package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.exception.OperateException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.domain.enumeration.ChangeTypeEnum;
import com.digiwin.dap.middleware.iam.domain.org.BatchReplaceVO;
import com.digiwin.dap.middleware.iam.domain.org.RequestParameterVO;
import com.digiwin.dap.middleware.iam.domain.role.RoleCatalogVO;
import com.digiwin.dap.middleware.iam.domain.role.RoleVO;
import com.digiwin.dap.middleware.iam.domain.role.rolebean.RoleBean;
import com.digiwin.dap.middleware.iam.entity.Role;
import com.digiwin.dap.middleware.iam.entity.RoleCatalog;
import com.digiwin.dap.middleware.iam.mapper.UserInRoleMapper;
import com.digiwin.dap.middleware.iam.service.role.RoleCatalogCrudService;
import com.digiwin.dap.middleware.iam.service.role.RoleCatalogQueryService;
import com.digiwin.dap.middleware.iam.service.role.RoleCatalogService;
import com.digiwin.dap.middleware.iam.service.role.RoleCrudService;
import com.digiwin.dap.middleware.iam.service.role.RoleQueryService;
import com.digiwin.dap.middleware.iam.service.role.RoleService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleService;
import com.digiwin.dap.middleware.iam.support.clean.PolicyCascadeDeleteService;
import com.digiwin.dap.middleware.iam.support.log.ChangeLogService;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.iam.util.StringUtil;
import com.digiwin.dap.middleware.language.service.LanguageCrudService;
import com.digiwin.dap.middleware.util.UserUtils;
import io.github.resilience4j.ratelimiter.annotation.RateLimiter;
import java.util.List;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/role"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/RoleController.class */
public class RoleController {

    @Autowired
    private RoleService roleService;

    @Autowired
    private RoleCrudService roleCrudService;

    @Autowired
    private RoleQueryService roleQueryService;

    @Autowired
    private RoleCatalogCrudService roleCatalogCrudService;

    @Autowired
    private UserInRoleMapper userInRoleMapper;

    @Autowired
    private PolicyCascadeDeleteService policyCascadeDeleteService;

    @Autowired
    private LanguageCrudService languageCrudService;

    @Autowired
    private RoleCatalogService roleCatalogService;

    @Autowired
    private RoleCatalogQueryService roleCatalogQueryService;

    @Autowired
    private UserInRoleService userInRoleService;

    @Autowired
    private ChangeLogService changeLogService;

    @Autowired
    private AuthValidateService authValidateService;

    @PostMapping
    public ResponseEntity<?> getRole(@RequestBody RequestParameterVO requestParameterVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (requestParameterVO.getSid() == 0 && requestParameterVO.getId() == null) {
            throw new BusinessException(I18nError.PARAM_MISS);
        }
        return requestParameterVO.getSid() > 0 ? ResponseEntity.ok(this.roleQueryService.getRoleBySid(requestParameterVO.getSid())) : ResponseEntity.ok(this.roleQueryService.getRoleByTenantSidAndId(authoredUser.getTenantSid(), requestParameterVO.getId()));
    }

