package io.preboot.auth.core.service;

import io.preboot.auth.api.exception.UserAccountNotFoundException;
import io.preboot.auth.core.model.UserAccount;
import io.preboot.auth.core.repository.UserAccountRepository;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;
import org.springframework.web.server.ResponseStatusException;

@Service
/* loaded from: input_file:io/preboot/auth/core/service/TenantUserService.class */
public class TenantUserService {
    private final UserAccountRepository userAccountRepository;
    private static final Set<String> RESTRICTED_ROLES = Set.of("super-admin");

    public UserAccount verifyUserExistsInTenant(UUID uuid, UUID uuid2) {
        UserAccount orElseThrow = this.userAccountRepository.findByUuid(uuid).orElseThrow(() -> {
            return new UserAccountNotFoundException("User not found: " + String.valueOf(uuid));
        });
        if (orElseThrow.getTenantIds().contains(uuid2)) {
            return orElseThrow;
        }
        throw new UserAccountNotFoundException("User " + String.valueOf(uuid) + " does not belong to tenant " + String.valueOf(uuid2));
    }

    public void validateRoles(Set<String> set) {
        Stream<String> stream = set.stream();
        Set<String> set2 = RESTRICTED_ROLES;
        Objects.requireNonNull(set2);
        Set set3 = (Set) stream.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toSet());
        if (!set3.isEmpty()) {
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Cannot assign restricted roles: " + String.join(", ", set3));
        }
    }

    public boolean hasRolesInTenant(UUID uuid, UUID uuid2) {
        return !this.userAccountRepository.findByUuid(uuid).orElseThrow(() -> {
            return new UserAccountNotFoundException("User not found: " + String.valueOf(uuid));
        }).getRoles().stream().filter(userAccountRole -> {
            return userAccountRole.getTenantId().equals(uuid2);
        }).toList().isEmpty();
    }

    @Generated
    public TenantUserService(UserAccountRepository userAccountRepository) {
        this.userAccountRepository = userAccountRepository;
    }
}
