package com.digiwin.dap.middleware.iam.service.permission.impl;

import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.constant.CacheConstants;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.enums.ConditionValueEnum;
import com.digiwin.dap.middleware.iam.domain.datapolicy.DataTargetVO;
import com.digiwin.dap.middleware.iam.domain.datapolicy.RowFilter;
import com.digiwin.dap.middleware.iam.domain.permission.CalcUser;
import com.digiwin.dap.middleware.iam.domain.permission.ColPermission;
import com.digiwin.dap.middleware.iam.domain.permission.ModulePolicy;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionPolicy;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionUserOrg;
import com.digiwin.dap.middleware.iam.domain.permission.PermissionUserRole;
import com.digiwin.dap.middleware.iam.domain.permission.UserFunPermission;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionResult;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionVO;
import com.digiwin.dap.middleware.iam.domain.permission.UserSysFunctionalPermissionResultVO;
import com.digiwin.dap.middleware.iam.domain.permission.v2.CacAuthHolder;
import com.digiwin.dap.middleware.iam.domain.permission.v2.MenuEffect;
import com.digiwin.dap.middleware.iam.domain.policy.PolicyAction;
import com.digiwin.dap.middleware.iam.domain.policy.v2.TargetAction;
import com.digiwin.dap.middleware.iam.domain.user.RoleInUserInfoVO;
import com.digiwin.dap.middleware.iam.entity.DevSys;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.mapper.AuthMapper;
import com.digiwin.dap.middleware.iam.mapper.DataPermissionMapper;
import com.digiwin.dap.middleware.iam.mapper.PermissionMapper;
import com.digiwin.dap.middleware.iam.repository.DevSysRepository;
import com.digiwin.dap.middleware.iam.service.app.ActionService;
import com.digiwin.dap.middleware.iam.service.datapolicy.DataPolicyService;
import com.digiwin.dap.middleware.iam.service.dev.sys.DevSysCrudService;
import com.digiwin.dap.middleware.iam.service.permission.AuthCalcService;
import com.digiwin.dap.middleware.iam.service.permission.AuthService;
import com.digiwin.dap.middleware.iam.service.policy.PolicyTargetService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.remote.CacService;
import com.digiwin.dap.middleware.iam.support.remote.domain.AuthorizationVO;
import com.digiwin.dap.middleware.iam.util.StringUtil;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheConfig;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.cloud.stream.function.FunctionConstants;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@CacheConfig(cacheNames = {"default"}, cacheManager = CacheConstants.CACHE_MANAGER)
@Service
/* loaded from: input_file:WEB-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/service/permission/impl/AuthServiceImpl.class */
public class AuthServiceImpl implements AuthService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthServiceImpl.class);

    @Autowired
    private AuthMapper authMapper;

    @Autowired
    private CacService cacService;

    @Autowired
    private AuthCalcService authCalcService;

    @Autowired
    private PermissionMapper permissionMapper;

    @Autowired
    private DataPolicyService dataPolicyService;

    @Autowired
    private PolicyTargetService policyTargetService;

    @Autowired
    private DevSysCrudService devSysCrudService;

    @Autowired
    private DataPermissionMapper dataPermissionMapper;

    @Autowired
    private DevSysRepository devSysRepository;

    @Autowired
    private AuthService authService;

    @Autowired
    private ActionService actionService;

