package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.cache.lock.CacheLock;
import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.enums.TenantEnterpriseTypeEnum;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyTargetAction;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyTargetVO;
import com.digiwin.dap.middleware.iam.entity.Policy;
import com.digiwin.dap.middleware.iam.entity.Role;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.service.policy.PolicyHandleOldService;
import com.digiwin.dap.middleware.iam.service.role.RoleCrudService;
import com.digiwin.dap.middleware.iam.service.sys.SysCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.util.UserUtils;
import java.util.Objects;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/policy"})
@Validated
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/PolicyOldController.class */
public class PolicyOldController {

    @Autowired
    private SysCrudService sysCrudService;

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private RoleCrudService roleCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private PolicyHandleOldService policyHandleOldService;

    @Autowired
    private AuthValidateService authValidateService;

    @PostMapping(value = {""}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getPolicyBySid(@RequestBody Policy policy) {
        PolicyTargetVO policyBySid = this.policyHandleOldService.getPolicyBySid(policy.getSid());
        if (UserUtils.getTenantSid() == policyBySid.getTenantSid().longValue() || this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/policy", UserUtils.getSysId()).booleanValue() || this.authValidateService.checkAccessPermission(TargetType.TenantSys.name(), "POST", "/api/iam/v2/policy", String.format("%s-%s", UserUtils.getTenantId(), UserUtils.getSysId())).booleanValue()) {
            return ResponseEntity.ok(policyBySid);
        }
        throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
    }

    @CacheLock
    @PostMapping(value = {"/update"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updatePolicy(@Valid @RequestBody PolicyTargetVO policyTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        if (!com.digiwin.dap.middleware.iam.domain.permission.v2.TargetType.user.name().equals(policyTargetVO.getAttachment().getType()) && !com.digiwin.dap.middleware.iam.domain.permission.v2.TargetType.role.name().equals(policyTargetVO.getAttachment().getType())) {
            throw new BusinessException(I18nError.POLICY_TYPE_ERROR);
        }
        this.policyHandleOldService.updatePolicyTarget(authoredUser.getTenantSid(), authoredSys.getSid(), authoredSys.getId(), policyTargetVO);
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping(value = {"/batch/add"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> batchUpdatePolicy(@RequestBody PolicyTargetVO policyTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        long sid;
        if (StringUtils.isEmpty(policyTargetVO.getTenantId())) {
            Assert.hasText(authoredUser.getTenantId(), "当前登录租户不能为空");
            Tenant findById = this.tenantCrudService.findById(authoredUser.getTenantId());
            if (findById == null) {
                throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{authoredUser.getTenantId()});
            }
            sid = findById.getSid();
        } else {
            sid = check(authoredUser.getTenantId(), policyTargetVO.getTenantId()).getSid();
        }
        Sys findById2 = !StringUtils.isEmpty(policyTargetVO.getAppId()) ? this.sysCrudService.findById(policyTargetVO.getAppId()) : new Sys(authoredSys);
        if (findById2 == null || StringUtils.isEmpty(findById2.getId())) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED);
        }
        this.policyHandleOldService.updatePolicyTargetBatch(sid, findById2.getSid(), findById2.getId(), policyTargetVO);
        return ResponseEntity.ok(HttpStatus.OK);
    }

    private Tenant check(String str, String str2) {
        Assert.hasText(str2, "租户id不能为空");
        Assert.hasText(str, "当前登录租户不能为空");
        Tenant findById = this.tenantCrudService.findById(str);
        if (findById == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{str});
        }
        if (!Objects.equals(TenantEnterpriseTypeEnum.INDIVIDUAL_TENANT.getValue(), findById.getEnterpriseType()) && !StringUtils.hasLength(findById.getCustomerId())) {
            throw new BusinessException(I18nError.CUSTOMER_CODE_OF_TENANT_NOT_EMPTY, new Object[]{str});
        }
        Tenant findById2 = this.tenantCrudService.findById(str2);
        if (findById2 == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{str2});
        }
        if (Objects.equals(TenantEnterpriseTypeEnum.INDIVIDUAL_TENANT.getValue(), findById.getEnterpriseType()) || findById.getCustomerId().equals(findById2.getCustomerId())) {
            return findById2;
        }
        throw new BusinessException(I18nError.CUSTOMER_CODE_OF_TENANT_NOT_SAME, new Object[]{findById2.getId(), findById2.getCustomerId(), findById.getId(), findById.getCustomerId()});
    }

    @PostMapping(value = {"/query/action/user"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getUserByAction(@RequestBody PolicyTargetAction policyTargetAction, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        return ResponseEntity.ok(this.policyHandleOldService.getUsersByAction(authoredUser.getTenantSid(), authoredSys.getSid(), policyTargetAction));
    }

    @PostMapping(value = {"/query/action/role"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getRoleByAction(@RequestBody PolicyTargetAction policyTargetAction, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        return ResponseEntity.ok(this.policyHandleOldService.getRolesByAction(authoredUser.getTenantSid(), authoredSys.getSid(), policyTargetAction));
    }

    @PostMapping(value = {"/attach/user/app"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getPolicyUserApp(@RequestBody User user, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        if (user.getSid() == 0) {
            User findById = this.userCrudService.findById(user.getId());
            Assert.notNull(findById, "用户[" + user.getId() + "]不存在");
            user.setSid(findById.getSid());
        }
        Assert.notNull(authoredSys.getId(), "应用id不能为空");
        return ResponseEntity.ok(this.policyHandleOldService.getPolicyByUserId(authoredUser.getTenantSid(), authoredSys.getSid(), user.getSid()).getTargets());
    }

    @PostMapping(value = {"/attach/role/app"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getPolicyRoleApp(@RequestBody Role role, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        if (role.getSid() == 0) {
            long sidByTenantAndId = this.roleCrudService.getSidByTenantAndId(authoredUser.getTenantSid(), role.getId());
            Assert.isTrue(sidByTenantAndId > 0, "角色[" + role.getId() + "]不存在");
            role.setSid(sidByTenantAndId);
        }
        Assert.notNull(authoredSys.getId(), "应用id不能为空");
        return ResponseEntity.ok(this.policyHandleOldService.getPolicyByRoleId(authoredUser.getTenantSid(), authoredSys.getSid(), role.getSid()).getTargets());
    }
}
