package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.cache.lock.CacheLock;
import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.commons.core.codec.Base64;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.domain.app.SysCascade;
import com.digiwin.dap.middleware.iam.domain.dataplus.ActionPlusPermission;
import com.digiwin.dap.middleware.iam.domain.policy.BatchSaveTargetPolicyRequestVO;
import com.digiwin.dap.middleware.iam.domain.policy.CopyPermissionVO;
import com.digiwin.dap.middleware.iam.domain.policy.v2.TargetPolicy;
import com.digiwin.dap.middleware.iam.domain.request.QueryTargetActionRequest;
import com.digiwin.dap.middleware.iam.domain.request.QueryTargetConditionRequest;
import com.digiwin.dap.middleware.iam.mapper.DataPlusOperationUnitMapper;
import com.digiwin.dap.middleware.iam.service.datapolicy.CopyDataPolicyService;
import com.digiwin.dap.middleware.iam.service.policy.PolicyCopyService;
import com.digiwin.dap.middleware.iam.service.policy.PolicyHandleService;
import com.digiwin.dap.middleware.iam.service.sys.SysQueryService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.remote.UrlConstants;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import io.github.resilience4j.ratelimiter.annotation.RateLimiter;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.validation.Valid;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/policy"})
@Validated
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/PolicyController.class */
public class PolicyController {

    @Autowired
    private PolicyCopyService policyCopyService;

    @Autowired
    private PolicyHandleService policyHandleService;

    @Autowired
    private CopyDataPolicyService copyDataPolicyService;

    @Autowired
    private AuthValidateService authValidateService;

    @Autowired
    private SysQueryService sysQueryService;

    @Autowired
    private DataPlusOperationUnitMapper dataPlusOperationUnitMapper;

    @RateLimiter(name = "/api/iam/v2/policy/action")
    @GetMapping({"/action"})
    public ResponseEntity<?> getPolicyAction(@RequestParam @NotBlank String str, @RequestParam @NotNull Long l, @RequestParam @NotNull Long l2, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return ResponseEntity.ok(this.policyHandleService.getPolicyActionAndModule(authoredUser.getTenantSid(), l2.longValue(), l.longValue(), str));
    }

    @GetMapping({"/action/excluded"})
    public ResponseEntity<?> getPolicyActionExcluded(@RequestParam @NotBlank String str, @RequestParam @NotNull Long l, @RequestParam @NotNull Long l2) {
        return ResponseEntity.ok(this.policyHandleService.getPolicyActionExcluded(Long.valueOf(UserUtils.getTenantSid()), l2, l, str));
    }

    @PostMapping({"/action/actual"})
    public StdData<?> getAction(@Valid @RequestBody TargetPolicy targetPolicy, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (targetPolicy.getTenantSid() == null) {
            targetPolicy.setTenantSid(Long.valueOf(authoredUser.getTenantSid()));
        }
        if (authoredUser.getTenantSid() == targetPolicy.getTenantSid().longValue() || this.authValidateService.checkAccessPermission(TargetType.Tenant.name(), "POST", UrlConstants.IAM_POLICY_ACTION_ACTUAL, authoredUser.getTenantId()).booleanValue() || this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", UrlConstants.IAM_POLICY_ACTION_ACTUAL, UserUtils.getSysId()).booleanValue()) {
            return StdData.ok(this.policyHandleService.getPolicyActionActual(targetPolicy.getTenantSid().longValue(), targetPolicy.getSysSid().longValue(), targetPolicy.getTargetSid().longValue(), targetPolicy.getType()));
        }
        throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
    }

    @GetMapping({"/query/condition"})
    public StdData<?> getCondition(QueryTargetConditionRequest queryTargetConditionRequest, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        TargetPolicy condition = queryTargetConditionRequest.toCondition();
        condition.setTenantSid(Long.valueOf(authoredUser.getTenantSid()));
        return StdData.ok(this.policyHandleService.queryConditionValueActual(condition));
    }

    @PostMapping({"/query/action"})
    public StdData<?> queryActionTree(@Valid @RequestBody QueryTargetActionRequest queryTargetActionRequest, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser) {
        SysCascade sysCascade = this.sysQueryService.getSysCascade(iamAuthoredUser.getTenantSid(), queryTargetActionRequest.getSysSid().longValue(), this.policyHandleService.getPolicyAllowActionActual(iamAuthoredUser.getTenantSid(), queryTargetActionRequest.getSysSid().longValue(), queryTargetActionRequest.getTargetSid().longValue(), queryTargetActionRequest.getType()));
        Map map = (Map) this.dataPlusOperationUnitMapper.findByResourceId(iamAuthoredUser.getTenantSid(), queryTargetActionRequest.getSysSid().longValue(), queryTargetActionRequest.getType(), queryTargetActionRequest.getTargetSid().longValue()).stream().collect(Collectors.toMap((v0) -> {
            return v0.getActionSid();
        }, actionPlusPermission -> {
            return actionPlusPermission;
        }, (actionPlusPermission2, actionPlusPermission3) -> {
            return actionPlusPermission2;
        }));
        sysCascade.getModules().forEach(moduleQueryResultVO -> {
            moduleQueryResultVO.getActions().forEach(actionQueryResultVO -> {
                if (actionQueryResultVO.getPath() != null) {
                    actionQueryResultVO.setPaths(Arrays.asList(actionQueryResultVO.getPath().split(",")));
                }
                ActionPlusPermission actionPlusPermission4 = (ActionPlusPermission) map.get(actionQueryResultVO.getSid());
                if (actionPlusPermission4 != null) {
                    actionQueryResultVO.setResourceId(actionPlusPermission4.getResourceId());
                    actionQueryResultVO.setResourceType(actionPlusPermission4.getResourceType());
                }
            });
        });
        return StdData.ok(sysCascade);
    }