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public List<PermissionPolicy> getUserFunction(CalcUser calcUser, UserPermissionResult userPermissionResult, String str) {
        List<PolicyAction> actions = getActions(calcUser);
        Map map = (Map) userPermissionResult.getPermissions().stream().collect(Collectors.toMap((v0) -> {
            return v0.getSid();
        }, permissionPolicy -> {
            return permissionPolicy;
        }, (permissionPolicy2, permissionPolicy3) -> {
            return permissionPolicy2;
        }));
        ArrayList arrayList = new ArrayList();
        actions.forEach(policyAction -> {
            if (map.containsKey(Long.valueOf(policyAction.getSid()))) {
                if (MenuEffect.deny.name().equals(str)) {
                    return;
                }
                arrayList.add(map.get(Long.valueOf(policyAction.getSid())));
            } else {
                if (MenuEffect.allow.name().equals(str)) {
                    return;
                }
                PermissionPolicy constructAction = constructAction(policyAction, Collections.emptyMap(), MenuEffect.deny, false);
                Optional.ofNullable(userPermissionResult.getCacAuthHolder()).ifPresent(cacAuthHolder -> {
                    cacAuthHolder.determineDenyReason(constructAction);
                });
                arrayList.add(constructAction);
            }
        });
        return arrayList;
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public UserFunPermission getUserFunctionWithModule(CalcUser calcUser, UserPermissionResult userPermissionResult, String str) {
        List<PermissionPolicy> userFunction = getUserFunction(calcUser, userPermissionResult, str);
        List<PolicyAction> modules = getModules(calcUser);
        Map map = (Map) (userPermissionResult.getModules() == null ? Collections.emptyList() : userPermissionResult.getModules()).stream().collect(Collectors.toMap((v0) -> {
            return v0.getSid();
        }, modulePolicy -> {
            return modulePolicy;
        }, (modulePolicy2, modulePolicy3) -> {
            return modulePolicy2;
        }));
        ArrayList arrayList = new ArrayList();
        modules.forEach(policyAction -> {
            if (map.containsKey(Long.valueOf(policyAction.getSid()))) {
                if (MenuEffect.deny.name().equals(str)) {
                    return;
                }
                arrayList.add(map.get(Long.valueOf(policyAction.getSid())));
            } else {
                if (MenuEffect.allow.name().equals(str)) {
                    return;
                }
                arrayList.add(constructModule(policyAction, MenuEffect.deny));
            }
        });
        return UserFunPermission.of(userFunction, arrayList);
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    @Cacheable(key = "T(com.digiwin.dap.middleware.iam.constant.RedisConstants).PERMISSION_ACTION_PREFIX + #calcUser.userId + '::' + #calcUser.tenantId + '::' + #calcUser.appId")
    public UserPermissionResult getUserPermission(CalcUser calcUser) {
        List<PermissionUserRole> findUserRoles = this.permissionMapper.findUserRoles(calcUser.getTenantSid(), calcUser.getUserSid());
        List<PermissionUserOrg> findUserOrgs = this.permissionMapper.findUserOrgs(calcUser.getTenantSid(), calcUser.getUserSid());
        Map map = (Map) findUserOrgs.stream().collect(Collectors.toMap((v0) -> {
            return v0.getPriority();
        }, permissionUserOrg -> {
            return permissionUserOrg;
        }, (permissionUserOrg2, permissionUserOrg3) -> {
            return permissionUserOrg2;
        }));
        boolean anyMatch = findUserRoles.stream().anyMatch(permissionUserRole -> {
            return "superadmin".equals(permissionUserRole.getId());
        });
        Map<Long, TargetAction> userAction = this.authCalcService.getUserAction(calcUser, findUserRoles, findUserOrgs);
        CacAuthHolder prepareCacAuthData = prepareCacAuthData(calcUser);
        List<PermissionPolicy> actionPermissions = getActionPermissions(calcUser, anyMatch, userAction, prepareCacAuthData);
        List<ModulePolicy> modulePermissions = getModulePermissions(calcUser, anyMatch, userAction, prepareCacAuthData);
        RedisUtils.opsForSet().add(calcUser.appKey(), calcUser.uniqueKey());
        return new UserPermissionResult(findUserRoles, map, actionPermissions, modulePermissions, prepareCacAuthData);
    }

