOrganization(z, z2, keycloakSession, organizationRepresentation);
            });
            this.adminEvent.clone(keycloakSession).resource(OrganizationResourceType.ORGANIZATION_IMPORT.name()).operation(OperationType.CREATE).resourcePath(keycloakSession.getContext().getUri()).representation(keycloakOrgsRepresentation).success();
        });
        Response.ResponseBuilder ok = Response.ok();
        ok.type("application/json");
        return ok.build();
    }

    private void createOrganization(boolean z, boolean z2, KeycloakSession keycloakSession, OrganizationRepresentation organizationRepresentation) {
        try {
            OrganizationModel createOrganization = ((OrganizationProvider) keycloakSession.getProvider(OrganizationProvider.class)).createOrganization(this.realm, organizationRepresentation.getOrganization().getName(), this.user, false);
            KeycloakOrgsImportConverter.setOrganizationAttributes(organizationRepresentation.getOrganization(), createOrganization);
            KeycloakOrgsImportConverter.createOrganizationRoles(organizationRepresentation.getRoles(), createOrganization);
            KeycloakOrgsImportConverter.createOrganizationIdp(this.realm, organizationRepresentation.getIdpLink(), createOrganization, z2);
            KeycloakOrgsImportConverter.addMembers(keycloakSession, this.realm, organizationRepresentation, createOrganization, z);
            KeycloakOrgsImportConverter.addInvitations(keycloakSession, this.realm, organizationRepresentation, createOrganization, z);
        } catch (ModelException e) {
            throw ErrorResponse.error(e.getMessage(), Response.Status.BAD_REQUEST);
        } catch (ModelDuplicateException e2) {
            throw ErrorResponse.exists("Duplicate organization with name: %s".formatted(organizationRepresentation.getOrganization().getName()));
        } catch (Exception e3) {
            throw ErrorResponse.error(e3.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
        }
    }
}
