package io.gravitee.am.management.handlers.management.api.resources.organizations.environments.domains;

import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.management.service.IdentityProviderManager;
import io.gravitee.am.management.service.ReporterServiceProxy;
import io.gravitee.am.management.service.permissions.PermissionAcls;
import io.gravitee.am.management.service.permissions.Permissions;
import io.gravitee.am.model.Acl;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.common.Page;
import io.gravitee.am.model.permissions.Permission;
import io.gravitee.am.service.model.NewDomain;
import io.reactivex.rxjava3.core.Single;
import io.reactivex.rxjava3.functions.Consumer;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.container.AsyncResponse;
import jakarta.ws.rs.container.Suspended;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.util.Collection;
import java.util.Objects;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;

@Tag(name = "domain")
/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/resources/organizations/environments/domains/DomainsResource.class */
public class DomainsResource extends AbstractDomainResource {
    private static final String MAX_DOMAINS_SIZE_PER_PAGE_STRING = "50";

    @Autowired
    private IdentityProviderManager identityProviderManager;

    @Autowired
    private ReporterServiceProxy reporterService;

    @Produces({"application/json"})
    @Operation(operationId = "listDomains", summary = "List security domains for an environment", description = "List all the security domains accessible to the current user. User must have DOMAIN[LIST] permission on the specified environment or organization AND either DOMAIN[READ] permission on each security domain or DOMAIN[READ] permission on the specified environment or DOMAIN[READ] permission on the specified organization.Each returned domain is filtered and contains only basic information such as id, name and description and isEnabled.")
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "List accessible security domains for current user", content = {@Content(mediaType = "application/json", array = @ArraySchema(schema = @Schema(implementation = Domain.class)))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void list(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @QueryParam("page") @DefaultValue("0") int i, @QueryParam("size") @DefaultValue("50") int i2, @QueryParam("q") String str3, @Suspended AsyncResponse asyncResponse) {
        User authenticatedUser = getAuthenticatedUser();
        Single map = checkAnyPermission(str, str2, Permission.DOMAIN, Acl.LIST).andThen(str3 != null ? this.domainService.search(str, str2, str3) : this.domainService.findAllByEnvironment(str, str2)).flatMapMaybe(domain -> {
            return hasPermission(authenticatedUser, Permissions.or(new PermissionAcls[]{Permissions.of(ReferenceType.DOMAIN, domain.getId(), Permission.DOMAIN, new Acl[]{Acl.READ}), Permissions.of(ReferenceType.ENVIRONMENT, str2, Permission.DOMAIN, new Acl[]{Acl.READ}), Permissions.of(ReferenceType.ORGANIZATION, str, Permission.DOMAIN, new Acl[]{Acl.READ})})).filter((v0) -> {
                return v0.booleanValue();
            }).map(bool -> {
                return domain;
            });
        }, false, 2).map(this::filterDomainInfos).sorted((domain2, domain3) -> {
            return String.CASE_INSENSITIVE_ORDER.compare(domain2.getName(), domain3.getName());
        }).toList().map(list -> {
            return new Page((Collection) list.stream().skip(i * i2).limit(i2).collect(Collectors.toList()), i, list.size());
        });
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        map.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "createDomain", summary = "Create a security domain.", description = "Create a security domain. User must have DOMAIN[CREATE] permission on the specified environment or DOMAIN[CREATE] permission on the specified organization")
    @POST
    @Consumes({"application/json"})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "Domain successfully created", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Domain.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void create(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @Parameter(name = "domain", required = true) @Valid @NotNull NewDomain newDomain, @Suspended AsyncResponse asyncResponse) {
        Single andThen = checkAnyPermission(str, str2, Permission.DOMAIN, Acl.CREATE).andThen(this.domainService.create(str, str2, newDomain, getAuthenticatedUser()));
        Consumer consumer = domain -> {
            asyncResponse.resume(Response.created(URI.create("/organizations/" + str + "/environments/" + str2 + "/domains/" + domain.getId())).entity(domain).build());
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "findDomainByHrid", summary = "Get a security domain by hrid", description = "User must have the DOMAIN[READ] permission on the specified domain, environment or organization. Domain will be filtered according to permissions (READ on DOMAIN_USER_ACCOUNT, DOMAIN_IDENTITY_PROVIDER, DOMAIN_FORM, DOMAIN_LOGIN_SETTINGS, DOMAIN_DCR, DOMAIN_SCIM, DOMAIN_SETTINGS)")
    @GET
    @Path("_hrid/{hrid}")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Domain", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = Domain.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void get(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("hrid") String str3, @Suspended AsyncResponse asyncResponse) {
        User authenticatedUser = getAuthenticatedUser();
        Single flatMap = this.domainService.findByHrid(str2, str3).flatMap(domain -> {
            return checkAnyPermission(authenticatedUser, str, str2, domain.getId(), Permission.DOMAIN, Acl.READ).andThen(Single.defer(() -> {
                return findAllPermissions(authenticatedUser, str, str2, domain.getId()).map(map -> {
                    return filterDomainInfos(domain, map);
                });
            }));
        });
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        flatMap.subscribe(consumer, asyncResponse::resume);
    }

    @Path("{domain}")
    public DomainResource getDomainResource() {
        return (DomainResource) this.resourceContext.getResource(DomainResource.class);
    }
}
