package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.RedisConstants;
import com.digiwin.dap.middleware.iam.domain.datapolicy.DataTargetVO;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.domain.permission.AllPermissionQueryVO;
import com.digiwin.dap.middleware.iam.domain.permission.CalcUser;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionLastModified;
import com.digiwin.dap.middleware.iam.domain.permission.UserDataPermissionResultVO;
import com.digiwin.dap.middleware.iam.domain.permission.UserFunctionalPermissionResult;
import com.digiwin.dap.middleware.iam.domain.permission.UserFunctionalPermissionResultVO;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionResult;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionResultVO;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionVO;
import com.digiwin.dap.middleware.iam.domain.policy.ConsolePolicyExportScopeRequest;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.repository.TenantDataExportRecordRepository;
import com.digiwin.dap.middleware.iam.service.permission.ApiPermissionService;
import com.digiwin.dap.middleware.iam.service.permission.AuthService;
import com.digiwin.dap.middleware.iam.service.policy.PolicyCalcService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.excel.PermissionExcelService;
import com.digiwin.dap.middleware.iam.support.obsolete.service.DataPermissionService;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import io.github.resilience4j.ratelimiter.annotation.RateLimiter;
import java.time.LocalDateTime;
import java.util.Collections;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.apache.poi.ddf.EscherProperties;
import org.joda.time.DateTimeConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/permission"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/PermissionController.class */
public class PermissionController {

    @Autowired
    private AuthService authService;

    @Autowired
    private PolicyCalcService policyCalcService;

    @Autowired
    private AuthValidateService authValidateService;

    @Autowired
    private ApiPermissionService apiPermissionService;

    @Autowired
    private DataPermissionService dataPermissionService;

    @Autowired
    private PermissionExcelService permissionExcelService;

    @Autowired
    private TenantDataExportRecordRepository tenantDataExportRecordRepository;

    @PostMapping({"/last/modified"})
    public StdData<?> getLastModified(@RequestBody(required = false) UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        PermissionLastModified permissionLastModified = new PermissionLastModified(userPermissionVO);
        if (permissionLastModified.getUserId() == null) {
            permissionLastModified.setUserId(iamAuthoredUser.getUserId());
        }
        permissionLastModified.setTenantId(iamAuthoredUser.getTenantId());
        if (permissionLastModified.getSysId() == null) {
            permissionLastModified.setSysId(authoredSys.getId());
        }
        String format = String.format(RedisConstants.REDIS_PERMISSION_LAST_MODIFIED, permissionLastModified.getUserId(), permissionLastModified.getTenantId(), permissionLastModified.getSysId());
        PermissionLastModified permissionLastModified2 = (PermissionLastModified) RedisUtils.get(format, PermissionLastModified.class);
        if (permissionLastModified2 == null) {
            permissionLastModified.setLastModified(LocalDateTime.now());
            RedisUtils.set(format, permissionLastModified);
        } else {
            permissionLastModified.setLastModified(permissionLastModified2.getLastModified());
        }
        return StdData.ok(permissionLastModified);
    }

    @PostMapping({"/user"})
    @RateLimiter(name = "/api/iam/v2/permission/user")
    public StdData<?> getUser(@RequestBody(required = false) UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        if (userPermissionVO == null) {
            userPermissionVO = new UserPermissionVO();
        }
        CalcUser checkPermission = this.authValidateService.checkPermission(userPermissionVO.puzzle(), iamAuthoredUser, new Sys(authoredSys));
        return StdData.ok(this.authService.getUserFunction(checkPermission, this.authService.getUserPermission(checkPermission), userPermissionVO.getEffect()));
    }

    @PostMapping({"/user/module"})
    @RateLimiter(name = "/api/iam/v2/permission/user")
    public StdData<?> getUser2(@RequestBody(required = false) UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        if (userPermissionVO == null) {
            userPermissionVO = new UserPermissionVO();
        }
        CalcUser checkPermission = this.authValidateService.checkPermission(userPermissionVO.puzzle(), iamAuthoredUser, new Sys(authoredSys));
        return StdData.ok(this.authService.getUserFunctionWithModule(checkPermission, this.authService.getUserPermission(checkPermission), userPermissionVO.getEffect()));
    }

