package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.commons.core.codec.Base64;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.user.BatchQueryUserInRoleResultVO;
import com.digiwin.dap.middleware.iam.domain.user.BatchQueryUserInRoleVO;
import com.digiwin.dap.middleware.iam.domain.user.RoleInUserInfoVO;
import com.digiwin.dap.middleware.iam.domain.user.UserInOrgVO;
import com.digiwin.dap.middleware.iam.domain.user.UserInRoleInfoVO;
import com.digiwin.dap.middleware.iam.domain.user.UserSimpleVO;
import com.digiwin.dap.middleware.iam.entity.Role;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.repository.UserInTenantRepository;
import com.digiwin.dap.middleware.iam.service.role.RoleCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleQueryService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleService;
import com.digiwin.dap.middleware.iam.service.user.UserQueryService;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.iam.util.StringUtil;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import com.github.pagehelper.PageSerializable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/association"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/AssociationController.class */
public class AssociationController {

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private RoleCrudService roleCrudService;

    @Autowired
    private UserInRoleQueryService userInRoleQueryService;

    @Autowired
    private UserInRoleService userInRoleService;

    @Autowired
    private UserInTenantRepository userInTenantRepository;

    @Autowired
    private UserQueryService userQueryService;

    @Autowired
    private AuthValidateService authValidateService;

    @PostMapping({"/user/updaterole"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updateRoleInUser(@RequestBody RoleInUserInfoVO roleInUserInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(roleInUserInfoVO.getUserId(), "用户Id不能为空！");
        Assert.notNull(roleInUserInfoVO.getRoleIds(), "角色Id列表不能为空！");
        User findById = this.userCrudService.findById(roleInUserInfoVO.getUserId());
        Assert.notNull(findById, String.format(IamConstants.ErrorMessage.NOT_EXISTED_ROLE, roleInUserInfoVO.getUserId()));
        this.userInRoleService.updateUserInRoleByUser(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(findById.getSid()), roleInUserInfoVO.getRoleIds());
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/user/updaterole/action"})
    @Transactional
    public ResponseEntity<?> updateUserRoles(@RequestBody RoleInUserInfoVO roleInUserInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(roleInUserInfoVO.getUserId(), "用户Id不能为空！");
        Assert.notNull(roleInUserInfoVO.getRoleIds(), "角色Id列表不能为空！");
        User findById = this.userCrudService.findById(roleInUserInfoVO.getUserId());
        Assert.notNull(findById, String.format(IamConstants.ErrorMessage.NOT_EXISTED_ROLE, roleInUserInfoVO.getUserId()));
        this.userInRoleService.updateRoleByUserWithAction(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(findById.getSid()), roleInUserInfoVO);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/userinrole"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> getUserInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), userInRoleInfoVO.getRoleId());
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_NOT_EXISTED, new Object[]{userInRoleInfoVO.getRoleId(), authoredUser.getTenantId()});
        }
        return new ResponseEntity<>(this.userInRoleQueryService.queryUsersInRole(findByTenantSidAndId.getTenantSid(), findByTenantSidAndId.getSid(), userInRoleInfoVO.getStatus()), HttpStatus.OK);
    }

    @GetMapping({"/userinrole/list"})
    public ResponseEntity<?> getUserPageInRole(@RequestParam String str, @RequestParam(name = "pageNum", defaultValue = "1") Integer num, @RequestParam(name = "pageSize", defaultValue = "10") Integer num2, @RequestParam(name = "orderBy", defaultValue = "u.id") String str2, @RequestParam(name = "params", required = false) String str3, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(str, IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), str);
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_NOT_EXISTED, new Object[]{str, authoredUser.getTenantId()});
        }
        UserInRoleInfoVO userInRoleInfoVO = new UserInRoleInfoVO();
        if (StringUtils.hasLength(str3)) {
            try {
                userInRoleInfoVO = (UserInRoleInfoVO) JsonUtils.createObjectMapper().readValue(str3, UserInRoleInfoVO.class);
            } catch (IOException e) {
                throw new BusinessException(I18nError.PARAM_ERROR);
            }
        }
        return new ResponseEntity<>(new PageSerializable(this.userInRoleQueryService.queryUserListInRole(findByTenantSidAndId.getSid(), authoredUser.getTenantSid(), userInRoleInfoVO, num, num2, str2)), HttpStatus.OK);
    }

    @PostMapping({"/userinrole/username"})
    public ResponseEntity<?> queryUserByRoleSidUserName(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestBody UserInOrgVO userInOrgVO) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, "当前登陆用户必须携带租户信息！");
        return new ResponseEntity<>(this.userInRoleQueryService.queryUserListInRoleUserName(userInOrgVO.getRoleSid(), authoredUser.getTenantSid(), userInOrgVO.getUserName()), HttpStatus.OK);
    }

