package io.phasetwo.service.resource;

import com.google.common.base.Strings;
import io.phasetwo.service.Orgs;
import io.phasetwo.service.model.OrganizationModel;
import io.phasetwo.service.util.ActiveOrganization;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.events.admin.OperationType;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:io/phasetwo/service/resource/MembersResource.class */
public class MembersResource extends OrganizationAdminResource {
    private static final Logger log = Logger.getLogger(MembersResource.class);
    private final OrganizationModel organization;

    public MembersResource(OrganizationAdminResource organizationAdminResource, OrganizationModel organizationModel) {
        super(organizationAdminResource);
        this.organization = organizationModel;
    }

    @Produces({"application/json"})
    @GET
    @Path("")
    public Stream<UserRepresentation> getMembers(@QueryParam("search") String str, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        log.debugf("Get members for %s %s [%s]", this.realm.getName(), this.organization.getId(), str);
        return this.organization.searchForMembersStream(str, Integer.valueOf(num != null ? num.intValue() : 0), Integer.valueOf(num2 != null ? num2.intValue() : 100)).map(userModel -> {
            return ModelToRepresentation.toRepresentation(this.session, this.realm, userModel);
        });
    }

    @Produces({"application/json"})
    @GET
    @Path("count")
    public Long getMembersCount() {
        log.debugf("Get members count for %s %s", this.realm.getName(), this.organization.getId());
        return this.organization.getMembersCount();
    }

    @DELETE
    @Path("{userId}")
    public Response removeMember(@PathParam("userId") String str) {
        canDelete(str);
        log.debugf("Remove member %s from %s %s", str, this.realm.getName(), this.organization.getId());
        UserModel userById = this.session.users().getUserById(this.realm, str);
        if (!Strings.isNullOrEmpty(userById.getUsername()) && userById.getUsername().equals(OrganizationResourceProviderFactory.getDefaultAdminUsername(this.organization))) {
            throw new ForbiddenException("Cannot remove default organization user.");
        }
        if (!this.organization.hasMembership(userById)) {
            throw new NotFoundException();
        }
        ActiveOrganization fromContext = ActiveOrganization.fromContext(this.session, this.realm, userById);
        if (fromContext.isValid() && fromContext.isCurrentActiveOrganization(this.organization.getId())) {
            userById.setAttribute(Orgs.ACTIVE_ORGANIZATION, new ArrayList());
            new EventBuilder(this.realm, this.session, this.connection).event(EventType.UPDATE_PROFILE).user(this.user).detail("removed_active_organization_id", fromContext.getOrganization().getId()).success();
        }
        this.organization.revokeMembership(userById);
        this.adminEvent.resource(OrganizationResourceType.ORGANIZATION_MEMBERSHIP.name()).operation(OperationType.DELETE).resourcePath(this.session.getContext().getUri()).representation(str).success();
        return Response.noContent().build();
    }

    @GET
    @Path("{userId}")
    public Response getMember(@PathParam("userId") String str) {
        log.debugf("Check membership %s for %s %s", str, this.realm.getName(), this.organization.getId());
        UserModel userById = this.session.users().getUserById(this.realm, str);
        if (userById == null || !this.organization.hasMembership(userById)) {
            throw new NotFoundException();
        }
        return Response.noContent().build();
    }

    @PUT
    @Produces({"application/json"})
    @Path("{userId}")
    public Response addMember(@PathParam("userId") String str) {
        log.debugf("Add %s as member for %s %s", str, this.realm.getName(), this.organization.getId());
        canManage();
        UserModel userById = this.session.users().getUserById(this.realm, str);
        if (userById == null) {
            throw new NotFoundException();
        }
        if (!this.organization.hasMembership(userById)) {
            this.organization.grantMembership(userById);
            this.adminEvent.resource(OrganizationResourceType.ORGANIZATION_MEMBERSHIP.name()).operation(OperationType.CREATE).resourcePath(this.session.getContext().getUri()).representation(str).success();
        }
        return Response.created(this.session.getContext().getUri().getAbsolutePathBuilder().build(new Object[0])).build();
    }

    private void canManage() {
        if (!((OrganizationAdminAuth) this.auth).hasManageOrgs() && !((OrganizationAdminAuth) this.auth).hasOrgManageMembers(this.organization)) {
            throw new NotAuthorizedException(String.format("User %s doesn't have permission to manage members in org %s", ((OrganizationAdminAuth) this.auth).getUser().getId(), this.organization.getName()), new Object[0]);
        }
    }

    private void canDelete(String str) {
        if (str.equals(this.user.getId())) {
            return;
        }
        canManage();
    }
}
