package io.gravitee.management.rest.resource;

import io.gravitee.management.model.GroupEntity;
import io.gravitee.management.model.UpdateGroupEntity;
import io.gravitee.management.model.permissions.RolePermission;
import io.gravitee.management.model.permissions.RolePermissionAction;
import io.gravitee.management.model.permissions.RoleScope;
import io.gravitee.management.rest.security.Permission;
import io.gravitee.management.rest.security.Permissions;
import io.gravitee.management.service.ApiService;
import io.gravitee.management.service.ApplicationService;
import io.gravitee.management.service.GroupService;
import io.gravitee.management.service.exceptions.ForbiddenAccessException;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ResourceContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

@Api(tags = {"Group"})
/* loaded from: input_file:io/gravitee/management/rest/resource/GroupResource.class */
public class GroupResource extends AbstractResource {

    @Context
    private ResourceContext resourceContext;

    @Inject
    private GroupService groupService;

    @Inject
    private ApiService apiService;

    @Inject
    ApplicationService applicationService;

    @GET
    @ApiResponses({@ApiResponse(code = 200, message = "Group definition", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Permissions({@Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.READ})})
    @ApiOperation("Get a group")
    @Produces({"application/json"})
    public GroupEntity get(@PathParam("group") String str) {
        return this.groupService.findById(str);
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Group successfully deleted"), @ApiResponse(code = 500, message = "Internal server error")})
    @Permissions({@Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.DELETE})})
    @DELETE
    @ApiOperation("Delete the Group")
    public Response delete(@PathParam("group") String str) {
        checkRights(str);
        this.groupService.delete(str);
        return Response.noContent().build();
    }

    @ApiResponses({@ApiResponse(code = 200, message = "Group successfully updated", response = GroupEntity.class), @ApiResponse(code = 500, message = "Internal server error")})
    @Consumes({"application/json"})
    @Permissions({@Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.UPDATE}), @Permission(value = RolePermission.GROUP_MEMBER, acls = {RolePermissionAction.UPDATE})})
    @ApiOperation("Update a group")
    @Produces({"application/json"})
    @PUT
    public GroupEntity update(@PathParam("group") String str, @NotNull @Valid @ApiParam(name = "group", required = true) UpdateGroupEntity updateGroupEntity) {
        GroupEntity checkRights = checkRights(str);
        if (!this.permissionService.hasPermission(RolePermission.MANAGEMENT_GROUP, (String) null, new RolePermissionAction[]{RolePermissionAction.CREATE, RolePermissionAction.UPDATE, RolePermissionAction.DELETE})) {
            updateGroupEntity.setMaxInvitation(checkRights.getMaxInvitation());
            updateGroupEntity.setLockApiRole(checkRights.isLockApiRole());
            updateGroupEntity.setLockApplicationRole(checkRights.isLockApplicationRole());
            updateGroupEntity.setSystemInvitation(checkRights.isSystemInvitation());
            updateGroupEntity.setEmailInvitation(checkRights.isEmailInvitation());
            if (checkRights.isLockApiRole()) {
                updateGroupEntity.getRoles().put(RoleScope.API, checkRights.getRoles().get(RoleScope.API));
            }
            if (checkRights.isLockApplicationRole()) {
                updateGroupEntity.getRoles().put(RoleScope.APPLICATION, checkRights.getRoles().get(RoleScope.APPLICATION));
            }
        }
        return this.groupService.update(str, updateGroupEntity);
    }

    @GET
    @Path("/memberships")
    @Permissions({@Permission(value = RolePermission.MANAGEMENT_GROUP, acls = {RolePermissionAction.READ})})
    @ApiOperation("get apis or applications linked to this group")
    @Produces({"application/json"})
    public Response getMemberships(@PathParam("group") String str, @QueryParam("type") String str2) {
        return "api".equalsIgnoreCase(str2) ? Response.ok(this.groupService.getApis(str)).build() : "application".equalsIgnoreCase(str2) ? Response.ok(this.groupService.getApplications(str)).build() : Response.noContent().build();
    }

    private GroupEntity checkRights(String str) {
        GroupEntity groupEntity = get(str);
        if (groupEntity.isManageable()) {
            return groupEntity;
        }
        throw new ForbiddenAccessException();
    }

    @Path("members")
    public GroupMembersResource groupMembersResource() {
        return (GroupMembersResource) this.resourceContext.getResource(GroupMembersResource.class);
    }

    @Path("invitations")
    public GroupInvitationsResource groupInvitationsResource() {
        return (GroupInvitationsResource) this.resourceContext.getResource(GroupInvitationsResource.class);
    }
}
