package io.gravitee.management.rest.resource;

import io.gravitee.management.model.GroupEntity;
import io.gravitee.management.model.GroupMemberEntity;
import io.gravitee.management.model.MemberEntity;
import io.gravitee.management.model.MemberRoleEntity;
import io.gravitee.management.model.RoleEntity;
import io.gravitee.management.model.permissions.RolePermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.rest.model.GroupMembership;
import io.gravitee.management.rest.security.Permission;
import io.gravitee.management.rest.security.Permissions;
import io.gravitee.management.service.GroupService;
import io.gravitee.management.service.MembershipService;
import io.gravitee.management.service.exceptions.GroupInvitationForbiddenException;
import io.gravitee.management.service.exceptions.GroupMembersLimitationExceededException;
import io.gravitee.repository.management.model.MembershipReferenceType;
import io.gravitee.repository.management.model.RoleScope;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

/* loaded from: input_file:io/gravitee/management/rest/resource/GroupMembersResource.class */
public class GroupMembersResource extends AbstractResource {

    @Context
    private ResourceContext resourceContext;

    @Inject
    private GroupService groupService;

    @Inject
    private MembershipService membershipService;

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "List of Group's members", response = MemberEntity.class, responseContainer = "List"), @ApiResponse(code = 500, message = "Internal server error")})
    @Permissions({@Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.READ}), @Permission(value = RolePermission.GROUP_MEMBER, acls = {RolePermissionAction.READ})})
    @ApiOperation("List Group members")
    @Produces({"application/json"})
    public List<GroupMemberEntity> getMembers(@PathParam("group") String str) {
        this.groupService.findById(str);
        Map map = (Map) this.membershipService.getMembers(MembershipReferenceType.GROUP, str, RoleScope.APPLICATION).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.groupingBy((v0) -> {
            return v0.getId();
        }));
        Map map2 = (Map) this.membershipService.getMembers(MembershipReferenceType.GROUP, str, RoleScope.API).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.groupingBy((v0) -> {
            return v0.getId();
        }));
        Map map3 = (Map) this.membershipService.getMembers(MembershipReferenceType.GROUP, str, RoleScope.GROUP).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.groupingBy((v0) -> {
            return v0.getId();
        }));
        HashSet hashSet = new HashSet();
        hashSet.addAll(map2.keySet());
        hashSet.addAll(map.keySet());
        return (List) hashSet.stream().map(str2 -> {
            MemberEntity memberEntity = Objects.isNull(map2.get(str2)) ? null : (MemberEntity) ((List) map2.get(str2)).get(0);
            MemberEntity memberEntity2 = Objects.isNull(map.get(str2)) ? null : (MemberEntity) ((List) map.get(str2)).get(0);
            MemberEntity memberEntity3 = Objects.isNull(map3.get(str2)) ? null : (MemberEntity) ((List) map3.get(str2)).get(0);
            GroupMemberEntity groupMemberEntity = new GroupMemberEntity(Objects.nonNull(memberEntity) ? memberEntity : memberEntity2);
            groupMemberEntity.setRoles(new HashMap());
            if (Objects.nonNull(memberEntity)) {
                groupMemberEntity.getRoles().put(RoleScope.API.name(), memberEntity.getRole());
            }
            if (Objects.nonNull(memberEntity2)) {
                groupMemberEntity.getRoles().put(RoleScope.APPLICATION.name(), memberEntity2.getRole());
            }
            if (Objects.nonNull(memberEntity3)) {
                groupMemberEntity.getRoles().put(RoleScope.GROUP.name(), memberEntity3.getRole());
            }
            return groupMemberEntity;
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getId();
        })).collect(Collectors.toList());
    }