    @PostMapping(value = {"/user/all", "/user/all/realtime"}, produces = {"application/json; charset=utf-8"})
    @RateLimiter(name = "/api/iam/v2/permission/user/all")
    public ResponseEntity<?> getUserAllPermission(@RequestBody(required = false) UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        return ResponseEntity.ok(new UserPermissionResultVO(userPermissionVO, this.authService.getUserPermission(this.authValidateService.checkPermission(userPermissionVO, iamAuthoredUser, new Sys(authoredSys)))));
    }

    @PostMapping(value = {"/user/functional"}, produces = {"application/json; charset=utf-8"})
    @RateLimiter(name = "/api/iam/v2/permission/user/functional")
    public ResponseEntity<?> getUserFunctionalPermission(@RequestBody UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser) {
        UserPermissionResult userPermission = this.authService.getUserPermission(this.authValidateService.checkPermission(userPermissionVO, iamAuthoredUser, null));
        return ResponseEntity.ok(new UserFunctionalPermissionResultVO(userPermissionVO, new UserFunctionalPermissionResult(userPermission.getRoles(), userPermission.getOrg(), userPermission.getPermissions())));
    }

    @PostMapping(value = {"/user/details"}, produces = {"application/json; charset=utf-8"})
    @com.digiwin.dap.middle.cache.limiter.RateLimiter(burstCapacity = DateTimeConstants.SECONDS_PER_HOUR, requestedTokens = EscherProperties.THREEDSTYLE__SKEWANGLE)
    public ResponseEntity<?> getAllPermissionDetails(@RequestBody(required = false) AllPermissionQueryVO allPermissionQueryVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        return ResponseEntity.ok(this.permissionExcelService.getAllPermissionDetails(allPermissionQueryVO, iamAuthoredUser, authoredSys));
    }

    @PostMapping({"/user/details/export"})
    @com.digiwin.dap.middle.cache.limiter.RateLimiter(burstCapacity = DateTimeConstants.SECONDS_PER_HOUR, requestedTokens = EscherProperties.THREEDSTYLE__SKEWANGLE)
    public void permissionExport(@RequestBody(required = false) AllPermissionQueryVO allPermissionQueryVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, HttpServletResponse httpServletResponse) throws Exception {
        this.permissionExcelService.getPermissionExcels(allPermissionQueryVO, iamAuthoredUser, authoredSys, httpServletResponse);
    }

    @PostMapping({"/apply/export"})
    @com.digiwin.dap.middle.cache.limiter.RateLimiter(burstCapacity = DateTimeConstants.SECONDS_PER_HOUR, requestedTokens = DateTimeConstants.SECONDS_PER_HOUR)
    public ResponseEntity applyExportAllPermission(@RequestBody AllPermissionQueryVO allPermissionQueryVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser) {
        this.permissionExcelService.exportAllPermission(allPermissionQueryVO, iamAuthoredUser);
        return new ResponseEntity(HttpStatus.OK);
    }

    @PostMapping({"/apply/scope/export"})
    public StdData applyExportAllPermissionV2(@RequestBody ConsolePolicyExportScopeRequest consolePolicyExportScopeRequest, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser) {
        Assert.notEmpty(consolePolicyExportScopeRequest.getAppIds(), "应用不能为空");
        Assert.notEmpty(consolePolicyExportScopeRequest.getActualSids(), "维度不能为空");
        Assert.notNull(consolePolicyExportScopeRequest.getScope(), "维度类型不能为空");
        consolePolicyExportScopeRequest.setTenantSid(Long.valueOf(iamAuthoredUser.getTenantSid()));
        this.permissionExcelService.exportAllPermissionV2(consolePolicyExportScopeRequest.toVO());
        return StdData.ok().build();
    }

    @PostMapping({"/cancel/scope/export"})
    public StdData cancelExportAllPermissionV2(@RequestParam Long l) {
        this.permissionExcelService.cancelExportTask(l);
        return StdData.ok().build();
    }