    private CacAuthHolder prepareCacAuthData(CalcUser calcUser) {
        CacAuthHolder cacAuthHolder = new CacAuthHolder();
        AuthorizationVO moduleIds = this.cacService.getModuleIds(calcUser.getTenantId(), calcUser.getAppId());
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (moduleEmptyDueToHistory(moduleIds)) {
            cacAuthHolder.setAuthorizedModuleIds(null);
        } else {
            cacAuthHolder.setAuthorizedValidModuleIds((Set) moduleIds.getEnabledModules().stream().filter(authorizationModuleVO -> {
                return LocalDateTime.now().isBefore(authorizationModuleVO.getExpiredTime());
            }).map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
            cacAuthHolder.setAuthorizedModuleIds((Set) moduleIds.getEnabledModules().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()));
            this.cacService.extractActionIdsFromModules(moduleIds.getEnabledModules(), hashMap2, true);
            this.cacService.extractActionIdsFromModules(moduleIds.getEnabledModules(), hashMap, false);
            cacAuthHolder.setAuthorizedActions(hashMap);
            cacAuthHolder.setAuthorizedValidActions(hashMap2);
        }
        return cacAuthHolder;
    }

    private static boolean moduleEmptyDueToHistory(AuthorizationVO authorizationVO) {
        return authorizationVO == null || authorizationVO.getEnabledModules().isEmpty();
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public Map<String, Object> getDataPermission(DataTargetVO dataTargetVO) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (this.policyTargetService.isSuperAdmin(dataTargetVO.getTenantSid(), dataTargetVO.getUserSid(), "user")) {
            linkedHashMap.put("superadmin", true);
            return linkedHashMap;
        }
        String tableName = dataTargetVO.getTableName();
        linkedHashMap.put("superadmin", false);
        Map<String, Object> dataPolicy = this.dataPolicyService.getDataPolicy(dataTargetVO.getTenantSid(), "user", dataTargetVO.getUserSid(), dataTargetVO.getSysSid(), dataTargetVO.getActionSid(), true);
        linkedHashMap.putAll(dataPolicy);
        filterRow(dataPolicy, linkedHashMap, tableName);
        linkedHashMap.remove(IamConstants.ROWPERMISSIONS);
        filterCol(linkedHashMap, tableName);
        return linkedHashMap;
    }

    private void filterRow(Map<String, Object> map, Map<String, Object> map2, String str) {
        ArrayList arrayList = new ArrayList((Collection) map.get(IamConstants.ROWPERMISSIONS));
        if (CollectionUtils.isEmpty(arrayList)) {
            return;
        }
        if (arrayList.size() != 1) {
            RowFilter buildRowFilter4Group = RowFilter.buildRowFilter4Group(arrayList);
            if (ObjectUtils.isEmpty(str)) {
                map2.put(IamConstants.ROWPERMISSION, buildRowFilter4Group);
                return;
            } else {
                map2.put(IamConstants.ROWPERMISSION, ((HashMap) buildRowFilter4Group.getFilterValue()).get(str));
                return;
            }
        }
        Object obj = (RowFilter) arrayList.get(0);
        map2.put(IamConstants.ROWPERMISSION, new RowFilter());
        if (ObjectUtils.isEmpty(str) || RowFilter.extractName(obj).contains(str)) {
            map2.put(IamConstants.ROWPERMISSION, obj);
        }
    }