    @DeleteMapping(value = {"/data"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> deletePolicy(@RequestParam @NotBlank String str, @RequestParam @NotNull Long l, @RequestParam @NotNull Long l2, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        this.policyHandleService.delete(authoredUser.getTenantSid(), l2.longValue(), l.longValue(), str);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping(value = {"/action"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> addActionPolicy(@Valid @RequestBody TargetPolicy targetPolicy, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (targetPolicy.getTenantSid() == null) {
            targetPolicy.setTenantSid(Long.valueOf(authoredUser.getTenantSid()));
        }
        if (authoredUser.getTenantSid() != targetPolicy.getTenantSid().longValue() && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/policy/action", UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        }
        this.policyHandleService.update(targetPolicy.getTenantSid().longValue(), targetPolicy);
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping(value = {"/action/batch"}, produces = {"application/json; charset=utf-8"})
    public StdData<?> addActionPolicy(@Valid @RequestBody BatchSaveTargetPolicyRequestVO batchSaveTargetPolicyRequestVO) {
        if (batchSaveTargetPolicyRequestVO.getTenantSid() == null) {
            batchSaveTargetPolicyRequestVO.setTenantSid(Long.valueOf(UserUtils.getTenantSid()));
        }
        if (UserUtils.getTenantSid() != batchSaveTargetPolicyRequestVO.getTenantSid().longValue() && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/policy/action/batch", UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_USER_PERMISSION_COMMON_ERROR, new Object[]{UserUtils.getUserName(), UserUtils.getUserId(), AppAuthContextHolder.getContext().getClientIP(), Base64.encode(JsonUtils.writeValue(batchSaveTargetPolicyRequestVO))});
        }
        this.policyHandleService.batchUpdate(batchSaveTargetPolicyRequestVO);
        return StdData.ok().build();
    }

    private void checkSubAdminOverreach(BatchSaveTargetPolicyRequestVO batchSaveTargetPolicyRequestVO) {
        List<Long> policyActionAndModule = this.policyHandleService.getPolicyActionAndModule(UserUtils.getTenantSid(), batchSaveTargetPolicyRequestVO.getSysSid().longValue(), UserUtils.getUserSid(), "user");
        List<Long> policyActionAndModule2 = this.policyHandleService.getPolicyActionAndModule(batchSaveTargetPolicyRequestVO.getTenantSid().longValue(), batchSaveTargetPolicyRequestVO.getSysSid().longValue(), batchSaveTargetPolicyRequestVO.getTargetSid().longValue(), batchSaveTargetPolicyRequestVO.getType());
        Set set = (Set) batchSaveTargetPolicyRequestVO.getTargets().stream().map((v0) -> {
            return v0.getActionSid();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
        HashSet hashSet = new HashSet(set);
        hashSet.getClass();
        policyActionAndModule2.forEach((v1) -> {
            r1.remove(v1);
        });
        hashSet.addAll((Collection) policyActionAndModule2.stream().filter(l -> {
            return !set.contains(l);
        }).collect(Collectors.toList()));
        if (hashSet.stream().anyMatch(l2 -> {
            return !policyActionAndModule.contains(l2);
        })) {
            throw new BusinessException(I18nError.IAM_PERMISSION_OVEREACH);
        }
    }

    @CacheLock
    @PostMapping(value = {"/action/condition"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> savePolicyActionCondition(@Valid @RequestBody TargetPolicy targetPolicy, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (targetPolicy.getTenantSid() == null) {
            targetPolicy.setTenantSid(Long.valueOf(authoredUser.getTenantSid()));
        }
        if (authoredUser.getTenantSid() != targetPolicy.getTenantSid().longValue() && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/policy/action/condition", UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        }
        if (targetPolicy.getConditionValue() != null && !targetPolicy.getConditionValue().isEmpty()) {
            this.policyHandleService.saveConditionValue(this.policyHandleService.savePolicy(targetPolicy.getTenantSid().longValue(), targetPolicy.getSysSid().longValue(), targetPolicy.getTargetSid().longValue(), targetPolicy.getType()).getSid(), targetPolicy);
        }
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping(value = {"/query/action/condition"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getPolicyActionCondition(@Valid @RequestBody TargetPolicy targetPolicy, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.notNull(targetPolicy.getActionSid(), "参数错误: actionSid不能为空");
        if (targetPolicy.getTenantSid() == null) {
            targetPolicy.setTenantSid(Long.valueOf(authoredUser.getTenantSid()));
        }
        if (authoredUser.getTenantSid() != targetPolicy.getTenantSid().longValue() && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", UrlConstants.IAM_POLICY_QUERY_ACTION_CONDITION, UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        }
        this.policyHandleService.queryConditionValue(targetPolicy);
        return ResponseEntity.ok(targetPolicy);
    }

    @PostMapping(value = {"/copy"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> copyPolicy(@RequestBody CopyPermissionVO copyPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        long tenantSid = authoredUser.getTenantSid();
        if (copyPermissionVO.getType().isEmpty()) {
            throw new BusinessException(I18nError.POLICY_COPY_TYPE_EMPTY);
        }
        if (copyPermissionVO.getType().contains("data")) {
            this.copyDataPolicyService.copyDataPolicy(copyPermissionVO, tenantSid);
        }
        if (copyPermissionVO.getType().contains("functional")) {
            this.policyCopyService.copyPolicy(tenantSid, copyPermissionVO);
        }
        return ResponseEntity.ok(HttpStatus.OK);
    }
}
