package io.gravitee.am.service.impl;

import io.gravitee.am.common.event.Action;
import io.gravitee.am.common.event.Type;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Group;
import io.gravitee.am.model.Membership;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.Role;
import io.gravitee.am.model.common.event.Event;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.model.membership.Member;
import io.gravitee.am.model.membership.MemberType;
import io.gravitee.am.model.permissions.DefaultRole;
import io.gravitee.am.model.permissions.SystemRole;
import io.gravitee.am.repository.management.api.MembershipRepository;
import io.gravitee.am.repository.management.api.search.MembershipCriteria;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.EventService;
import io.gravitee.am.service.GroupService;
import io.gravitee.am.service.MembershipService;
import io.gravitee.am.service.OrganizationUserService;
import io.gravitee.am.service.RoleService;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.InvalidRoleException;
import io.gravitee.am.service.exception.MembershipNotFoundException;
import io.gravitee.am.service.exception.RoleNotFoundException;
import io.gravitee.am.service.exception.SinglePrimaryOwnerException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.model.NewMembership;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.MembershipAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/MembershipServiceImpl.class */
public class MembershipServiceImpl implements MembershipService {
    private static final Logger LOGGER = LoggerFactory.getLogger(MembershipServiceImpl.class);

    @Autowired
    @Lazy
    private MembershipRepository membershipRepository;

    @Autowired
    private AuditService auditService;

    @Autowired
    private OrganizationUserService orgUserService;

    @Autowired
    private GroupService groupService;

    @Autowired
    private RoleService roleService;

    @Autowired
    private EventService eventService;

    @Override // io.gravitee.am.service.MembershipService
    public Maybe<Membership> findById(String str) {
        LOGGER.debug("Find membership by ID {}", str);
        return this.membershipRepository.findById(str).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find membership by id {}", str, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find membership by ID %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.MembershipService
    public Flowable<Membership> findByCriteria(ReferenceType referenceType, String str, MembershipCriteria membershipCriteria) {
        LOGGER.debug("Find memberships by reference type {} and reference id {} and criteria {}", new Object[]{referenceType, str, membershipCriteria});
        return this.membershipRepository.findByCriteria(referenceType, str, membershipCriteria);
    }

    @Override // io.gravitee.am.service.MembershipService
    public Flowable<Membership> findByReference(String str, ReferenceType referenceType) {
        LOGGER.debug("Find memberships by reference id {} and reference type {}", str, referenceType);
        return this.membershipRepository.findByReference(str, referenceType).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find memberships by reference id {} and reference type {}", new Object[]{str, referenceType, th});
            return Flowable.error(new TechnicalManagementException(String.format("An error occurs while trying to find memberships by reference id %s and reference type %s", str, referenceType), th));
        });
    }

    @Override // io.gravitee.am.service.MembershipService
    public Flowable<Membership> findByMember(String str, MemberType memberType) {
        LOGGER.debug("Find memberships by member id {} and member type {}", str, memberType);
        return this.membershipRepository.findByMember(str, memberType).onErrorResumeNext(th -> {
            LOGGER.error("An error occurs while trying to find memberships by member id {} and member type {}", new Object[]{str, memberType, th});
            return Flowable.error(new TechnicalManagementException(String.format("An error occurs while trying to find memberships by member id %s and member type %s", str, memberType), th));
        });
    }

    @Override // io.gravitee.am.service.MembershipService
    public Single<Membership> addOrUpdate(String str, Membership membership, User user) {
        LOGGER.debug("Add or update membership {}", membership);
        return checkMember(str, membership).andThen(checkRole(str, membership)).andThen(this.membershipRepository.findByReferenceAndMember(membership.getReferenceType(), membership.getReferenceId(), membership.getMemberType(), membership.getMemberId()).map((v0) -> {
            return Optional.of(v0);
        }).defaultIfEmpty(Optional.empty()).flatMap(optional -> {
            if (optional.isPresent()) {
                Membership membership2 = (Membership) optional.get();
                Membership membership3 = new Membership(membership2);
                membership3.setRoleId(membership.getRoleId());
                membership3.setUpdatedAt(new Date());
                return this.membershipRepository.update(membership3).flatMap(membership4 -> {
                    return this.eventService.create(new Event(Type.MEMBERSHIP, new Payload(membership4.getId(), membership4.getReferenceType(), membership4.getReferenceId(), Action.UPDATE))).flatMap(event -> {
                        return Single.just(membership4);
                    });
                }).onErrorResumeNext(th -> {
                    if (th instanceof AbstractManagementException) {
                        return Single.error(th);
                    }
                    LOGGER.error("An error occurs while trying to update membership {}", membership2, th);
                    return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to update membership %s", membership2), th));
                }).doOnSuccess(membership5 -> {
                    this.auditService.report(((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) AuditBuilder.builder(MembershipAuditBuilder.class)).principal(user)).type("MEMBERSHIP_UPDATED")).oldValue(membership2)).membership(membership5));
                }).doOnError(th2 -> {
                    this.auditService.report(((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) AuditBuilder.builder(MembershipAuditBuilder.class)).principal(user)).reference(new Reference(membership.getReferenceType(), membership.getReferenceId()))).type("MEMBERSHIP_UPDATED")).throwable(th2));
                });
            }
            Membership membership6 = new Membership();
            membership6.setId(RandomString.generate());
            membership6.setDomain(membership.getDomain());
            membership6.setMemberId(membership.getMemberId());
            membership6.setMemberType(membership.getMemberType());
            membership6.setReferenceId(membership.getReferenceId());
            membership6.setReferenceType(membership.getReferenceType());
            membership6.setRoleId(membership.getRoleId());
            membership6.setCreatedAt(new Date());
            membership6.setUpdatedAt(membership6.getCreatedAt());
            return createInternal(membership6, user);
        }));
    }