    private void filterCol(Map<String, Object> map, String str) {
        Object obj = map.get(IamConstants.COLPERMISSION);
        if ((obj instanceof List) && StringUtils.hasLength(str)) {
            ((List) obj).removeIf(obj2 -> {
                return (obj2 instanceof ColPermission) && !str.equals(((ColPermission) obj2).getTable());
            });
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public Map<String, Object> getDataPermission(long j, long j2, long j3, long j4) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (this.policyTargetService.isSuperAdmin(j, j2, "user")) {
            linkedHashMap.put("superadmin", true);
        } else {
            linkedHashMap.put("superadmin", false);
            linkedHashMap.putAll(this.dataPolicyService.getDataPolicy(j, "user", j2, j3, j4, true));
        }
        return linkedHashMap;
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public List<UserSysFunctionalPermissionResultVO> batchGetUsersPermission(UserPermissionVO userPermissionVO, IamAuthoredUser iamAuthoredUser) {
        long tenantSid = iamAuthoredUser.getTenantSid();
        ArrayList arrayList = new ArrayList();
        List<RoleInUserInfoVO> findByTenantSidInUserIds = this.authMapper.findByTenantSidInUserIds(tenantSid, userPermissionVO.getUserIds());
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        List<Sys> findByTenantSidInSysIds = this.authMapper.findByTenantSidInSysIds(tenantSid, userPermissionVO.getSysIds());
        userPermissionVO.getUserIds().forEach(str -> {
            RoleInUserInfoVO roleInUserInfoVO = (RoleInUserInfoVO) findByTenantSidInUserIds.stream().filter(roleInUserInfoVO2 -> {
                return roleInUserInfoVO2.getUserId().equals(str);
            }).findFirst().orElse(null);
            if (null == roleInUserInfoVO) {
                arrayList2.add(str);
            } else {
                userPermissionVO.getSysIds().forEach(str -> {
                    Sys sys = (Sys) findByTenantSidInSysIds.stream().filter(sys2 -> {
                        return sys2.getId().equals(str);
                    }).findFirst().orElse(null);
                    if (null == sys) {
                        if (arrayList3.contains(str)) {
                            return;
                        }
                        arrayList3.add(str);
                        return;
                    }
                    CalcUser calcUser = new CalcUser();
                    calcUser.setTenantSid(tenantSid);
                    calcUser.setTenantId(iamAuthoredUser.getTenantId());
                    calcUser.setUserId(str);
                    calcUser.setUserSid(roleInUserInfoVO.getUserSid().longValue());
                    calcUser.setDealer(iamAuthoredUser.isDealer());
                    calcUser.setEoc(iamAuthoredUser.isEoc());
                    calcUser.setSuperadmin(null != roleInUserInfoVO.getRoleIds() && roleInUserInfoVO.getRoleIds().contains("superadmin"));
                    calcUser.setAppSid(sys.getSid());
                    calcUser.setAppId(sys.getId());
                    calcUser.setInside(sys.isInside());
                    arrayList.add(calcUser);
                });
            }
        });
        if (!arrayList2.isEmpty()) {
            log.error(String.format("用户%s不存在或不在%s租户下", String.join(",", arrayList2), iamAuthoredUser.getTenantId()));
        }
        if (!arrayList3.isEmpty()) {
            log.error(String.format("用户%s不存在或租户%s没有购买", String.join(",", arrayList3), iamAuthoredUser.getTenantId()));
        }
        ArrayList arrayList4 = new ArrayList(arrayList.size());
        arrayList.forEach(calcUser -> {
            List<PermissionPolicy> permissionsFromCache = getPermissionsFromCache(calcUser, calcUser.isSuperadmin(), "all", null, null);
            UserSysFunctionalPermissionResultVO userSysFunctionalPermissionResultVO = new UserSysFunctionalPermissionResultVO();
            userSysFunctionalPermissionResultVO.setUserId(calcUser.getUserId());
            userSysFunctionalPermissionResultVO.setSysId(calcUser.getAppId());
            userSysFunctionalPermissionResultVO.setPermissions(permissionsFromCache);
            arrayList4.add(userSysFunctionalPermissionResultVO);
        });
        return arrayList4;
    }

    private List<PermissionPolicy> getPermissionsFromCache(CalcUser calcUser, boolean z, String str, List<PermissionUserRole> list, List<PermissionUserOrg> list2) {
        return getUserFunction(calcUser, this.authService.getUserPermission(calcUser), str);
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public List<Map> getDataPermissionRow(DataTargetVO dataTargetVO) {
        Map<String, Object> dataPermission = getDataPermission(dataTargetVO);
        ArrayList arrayList = new ArrayList();
        if (Boolean.TRUE.equals(dataPermission.get("superadmin"))) {
            this.devSysRepository.findDevSysByTenantSidOrTenantId(dataTargetVO.getTenantSid(), dataTargetVO.getTenantId()).forEach(devSys -> {
                HashMap hashMap = new HashMap();
                hashMap.put("id", devSys.getId());
                hashMap.put("name", devSys.getNameCN());
                arrayList.add(hashMap);
            });
        } else if (dataPermission.containsKey(IamConstants.ROWPERMISSION)) {
            RowFilter rowFilter = (RowFilter) dataPermission.get(IamConstants.ROWPERMISSION);
            if (FunctionConstants.DEFAULT_INPUT_SUFFIX.equals(rowFilter.getFilterType())) {
                arrayList.addAll(fillAppInfo((List) rowFilter.getFilterValue(), rowFilter.getFilterValueName()));
            } else if ("or".equals(rowFilter.getFilterType()) || "and".equalsIgnoreCase(rowFilter.getFilterType())) {
                arrayList.addAll(fillAppInfo(rowFilter.fetchAllValues(), rowFilter.fetchAllNames()));
            }
        }
        return arrayList;
    }

