package com.digiwin.athena.base.application.service.permission;

import com.digiwin.athena.appcore.auth.domain.AuthoredUser;
import com.digiwin.athena.appcore.util.JsonUtils;
import com.digiwin.athena.appcore.util.MessageUtils;
import com.digiwin.athena.base.application.constant.BaseGlobalConstant;
import com.digiwin.athena.base.application.constant.PermissionConstant;
import com.digiwin.athena.base.application.meta.request.permission.TypeActivities;
import com.digiwin.athena.base.application.meta.request.permission.TypeActivitiesAccessible;
import com.digiwin.athena.base.application.meta.response.permission.ActivityAccessible;
import com.digiwin.athena.base.infrastructure.constant.AudcErrorCodeEnum;
import com.digiwin.athena.base.infrastructure.manager.iam.service.BaseIamService;
import com.digiwin.athena.base.infrastructure.manager.thememap.BaseThemeMapService;
import com.digiwin.athena.base.infrastructure.manager.thememap.dto.AuthorityConfigResp;
import com.digiwin.athena.base.infrastructure.manager.uibot.BaseReportService;
import com.digiwin.athena.cac.sdk.manager.CacManager;
import com.digiwin.athena.cac.sdk.meta.dto.response.AppAuthDTO;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Resource;
import net.sf.json.JSONArray;
import net.sf.json.JSONNull;
import net.sf.json.JSONObject;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/digiwin/athena/base/application/service/permission/PermissionCheckServiceImpl.class */
public class PermissionCheckServiceImpl implements PermissionCheckService {
    private static final Logger log = LogManager.getLogger(PermissionCheckServiceImpl.class);

    @Resource
    private BaseIamService userPermissionService;

    @Resource
    private BaseThemeMapService baseThemeMapService;

    @Autowired
    private MessageUtils messageUtils;

    @Autowired
    private StringRedisTemplate stringRedisTemplate;

    @Autowired
    private BaseReportService baseReportService;
    private static final String ACCESS_FORBIDDEN = "forbidden";
    private static final String SEPARATOR = ":";
    private static final String EFFECT = "effect";
    private static final String CONDITIONS = "conditions";
    private static final String ID = "id";
    private static final String MODULE_ID = "moduleId";
    private static final String ENABLE = "enable";
    private static final String MODULE_ENABLE = "module-enable";
    private static final String ATHENA_DDSM_DESIGNER = "athena-ddsmdesigner";
    private static final String RESET_TEST_DATA = "resetTestData";
    private static final String REPORT_PARAMETER_MAINTENANCE = "report-parameter-maintenance";
    private static final String REPORT_FUNCTIONAL_DESIGN = "report-functional-design";

    @Override // com.digiwin.athena.base.application.service.permission.PermissionCheckService
    @Deprecated
    public List<ActivityAccessible> checkActivityAccessible(AuthoredUser authoredUser, List<String> list) {
        log.info("check user({}) activity access permission for: {}", authoredUser.getUserId(), list);
        if (CollectionUtils.isEmpty(list)) {
            return Collections.emptyList();
        }
        List<AuthorityConfigResp> activityAuthorityConfig = getActivityAuthorityConfig(list);
        TypeActivities typeActivities = new TypeActivities();
        typeActivities.setTmActivityIdList(list);
        return checkActivityAccessible(authoredUser, Collections.singletonList(typeActivities), activityAuthorityConfig);
    }

    private List<AuthorityConfigResp> getActivityAuthorityConfig(List<String> list) {
        return CollectionUtils.isNotEmpty(list) ? this.baseThemeMapService.getActivityAuthorityConfig(list, LocaleContextHolder.getLocale().toString()) : Lists.newArrayList();
    }

    private List<AuthorityConfigResp> getTaskAuthorityConfig(List<String> list) {
        return CollectionUtils.isNotEmpty(list) ? this.baseThemeMapService.getTaskAuthorityConfig(list, LocaleContextHolder.getLocale().toString()) : Lists.newArrayList();
    }

