package com.digiwin.dap.middleware.iam.service.permission.impl;

import com.digiwin.dap.middleware.iam.domain.permission.v2.StatementInfo;
import com.digiwin.dap.middleware.iam.domain.permission.v2.TargetType;
import com.digiwin.dap.middleware.iam.domain.policy.v2.TargetAction;
import com.digiwin.dap.middleware.iam.domain.policy.v2.TargetCondition;
import com.digiwin.dap.middleware.iam.mapper.AuthUserMapper;
import com.digiwin.dap.middleware.iam.service.app.ActionCrudService;
import com.digiwin.dap.middleware.iam.service.app.ModuleCrudService;
import com.digiwin.dap.middleware.iam.service.permission.AuthCalcService;
import com.digiwin.dap.middleware.iam.service.permission.AuthUserService;
import com.digiwin.dap.middleware.iam.service.policy.PolicyCrudService;
import com.digiwin.dap.middleware.iam.service.sys.SysCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/service/permission/impl/AuthUserServiceImpl.class */
public class AuthUserServiceImpl implements AuthUserService {
    private static final String POLICY_SYS = "DigiwinCloud";
    private static final String POLICY_MODULE = "djc-cloud-management";
    private static final String POLICY_ACTION = "djc-mang-user";
    private static final String POLICY_CONDITION = "action_approveRecord";
    private static final String ALLOW = "allow";

    @Autowired
    private AuthUserMapper authUserMapper;

    @Autowired
    private AuthCalcService authCalcService;

    @Autowired
    private SysCrudService sysCrudService;

    @Autowired
    private ModuleCrudService moduleCrudService;

    @Autowired
    private ActionCrudService actionCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private PolicyCrudService policyCrudService;

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthUserService
    public List<String> getUsersEmail(String str) {
        long sidById = this.tenantCrudService.getSidById(str);
        long sidById2 = this.sysCrudService.getSidById("DigiwinCloud");
        long sidByUnionKey = this.actionCrudService.getSidByUnionKey("djc-mang-user", Long.valueOf(this.moduleCrudService.getSidByUnionKey("djc-cloud-management", Long.valueOf(sidById2))), 0);
        List<Long> arrayList = new ArrayList<>();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        List<TargetAction> list = (List) StatementInfo.getPolicyStatement(this.policyCrudService.findPolicy(sidById, sidById2)).stream().filter(targetAction -> {
            return targetAction.getActionSid() == sidByUnionKey;
        }).collect(Collectors.toList());
        this.authCalcService.bindPolicyActionCondition(sidById2, list);
        list.forEach(targetAction2 -> {
            String targetType = targetAction2.getTargetType();
            boolean z = -1;
            switch (targetType.hashCode()) {
                case 110308:
                    if (targetType.equals("org")) {
                        z = 2;
                        break;
                    }
                    break;
                case 3506294:
                    if (targetType.equals("role")) {
                        z = true;
                        break;
                    }
                    break;
                case 3599307:
                    if (targetType.equals("user")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (!"allow".equals(targetAction2.getEffect())) {
                        arrayList4.add(Long.valueOf(targetAction2.getTargetSid()));
                        return;
                    } else if (notAllow(targetAction2.getConditions())) {
                        arrayList4.add(Long.valueOf(targetAction2.getTargetSid()));
                        return;
                    } else {
                        arrayList.add(Long.valueOf(targetAction2.getTargetSid()));
                        return;
                    }
                case true:
                    if ("allow".equals(targetAction2.getEffect())) {
                        if (notAllow(targetAction2.getConditions())) {
                            arrayList5.add(Long.valueOf(targetAction2.getTargetSid()));
                            return;
                        } else {
                            arrayList2.add(Long.valueOf(targetAction2.getTargetSid()));
                            return;
                        }
                    }
                    return;
                case true:
                    if ("allow".equals(targetAction2.getEffect())) {
                        if (notAllow(targetAction2.getConditions())) {
                            arrayList6.add(Long.valueOf(targetAction2.getTargetSid()));
                            return;
                        } else {
                            arrayList3.add(Long.valueOf(targetAction2.getTargetSid()));
                            return;
                        }
                    }
                    return;
                default:
                    return;
            }
        });
        ArrayList arrayList7 = new ArrayList();
        if (!arrayList5.isEmpty()) {
            arrayList7.addAll(this.authUserMapper.findUserSidsByRoleSids(sidById, arrayList5));
        }
        if (!arrayList6.isEmpty()) {
            arrayList7.addAll(this.authUserMapper.findUserSidsByOrgSids(arrayList6));
        }
        List<Long> findUserSidsByRoleSids = this.authUserMapper.findUserSidsByRoleSids(sidById, Collections.singletonList(this.authUserMapper.findSuperadmin(sidById)));
        arrayList4.removeAll(findUserSidsByRoleSids);
        arrayList7.removeAll(arrayList4);
        arrayList7.forEach(l -> {
            if (this.authCalcService.getTargetAction(sidById, sidById2, l.longValue(), TargetType.user).entrySet().stream().anyMatch(entry -> {
                return sidByUnionKey == ((Long) entry.getKey()).longValue() && notAllow(((TargetAction) entry.getValue()).getConditions());
            })) {
                arrayList4.add(l);
            }
        });
        arrayList.addAll(findUserSidsByRoleSids);
        if (!arrayList2.isEmpty()) {
            arrayList.addAll(this.authUserMapper.findUserSidsByRoleSids(sidById, arrayList2));
        }
        if (!arrayList3.isEmpty()) {
            arrayList.addAll(this.authUserMapper.findUserSidsByOrgSids(arrayList3));
        }
        arrayList.removeAll(arrayList4);
        return arrayList.isEmpty() ? Collections.emptyList() : (List) this.authUserMapper.findUsersEmail(arrayList).stream().filter(str2 -> {
            return str2.contains("@");
        }).collect(Collectors.toList());
    }

    private boolean notAllow(List<TargetCondition> list) {
        return list.stream().anyMatch(targetCondition -> {
            return POLICY_CONDITION.equals(targetCondition.getKey()) && !targetCondition.getValue().contains("allow");
        });
    }
}
