package org.keycloak.services.resources.admin.permissions;

import org.jboss.logging.Logger;
import org.keycloak.authorization.common.UserModelIdentity;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;

/* loaded from: input_file:org/keycloak/services/resources/admin/permissions/Permissions.class */
public class Permissions {
    private static final Logger log = Logger.getLogger(Permissions.class);

    public static AdminPermissionEvaluator evaluator(KeycloakSession keycloakSession, RealmModel realmModel, RealmModel realmModel2, UserModel userModel) {
        if (log.isTraceEnabled()) {
            log.tracef("realm %s adminRealm %s", realmModel.getName(), realmModel2.getName());
            String str = null;
            RealmManager realmManager = new RealmManager(keycloakSession);
            if (RealmManager.isAdministrationRealm(realmModel2)) {
                log.tracef("isAdministrationRealm %s", realmModel2.getName());
                str = realmModel.getMasterAdminClient().getClientId();
            } else if (realmModel2.equals(realmModel)) {
                log.tracef("adminRealm.equals(realm)) %s", realmModel.getName());
                str = realmModel.getClientByClientId(realmManager.getRealmAdminClientId(realmModel)).getClientId();
            }
            log.tracef("permissions clientId %s", str);
            log.tracef("permissions clientId model is %s", realmModel.getClientByClientId(str));
        }
        if (!RealmManager.isAdministrationRealm(realmModel2) && realmModel2.equals(realmModel)) {
            return AdminPermissions.evaluator(keycloakSession, realmModel, realmModel2, userModel);
        }
        MgmtPermissions mgmtPermissions = new MgmtPermissions(keycloakSession, realmModel, realmModel2, userModel);
        mgmtPermissions.identity = new UserModelIdentity(realmModel2, userModel);
        return mgmtPermissions;
    }
}
