package io.phasetwo.service.resource;

import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.model.OrganizationRoleModel;
import io.phasetwo.service.representation.BulkResponseItem;
import io.phasetwo.service.representation.OrganizationRole;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.ClientErrorException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.PATCH;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.events.admin.OperationType;

/* loaded from: input_file:io/phasetwo/service/resource/RolesResource.class */
public class RolesResource extends OrganizationAdminResource {
    private static final Logger log = Logger.getLogger(RolesResource.class);
    private final OrganizationModel organization;

    public RolesResource(OrganizationAdminResource organizationAdminResource, OrganizationModel organizationModel) {
        super(organizationAdminResource);
        this.organization = organizationModel;
    }

    @Path("{alias}")
    public RoleResource roles(@PathParam("alias") String str) {
        if (this.organization.getRoleByName(str) == null) {
            throw new NotFoundException();
        }
        return new RoleResource(this, this.organization, str, this::deleteOrganizationRole);
    }

    @Produces({"application/json"})
    @GET
    public Stream<OrganizationRole> getRoles() {
        return this.organization.getRolesStream().map(organizationRoleModel -> {
            return Converters.convertOrganizationRole(organizationRoleModel);
        });
    }

    @POST
    @Consumes({"application/json"})
    public Response createRole(OrganizationRole organizationRole) {
        canManage();
        return Response.created(this.session.getContext().getUri().getAbsolutePathBuilder().path(createOrganizationRole(organizationRole).getName()).build(new Object[0])).build();
    }

    @PUT
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response createRoles(List<OrganizationRole> list) {
        canManage();
        ArrayList arrayList = new ArrayList();
        list.forEach(organizationRole -> {
            BulkResponseItem status = new BulkResponseItem().status(Response.Status.CREATED.getStatusCode());
            try {
                status.setItem(createOrganizationRole(organizationRole));
            } catch (Exception e) {
                status.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                status.setError(e.getMessage());
            }
            arrayList.add(status);
        });
        return Response.status(207).location(this.session.getContext().getUri().getAbsolutePathBuilder().build(new Object[0])).entity(arrayList).build();
    }

    @PATCH
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response deleteRoles(List<OrganizationRole> list) {
        canManage();
        ArrayList arrayList = new ArrayList();
        list.forEach(organizationRole -> {
            BulkResponseItem status = new BulkResponseItem().status(Response.Status.NO_CONTENT.getStatusCode());
            try {
                deleteOrganizationRole(organizationRole.getName());
                status.setItem(organizationRole);
            } catch (Exception e) {
                status.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                status.setError(e.getMessage());
            }
            arrayList.add(status);
        });
        return Response.status(207).location(this.session.getContext().getUri().getAbsolutePathBuilder().build(new Object[0])).entity(arrayList).build();
    }

    private OrganizationRole createOrganizationRole(OrganizationRole organizationRole) {
        if (this.organization.getRoleByName(organizationRole.getName()) != null) {
            log.debug("duplicate role");
            throw new ClientErrorException(Response.Status.CONFLICT);
        }
        OrganizationRoleModel addRole = this.organization.addRole(organizationRole.getName());
        addRole.setDescription(organizationRole.getDescription());
        OrganizationRole convertOrganizationRole = Converters.convertOrganizationRole(addRole);
        this.adminEvent.resource(OrganizationResourceType.ORGANIZATION_ROLE.name()).operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri(), convertOrganizationRole.getName()).representation(convertOrganizationRole).success();
        return convertOrganizationRole;
    }

    public void deleteOrganizationRole(String str) {
        if (Arrays.asList(OrganizationAdminAuth.DEFAULT_ORG_ROLES).contains(str)) {
            throw new BadRequestException(String.format("Default organization role %s cannot be deleted.", str));
        }
        this.organization.removeRole(str);
        this.adminEvent.resource(OrganizationResourceType.ORGANIZATION_ROLE.name()).operation(OperationType.DELETE).resourcePath(this.session.getContext().getUri(), str).representation(str).success();
    }

    private void canManage() {
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs() && !((OrganizationAdminAuth) this.auth).hasOrgManageRoles(this.organization)) {
            throw new NotAuthorizedException(String.format("User %s doesn't have permission to manage roles in org %s", ((OrganizationAdminAuth) this.auth).getUser().getId(), this.organization.getName()), new Object[0]);
        }
    }
}
