package org.keycloak.organization.admin.resource;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.representations.idm.MemberRepresentation;
import org.keycloak.representations.idm.MembershipType;
import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.AdminEventBuilder;
import org.keycloak.utils.MediaType;
import org.keycloak.utils.StringUtil;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/organization/admin/resource/OrganizationMemberResource.class */
public class OrganizationMemberResource {
    private final KeycloakSession session;
    private final RealmModel realm;
    private final OrganizationProvider provider;
    private final OrganizationModel organization;
    private final AdminEventBuilder adminEvent;

    public OrganizationMemberResource(KeycloakSession keycloakSession, OrganizationModel organizationModel, AdminEventBuilder adminEventBuilder) {
        this.session = keycloakSession;
        this.realm = keycloakSession.getContext().getRealm();
        this.provider = keycloakSession.getProvider(OrganizationProvider.class);
        this.organization = organizationModel;
        this.adminEvent = adminEventBuilder.resource(ResourceType.ORGANIZATION_MEMBERSHIP);
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Adds the user with the specified id as a member of the organization", description = "Adds, or associates, an existing user with the organization. If no user is found, or if it is already associated with the organization, an error response is returned")
    @POST
    @Consumes({MediaType.APPLICATION_JSON})
    public Response addMember(String str) {
        UserModel userById = this.session.users().getUserById(this.realm, str.replaceAll("^\"|\"$", ""));
        if (userById == null) {
            throw ErrorResponse.error("User does not exist", Response.Status.BAD_REQUEST);
        }
        try {
            if (!this.provider.addMember(this.organization, userById)) {
                throw ErrorResponse.error("User is already a member of the organization.", Response.Status.CONFLICT);
            }
            this.adminEvent.operation(OperationType.CREATE).resource(ResourceType.ORGANIZATION_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(this.organization)).resourcePath((UriInfo) this.session.getContext().getUri()).detail("username", userById.getUsername()).detail("email", userById.getEmail()).success();
            return Response.created(this.session.getContext().getUri().getAbsolutePathBuilder().path(userById.getId()).build(new Object[0])).build();
        } catch (ModelException e) {
            throw ErrorResponse.error(e.getMessage(), Response.Status.BAD_REQUEST);
        }
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Invites an existing user or sends a registration link to a new user, based on the provided e-mail address.", description = "If the user with the given e-mail address exists, it sends an invitation link, otherwise it sends a registration link.")
    @POST
    @Path("invite-user")
    @Consumes({MediaType.APPLICATION_FORM_URLENCODED})
    public Response inviteUser(@FormParam("email") String str, @FormParam("firstName") String str2, @FormParam("lastName") String str3) {
        return new OrganizationInvitationResource(this.session, this.organization, this.adminEvent).inviteUser(str, str2, str3);
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Invites an existing user to the organization, using the specified user id")
    @POST
    @Path("invite-existing-user")
    @Consumes({MediaType.APPLICATION_FORM_URLENCODED})
    public Response inviteExistingUser(@FormParam("id") String str) {
        return new OrganizationInvitationResource(this.session, this.organization, this.adminEvent).inviteExistingUser(str);
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Returns a paginated list of organization members filtered according to the specified parameters")
    @GET
    public Stream<MemberRepresentation> search(@Parameter(description = "A String representing either a member's username, e-mail, first name, or last name.") @QueryParam("search") String str, @Parameter(description = "Boolean which defines whether the param 'search' must match exactly or not") @QueryParam("exact") Boolean bool, @Parameter(description = "The position of the first result to be processed (pagination offset)") @QueryParam("first") @DefaultValue("0") Integer num, @Parameter(description = "The maximum number of results to be returned. Defaults to 10") @QueryParam("max") @DefaultValue("10") Integer num2, @Parameter(description = "The membership type") @QueryParam("membershipType") String str2) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put("keycloak.session.realm.users.query.search", str);
        }
        if (str2 != null) {
            hashMap.put("membershipType", MembershipType.valueOf(str2.toUpperCase()).name());
        }
        return this.provider.getMembersStream(this.organization, hashMap, bool, num, num2).map(this::toRepresentation);
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Returns the member of the organization with the specified id", description = "Searches for auser with the given id. If one is found, and is currently a member of the organization, returns it. Otherwise,an error response with status NOT_FOUND is returned")
    @Path("{member-id}")
    @GET
    public MemberRepresentation get(@PathParam("member-id") String str) {
        if (StringUtil.isBlank(str)) {
            throw ErrorResponse.error("id cannot be null", Response.Status.BAD_REQUEST);
        }
        return toRepresentation(getMember(str));
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Removes the user with the specified id from the organization", description = "Breaks the association between the user and organization. The user itself is deleted in case the membership is managed, otherwise the user is not deleted. If no user is found, or if they are not a member of the organization, an error response is returned")
    @Path("{member-id}")
    @DELETE
    public Response delete(@PathParam("member-id") String str) {
        if (StringUtil.isBlank(str)) {
            throw ErrorResponse.error("id cannot be null", Response.Status.BAD_REQUEST);
        }
        UserModel member = getMember(str);
        if (!this.provider.removeMember(this.organization, member)) {
            throw ErrorResponse.error("Not a member of the organization", Response.Status.BAD_REQUEST);
        }
        this.adminEvent.operation(OperationType.DELETE).resource(ResourceType.ORGANIZATION_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(this.organization)).resourcePath((UriInfo) this.session.getContext().getUri()).detail("username", member.getUsername()).detail("email", member.getEmail()).success();
        return Response.noContent().build();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Returns the organizations associated with the user that has the specified id")
    @Path("{member-id}/organizations")
    @GET
    public Stream<OrganizationRepresentation> getOrganizations(@PathParam("member-id") String str) {
        if (StringUtil.isBlank(str)) {
            throw ErrorResponse.error("id cannot be null", Response.Status.BAD_REQUEST);
        }
        return this.provider.getByMember(getUser(str)).map(ModelToRepresentation::toRepresentation);
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ORGANIZATIONS)
    @Operation(summary = "Returns number of members in the organization.")
    @Path("count")
    @GET
    public Long count() {
        return Long.valueOf(this.provider.getMembersCount(this.organization));
    }

    private UserModel getMember(String str) {
        UserModel memberById = this.provider.getMemberById(this.organization, str);
        if (memberById == null) {
            throw new NotFoundException();
        }
        return memberById;
    }

    private UserModel getUser(String str) {
        UserModel userById = this.session.users().getUserById(this.realm, str);
        if (userById == null) {
            throw new NotFoundException();
        }
        return userById;
    }

    private MemberRepresentation toRepresentation(UserModel userModel) {
        MemberRepresentation memberRepresentation = new MemberRepresentation(ModelToRepresentation.toRepresentation(this.session, this.realm, userModel));
        memberRepresentation.setMembershipType(this.provider.isManagedMember(this.organization, userModel) ? MembershipType.MANAGED : MembershipType.UNMANAGED);
        return memberRepresentation;
    }
}
