ffsaf-site/src/main/java/fr/titionfire/ffsaf/rest/CompteEndpoints.java

package fr.titionfire.ffsaf.rest;

import fr.titionfire.ffsaf.domain.service.KeycloakService;
import fr.titionfire.ffsaf.rest.from.MemberPermForm;
import fr.titionfire.ffsaf.utils.GroupeUtils;
import fr.titionfire.ffsaf.utils.Pair;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Uni;
import io.vertx.mutiny.core.Vertx;
import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.ws.rs.*;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.keycloak.representations.idm.GroupRepresentation;

import java.util.ArrayList;
import java.util.List;

@Path("api/compte")
public class CompteEndpoints {

    @Inject
    KeycloakService service;

    @Inject
    JsonWebToken accessToken;

    @Inject
    SecurityIdentity securityIdentity;

    @Inject
    Vertx vertx;

    @GET
    @Path("{id}")
    @RolesAllowed({"federation_admin", "club_president", "club_secretaire", "club_respo_intra"})
    public Uni<KeycloakService.UserCompteState> getCompte(@PathParam("id") String id) {
        return service.fetchCompte(id).call(pair -> vertx.getOrCreateContext().executeBlocking(() -> {
            if (!securityIdentity.getRoles().contains("federation_admin") && pair.getKey().groups().stream().map(GroupRepresentation::getPath)
                    .noneMatch(s -> s.startsWith("/club/") && GroupeUtils.contains(s, accessToken)))
                throw new ForbiddenException();
            return pair;
        })).map(Pair::getValue);
    }

    @PUT
    @Path("{id}/init")
    @RolesAllowed("federation_admin")
    public Uni<?> initCompte(@PathParam("id") long id) {
        return service.initCompte(id);
    }

    @PUT
    @Path("{id}/setUUID/{nid}")
    @RolesAllowed("federation_admin")
    public Uni<?> initCompte(@PathParam("id") long id, @PathParam("nid") String nid) {
        return service.setId(id, nid);
    }

    @GET
    @Path("{id}/roles")
    @RolesAllowed("federation_admin")
    public Uni<?> getRole(@PathParam("id") String id) {
        return service.fetchRole(id);
    }

    @PUT
    @Path("{id}/roles")
    @RolesAllowed("federation_admin")
    public Uni<?> updateRole(@PathParam("id") String id, MemberPermForm form) {
        List<String> toAdd = new ArrayList<>();
        List<String> toRemove = new ArrayList<>();

        if (form.isFederation_admin()) toAdd.add("federation_admin");
        else toRemove.add("federation_admin");
        if (form.isSafca_super_admin()) toAdd.add("safca_super_admin");
        else toRemove.add("safca_super_admin");
        if (form.isSafca_user()) toAdd.add("safca_user");
        else toRemove.add("safca_user");
        if (form.isSafca_create_compet()) toAdd.add("safca_create_compet");
        else toRemove.add("safca_create_compet");

        return service.updateRole(id, toAdd, toRemove);
    }
}