package com.digiwin.dap.middleware.iam.support.obsolete.service.impl;

import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.TreeModel;
import com.digiwin.dap.middleware.iam.domain.permission.CalcUser;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionDataPolicy;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionPolicy;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionUserOrg;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionUserRole;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionUserTag;
import com.digiwin.dap.middleware.iam.domain.permission.UserDataPermissionResult;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionResult;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionVO;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyAction;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyCondition;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyModule;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyPermission;
import com.digiwin.dap.middleware.iam.domain.policy.PolicySys;
import com.digiwin.dap.middleware.iam.domain.policy.v2.TargetCondition;
import com.digiwin.dap.middleware.iam.domain.role.QueryRoleResultVO;
import com.digiwin.dap.middleware.iam.entity.DataPolicy;
import com.digiwin.dap.middleware.iam.entity.Org;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.mapper.DataPermissionMapper;
import com.digiwin.dap.middleware.iam.mapper.PermissionMapper;
import com.digiwin.dap.middleware.iam.mapper.SysMapper;
import com.digiwin.dap.middleware.iam.repository.OrgRepository;
import com.digiwin.dap.middleware.iam.service.datapolicy.DataPolicyCrudService;
import com.digiwin.dap.middleware.iam.service.policy.PolicyCalcService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleQueryService;
import com.digiwin.dap.middleware.iam.support.obsolete.domain.DataPolicyTarget;
import com.digiwin.dap.middleware.iam.support.obsolete.domain.PermissionField;
import com.digiwin.dap.middleware.iam.support.obsolete.domain.PermissionUserDefaultOrg;
import com.digiwin.dap.middleware.iam.support.obsolete.entity.FieldValue;
import com.digiwin.dap.middleware.iam.support.obsolete.service.DataPermissionService;
import com.digiwin.dap.middleware.iam.support.obsolete.service.FieldValueCrudService;
import com.digiwin.dap.middleware.iam.support.remote.CacService;
import com.digiwin.dap.middleware.iam.support.remote.domain.AuthorizationModuleVO;
import com.digiwin.dap.middleware.iam.support.remote.domain.AuthorizationResultVO;
import com.digiwin.dap.middleware.iam.util.TreeUtil;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.xmlbeans.XmlErrorCodes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:BOOT-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/support/obsolete/service/impl/DataPermissionServiceImpl.class */
public class DataPermissionServiceImpl implements DataPermissionService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DataPermissionServiceImpl.class);
    private static ObjectMapper objectMapper = JsonUtils.createObjectMapper();

    @Autowired
    private SysMapper sysMapper;

    @Autowired
    private CacService cacService;

    @Autowired
    private OrgRepository orgRepository;

    @Autowired
    private PermissionMapper permissionMapper;

    @Autowired
    private PolicyCalcService policyCalcService;

    @Autowired
    private DataPermissionMapper dataPermissionMapper;

    @Autowired
    private DataPolicyCrudService dataPolicyCrudService;

    @Autowired
    private FieldValueCrudService fieldValueCrudService;

    @Autowired
    private UserInRoleQueryService userInRoleQueryService;

    @Override // com.digiwin.dap.middleware.iam.support.obsolete.service.DataPermissionService
    public UserDataPermissionResult getUserDataPermission(UserPermissionVO userPermissionVO, AuthoredUser authoredUser) {
        checkData(userPermissionVO);
        UserPermissionResult userPermission = getUserPermission(getCalcUser(userPermissionVO, authoredUser));
        return new UserDataPermissionResult(userPermission.getRoles(), userPermission.getOrg(), userPermission.getTag(), userPermission.getDefaultOrg(), userPermission.getDataPermissions());
    }

