package org.keycloak.admin.ui.rest;

import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.keycloak.admin.ui.rest.model.ClientRole;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;

/* loaded from: input_file:org/keycloak/admin/ui/rest/EffectiveRoleMappingResource.class */
public class EffectiveRoleMappingResource extends RoleMappingResource {

    @Context
    private KeycloakSession session;
    private RealmModel realm;
    private AdminPermissionEvaluator auth;

    public EffectiveRoleMappingResource(RealmModel realmModel, AdminPermissionEvaluator adminPermissionEvaluator) {
        super(realmModel, adminPermissionEvaluator);
        this.realm = realmModel;
        this.auth = adminPermissionEvaluator;
    }

    @GET
    @Path("/clientScopes/{id}")
    @Consumes({"application/json"})
    @Operation(summary = "List all effective roles for this client scope", description = "This endpoint returns all the client role mapping for a specific client scope")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = ClientRole.class, type = SchemaType.ARRAY))})
    @Produces({"application/json"})
    public final List<ClientRole> listCompositeClientScopeRoleMappings(@PathParam("id") String str) {
        ClientScopeModel clientScopeById = this.realm.getClientScopeById(str);
        if (clientScopeById == null) {
            throw new NotFoundException("Could not find client scope");
        }
        this.auth.clients().requireView(clientScopeById);
        Objects.requireNonNull(clientScopeById);
        return (List) mapping(clientScopeById::hasScope).collect(Collectors.toList());
    }

    @GET
    @Path("/clients/{id}")
    @Consumes({"application/json"})
    @Operation(summary = "List all effective roles for this client", description = "This endpoint returns all the client role mapping for a specific client")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = ClientRole.class, type = SchemaType.ARRAY))})
    @Produces({"application/json"})
    public final List<ClientRole> listCompositeClientsRoleMappings(@PathParam("id") String str) {
        ClientModel clientById = this.realm.getClientById(str);
        if (clientById == null) {
            throw new NotFoundException("Could not find client");
        }
        this.auth.clients().requireView(clientById);
        Objects.requireNonNull(clientById);
        return (List) mapping(clientById::hasScope).collect(Collectors.toList());
    }

    @GET
    @Path("/groups/{id}")
    @Consumes({"application/json"})
    @Operation(summary = "List all effective roles for this group", description = "This endpoint returns all the client role mapping for a specific group")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = ClientRole.class, type = SchemaType.ARRAY))})
    @Produces({"application/json"})
    public final List<ClientRole> listCompositeGroupsRoleMappings(@PathParam("id") String str) {
        GroupModel groupById = this.realm.getGroupById(str);
        if (groupById == null) {
            throw new NotFoundException("Could not find group");
        }
        Objects.requireNonNull(groupById);
        return (List) mapping(groupById::hasDirectRole).collect(Collectors.toList());
    }

    @GET
    @Path("/users/{id}")
    @Consumes({"application/json"})
    @Operation(summary = "List all effective roles for this users", description = "This endpoint returns all the client role mapping for a specific users")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = ClientRole.class, type = SchemaType.ARRAY))})
    @Produces({"application/json"})
    public final List<ClientRole> listCompositeUsersRoleMappings(@PathParam("id") String str) {
        UserModel userById = this.session.users().getUserById(this.realm, str);
        if (userById != null) {
            Objects.requireNonNull(userById);
            return (List) mapping(userById::hasDirectRole).collect(Collectors.toList());
        }
        if (this.auth.users().canQuery()) {
            throw new NotFoundException("User not found");
        }
        throw new ForbiddenException();
    }

    @GET
    @Path("/roles/{id}")
    @Consumes({"application/json"})
    @Operation(summary = "List all effective roles for this realm role", description = "This endpoint returns all the client role mapping for a specific realm role")
    @APIResponse(responseCode = "200", description = "", content = {@Content(schema = @Schema(implementation = ClientRole.class, type = SchemaType.ARRAY))})
    @Produces({"application/json"})
    public final List<ClientRole> listCompositeRealmRoleMappings() {
        return (List) mapping(roleModel -> {
            return true;
        }).collect(Collectors.toList());
    }
}