    @PostMapping({"/del"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> deleteRole(@RequestBody RequestParameterVO requestParameterVO) {
        if (!CollectionUtils.isEmpty(this.userInRoleMapper.queryUserInRole(requestParameterVO.getSid()))) {
            throw new BusinessException(I18nError.ROLE_DELETE_ERROR, new Object[]{Long.valueOf(requestParameterVO.getSid())});
        }
        Role findByTenantSidAndSid = this.roleCrudService.findByTenantSidAndSid(UserUtils.getTenantSid(), requestParameterVO.getSid());
        if (findByTenantSidAndSid != null) {
            if (findByTenantSidAndSid.getTenantSid() != UserUtils.getTenantSid()) {
                throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
            }
            this.roleCrudService.deleteBySidAndTenantSid(findByTenantSidAndSid.getSid(), findByTenantSidAndSid.getTenantSid());
            this.changeLogService.createChangeLog(ChangeTypeEnum.ROLE_DEL.getName(), findByTenantSidAndSid, ChangeTypeEnum.ROLE_DEL.getPrimaryKey(), String.valueOf(findByTenantSidAndSid.getSid()));
            this.policyCascadeDeleteService.deleteRole(findByTenantSidAndSid.getTenantSid(), requestParameterVO.getSid());
        }
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping({"/list/byuser/tenant/{tenantId:.+}"})
    @RateLimiter(name = "/api/iam/v2/role/list/byuser/tenant/{tenantId}")
    public ResponseEntity<?> getRolesByUserIds(@RequestBody List<String> list, @PathVariable("tenantId") String str) {
        if (str.equalsIgnoreCase(UserUtils.getTenantId()) || this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/role/list/byuser/tenant/{tenantId:.+}", UserUtils.getSysId()).booleanValue()) {
            return ResponseEntity.ok(this.roleQueryService.getRolesByUserIds(list, str));
        }
        throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
    }

    @PostMapping({"/query"})
    public ResponseEntity<?> getRoleInCatalog(@Valid @RequestBody RoleBean roleBean, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        long tenantSid = authoredUser.getTenantSid();
        Assert.isTrue(tenantSid > 0, String.format("无法得到当前用户[%s]的租户信息！", authoredUser.getUserId()));
        return ResponseEntity.ok(this.roleQueryService.getRoleQueryResultVosByType("disabled".equals(roleBean.getQueryParameter().getType()), tenantSid));
    }

    @GetMapping({"/simple"})
    public ResponseEntity<?> getRoleInTenant(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, String.format("无法得到当前用户[%s]的租户信息！", authoredUser.getUserId()));
        return ResponseEntity.ok(this.roleQueryService.getRoleQueryResultVosByTenant(authoredUser.getTenantSid()));
    }

    @PostMapping({"/update"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updateRole(@Valid @RequestBody RoleVO roleVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        long tenantSid = authoredUser.getTenantSid();
        Assert.isTrue(tenantSid > 0, String.format("无法得到当前用户[%s]的租户信息！", authoredUser.getUserId()));
        if (roleVO.getCatalogId() == null && roleVO.getCatalogSid().longValue() == 0) {
            throw new OperateException("角色分类id和角色分类Sid不能同时为空！");
        }
        if (roleVO.getCatalogId() != null) {
            roleVO.setCatalogSid(Long.valueOf(getCatalogSid(roleVO.getCatalogId(), tenantSid)));
        }
        if (StringUtils.hasLength(roleVO.getHash()) || roleVO.getSid() != 0) {
            this.roleService.modifyRole(roleVO, tenantSid);
        } else {
            roleVO.setSid(this.roleService.addRole(roleVO, tenantSid));
        }
        this.languageCrudService.save(roleVO.getSid(), "roleName", roleVO.getName());
        return ResponseEntity.ok(Long.valueOf(roleVO.getSid()));
    }

    private long getCatalogSid(String str, long j) {
        long j2 = 0;
        if (str != null) {
            if (!StringUtil.checkId(str)) {
                throw new BusinessException(I18nError.PARAM_ERROR);
            }
            RoleCatalog findByTenantSidAndId = this.roleCatalogCrudService.findByTenantSidAndId(j, str);
            if (findByTenantSidAndId == null) {
                throw new BusinessException(I18nError.ROLE_CATALOG_NOT_EXISTED, new Object[]{str});
            }
            j2 = findByTenantSidAndId.getSid();
        }
        return j2;
    }