    @PostMapping({"/role/removeusers"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> removeUsersInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), userInRoleInfoVO.getRoleId());
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_NOT_EXISTED, new Object[]{userInRoleInfoVO.getRoleId(), authoredUser.getTenantId()});
        }
        ArrayList arrayList = new ArrayList();
        List<String> userIds = userInRoleInfoVO.getUserIds();
        if (!userIds.isEmpty()) {
            userIds.forEach(str -> {
                User findById = this.userCrudService.findById(str);
                if (findById == null) {
                    throw new BusinessException(I18nError.ERROR_21001, new Object[]{str});
                }
                arrayList.add(Long.valueOf(findById.getSid()));
            });
            if ("superadmin".equals(userInRoleInfoVO.getRoleId())) {
                List list = (List) this.userInRoleQueryService.queryUsersInRole(findByTenantSidAndId.getTenantSid(), findByTenantSidAndId.getSid(), userInRoleInfoVO.getStatus()).stream().map((v0) -> {
                    return v0.getSid();
                }).collect(Collectors.toList());
                list.removeAll(arrayList);
                if (list.isEmpty()) {
                    throw new BusinessException(I18nError.USER_ROLE_DELETE_ALL_ERROR, new Object[]{"superadmin"});
                }
            }
            this.userInRoleService.deleteUsersInRole(Long.valueOf(findByTenantSidAndId.getSid()), arrayList, findByTenantSidAndId.getTenantSid());
        }
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/role/addusers"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> addUsersInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), userInRoleInfoVO.getRoleId());
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_NOT_EXISTED, new Object[]{userInRoleInfoVO.getRoleId(), authoredUser.getTenantId()});
        }
        if ("superadmin".equals(userInRoleInfoVO.getRoleId()) && !((List) this.userInRoleQueryService.queryUsersInRole(findByTenantSidAndId.getTenantSid(), findByTenantSidAndId.getSid(), userInRoleInfoVO.getStatus()).stream().map((v0) -> {
            return v0.getSid();
        }).collect(Collectors.toList())).contains(Long.valueOf(authoredUser.getSid()))) {
            throw new BusinessException(I18nError.USER_ROLE_NOT_SUPERADMIN_ADD_ERROR, new Object[]{authoredUser.getUserId(), "superadmin", "superadmin"});
        }
        ArrayList arrayList = new ArrayList();
        List<String> userIds = userInRoleInfoVO.getUserIds();
        if (userIds.isEmpty()) {
            throw new BusinessException(String.format(IamConstants.ErrorMessage.NOT_EXISTED_USER, userIds));
        }
        userIds.forEach(str -> {
            User findById = this.userCrudService.findById(str);
            if (findById == null) {
                throw new BusinessException(String.format(IamConstants.ErrorMessage.NOT_EXISTED_USER, str));
            }
            if (!this.userInTenantRepository.existsByTenantSidAndUserSid(authoredUser.getTenantSid(), findById.getSid())) {
                throw new BusinessException(I18nError.IAM_USER_PERMISSION_COMMON_ERROR, new Object[]{UserUtils.getUserName(), UserUtils.getUserId(), AppAuthContextHolder.getContext().getClientIP(), Base64.encode(JsonUtils.writeValue(userInRoleInfoVO))});
            }
            if (this.userInRoleQueryService.queryUserInRoleByUserAndRole(authoredUser.getTenantSid(), findById.getSid(), findByTenantSidAndId.getId()) == null) {
                arrayList.add(Long.valueOf(findById.getSid()));
            }
        });
        this.userInRoleService.addUsersInRole(Long.valueOf(findByTenantSidAndId.getSid()), arrayList, findByTenantSidAndId.getTenantSid());
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/usernotinrole"})
    public ResponseEntity<?> getUserNotInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), userInRoleInfoVO.getRoleId());
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_ROLE_NOT_EXISTED, new Object[]{userInRoleInfoVO.getRoleId()});
        }
        Assert.notNull(findByTenantSidAndId, String.format(IamConstants.ErrorMessage.NOT_EXISTED_ROLE, userInRoleInfoVO.getRoleId()));
        return new ResponseEntity<>(this.userInRoleQueryService.queryUserNotInRole(authoredUser.getTenantSid(), findByTenantSidAndId.getSid(), userInRoleInfoVO.getStatus()), HttpStatus.OK);
    }