    protected void checkData(UserPermissionVO userPermissionVO) {
        Assert.notNull(userPermissionVO, "input 不能为null");
        Assert.notNull(userPermissionVO.getTarget(), "input.target 不能为null");
        Assert.notNull(userPermissionVO.getQueryParameter(), "input.queryParameter 不能为null");
        Assert.notNull(userPermissionVO.getQueryParameter().getEffect(), "input.queryParameter.effect 不能为null");
        if (userPermissionVO.getTarget().split(":").length < 4) {
            throw new BusinessException(I18nError.SYS_URL_ILLEGAL, new Object[]{userPermissionVO.getTarget()});
        }
    }

    protected CalcUser getCalcUser(UserPermissionVO userPermissionVO, AuthoredUser authoredUser) {
        if (authoredUser.getTenantSid() == 0) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED);
        }
        String str = "allow";
        if ("all".equals(userPermissionVO.getQueryParameter().getEffect())) {
            str = "all";
        } else if (IamConstants.EFFECT_ONLY_DENY.equals(userPermissionVO.getQueryParameter().getEffect())) {
            str = "deny";
        }
        CalcUser calcUser = new CalcUser();
        calcUser.setTenantSid(authoredUser.getTenantSid());
        calcUser.setTenantId(authoredUser.getTenantId());
        calcUser.setAppId(userPermissionVO.getTarget().split(":")[3]);
        if (StringUtils.isEmpty(userPermissionVO.getUserId())) {
            calcUser.setUserId(authoredUser.getUserId());
        } else {
            calcUser.setUserId(userPermissionVO.getUserId());
        }
        calcUser.setEffect(str);
        return calcUser;
    }

    private UserPermissionResult getUserPermission(CalcUser calcUser) {
        User userByTenantSidAndUserId = this.dataPermissionMapper.getUserByTenantSidAndUserId(Long.valueOf(calcUser.getTenantSid()), calcUser.getUserId());
        Assert.notNull(userByTenantSidAndUserId, String.format("用户[%s]不存在或用户不在指定的租户内!", calcUser.getUserId()));
        calcUser.setUserSid(userByTenantSidAndUserId.getSid());
        Sys findByTenantSidAndId = this.sysMapper.findByTenantSidAndId(calcUser.getTenantSid(), calcUser.getAppId());
        Assert.notNull(findByTenantSidAndId, String.format("应用[%s]不存在或应用不在指定的租户内!", calcUser.getAppId()));
        calcUser.setAppSid(findByTenantSidAndId.getSid());
        return calculateUserPermission(calcUser, findByTenantSidAndId.isInside());
    }

    private UserPermissionResult calculateUserPermission(CalcUser calcUser, boolean z) {
        List<PermissionUserRole> findUserRoles = this.permissionMapper.findUserRoles(calcUser.getTenantSid(), calcUser.getUserSid());
        List<PermissionUserOrg> findUserOrgs = this.permissionMapper.findUserOrgs(calcUser.getTenantSid(), calcUser.getUserSid());
        Map<String, PermissionUserOrg> addUserOrgTag = addUserOrgTag(findUserOrgs, calcUser.getTenantSid(), calcUser.getUserSid());
        Map<String, PermissionUserTag> addUserTagOrg = addUserTagOrg(this.dataPermissionMapper.findUserTags(calcUser.getTenantSid(), calcUser.getUserSid()), calcUser.getTenantSid(), calcUser.getUserSid());
        List<PermissionUserDefaultOrg> findUserDefaultOrgs = this.dataPermissionMapper.findUserDefaultOrgs(calcUser.getTenantSid(), calcUser.getUserSid());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        findUserDefaultOrgs.forEach(permissionUserDefaultOrg -> {
        });
        return new UserPermissionResult(findUserRoles, addUserOrgTag, addUserTagOrg, linkedHashMap, getUserDataPolicy(findUserOrgs, findUserRoles, calcUser.getTenantSid(), calcUser.getUserSid()), new ArrayList(), getUserFieldPermission(calcUser.getTenantSid(), calcUser.getUserSid(), calcUser.getAppId()));
    }