    private List<ActivityAccessible> checkActivityAccessible(AuthoredUser authoredUser, List<TypeActivities> list, List<AuthorityConfigResp> list2) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        analyzeActivityAuthorityConfig(list, list2, hashMap, arrayList);
        ArrayList arrayList2 = new ArrayList();
        if (MapUtils.isNotEmpty(hashMap)) {
            for (Map.Entry<String, List<AuthorityConfigResp>> entry : hashMap.entrySet()) {
                arrayList2.addAll(callIamToCheckAccessPermission(authoredUser, entry.getKey(), entry.getValue()));
            }
        }
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            arrayList2.add(new ActivityAccessible(it.next(), PermissionConstant.ACCESS_ALLOW));
        }
        return arrayList2;
    }

    private void analyzeActivityAuthorityConfig(List<TypeActivities> list, List<AuthorityConfigResp> list2, Map<String, List<AuthorityConfigResp>> map, List<String> list3) {
        if (!CollectionUtils.isNotEmpty(list2)) {
            list.stream().map((v0) -> {
                return v0.getTmActivityIdList();
            }).forEach(list4 -> {
                list3.addAll(list4);
            });
            return;
        }
        List list5 = (List) list2.stream().map((v0) -> {
            return v0.getCode();
        }).collect(Collectors.toList());
        HashMap hashMap = new HashMap();
        list.stream().forEach(typeActivities -> {
            for (String str : typeActivities.getTmActivityIdList()) {
                if (list5.contains(str)) {
                    hashMap.put(str, typeActivities.getPermissionCheckList());
                } else {
                    list3.add(str);
                }
            }
        });
        for (AuthorityConfigResp authorityConfigResp : list2) {
            String authorityPrefix = authorityConfigResp.getAuthorityPrefix();
            if (StringUtils.isBlank(authorityPrefix)) {
                list3.add(authorityConfigResp.getCode());
            } else {
                if (!authorityPrefix.contains(SEPARATOR)) {
                    throw AudcErrorCodeEnum.AUTH_PREFIX_CONFIG_ERROR.getBusinessException(this.messageUtils.getMessageWithFormat("exception.authority.prefix.config.error", new Object[]{authorityConfigResp.getCode(), authorityPrefix}));
                }
                List<AuthorityConfigResp> computeIfAbsent = map.computeIfAbsent(authorityPrefix.substring(0, authorityPrefix.indexOf(SEPARATOR)), str -> {
                    return new ArrayList();
                });
                authorityConfigResp.setPermissionCheckList((List) hashMap.get(authorityConfigResp.getCode()));
                computeIfAbsent.add(authorityConfigResp);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.digiwin.athena.base.application.service.permission.PermissionCheckService
    public List<TypeActivitiesAccessible> checkTypeActivitiesAccessible(AuthoredUser authoredUser, List<TypeActivities> list) {
        ArrayList arrayList = new ArrayList();
        for (TypeActivities typeActivities : list) {
            if (CollectionUtils.isNotEmpty(typeActivities.getTmActivityIdList())) {
                arrayList.add(typeActivities);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        arrayList.stream().filter(typeActivities2 -> {
            return CollectionUtils.isNotEmpty(typeActivities2.getTmActivityIdList());
        }).forEach(typeActivities3 -> {
            if (null == typeActivities3.getCategory() || !TypeActivities.CATEGORY_PROJECT.equals(typeActivities3.getCategory())) {
                arrayList3.addAll(typeActivities3.getTmActivityIdList());
            } else {
                arrayList2.addAll(typeActivities3.getTmActivityIdList());
            }
        });
        ArrayList arrayList4 = new ArrayList();
        arrayList4.addAll(getActivityAuthorityConfig(arrayList3));
        arrayList4.addAll(getTaskAuthorityConfig(arrayList2));
        Map map = (Map) checkActivityAccessible(authoredUser, arrayList, arrayList4).stream().collect(Collectors.toMap((v0) -> {
            return v0.getTmActivityId();
        }, Function.identity(), (activityAccessible, activityAccessible2) -> {
            return activityAccessible2;
        }));
        ArrayList arrayList5 = new ArrayList(list.size());
        for (TypeActivities typeActivities4 : arrayList) {
            if (!CollectionUtils.isEmpty(typeActivities4.getTmActivityIdList())) {
                TypeActivitiesAccessible typeActivitiesAccessible = new TypeActivitiesAccessible(typeActivities4.getType(), Lists.newArrayListWithCapacity(typeActivities4.getTmActivityIdList().size()));
                Iterator<String> it = typeActivities4.getTmActivityIdList().iterator();
                while (it.hasNext()) {
                    typeActivitiesAccessible.getActivityAccessibleList().add(map.get(it.next()));
                }
                arrayList5.add(typeActivitiesAccessible);
            }
        }
        return arrayList5;
    }

