package io.camunda.zeebe.gateway.rest.validator;

import io.camunda.zeebe.gateway.protocol.rest.AuthorizationPatchRequest;
import io.camunda.zeebe.gateway.protocol.rest.PermissionDTO;
import io.camunda.zeebe.gateway.protocol.rest.PermissionTypeEnum;
import io.camunda.zeebe.gateway.protocol.rest.ResourceTypeEnum;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.springframework.http.ProblemDetail;

/* loaded from: input_file:io/camunda/zeebe/gateway/rest/validator/AuthorizationRequestValidator.class */
public final class AuthorizationRequestValidator {
    public static final String PERMISSION_TYPE_NOT_ALLOWED = "Permission type '%s' is allowed for resource type '%s'";
    private static final Map<PermissionTypeEnum, ResourceTypeEnum> RESOURCE_SPECIFIC_PERMISSION_TYPES = Map.of(PermissionTypeEnum.DELETE_PROCESS, ResourceTypeEnum.DEPLOYMENT, PermissionTypeEnum.DELETE_DRD, ResourceTypeEnum.DEPLOYMENT, PermissionTypeEnum.DELETE_FORM, ResourceTypeEnum.DEPLOYMENT);

    public static Optional<ProblemDetail> validateAuthorizationAssignRequest(AuthorizationPatchRequest authorizationPatchRequest) {
        return RequestValidator.validate(list -> {
            if (authorizationPatchRequest.getAction() == null) {
                list.add(ErrorMessages.ERROR_MESSAGE_EMPTY_ATTRIBUTE.formatted("action"));
            }
            if (authorizationPatchRequest.getResourceType() == null) {
                list.add(ErrorMessages.ERROR_MESSAGE_EMPTY_ATTRIBUTE.formatted("resourceType"));
            }
            if (authorizationPatchRequest.getPermissions() == null || authorizationPatchRequest.getPermissions().isEmpty()) {
                list.add(ErrorMessages.ERROR_MESSAGE_EMPTY_ATTRIBUTE.formatted("permissions"));
            } else {
                authorizationPatchRequest.getPermissions().forEach(permissionDTO -> {
                    validatePermission(permissionDTO, list, authorizationPatchRequest.getResourceType());
                });
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validatePermission(PermissionDTO permissionDTO, List<String> list, ResourceTypeEnum resourceTypeEnum) {
        if (permissionDTO.getPermissionType() == null) {
            list.add(ErrorMessages.ERROR_MESSAGE_EMPTY_ATTRIBUTE.formatted("permissionType"));
            return;
        }
        if (permissionDTO.getResourceIds() == null || permissionDTO.getResourceIds().isEmpty()) {
            list.add(ErrorMessages.ERROR_MESSAGE_EMPTY_NESTED_ATTRIBUTE.formatted("resourceIds", permissionDTO.getPermissionType()));
        } else if (isPermissionTypeAllowed(permissionDTO, resourceTypeEnum)) {
            list.add(PERMISSION_TYPE_NOT_ALLOWED.formatted(permissionDTO.getPermissionType().name(), resourceTypeEnum.name()));
        }
    }

    private static boolean isPermissionTypeAllowed(PermissionDTO permissionDTO, ResourceTypeEnum resourceTypeEnum) {
        return RESOURCE_SPECIFIC_PERMISSION_TYPES.getOrDefault(permissionDTO.getPermissionType(), resourceTypeEnum) != resourceTypeEnum;
    }
}