    private Map<String, PermissionUserOrg> addUserOrgTag(List<PermissionUserOrg> list, long j, long j2) {
        Map map = (Map) this.dataPermissionMapper.findUserTagInOrgs(j, j2).stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getOrgSid();
        }));
        for (PermissionUserOrg permissionUserOrg : list) {
            if (map.containsKey(Long.valueOf(permissionUserOrg.getSid()))) {
                permissionUserOrg.setOrgTag((List) map.get(Long.valueOf(permissionUserOrg.getSid())));
            }
        }
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getPriority();
        }, permissionUserOrg2 -> {
            return permissionUserOrg2;
        }, (permissionUserOrg3, permissionUserOrg4) -> {
            return permissionUserOrg3;
        }));
    }

    private Map<String, PermissionUserTag> addUserTagOrg(List<PermissionUserTag> list, long j, long j2) {
        Map map = (Map) this.dataPermissionMapper.findUserOrgInTags(j, j2).stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getTagSid();
        }));
        for (PermissionUserTag permissionUserTag : list) {
            if (map.containsKey(Long.valueOf(permissionUserTag.getSid()))) {
                permissionUserTag.setOrg((List) map.get(Long.valueOf(permissionUserTag.getSid())));
            }
        }
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getPriority();
        }, permissionUserTag2 -> {
            return permissionUserTag2;
        }, (permissionUserTag3, permissionUserTag4) -> {
            return permissionUserTag3;
        }));
    }

    private List<PermissionPolicy> getUserPolicy(long j, long j2, long j3, boolean z, Map<Long, List<TargetCondition>> map) {
        PolicyPermission sysTree = getSysTree(j, j3);
        List<Long> policyAction = this.policyCalcService.getPolicyAction(j, "user", j2, j3);
        ArrayList arrayList = new ArrayList();
        for (PolicyAction policyAction2 : sysTree.getActions()) {
            if (z || policyAction.contains(Long.valueOf(policyAction2.getSid()))) {
                PermissionPolicy permissionPolicy = new PermissionPolicy();
                permissionPolicy.setSid(Long.valueOf(policyAction2.getSid()));
                permissionPolicy.setId(policyAction2.getId());
                permissionPolicy.setName(policyAction2.getName());
                permissionPolicy.setTarget(policyAction2.getUri());
                permissionPolicy.setEffect("allow");
                permissionPolicy.setModuleId(policyAction2.getModuleId());
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = new HashMap();
                for (PolicyCondition policyCondition : policyAction2.getCondition()) {
                    String value = policyCondition.getValue();
                    if (map.containsKey(Long.valueOf(policyAction2.getSid()))) {
                        Iterator<TargetCondition> it = map.get(Long.valueOf(policyAction2.getSid())).iterator();
                        while (true) {
                            if (it.hasNext()) {
                                TargetCondition next = it.next();
                                if (policyCondition.getKey().equals(next.getKey()) && null != next.getValue()) {
                                    value = next.getValue();
                                    break;
                                }
                            }
                        }
                    }
                    hashMap.put(policyCondition.getKey(), value);
                }
                if (!hashMap.isEmpty()) {
                    hashMap2.put(policyAction2.getUri() == null ? "" : policyAction2.getUri(), hashMap);
                }
                permissionPolicy.setConditions(hashMap2);
                arrayList.add(permissionPolicy);
            }
        }
        return arrayList;
    }

    public PolicyPermission getSysTree(long j, long j2) {
        PolicySys findPolicySys = this.dataPermissionMapper.findPolicySys(j, j2);
        List<PolicyModule> findPolicyModule = this.dataPermissionMapper.findPolicyModule(findPolicySys.getSid());
        List<PolicyAction> findPolicyAction = this.dataPermissionMapper.findPolicyAction(j, findPolicySys.getSid());
        setConditionToAction(findPolicyAction, this.dataPermissionMapper.findPolicyCondition(findPolicySys.getSid()));
        return new PolicyPermission(findPolicySys, findPolicyModule, findPolicyAction);
    }