    @PostMapping({"/catalog/update"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updateRoleCatalog(@RequestBody RoleCatalogVO roleCatalogVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        long tenantSid = authoredUser.getTenantSid();
        if (!StringUtils.hasLength(roleCatalogVO.getHash()) && roleCatalogVO.getSid() == 0) {
            return ResponseEntity.ok(Long.valueOf(this.roleCatalogService.addRoleCatalog(roleCatalogVO, tenantSid)));
        }
        this.roleCatalogService.modifyRoleCatalog(roleCatalogVO, tenantSid);
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping({"/catalog/disable"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> disableRoleCatalog(@RequestBody RequestParameterVO requestParameterVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (!this.userInRoleService.checkSuperAdmin(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(authoredUser.getSid()))) {
            throw new BusinessException(I18nError.IAM_USER_NOT_SUPER_ADMIN, new Object[]{authoredUser.getUserId()});
        }
        this.roleCatalogService.disableRoleCatalog(Long.valueOf(authoredUser.getTenantSid()), getRoleCatalogSid(requestParameterVO, authoredUser));
        return ResponseEntity.ok(HttpStatus.OK);
    }

    private long getRoleCatalogSid(RequestParameterVO requestParameterVO, AuthoredUser authoredUser) {
        long tenantSid = authoredUser.getTenantSid();
        String id = requestParameterVO.getId();
        long sid = requestParameterVO.getSid();
        if (id == null && sid == 0) {
            throw new OperateException("roleCatalogId or roleCatalogSid is null");
        }
        if (sid == 0 && id != null) {
            sid = getCatalogSid(id, tenantSid);
        }
        return sid;
    }

    @PostMapping({"/catalog"})
    @Transactional(readOnly = true, rollbackFor = {Exception.class})
    public ResponseEntity<?> getRoleCatalog(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return ResponseEntity.ok(this.roleCatalogQueryService.getByTenantSid(authoredUser.getTenantSid()));
    }

    @PostMapping({"/catalog/query"})
    @Transactional(readOnly = true, rollbackFor = {Exception.class})
    public ResponseEntity<?> getRoleByCatalog(@RequestBody RequestParameterVO requestParameterVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return ResponseEntity.ok(this.roleQueryService.getRoleQueryResultVosByCatalogSid(authoredUser.getTenantSid(), getRoleCatalogSid(requestParameterVO, authoredUser)));
    }

    @PostMapping({"/disable"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> disableRole(@RequestBody RequestParameterVO requestParameterVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        this.roleService.disableRole(getRoleSid(requestParameterVO, authoredUser), authoredUser.getTenantSid());
        return ResponseEntity.ok(HttpStatus.OK);
    }

    private long getRoleSid(@RequestBody RequestParameterVO requestParameterVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        long tenantSid = authoredUser.getTenantSid();
        String id = requestParameterVO.getId();
        long sid = requestParameterVO.getSid();
        if (id == null && sid == 0) {
            throw new OperateException("roleId or roleSid is null");
        }
        if (sid == 0 && id != null) {
            sid = getRoleSid(id, tenantSid);
        }
        return sid;
    }

    @PostMapping({"/enable"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> enableRole(@RequestBody RequestParameterVO requestParameterVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        this.roleCrudService.enable(getRoleSid(requestParameterVO, authoredUser), authoredUser.getTenantSid());
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping({"/query/cascade"})
    @Transactional(readOnly = true, rollbackFor = {Exception.class})
    public ResponseEntity<?> getCatalogRoleCascade(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return new ResponseEntity<>(this.roleCatalogQueryService.getRoleCatalogResultVO(authoredUser.getTenantSid()), HttpStatus.OK);
    }

    private long getRoleSid(String str, long j) {
        long j2 = 0;
        if (str != null) {
            if (!StringUtil.checkId(str)) {
                throw new OperateException("roleId填写错误");
            }
            Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(j, str);
            if (findByTenantSidAndId == null) {
                throw new OperateException("没有" + str + "角色分类");
            }
            j2 = findByTenantSidAndId.getSid();
        }
        return j2;
    }

    @PostMapping({"/batch/replace"})
    public StdData<?> batchReplaceRole(@Validated @RequestBody BatchReplaceVO batchReplaceVO) {
        this.roleService.batchReplaceRole(batchReplaceVO, UserUtils.getTenantSid());
        return StdData.ok().build();
    }
}
