package org.keycloak.services.resources.admin;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.List;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.extensions.Extension;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.KeycloakOpenAPI;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.utils.MediaType;

@Extension(name = KeycloakOpenAPI.Profiles.ADMIN, value = "")
/* loaded from: input_file:org/keycloak/services/resources/admin/RoleByIdResource.class */
public class RoleByIdResource extends RoleResource {
    protected static final Logger logger = Logger.getLogger(RoleByIdResource.class);
    private final RealmModel realm;
    private final AdminPermissionEvaluator auth;
    private final AdminEventBuilder adminEvent;
    private final KeycloakSession session;

    public RoleByIdResource(KeycloakSession keycloakSession, AdminPermissionEvaluator adminPermissionEvaluator, AdminEventBuilder adminEventBuilder) {
        super(keycloakSession.getContext().getRealm());
        this.session = keycloakSession;
        this.realm = keycloakSession.getContext().getRealm();
        this.auth = adminPermissionEvaluator;
        this.adminEvent = adminEventBuilder;
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Get a specific role's representation")
    @Path("{role-id}")
    @GET
    public RoleRepresentation getRole(@Parameter(description = "id of role") @PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        return getRole(roleModel);
    }

    protected RoleModel getRoleModel(String str) {
        RoleModel roleById = this.realm.getRoleById(str);
        if (roleById == null) {
            throw new NotFoundException("Could not find role with id");
        }
        return roleById;
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Delete the role")
    @Path("{role-id}")
    @DELETE
    public void deleteRole(@Parameter(description = "id of role") @PathParam("role-id") String str) {
        if (this.realm.getDefaultRole() == null) {
            logger.warnf("Default role for realm with id '%s' doesn't exist.", this.realm.getId());
        } else if (this.realm.getDefaultRole().getId().equals(str)) {
            throw ErrorResponse.error(this.realm.getDefaultRole().getName() + " is default role of the realm and cannot be removed.", Response.Status.BAD_REQUEST);
        }
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        deleteRole(roleModel);
        if (roleModel.isClientRole()) {
            this.adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            this.adminEvent.resource(ResourceType.REALM_ROLE);
        }
        this.adminEvent.operation(OperationType.DELETE).resourcePath((UriInfo) this.session.getContext().getUri()).success();
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Update the role")
    @PUT
    @Path("{role-id}")
    @Consumes({MediaType.APPLICATION_JSON})
    public void updateRole(@Parameter(description = "id of role") @PathParam("role-id") String str, RoleRepresentation roleRepresentation) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        updateRole(roleRepresentation, roleModel, this.realm, this.session);
        if (roleModel.isClientRole()) {
            this.adminEvent.resource(ResourceType.CLIENT_ROLE);
        } else {
            this.adminEvent.resource(ResourceType.REALM_ROLE);
        }
        this.adminEvent.operation(OperationType.UPDATE).resourcePath((UriInfo) this.session.getContext().getUri()).representation(roleRepresentation).success();
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Make the role a composite role by associating some child roles")
    @APIResponse(responseCode = "204", description = "No Content")
    @POST
    @Path("{role-id}/composites")
    @Consumes({MediaType.APPLICATION_JSON})
    public void addComposites(@PathParam("role-id") String str, List<RoleRepresentation> list) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        addComposites(this.auth, this.adminEvent, this.session.getContext().getUri(), list, roleModel);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Get role's children Returns a set of role's children provided the role is a composite.")
    @Path("{role-id}/composites")
    @GET
    public Stream<RoleRepresentation> getRoleComposites(@PathParam("role-id") String str, @QueryParam("search") String str2, @QueryParam("first") Integer num, @QueryParam("max") Integer num2) {
        if (logger.isDebugEnabled()) {
            logger.debug("*** getRoleComposites: '" + str + "'");
        }
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        return (str2 == null && num == null && num2 == null) ? roleModel.getCompositesStream().map(ModelToRepresentation::toBriefRepresentation) : roleModel.getCompositesStream(str2, num, num2).map(ModelToRepresentation::toBriefRepresentation);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Get realm-level roles that are in the role's composite")
    @Path("{role-id}/composites/realm")
    @GET
    public Stream<RoleRepresentation> getRealmRoleComposites(@PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        return getRealmRoleComposites(roleModel);
    }

    @NoCache
    @Produces({MediaType.APPLICATION_JSON})
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Get client-level roles for the client that are in the role's composite")
    @Path("{role-id}/composites/clients/{clientUuid}")
    @GET
    public Stream<RoleRepresentation> getClientRoleComposites(@PathParam("role-id") String str, @PathParam("clientUuid") String str2) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        ClientModel clientById = this.realm.getClientById(str2);
        if (clientById == null) {
            throw new NotFoundException("Could not find client");
        }
        return getClientRoleComposites(clientById, roleModel);
    }

    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Remove a set of roles from the role's composite")
    @Path("{role-id}/composites")
    @DELETE
    @Consumes({MediaType.APPLICATION_JSON})
    public void deleteComposites(@Parameter(description = "Role id") @PathParam("role-id") String str, @Parameter(description = "A set of roles to be removed") List<RoleRepresentation> list) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        deleteComposites(this.adminEvent, this.session.getContext().getUri(), list, roleModel);
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Operation(summary = "Return object stating whether role Authorization permissions have been initialized or not and a reference")
    @Path("{role-id}/management/permissions")
    @GET
    public ManagementPermissionReference getManagementPermissions(@PathParam("role-id") String str) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireView(roleModel);
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        return !management.roles().isPermissionsEnabled(roleModel) ? new ManagementPermissionReference() : toMgmtRef(roleModel, management);
    }

    public static ManagementPermissionReference toMgmtRef(RoleModel roleModel, AdminPermissionManagement adminPermissionManagement) {
        ManagementPermissionReference managementPermissionReference = new ManagementPermissionReference();
        managementPermissionReference.setEnabled(true);
        managementPermissionReference.setResource(adminPermissionManagement.roles().resource(roleModel).getId());
        managementPermissionReference.setScopePermissions(adminPermissionManagement.roles().getPermissions(roleModel));
        return managementPermissionReference;
    }

    @NoCache
    @Tag(name = KeycloakOpenAPI.Admin.Tags.ROLES_BY_ID)
    @Path("{role-id}/management/permissions")
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    @Operation(summary = "Return object stating whether role Authorization permissions have been initialized or not and a reference")
    @PUT
    public ManagementPermissionReference setManagementPermissionsEnabled(@PathParam("role-id") String str, ManagementPermissionReference managementPermissionReference) {
        RoleModel roleModel = getRoleModel(str);
        this.auth.roles().requireManage(roleModel);
        AdminPermissionManagement management = AdminPermissions.management(this.session, this.realm);
        management.roles().setPermissionsEnabled(roleModel, managementPermissionReference.isEnabled());
        return managementPermissionReference.isEnabled() ? toMgmtRef(roleModel, management) : new ManagementPermissionReference();
    }
}