    @ApiResponses({@ApiResponse(code = 201, message = "Member has been added"), @ApiResponse(code = 200, message = "Member has been updated"), @ApiResponse(code = 400, message = "Membership is not valid"), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.CREATE}), @Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.UPDATE}), @Permission(value = RolePermission.GROUP_MEMBER, acls = {RolePermissionAction.CREATE}), @Permission(value = RolePermission.GROUP_MEMBER, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation("Add or update a group member")
    @POST
    @Produces({"application/json"})
    public Response addOrUpdateMember(@PathParam("group") String str, @NotNull @Valid List<GroupMembership> list) {
        List findDefaultRoleByScopes;
        List findDefaultRoleByScopes2;
        GroupEntity findById = this.groupService.findById(str);
        boolean hasPermission = this.permissionService.hasPermission(RolePermission.MANAGEMENT_GROUP, (String) null, new RolePermissionAction[]{RolePermissionAction.CREATE, RolePermissionAction.UPDATE, RolePermissionAction.DELETE});
        if (!hasPermission) {
            if (findById.getMaxInvitation() != null) {
                Set members = this.membershipService.getMembers(MembershipReferenceType.GROUP, str, RoleScope.API);
                if (this.membershipService.getNumberOfMembers(MembershipReferenceType.GROUP, str, RoleScope.API) + list.stream().map((v0) -> {
                    return v0.getId();
                }).filter(str2 -> {
                    return !((List) members.stream().map((v0) -> {
                        return v0.getId();
                    }).collect(Collectors.toList())).contains(str2);
                }).count() > findById.getMaxInvitation().intValue()) {
                    throw new GroupMembersLimitationExceededException(findById.getMaxInvitation().intValue());
                }
            }
            if (!findById.isSystemInvitation()) {
                throw new GroupInvitationForbiddenException(GroupInvitationForbiddenException.Type.SYSTEM, str);
            }
        }
        for (GroupMembership groupMembership : list) {
            RoleEntity roleEntity = null;
            RoleEntity roleEntity2 = null;
            RoleEntity roleEntity3 = null;
            if (groupMembership.getId() != null) {
                roleEntity = this.membershipService.getRole(MembershipReferenceType.GROUP, str, groupMembership.getId(), RoleScope.API);
                roleEntity2 = this.membershipService.getRole(MembershipReferenceType.GROUP, str, groupMembership.getId(), RoleScope.APPLICATION);
                roleEntity3 = this.membershipService.getRole(MembershipReferenceType.GROUP, str, groupMembership.getId(), RoleScope.GROUP);
            }
            if (groupMembership.getRoles() != null && !groupMembership.getRoles().isEmpty()) {
                MemberRoleEntity orElse = groupMembership.getRoles().stream().filter(memberRoleEntity -> {
                    return memberRoleEntity.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.API) && !memberRoleEntity.getRoleName().isEmpty();
                }).findFirst().orElse(null);
                MemberRoleEntity orElse2 = groupMembership.getRoles().stream().filter(memberRoleEntity2 -> {
                    return memberRoleEntity2.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.APPLICATION) && !memberRoleEntity2.getRoleName().isEmpty();
                }).findFirst().orElse(null);
                MemberRoleEntity orElse3 = groupMembership.getRoles().stream().filter(memberRoleEntity3 -> {
                    return memberRoleEntity3.getRoleScope().equals(io.gravitee.management.model.permissions.RoleScope.GROUP) && !memberRoleEntity3.getRoleName().isEmpty();
                }).findFirst().orElse(null);
                MemberEntity memberEntity = null;
                if (orElse != null) {
                    String roleName = orElse.getRoleName();
                    if (!hasPermission && findById.isLockApiRole() && (findDefaultRoleByScopes2 = this.roleService.findDefaultRoleByScopes(new RoleScope[]{RoleScope.API})) != null && !findDefaultRoleByScopes2.isEmpty()) {
                        roleName = ((RoleEntity) findDefaultRoleByScopes2.get(0)).getName();
                    }
                    memberEntity = this.membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, str), new MembershipService.MembershipUser(groupMembership.getId(), groupMembership.getReference()), new MembershipService.MembershipRole(RoleScope.API, roleName));
                }
                if (orElse2 != null) {
                    String roleName2 = orElse2.getRoleName();
                    if (!hasPermission && findById.isLockApplicationRole() && (findDefaultRoleByScopes = this.roleService.findDefaultRoleByScopes(new RoleScope[]{RoleScope.APPLICATION})) != null && !findDefaultRoleByScopes.isEmpty()) {
                        roleName2 = ((RoleEntity) findDefaultRoleByScopes.get(0)).getName();
                    }
                    memberEntity = this.membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, str), new MembershipService.MembershipUser(groupMembership.getId(), groupMembership.getReference()), new MembershipService.MembershipRole(RoleScope.APPLICATION, roleName2));
                }
                if (orElse3 != null) {
                    memberEntity = this.membershipService.addOrUpdateMember(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, str), new MembershipService.MembershipUser(groupMembership.getId(), groupMembership.getReference()), new MembershipService.MembershipRole(RoleScope.GROUP, orElse3.getRoleName()));
                }
                if (orElse == null && roleEntity != null) {
                    this.membershipService.removeRole(MembershipReferenceType.GROUP, str, memberEntity.getId(), RoleScope.API);
                }
                if (orElse2 == null && roleEntity2 != null) {
                    this.membershipService.removeRole(MembershipReferenceType.GROUP, str, memberEntity.getId(), RoleScope.APPLICATION);
                }
                if (orElse3 == null && roleEntity3 != null) {
                    this.membershipService.removeRole(MembershipReferenceType.GROUP, str, memberEntity.getId(), RoleScope.GROUP);
                }
            }
        }
        return Response.ok().build();
    }

    @Path("{member}")
    public GroupMemberResource groupMemberResource() {
        return (GroupMemberResource) this.resourceContext.getResource(GroupMemberResource.class);
    }
}