    private void setConditionToAction(List<PolicyAction> list, List<PolicyCondition> list2) {
        list2.forEach(policyCondition -> {
            try {
                policyCondition.setTypeParameter((List) objectMapper.readValue(policyCondition.getTypeParam(), new TypeReference<List<String>>() { // from class: com.digiwin.dap.middleware.iam.support.obsolete.service.impl.DataPermissionServiceImpl.1
                }));
            } catch (IOException e) {
                logger.warn("condition[sid=" + policyCondition.getSid() + "]Json字符串转换失败", (Throwable) e);
            }
        });
        Map map = (Map) list2.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getActionSid();
        }));
        for (PolicyAction policyAction : list) {
            if (map.containsKey(Long.valueOf(policyAction.getSid()))) {
                policyAction.setCondition((List) map.get(Long.valueOf(policyAction.getSid())));
            }
        }
    }

    private List<PermissionDataPolicy> getUserDataPolicy(List<PermissionUserOrg> list, List<PermissionUserRole> list2, long j, long j2) {
        ArrayList arrayList = new ArrayList();
        Iterator<PermissionUserOrg> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new DataPolicyTarget(it.next().getSid(), true, "org", null));
        }
        Iterator<PermissionUserRole> it2 = list2.iterator();
        while (it2.hasNext()) {
            arrayList.addAll(getRoleDataPolicyTarget(j, it2.next().getSid()));
        }
        arrayList.addAll(getUserDataPolicyTarget(j, j2));
        return calcUserDataPermission(j, arrayList);
    }

    public List<DataPolicyTarget> getRoleDataPolicyTarget(long j, long j2) {
        ArrayList arrayList = new ArrayList();
        Iterator<DataPolicy> it = this.dataPermissionMapper.findRoleDataPolicy(j, j2).iterator();
        while (it.hasNext()) {
            arrayList.addAll(this.dataPermissionMapper.findDataPolicyTarget(it.next().getSid()));
        }
        return arrayList;
    }

    public List<DataPolicyTarget> getUserDataPolicyTarget(long j, long j2) {
        ArrayList arrayList = new ArrayList();
        Iterator<DataPolicy> it = this.dataPermissionMapper.findUserDataPolicy(j, j2).iterator();
        while (it.hasNext()) {
            arrayList.addAll(this.dataPermissionMapper.findDataPolicyTarget(it.next().getSid()));
        }
        return arrayList;
    }

    private List<PermissionDataPolicy> calcUserDataPermission(long j, List<DataPolicyTarget> list) {
        ArrayList arrayList = new ArrayList();
        List<TreeModel> findOrgTreeModel = this.permissionMapper.findOrgTreeModel(j);
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        for (DataPolicyTarget dataPolicyTarget : list) {
            if (dataPolicyTarget.isChecked()) {
                if (IamConstants.DATA_EFFECT_ORG_CASCADE.equals(dataPolicyTarget.getEffect())) {
                    TreeUtil.getChildNodes(findOrgTreeModel, dataPolicyTarget.getSid(), arrayList2);
                } else {
                    arrayList2.add(Long.valueOf(dataPolicyTarget.getSid()));
                }
            } else if (IamConstants.DATA_EFFECT_ORG_CASCADE.equals(dataPolicyTarget.getEffect())) {
                TreeUtil.getChildNodes(findOrgTreeModel, dataPolicyTarget.getSid(), arrayList3);
            } else {
                arrayList3.add(Long.valueOf(dataPolicyTarget.getSid()));
            }
        }
        List<Long> list2 = (List) arrayList2.stream().distinct().collect(Collectors.toList());
        list2.removeAll((List) arrayList3.stream().distinct().collect(Collectors.toList()));
        for (Org org2 : this.orgRepository.findBySidIn(list2)) {
            arrayList.add(new PermissionDataPolicy(org2.getSid(), org2.getId(), org2.getName(), org2.getUri()));
        }
        return arrayList;
    }

