package org.keycloak.services.resources.admin;

import java.util.List;
import java.util.stream.Stream;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/RoleByIdResource.class */
public class RoleByIdResource extends RoleResource {
    protected static final Logger logger = Logger.getLogger(RoleByIdResource.class);
    private final RealmModel realm;
    private AdminPermissionEvaluator auth;
    private AdminEventBuilder adminEvent;

    @Context
    private KeycloakSession session;

    public RoleByIdResource(RealmModel realmModel, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        super(realmModel);
        this.realm = realmModel;
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder;
    }

    @GET
    @Path("{role-id}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public RoleRepresentation getRole(@PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        return getRole(roleModel);
    }

    protected RoleModel getRoleModel(String str) {
        RoleModel roleById = this.realm.getRoleById(str);
        if (roleById == null) {
            throw new NotFoundException("Could not find role with id");
        }
        return roleById;
    }

    @Path("{role-id}")
    @NoCache
    @DELETE
    public void deleteRole(@PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        deleteRole(roleModel);
        if (roleModel.isClientRole()) {
            this.adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            this.adminEvent.resource(ResourceType.REALM_ROLE);
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @Path("{role-id}")
    @PUT
    @Consumes({MediaType.APPLICATION_JSON})
    public void updateRole(@PathParam("role-id") String str, RoleRepresentation roleRepresentation) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        updateRole(roleRepresentation, roleModel);
        if (roleModel.isClientRole()) {
            this.adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            this.adminEvent.resource(ResourceType.REALM_ROLE);
        }
        this.adminEvent.operation(OperationType.UPDATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(roleRepresentation).success();
    }

    @POST
    @Path("{role-id}/composites")
    @Consumes({MediaType.APPLICATION_JSON})
    public void addComposites(@PathParam("role-id") String str, List<RoleRepresentation> list) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        addComposites(this.auth, this.adminEvent, this.session.getContext().getUri(), list, roleModel);
    }

    @GET
    @Path("{role-id}/composites")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Stream<RoleRepresentation> getRoleComposites(@PathParam("role-id") String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("*** getRoleComposites: '" + str + "'");
        }
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        return roleModel.getCompositesStream().map(ModelToRepresentation::toBriefRepresentation);
    }

    @GET
    @Path("{role-id}/composites/realm")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Stream<RoleRepresentation> getRealmRoleComposites(@PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        return getRealmRoleComposites(roleModel);
    }

    @GET
    @Path("{role-id}/composites/clients/{clientUuid}")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public Stream<RoleRepresentation> getClientRoleComposites(@PathParam("role-id") String str, @PathParam("clientUuid") String str2) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        ClientModel clientById = this.realm.getClientById(str2);
        if (clientById == null) {
            throw new NotFoundException("Could not find client");
        }
        return getClientRoleComposites(clientById, roleModel);
    }

    @Path("{role-id}/composites")
    @Consumes({MediaType.APPLICATION_JSON})
    @DELETE
    public void deleteComposites(@PathParam("role-id") String str, List<RoleRepresentation> list) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        deleteComposites(this.adminEvent, this.session.getContext().getUri(), list, roleModel);
    }

    @GET
    @Path("{role-id}/management/permissions")
    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    public ManagementPermissionReference getManagementPermissions(@PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        return !management.roles().isPermissionsEnabled(roleModel) ? new ManagementPermissionReference() : toMgmtRef(roleModel, management);
    }

    public static ManagementPermissionReference toMgmtRef(RoleModel roleModel, AdminPermissionManagement adminPermissionManagement) {
        ManagementPermissionReference managementPermissionReference = new ManagementPermissionReference();
        managementPermissionReference.setEnabled(true);
        managementPermissionReference.setResource(adminPermissionManagement.roles().resource(roleModel).getId());
        managementPermissionReference.setScopePermissions(adminPermissionManagement.roles().getPermissions(roleModel));
        return managementPermissionReference;
    }

    @Path("{role-id}/management/permissions")
    @NoCache
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @PUT
    public ManagementPermissionReference setManagementPermissionsEnabled(@PathParam("role-id") String str, ManagementPermissionReference managementPermissionReference) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        management.roles().setPermissionsEnabled(roleModel, managementPermissionReference.isEnabled());
        return managementPermissionReference.isEnabled() ? toMgmtRef(roleModel, management) : new ManagementPermissionReference();
    }
}
