package com.digiwin.dap.middleware.iam.support.aspect;

import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.datapolicy.ActionIdEnum;
import com.digiwin.dap.middleware.iam.domain.datapolicy.DataTargetVO;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.mapper.AuthMapper;
import com.digiwin.dap.middleware.iam.repository.DevSysRepository;
import com.digiwin.dap.middleware.iam.service.app.ActionCrudService;
import com.digiwin.dap.middleware.iam.service.app.ModuleCrudService;
import com.digiwin.dap.middleware.iam.service.permission.AuthService;
import com.digiwin.dap.middleware.util.UserUtils;
import com.github.pagehelper.util.ExecutorUtil;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.stream.Collectors;
import net.bytebuddy.implementation.auxiliary.TypeProxy;
import org.apache.ibatis.cache.CacheKey;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Plugin;
import org.apache.ibatis.plugin.Signature;
import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;

@Intercepts({@Signature(type = Executor.class, method = "query", args = {MappedStatement.class, TypeProxy.SilentConstruction.Appender.JAVA_LANG_OBJECT_DESCRIPTOR, RowBounds.class, ResultHandler.class}), @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, TypeProxy.SilentConstruction.Appender.JAVA_LANG_OBJECT_DESCRIPTOR, RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class})})
/* loaded from: input_file:WEB-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/support/aspect/DataPolicyInterceptor.class */
public class DataPolicyInterceptor implements Interceptor {
    public static final String DATA_POLICY_QUERY = "DevSysMapper.findDevSysList";
    private Logger LOGGER = LoggerFactory.getLogger((Class<?>) DataPolicyInterceptor.class);
    private static final int PARAM_COUNT = 4;

    @Autowired
    @Lazy
    private AuthService authService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private DevSysRepository devSysRepository;

    @Autowired
    @Lazy
    private AuthMapper authMapper;

    @Autowired
    private ModuleCrudService moduleCrudService;

    @Autowired
    private ActionCrudService actionCrudService;

    @Override // org.apache.ibatis.plugin.Interceptor
    public Object intercept(Invocation invocation) throws Throwable {
        CacheKey cacheKey;
        BoundSql boundSql;
        Object[] args = invocation.getArgs();
        MappedStatement mappedStatement = (MappedStatement) args[0];
        Object obj = args[1];
        RowBounds rowBounds = (RowBounds) args[2];
        ResultHandler resultHandler = (ResultHandler) args[3];
        Executor executor = (Executor) invocation.getTarget();
        if (args.length == 4) {
            boundSql = mappedStatement.getBoundSql(obj);
            cacheKey = executor.createCacheKey(mappedStatement, obj, rowBounds, boundSql);
        } else {
            cacheKey = (CacheKey) args[4];
            boundSql = (BoundSql) args[5];
        }
        String sql = boundSql.getSql();
        if (!this.envProperties.getInvalidateDevCurrentDataPolicy().booleanValue() && mappedStatement.getId().endsWith(DATA_POLICY_QUERY)) {
            sql = getSql(sql);
        }
        BoundSql boundSql2 = new BoundSql(mappedStatement.getConfiguration(), sql, boundSql.getParameterMappings(), obj);
        Map<String, Object> additionalParameter = ExecutorUtil.getAdditionalParameter(boundSql);
        for (String str : additionalParameter.keySet()) {
            boundSql2.setAdditionalParameter(str, additionalParameter.get(str));
        }
        return executor.query(mappedStatement, obj, rowBounds, resultHandler, cacheKey, boundSql2);
    }

    @Override // org.apache.ibatis.plugin.Interceptor
    public Object plugin(Object obj) {
        return Plugin.wrap(obj, this);
    }

    @Override // org.apache.ibatis.plugin.Interceptor
    public void setProperties(Properties properties) {
    }

    private String getSql(String str) {
        if (this.envProperties.getManagerTenant().equals(UserUtils.getTenantId())) {
            return str;
        }
        try {
            List<Map> dataPermissionRow = this.authService.getDataPermissionRow(getDataTargetVO());
            List<String> list = (List) this.devSysRepository.findDevSysByTenantSidAndEnableAuth(UserUtils.getTenantSid(), false).stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList());
            dataPermissionRow.forEach(map -> {
                if (list.contains(String.valueOf(map.get("id")))) {
                    return;
                }
                list.add(String.valueOf(map.get("id")));
            });
            return !list.isEmpty() ? String.format("%s and ds.id in %s", str, getSql(list)) : String.format("%s and ds.sid=0", str);
        } catch (Exception e) {
            this.LOGGER.error("数据权限过滤失败", (Throwable) e);
            return String.format("%s and ds.sid=0", str);
        }
    }

    private DataTargetVO getDataTargetVO() {
        DataTargetVO dataTargetVO = new DataTargetVO();
        dataTargetVO.setSysId("dap");
        dataTargetVO.setModuleId("dap-workbench");
        dataTargetVO.setActionId(ActionIdEnum.DEV_APPLICATION_MANAGEMENT.getId());
        dataTargetVO.setTenantId(UserUtils.getTenantId());
        dataTargetVO.setTenantSid(UserUtils.getTenantSid());
        dataTargetVO.setUserId(UserUtils.getUserId());
        dataTargetVO.setUserSid(UserUtils.getUserSid());
        Sys findSysByTenantSidAndSysId = this.authMapper.findSysByTenantSidAndSysId(UserUtils.getTenantSid(), dataTargetVO.getSysId());
        if (findSysByTenantSidAndSysId == null) {
            throw new BusinessException(I18nError.PERMISSION_SYS_NO_TENANT, new Object[]{dataTargetVO.getSysId(), UserUtils.getTenantId()});
        }
        dataTargetVO.setSysSid(findSysByTenantSidAndSysId.getSid());
        long sidByUnionKey = this.moduleCrudService.getSidByUnionKey(dataTargetVO.getModuleId(), Long.valueOf(dataTargetVO.getSysSid()));
        if (sidByUnionKey == 0) {
            throw new BusinessException(I18nError.PERMISSION_MODULE_NO_SYS, new Object[]{dataTargetVO.getModuleId(), dataTargetVO.getSysId()});
        }
        dataTargetVO.setModuleSid(sidByUnionKey);
        long j = 0;
        if (dataTargetVO.getSelf()) {
            j = dataTargetVO.getTenantSid();
        }
        long sidByUnionKey2 = this.actionCrudService.getSidByUnionKey(dataTargetVO.getActionId(), Long.valueOf(sidByUnionKey), Long.valueOf(j));
        if (sidByUnionKey2 == 0) {
            throw new BusinessException(I18nError.PERMISSION_ACTION_NO_MODULE, new Object[]{dataTargetVO.getActionId(), dataTargetVO.getModuleId()});
        }
        dataTargetVO.setActionSid(sidByUnionKey2);
        return dataTargetVO;
    }

    private String getSql(List<String> list) {
        StringBuilder sb = new StringBuilder("(");
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append("'").append(it.next()).append("',");
        }
        return new StringBuilder(sb.substring(0, sb.length() - 1) + ")").toString();
    }
}