    @Override // io.gravitee.am.service.MembershipService
    public Single<Membership> setPlatformAdmin(String str) {
        MembershipCriteria membershipCriteria = new MembershipCriteria();
        membershipCriteria.setUserId(str);
        return this.roleService.findSystemRole(SystemRole.PLATFORM_ADMIN, ReferenceType.PLATFORM).switchIfEmpty(Single.error(new RoleNotFoundException(SystemRole.PLATFORM_ADMIN.name()))).flatMap(role -> {
            return findByCriteria(ReferenceType.PLATFORM, "PLATFORM", membershipCriteria).firstElement().switchIfEmpty(Single.defer(() -> {
                Date date = new Date();
                Membership membership = new Membership();
                membership.setRoleId(role.getId());
                membership.setMemberType(MemberType.USER);
                membership.setMemberId(str);
                membership.setReferenceType(ReferenceType.PLATFORM);
                membership.setReferenceId("PLATFORM");
                membership.setCreatedAt(date);
                membership.setUpdatedAt(date);
                return createInternal(membership, null);
            }));
        });
    }

    @Override // io.gravitee.am.service.MembershipService
    public Single<Map<String, Map<String, Object>>> getMetadata(List<Membership> list) {
        if (list == null || list.isEmpty()) {
            return Single.just(Collections.emptyMap());
        }
        return Single.zip(this.orgUserService.findByIdIn((List) list.stream().filter(membership -> {
            return MemberType.USER.equals(membership.getMemberType());
        }).map((v0) -> {
            return v0.getMemberId();
        }).distinct().collect(Collectors.toList())).toMap((v0) -> {
            return v0.getId();
        }, this::convert), this.groupService.findByIdIn((List) list.stream().filter(membership2 -> {
            return MemberType.GROUP.equals(membership2.getMemberType());
        }).map((v0) -> {
            return v0.getMemberId();
        }).distinct().collect(Collectors.toList())).toMap((v0) -> {
            return v0.getId();
        }, this::convert), this.roleService.findByIdIn((List) list.stream().map((v0) -> {
            return v0.getRoleId();
        }).distinct().collect(Collectors.toList())), (map, map2, set) -> {
            HashMap hashMap = new HashMap();
            hashMap.put("users", map);
            hashMap.put("groups", map2);
            hashMap.put("roles", (Map) set.stream().collect(Collectors.toMap((v0) -> {
                return v0.getId();
            }, this::filter)));
            return hashMap;
        });
    }

    @Override // io.gravitee.am.service.MembershipService
    public Completable delete(String str, User user) {
        LOGGER.debug("Delete membership {}", str);
        return this.membershipRepository.findById(str).switchIfEmpty(Maybe.error(new MembershipNotFoundException(str))).flatMapCompletable(membership -> {
            return this.membershipRepository.delete(str).andThen(Completable.fromSingle(this.eventService.create(new Event(Type.MEMBERSHIP, new Payload(membership.getId(), membership.getReferenceType(), membership.getReferenceId(), Action.DELETE))))).doOnComplete(() -> {
                this.auditService.report(((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) AuditBuilder.builder(MembershipAuditBuilder.class)).principal(user)).type("MEMBERSHIP_DELETED")).membership(membership));
            }).doOnError(th -> {
                this.auditService.report(((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) AuditBuilder.builder(MembershipAuditBuilder.class)).principal(user)).type("MEMBERSHIP_DELETED")).membership(membership).throwable(th));
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Completable.error(th);
            }
            LOGGER.error("An error occurs while trying to delete membership: {}", str, th);
            return Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to delete membership: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.MembershipService
    public Completable addDomainUserRoleIfNecessary(String str, String str2, String str3, NewMembership newMembership, User user) {
        return findByCriteria(ReferenceType.DOMAIN, str3, convert(newMembership)).switchIfEmpty(Flowable.defer(() -> {
            return this.roleService.findDefaultRole(str, DefaultRole.DOMAIN_USER, ReferenceType.DOMAIN).flatMapSingle(role -> {
                Membership membership = new Membership();
                membership.setMemberId(newMembership.getMemberId());
                membership.setMemberType(newMembership.getMemberType());
                membership.setRoleId(role.getId());
                membership.setDomain(str3);
                membership.setReferenceId(str3);
                membership.setReferenceType(ReferenceType.DOMAIN);
                return createInternal(membership, user);
            }).toFlowable();
        })).ignoreElements().andThen(addEnvironmentUserRoleIfNecessary(str, str2, newMembership, user));
    }