    @PostMapping({"/usernotinrole/list"})
    public ResponseEntity<?> getUserNotInRolePage(@RequestBody UserInRoleInfoVO userInRoleInfoVO) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(UserUtils.getTenantSid(), userInRoleInfoVO.getRoleId());
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_ROLE_NOT_EXISTED, new Object[]{userInRoleInfoVO.getRoleId()});
        }
        Assert.notNull(findByTenantSidAndId, String.format(IamConstants.ErrorMessage.NOT_EXISTED_ROLE, userInRoleInfoVO.getRoleId()));
        return new ResponseEntity<>(this.userInRoleQueryService.queryUserNotInRolePage(UserUtils.getTenantSid(), findByTenantSidAndId.getSid(), userInRoleInfoVO), HttpStatus.OK);
    }

    @PostMapping({"/role/updateuser"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updateUserInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Assert.notNull(userInRoleInfoVO.getUserIds(), "用户Id列表不能为空！");
        if (!StringUtil.checkUserId(userInRoleInfoVO.getRoleId())) {
            throw new IllegalArgumentException("角色Id不规范！");
        }
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), userInRoleInfoVO.getRoleId());
        if (findByTenantSidAndId == null) {
            throw new BusinessException(I18nError.ASSOCIATION_ROLE_NOT_EXISTED, new Object[]{userInRoleInfoVO.getRoleId()});
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = userInRoleInfoVO.getUserIds().iterator();
        while (it.hasNext()) {
            User findById = this.userCrudService.findById(it.next());
            if (findById != null) {
                arrayList.add(findById);
            }
        }
        this.userInRoleService.updateUserInRole(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(findByTenantSidAndId.getSid()), arrayList);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/user/removerole"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> removeRoleInUser(@RequestBody RoleInUserInfoVO roleInUserInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(roleInUserInfoVO.getUserId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        User findById = this.userCrudService.findById(roleInUserInfoVO.getUserId());
        if (findById == null) {
            throw new BusinessException(I18nError.ERROR_21001, new Object[]{roleInUserInfoVO.getUserId()});
        }
        this.userInRoleService.deleteRoleInUser(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(findById.getSid()));
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"role/removeuser"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> removeUserInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(authoredUser.getTenantSid(), userInRoleInfoVO.getRoleId());
        Assert.notNull(findByTenantSidAndId, String.format(IamConstants.ErrorMessage.NOT_EXISTED_ROLE, userInRoleInfoVO.getRoleId()));
        this.userInRoleService.deleteUserInRole(Long.valueOf(findByTenantSidAndId.getSid()), Long.valueOf(authoredUser.getTenantSid()), authoredSys.getId());
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/userinrole/simple"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> getUserSimpleInfoInRole(@RequestBody UserInRoleInfoVO userInRoleInfoVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(userInRoleInfoVO.getRoleId(), IamConstants.ErrorMessage.NOT_EMPTY_ROLE);
        if (userInRoleInfoVO.getTenantIds().isEmpty()) {
            Assert.notNull(authoredUser.getTenantId(), IamConstants.ErrorMessage.NO_TENANT_FOR_LOGIN_USER);
            userInRoleInfoVO.getTenantIds().add(authoredUser.getTenantId());
        } else if ((userInRoleInfoVO.getTenantIds().size() > 1 || !userInRoleInfoVO.getTenantIds().contains(authoredUser.getTenantId())) && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/association/userinrole/simple", UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        }
        return new ResponseEntity<>(this.userQueryService.queryUserInfosInRole(userInRoleInfoVO), HttpStatus.OK);
    }

    @PostMapping({"/userinrole/list/simple"})
    public StdData<?> batchGetUserSimpleInfoInRole(@Valid @RequestBody BatchQueryUserInRoleVO batchQueryUserInRoleVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok((List) ((Map) ((List) Optional.ofNullable(this.userInRoleQueryService.batchQueryUserInRole(authoredUser.getTenantSid(), batchQueryUserInRoleVO.getRoleSids())).orElse(Collections.emptyList())).stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getSid();
        }))).entrySet().stream().map(entry -> {
            BatchQueryUserInRoleResultVO batchQueryUserInRoleResultVO = new BatchQueryUserInRoleResultVO();
            batchQueryUserInRoleResultVO.setRoleSid(((Long) entry.getKey()).longValue());
            batchQueryUserInRoleResultVO.setUsers((List) ((List) entry.getValue()).stream().map(queryRoleResultVO -> {
                UserSimpleVO userSimpleVO = new UserSimpleVO();
                userSimpleVO.setSid(queryRoleResultVO.getUserSid().longValue());
                userSimpleVO.setId(queryRoleResultVO.getUserId());
                userSimpleVO.setName(queryRoleResultVO.getUserName());
                userSimpleVO.setStatus(queryRoleResultVO.getUserStatus());
                return userSimpleVO;
            }).collect(Collectors.toList()));
            return batchQueryUserInRoleResultVO;
        }).collect(Collectors.toList()));
    }
}