    private List<Map> fillAppInfo(List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            HashMap hashMap = new HashMap();
            String str = list.get(i);
            hashMap.put("id", str);
            if (list2 == null || list2.size() <= i) {
                DevSys findById = this.devSysCrudService.findById(str);
                if (findById != null) {
                    hashMap.put("name", findById.getNameCN());
                }
            } else {
                hashMap.put("name", list2.get(i));
            }
            if (!arrayList.stream().anyMatch(map -> {
                return str.equals(map.get("id"));
            })) {
                arrayList.add(hashMap);
            }
        }
        return arrayList;
    }

    @Override // com.digiwin.dap.middleware.iam.service.permission.AuthService
    public List<PermissionUserRole> getDataPermissionRoles(DataTargetVO dataTargetVO) {
        return this.dataPermissionMapper.findRolesByRowFilterValue(dataTargetVO.getTenantSid(), dataTargetVO.getActionSid(), dataTargetVO.getDevAppId());
    }

    private List<ModulePolicy> getModulePermissions(CalcUser calcUser, boolean z, Map<Long, TargetAction> map, CacAuthHolder cacAuthHolder) {
        List<ModulePolicy> list = (List) getModules(calcUser).stream().filter(policyAction -> {
            return z || map.containsKey(Long.valueOf(policyAction.getSid()));
        }).map(policyAction2 -> {
            return constructModule(policyAction2, MenuEffect.allow);
        }).collect(Collectors.toList());
        return (calcUser.isInside() || cacAuthHolder.hasAllModule()) ? list : (List) list.stream().filter(modulePolicy -> {
            return cacAuthHolder.getAuthorizedValidModuleIds().contains(modulePolicy.getId());
        }).collect(Collectors.toList());
    }

    private List<PermissionPolicy> getActionPermissions(CalcUser calcUser, boolean z, Map<Long, TargetAction> map, CacAuthHolder cacAuthHolder) {
        List<PolicyAction> actions = getActions(calcUser);
        prepareActionDenyReason(cacAuthHolder, actions);
        List<PermissionPolicy> list = (List) actions.stream().filter(policyAction -> {
            return z || map.containsKey(Long.valueOf(policyAction.getSid()));
        }).map(policyAction2 -> {
            return constructAction(policyAction2, map, MenuEffect.allow, z);
        }).collect(Collectors.toList());
        if (calcUser.isInside() || cacAuthHolder.hasAllModule()) {
            return list;
        }
        List<PermissionPolicy> list2 = (List) list.stream().filter(permissionPolicy -> {
            return cacAuthHolder.getAuthorizedValidModuleIds().contains(permissionPolicy.getModuleId());
        }).collect(Collectors.toList());
        list2.removeIf(permissionPolicy2 -> {
            return cacAuthHolder.getAuthorizedValidActions().containsKey(permissionPolicy2.getModuleId()) && !cacAuthHolder.getAuthorizedValidActions().get(permissionPolicy2.getModuleId()).contains(permissionPolicy2.getId());
        });
        return list2;
    }