    public PermissionField getUserFieldPermission(long j, long j2, String str) {
        Sys findByTenantSidAndId = this.sysMapper.findByTenantSidAndId(j, str);
        if (null == findByTenantSidAndId) {
            return null;
        }
        PermissionField permissionField = new PermissionField();
        permissionField.setSid(Long.valueOf(findByTenantSidAndId.getSid()));
        permissionField.setId(findByTenantSidAndId.getId());
        permissionField.setName(findByTenantSidAndId.getName());
        permissionField.setHasAll(false);
        List<QueryRoleResultVO> queryUserInRoleByUser = this.userInRoleQueryService.queryUserInRoleByUser(j, j2);
        if (queryUserInRoleByUser.size() == 0) {
            return permissionField;
        }
        if (queryUserInRoleByUser.stream().anyMatch(queryRoleResultVO -> {
            return "superadmin".equals(queryRoleResultVO.getId());
        })) {
            permissionField.setHasAll(true);
            return permissionField;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<QueryRoleResultVO> it = queryUserInRoleByUser.iterator();
        while (it.hasNext()) {
            DataPolicy dataPolicy = getDataPolicy(j, it.next().getId(), str);
            if (null != dataPolicy) {
                List<FieldValue> findByTargetSid = this.fieldValueCrudService.findByTargetSid(dataPolicy.getSid());
                if (findByTargetSid.size() > 0) {
                    HashMap hashMap = new HashMap();
                    findByTargetSid.forEach(fieldValue -> {
                        if (null == fieldValue.getType() || "".equals(fieldValue.getType()) || "multiple".equals(fieldValue.getType()) || "single".equals(fieldValue.getType())) {
                            hashMap.put(fieldValue.getKey(), new HashSet(Arrays.asList(fieldValue.getValue().split(","))));
                            return;
                        }
                        if (XmlErrorCodes.INT.equals(fieldValue.getType())) {
                            hashMap.put(fieldValue.getKey(), Long.valueOf(Long.parseLong(fieldValue.getValue())));
                        } else if ("boolean".equals(fieldValue.getType())) {
                            hashMap.put(fieldValue.getKey(), Boolean.valueOf("1".equals(fieldValue.getValue())));
                        } else {
                            hashMap.put(fieldValue.getKey(), fieldValue.getValue());
                        }
                    });
                    arrayList.add(hashMap);
                }
            }
        }
        if (arrayList.size() > 0) {
            permissionField.setFields(arrayList);
        }
        return permissionField;
    }

    public DataPolicy getDataPolicy(long j, String str, String str2) {
        return this.dataPolicyCrudService.findByTenantSidAndId(j, "role_" + str + "_" + str2);
    }

    protected List<PermissionPolicy> filterModuleByCac(String str, String str2, List<PermissionPolicy> list) {
        AuthorizationResultVO queryAllAuthorization = this.cacService.queryAllAuthorization(str, str2);
        if (queryAllAuthorization != null) {
            ArrayList arrayList = new ArrayList();
            List<AuthorizationModuleVO> enabledModules = queryAllAuthorization.getEnabledModules();
            for (PermissionPolicy permissionPolicy : list) {
                if (enabledModules != null && enabledModules.size() > 0) {
                    Iterator<AuthorizationModuleVO> it = enabledModules.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            AuthorizationModuleVO next = it.next();
                            if (next.getId() != null && next.getId().equals(permissionPolicy.getModuleId()) && LocalDateTime.now().isBefore(next.getExpiredTime())) {
                                arrayList.add(permissionPolicy);
                                break;
                            }
                        }
                    }
                }
            }
            if (enabledModules.size() > 0) {
                return arrayList;
            }
        }
        return list;
    }
}
