package de.captaingoldfish.scim.sdk.server.endpoints.authorize;

import de.captaingoldfish.scim.sdk.common.exceptions.ForbiddenException;
import de.captaingoldfish.scim.sdk.server.endpoints.features.EndpointType;
import de.captaingoldfish.scim.sdk.server.schemas.ResourceType;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/captaingoldfish/scim/sdk/server/endpoints/authorize/Authorization.class */
public interface Authorization {
    public static final Logger log = LoggerFactory.getLogger(Authorization.class);

    String getClientId();

    Set<String> getClientRoles();

    default void isClientAuthorized(ResourceType resourceType, EndpointType endpointType) {
        switch (endpointType) {
            case CREATE:
                isAuthorized(resourceType, endpointType, resourceType.getFeatures().getAuthorization().getRolesCreate());
                return;
            case UPDATE:
                isAuthorized(resourceType, endpointType, resourceType.getFeatures().getAuthorization().getRolesUpdate());
                return;
            case DELETE:
                isAuthorized(resourceType, endpointType, resourceType.getFeatures().getAuthorization().getRolesDelete());
                return;
            default:
                isAuthorized(resourceType, endpointType, resourceType.getFeatures().getAuthorization().getRolesGet());
                return;
        }
    }

    default void isAuthorized(ResourceType resourceType, EndpointType endpointType, Set<String> set) {
        if (set == null || set.isEmpty() || getClientRoles().containsAll(set)) {
            return;
        }
        log.debug("the client '{}' tried to execute an action without proper authorization. Required authorization is '{}' but the client has '{}'", new Object[]{getClientId(), set, getClientRoles()});
        throw new ForbiddenException("you are not authorized to access the '" + endpointType + "' endpoint on resource type '" + resourceType.getName() + "'");
    }
}