    private static void prepareActionDenyReason(CacAuthHolder cacAuthHolder, List<PolicyAction> list) {
        for (PolicyAction policyAction : list) {
            if (cacAuthHolder.moduleNoAuth(policyAction.getModuleId())) {
                cacAuthHolder.getRemovedDueToModuleNoAuth().add(policyAction.getModuleId());
            } else if (cacAuthHolder.moduleExpired(policyAction.getModuleId())) {
                cacAuthHolder.getRemovedDueToModuleExpired().add(policyAction.getModuleId());
            } else if (cacAuthHolder.actionNoAuth(policyAction.getModuleId(), policyAction.getId())) {
                cacAuthHolder.getRemovedDueToActionNoAuth().add(StringUtil.getUniqueActionName(policyAction.getModuleId(), policyAction.getId()));
            } else if (cacAuthHolder.actionExpired(policyAction.getModuleId(), policyAction.getId())) {
                cacAuthHolder.getRemovedDueToActionExpired().add(StringUtil.getUniqueActionName(policyAction.getModuleId(), policyAction.getId()));
            }
        }
    }

    private ModulePolicy constructModule(PolicyAction policyAction, MenuEffect menuEffect) {
        ModulePolicy modulePolicy = new ModulePolicy();
        modulePolicy.setSid(Long.valueOf(policyAction.getSid()));
        modulePolicy.setId(policyAction.getId());
        modulePolicy.setName(policyAction.getName());
        modulePolicy.setEffect(menuEffect.name());
        return modulePolicy;
    }

    private PermissionPolicy constructAction(PolicyAction policyAction, Map<Long, TargetAction> map, MenuEffect menuEffect, boolean z) {
        PermissionPolicy permissionPolicy = new PermissionPolicy();
        permissionPolicy.setSid(Long.valueOf(policyAction.getSid()));
        permissionPolicy.setId(policyAction.getId());
        permissionPolicy.setName(policyAction.getName());
        permissionPolicy.setTarget(policyAction.getUri());
        permissionPolicy.setEffect(menuEffect.name());
        permissionPolicy.setModuleId(policyAction.getModuleId());
        Map map2 = (Map) map.getOrDefault(Long.valueOf(policyAction.getSid()), new TargetAction()).getConditions().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        Map map3 = (Map) policyAction.getCondition().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        map3.putAll(map2);
        if (z && !map3.isEmpty()) {
            map3.entrySet().stream().findFirst().ifPresent(entry -> {
                String max = ConditionValueEnum.max((String) entry.getValue());
                map3.entrySet().forEach(entry -> {
                });
            });
        }
        permissionPolicy.setConditions(Collections.singletonMap(policyAction.getUri() == null ? "" : policyAction.getUri(), map3));
        return permissionPolicy;
    }

    private List<PolicyAction> getModules(CalcUser calcUser) {
        return this.authMapper.findPolicyModule(calcUser.getAppSid());
    }

    private List<PolicyAction> getActions(CalcUser calcUser) {
        List<PolicyAction> actions = getActions(calcUser.getTenantSid(), calcUser.getAppSid());
        if (!calcUser.isDealer()) {
            actions.removeIf(policyAction -> {
                return IamConstants.DIGIWIN_ACTION_MANAGE_DEALER.equals(policyAction.getId());
            });
        }
        if (!calcUser.isEoc()) {
            actions.removeIf(policyAction2 -> {
                return IamConstants.DIGIWIN_ACTION_MANAGE_EOC.equals(policyAction2.getId());
            });
        }
        if (!calcUser.isCorpWechat()) {
            actions.removeIf(policyAction3 -> {
                return IamConstants.DIGIWIN_ACTION_MANAGE_CORP_WECHAT.equals(policyAction3.getId());
            });
        }
        if (!calcUser.isAuthLandingConsole()) {
            actions.removeIf(policyAction4 -> {
                return IamConstants.DIGIWIN_ACTION_MANAGE_TENANT_APP.equals(policyAction4.getId());
            });
        }
        return actions;
    }

    private List<PolicyAction> getActions(long j, long j2) {
        List<PolicyAction> findPolicyAction = this.authMapper.findPolicyAction(j, j2);
        this.actionService.filterByTenantActionRelation(findPolicyAction, j);
        Map map = (Map) this.authMapper.findPolicyCondition(j2).stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getActionSid();
        }));
        findPolicyAction.forEach(policyAction -> {
            if (map.containsKey(Long.valueOf(policyAction.getSid()))) {
                policyAction.setCondition((List) map.get(Long.valueOf(policyAction.getSid())));
            }
        });
        return findPolicyAction;
    }
}