    private List<ActivityAccessible> callIamToCheckAccessPermission(AuthoredUser authoredUser, String str, List<AuthorityConfigResp> list) {
        JSONArray appAllPermissions = getAppAllPermissions(authoredUser, str);
        ArrayList arrayList = new ArrayList(list.size());
        for (AuthorityConfigResp authorityConfigResp : list) {
            boolean z = true;
            int i = 0;
            HashMap hashMap = new HashMap();
            if (null != appAllPermissions && !appAllPermissions.isEmpty()) {
                String authorityPrefix = authorityConfigResp.getAuthorityPrefix();
                int i2 = 0;
                while (true) {
                    if (i2 >= appAllPermissions.size()) {
                        break;
                    }
                    JSONObject jSONObject = appAllPermissions.getJSONObject(i2);
                    if (jSONObject == null || jSONObject.isNullObject()) {
                        log.warn("activityAuthConfigList中的第{}个permissionJson为空", Integer.valueOf(i2));
                    } else {
                        JSONObject jSONObject2 = jSONObject.getJSONObject(CONDITIONS);
                        String str2 = "drn:iam:app:" + authorityPrefix + SEPARATOR + authorityConfigResp.getCode();
                        if (jsonContainsJsonObj(jSONObject2, str2)) {
                            z = StringUtils.equalsIgnoreCase(PermissionConstant.ACCESS_ALLOW, jSONObject.getString(EFFECT));
                            if (!z && jSONObject.containsKey("denyReason")) {
                                i = jSONObject.getInt("denyReason");
                            }
                            if (CollectionUtils.isNotEmpty(authorityConfigResp.getPermissionCheckList())) {
                                JSONObject jSONObject3 = jSONObject2.getJSONObject(str2);
                                for (String str3 : authorityConfigResp.getPermissionCheckList()) {
                                    if (jSONObject3.containsKey(str3)) {
                                        hashMap.put(str3, jSONObject3.getString(str3));
                                    }
                                }
                            }
                        }
                    }
                    i2++;
                }
            }
            arrayList.add(new ActivityAccessible(authorityConfigResp.getCode(), z ? PermissionConstant.ACCESS_ALLOW : i == 0 ? ACCESS_FORBIDDEN : "NOBUY", hashMap));
        }
        return arrayList;
    }

    private boolean jsonContainsJsonObj(JSONObject jSONObject, String str) {
        return (null == jSONObject || !jSONObject.containsKey(str) || null == jSONObject.getJSONObject(str)) ? false : true;
    }

    private JSONArray getAppAllPermissions(AuthoredUser authoredUser, String str) {
        String str2 = BaseGlobalConstant.cacheKeyPrefix + authoredUser.getTenantId() + SEPARATOR + authoredUser.getUserId() + SEPARATOR + str;
        if (Boolean.TRUE.equals(this.stringRedisTemplate.hasKey(str2))) {
            String str3 = (String) this.stringRedisTemplate.opsForValue().get(str2);
            if (StringUtils.isNotBlank(str3)) {
                JSONArray fromObject = JSONArray.fromObject(str3);
                log.info("redis里的permissionList:{}", str3);
                return fromObject;
            }
        }
        JSONObject allUserPermissionV2 = this.userPermissionService.getAllUserPermissionV2(authoredUser, str);
        if (null == allUserPermissionV2 || !allUserPermissionV2.containsKey("data")) {
            return null;
        }
        JSONArray jSONArray = allUserPermissionV2.getJSONArray("data");
        log.debug("user({}) app authority config: {}", authoredUser.getUserId(), jSONArray);
        this.stringRedisTemplate.opsForValue().set(str2, JsonUtils.objectToString(jSONArray), 60L, TimeUnit.SECONDS);
        return jSONArray;
    }

