package org.keycloak.storage.ldap.mappers;

import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RoleUtils;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;

/* loaded from: input_file:org/keycloak/storage/ldap/mappers/HardcodedLDAPGroupStorageMapper.class */
public class HardcodedLDAPGroupStorageMapper extends AbstractLDAPStorageMapper {
    private static final Logger logger = Logger.getLogger(HardcodedLDAPGroupStorageMapper.class);
    public static final String GROUP = "group";

    public HardcodedLDAPGroupStorageMapper(ComponentModel componentModel, LDAPStorageProvider lDAPStorageProvider) {
        super(componentModel, lDAPStorageProvider);
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public void beforeLDAPQuery(LDAPQuery lDAPQuery) {
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public UserModel proxy(LDAPObject lDAPObject, UserModel userModel, final RealmModel realmModel) {
        return new UserModelDelegate(userModel) { // from class: org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapper.1
            public Stream<GroupModel> getGroupsStream() {
                Stream<GroupModel> groupsStream = super.getGroupsStream();
                GroupModel group = HardcodedLDAPGroupStorageMapper.this.getGroup(realmModel);
                return group != null ? Stream.concat(groupsStream, Stream.of(group)) : groupsStream;
            }

            public boolean isMemberOf(GroupModel groupModel) {
                GroupModel group = HardcodedLDAPGroupStorageMapper.this.getGroup(realmModel);
                return super.isMemberOf(groupModel) || (group != null && RoleUtils.isMember(Stream.of(group), groupModel));
            }

            public void leaveGroup(GroupModel groupModel) {
                if (groupModel.equals(HardcodedLDAPGroupStorageMapper.this.getGroup(realmModel))) {
                    throw new ModelException("Not possible to delete group. It's hardcoded by LDAP mapper");
                }
                super.leaveGroup(groupModel);
            }

            public boolean hasRole(RoleModel roleModel) {
                GroupModel group = HardcodedLDAPGroupStorageMapper.this.getGroup(realmModel);
                return super.hasRole(roleModel) || (group != null && group.hasRole(roleModel));
            }
        };
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public void onRegisterUserToLDAP(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel) {
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public void onImportUserFromLDAP(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel, boolean z) {
    }

    private GroupModel getGroup(RealmModel realmModel) {
        GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmModel, (String) this.mapperModel.getConfig().getFirst(GROUP));
        if (findGroupByPath == null) {
            logger.warnf("Hardcoded group '%s' configured in mapper '%s' is not available anymore", new Object[0]);
        }
        return findGroupByPath;
    }
}