    @GetMapping({"/export/check"})
    public StdData<?> checkPermissionExport(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
        if (this.tenantDataExportRecordRepository.existsByTenantSidAndCreateByAndPermAndState(authoredUser.getTenantSid(), authoredUser.getSid(), true, 0)) {
            throw new BusinessException(I18nError.PERMISSION_EXPORT_DATA_GENERATING);
        }
        return StdData.ok().build();
    }

    @PostMapping({"/users/apps/all"})
    public ResponseEntity<?> batchGetUsersAllPermission(@RequestBody UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser) {
        if (iamAuthoredUser.getTenantSid() == 0) {
            throw new BusinessException(I18nError.TENANT_ID_NOT_NULL);
        }
        return (userPermissionVO.getUserIds().isEmpty() || userPermissionVO.getSysIds().isEmpty()) ? ResponseEntity.ok(Collections.emptyList()) : ResponseEntity.ok(this.authService.batchGetUsersPermission(userPermissionVO, iamAuthoredUser));
    }

    @PostMapping(value = {"/user/actions"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getUserModuleActions(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestBody Sys sys) {
        return ResponseEntity.ok(this.policyCalcService.getUserModuleActions(authoredUser.getTenantSid(), authoredUser.getTenantId(), authoredUser.getUserId(), sys.getId()));
    }

    @PostMapping({"/data"})
    @RateLimiter(name = "/api/iam/v2/permission/data")
    public ResponseEntity<?> getData(@Valid @RequestBody DataTargetVO dataTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        this.authValidateService.checkDataPermission(dataTargetVO, authoredUser, new Sys(authoredSys), true);
        return ResponseEntity.ok(this.authService.getDataPermission(dataTargetVO));
    }

    @PostMapping({"/data/row"})
    public ResponseEntity<?> getDataRow(@Valid @RequestBody DataTargetVO dataTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        this.authValidateService.checkDataPermission(dataTargetVO, authoredUser, new Sys(authoredSys), true);
        Map<String, Object> dataPermission = this.authService.getDataPermission(dataTargetVO);
        dataPermission.remove(IamConstants.COLPERMISSION);
        return ResponseEntity.ok(dataPermission);
    }

    @PostMapping({"/data/dev/row"})
    public StdData getDevDataRow(@Valid @RequestBody DataTargetVO dataTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        this.authValidateService.checkDataPermission(dataTargetVO, authoredUser, new Sys(authoredSys), true);
        return StdData.ok(this.authService.getDataPermissionRow(dataTargetVO));
    }

    @PostMapping({"/data/dev/role"})
    public StdData getDevDataRowByValue(@Valid @RequestBody DataTargetVO dataTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        this.authValidateService.checkDataPermission(dataTargetVO, authoredUser, new Sys(authoredSys), false);
        return StdData.ok(this.authService.getDataPermissionRoles(dataTargetVO));
    }

    @PostMapping({"/data/col"})
    @RateLimiter(name = "/api/iam/v2/permission/data/col")
    public ResponseEntity<?> getDataCol(@Valid @RequestBody DataTargetVO dataTargetVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        this.authValidateService.checkDataPermission(dataTargetVO, authoredUser, new Sys(authoredSys), true);
        Map<String, Object> dataPermission = this.authService.getDataPermission(dataTargetVO);
        dataPermission.remove(IamConstants.ROWPERMISSION);
        return ResponseEntity.ok(dataPermission);
    }

    @PostMapping({"/data/tempuser"})
    public ResponseEntity<?> getApiDataPermission(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        LoginUser loginUser = new LoginUser();
        loginUser.setUserId(authoredUser.getUserId());
        loginUser.setTenantId(authoredUser.getTenantId());
        loginUser.setApp(new Sys(authoredSys));
        return ResponseEntity.ok(this.apiPermissionService.getApiPermission(this.apiPermissionService.getApiPermissionQueryVOByUser(loginUser)));
    }

    @PostMapping(value = {"/user/data"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getUserDataPermission(@RequestBody UserPermissionVO userPermissionVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return ResponseEntity.ok(new UserDataPermissionResultVO(userPermissionVO, this.dataPermissionService.getUserDataPermission(userPermissionVO, authoredUser)));
    }
}