    @Override // com.digiwin.athena.base.application.service.permission.PermissionCheckService
    public Map<String, String> checkActivitiesAccessible(AuthoredUser authoredUser, Integer num, List<String> list) {
        TypeActivities typeActivities = new TypeActivities();
        typeActivities.setType("activityType");
        typeActivities.setCategory(num);
        typeActivities.setTmActivityIdList(list);
        List<TypeActivitiesAccessible> checkTypeActivitiesAccessible = checkTypeActivitiesAccessible(authoredUser, Collections.singletonList(typeActivities));
        HashMap hashMap = new HashMap();
        if (CollectionUtils.isNotEmpty(checkTypeActivitiesAccessible) && CollectionUtils.isNotEmpty(checkTypeActivitiesAccessible.get(0).getActivityAccessibleList())) {
            checkTypeActivitiesAccessible.get(0).getActivityAccessibleList().forEach(activityAccessible -> {
            });
        }
        return hashMap;
    }

    @Override // com.digiwin.athena.base.application.service.permission.PermissionCheckService
    public Map<String, List<String>> getModuleOrMenuAccessible(AuthoredUser authoredUser, String str) {
        HashMap hashMap = new HashMap();
        JSONArray appAllPermissions = getAppAllPermissions(authoredUser, str);
        if (null == appAllPermissions) {
            return hashMap;
        }
        Map<String, Boolean> specialMenuAccessible = getSpecialMenuAccessible(authoredUser);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        specialMenuAccessible.forEach((str2, bool) -> {
            arrayList3.add(str2);
        });
        Iterator it = appAllPermissions.iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if (!Objects.isNull(next) && !(next instanceof JSONNull)) {
                JSONObject jSONObject = (JSONObject) next;
                if (StringUtils.equalsIgnoreCase(MODULE_ENABLE, jSONObject.getString(ID))) {
                    arrayList.add(jSONObject.getString(MODULE_ID));
                } else {
                    arrayList3.add(jSONObject.getString(ID));
                }
                if (StringUtils.equalsIgnoreCase(PermissionConstant.ACCESS_ALLOW, jSONObject.getString(EFFECT))) {
                    JSONObject jSONObject2 = jSONObject.getJSONObject(CONDITIONS);
                    String str3 = "drn:iam:app:Athena:" + jSONObject.getString(MODULE_ID) + SEPARATOR + jSONObject.getString(ID);
                    if (jsonContainsJsonObj(jSONObject2, str3) && null != jSONObject2.getJSONObject(str3).get(ENABLE) && StringUtils.equalsIgnoreCase(PermissionConstant.ACCESS_ALLOW, jSONObject2.getJSONObject(str3).getString(ENABLE)) && (!specialMenuAccessible.containsKey(jSONObject.getString(ID)) || specialMenuAccessible.get(jSONObject.getString(ID)).booleanValue())) {
                        if (StringUtils.equalsIgnoreCase(MODULE_ENABLE, jSONObject.getString(ID))) {
                            arrayList2.add(jSONObject.getString(MODULE_ID));
                        } else {
                            arrayList4.add(jSONObject.getString(ID));
                        }
                    }
                }
            }
        }
        hashMap.put("allModule", arrayList);
        hashMap.put("allMenu", arrayList3);
        hashMap.put("accessibleModule", arrayList2);
        hashMap.put("accessibleMenu", arrayList4);
        return hashMap;
    }

    private Map<String, Boolean> getSpecialMenuAccessible(AuthoredUser authoredUser) {
        HashMap hashMap = new HashMap();
        AppAuthDTO queryAppAuth = CacManager.queryAppAuth(authoredUser.getUserId(), "EAS");
        hashMap.put(ATHENA_DDSM_DESIGNER, Boolean.valueOf(Objects.nonNull(queryAppAuth) ? queryAppAuth.getIsSuccess().booleanValue() : false));
        Boolean isSysRole = this.baseReportService.isSysRole(authoredUser);
        hashMap.put(REPORT_PARAMETER_MAINTENANCE, Boolean.valueOf(BooleanUtils.isTrue(isSysRole)));
        hashMap.put(REPORT_FUNCTIONAL_DESIGN, Boolean.valueOf(BooleanUtils.isTrue(isSysRole)));
        return hashMap;
    }
}