    @Override // io.gravitee.am.service.MembershipService
    public Completable addEnvironmentUserRoleIfNecessary(String str, String str2, NewMembership newMembership, User user) {
        return findByCriteria(ReferenceType.ENVIRONMENT, str2, convert(newMembership)).switchIfEmpty(Flowable.defer(() -> {
            return this.roleService.findDefaultRole(str, DefaultRole.ENVIRONMENT_USER, ReferenceType.ENVIRONMENT).flatMapSingle(role -> {
                Membership membership = new Membership();
                membership.setMemberId(newMembership.getMemberId());
                membership.setMemberType(newMembership.getMemberType());
                membership.setRoleId(role.getId());
                membership.setReferenceId(str2);
                membership.setReferenceType(ReferenceType.ENVIRONMENT);
                return createInternal(membership, user);
            }).toFlowable();
        })).ignoreElements();
    }

    private Single<Membership> createInternal(Membership membership, User user) {
        return this.membershipRepository.create(membership).flatMap(membership2 -> {
            return this.eventService.create(new Event(Type.MEMBERSHIP, new Payload(membership2.getId(), membership2.getReferenceType(), membership2.getReferenceId(), Action.CREATE))).flatMap(event -> {
                return Single.just(membership2);
            });
        }).onErrorResumeNext(th -> {
            if (th instanceof AbstractManagementException) {
                return Single.error(th);
            }
            LOGGER.error("An error occurs while trying to create membership {}", membership, th);
            return Single.error(new TechnicalManagementException(String.format("An error occurs while trying to create membership %s", membership), th));
        }).doOnSuccess(membership3 -> {
            this.auditService.report(((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) AuditBuilder.builder(MembershipAuditBuilder.class)).principal(user)).type("MEMBERSHIP_CREATED")).membership(membership3));
        }).doOnError(th2 -> {
            this.auditService.report(((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) ((MembershipAuditBuilder) AuditBuilder.builder(MembershipAuditBuilder.class)).principal(user)).type("MEMBERSHIP_CREATED")).reference(new Reference(membership.getReferenceType(), membership.getReferenceId()))).throwable(th2));
        });
    }

    private Member convert(io.gravitee.am.model.User user) {
        Member member = new Member();
        member.setId(user.getId());
        member.setDisplayName(user.getDisplayName());
        return member;
    }

    private Member convert(Group group) {
        Member member = new Member();
        member.setId(group.getId());
        member.setDisplayName(group.getName());
        return member;
    }

    private MembershipCriteria convert(NewMembership newMembership) {
        MembershipCriteria membershipCriteria = new MembershipCriteria();
        if (newMembership.getMemberType() == MemberType.USER) {
            membershipCriteria.setUserId(newMembership.getMemberId());
        } else {
            membershipCriteria.setGroupIds(Collections.singletonList(newMembership.getMemberId()));
        }
        return membershipCriteria;
    }

    private Role filter(Role role) {
        Role role2 = new Role();
        role2.setId(role.getId());
        role2.setName(role.getName());
        return role2;
    }

    private Completable checkMember(String str, Membership membership) {
        return MemberType.USER.equals(membership.getMemberType()) ? this.orgUserService.findById(ReferenceType.ORGANIZATION, str, membership.getMemberId()).ignoreElement() : this.groupService.findById(ReferenceType.ORGANIZATION, str, membership.getMemberId()).ignoreElement();
    }

    private Completable checkRole(String str, Membership membership) {
        return this.roleService.findById(membership.getRoleId()).switchIfEmpty(Maybe.error(new RoleNotFoundException(membership.getRoleId()))).flatMap(role -> {
            if (!role.isSystem() || !role.getName().endsWith("_PRIMARY_OWNER")) {
                return Maybe.just(role);
            }
            if (membership.getMemberType() == MemberType.GROUP) {
                return Maybe.error(new InvalidRoleException("This role cannot be assigned to a group"));
            }
            MembershipCriteria membershipCriteria = new MembershipCriteria();
            membershipCriteria.setRoleId(membership.getRoleId());
            return this.membershipRepository.findByCriteria(membership.getReferenceType(), membership.getReferenceId(), membershipCriteria).filter(membership2 -> {
                return !membership2.isMember(membership.getMemberType(), membership.getMemberId());
            }).count().flatMapMaybe(l -> {
                return l.longValue() >= 1 ? Maybe.error(new SinglePrimaryOwnerException(membership.getReferenceType())) : Maybe.just(role);
            });
        }).filter(role2 -> {
            return role2.getAssignableType().equals(membership.getReferenceType()) && (role2.isSystem() || ((role2.getReferenceType() == ReferenceType.ORGANIZATION && str.equals(role2.getReferenceId())) || (role2.getReferenceType() == membership.getReferenceType() && membership.getReferenceId().equals(role2.getReferenceId()))));
        }).switchIfEmpty(Single.error(new InvalidRoleException("Invalid role"))).ignoreElement();
    }
}
