package com.digiwin.dap.middleware.iam.support.validate.impl;

import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.commons.util.StrUtils;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.datapolicy.DataTargetVO;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.domain.permission.CalcUser;
import com.digiwin.dap.middleware.iam.domain.permission.UserPermissionVO;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.mapper.AuthMapper;
import com.digiwin.dap.middleware.iam.service.app.ActionCrudService;
import com.digiwin.dap.middleware.iam.service.app.ModuleCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.support.auth.RamService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.remote.CacService;
import com.digiwin.dap.middleware.iam.support.remote.domain.AuthAppResultVO;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.iam.util.RedisUtil;
import com.digiwin.dap.middleware.util.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/digiwin/dap/middleware/iam/support/validate/impl/AuthValidateServiceImpl.class */
public class AuthValidateServiceImpl implements AuthValidateService {

    @Autowired
    private AuthMapper authMapper;

    @Autowired
    private CacService cacService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private ModuleCrudService moduleCrudService;

    @Autowired
    private ActionCrudService actionCrudService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private RamService ramService;

    @Override // com.digiwin.dap.middleware.iam.support.validate.AuthValidateService
    public CalcUser checkPermission(UserPermissionVO userPermissionVO, IamAuthoredUser iamAuthoredUser, Sys sys) {
        return checkPermission(userPermissionVO, iamAuthoredUser, sys, true);
    }

    @Override // com.digiwin.dap.middleware.iam.support.validate.AuthValidateService
    public CalcUser checkPermission(UserPermissionVO userPermissionVO, IamAuthoredUser iamAuthoredUser, Sys sys, Boolean bool) {
        if (userPermissionVO == null) {
            userPermissionVO = new UserPermissionVO();
        }
        if (StringUtils.isEmpty(userPermissionVO.getTarget()) && sys != null) {
            userPermissionVO.setTarget(UserPermissionVO.PREFIX + sys.getId());
        }
        if (StringUtils.isEmpty(userPermissionVO.getUserId())) {
            userPermissionVO.setUserId(iamAuthoredUser.getUserId());
        }
        Assert.notNull(userPermissionVO, "input 不能为null");
        Assert.notNull(userPermissionVO.getUserId(), "input.userId 不能为null");
        Assert.notNull(userPermissionVO.getTarget(), "input.target 不能为null");
        String[] split = userPermissionVO.getTarget().split(IamConstants.COLON);
        if (split.length < 4) {
            throw new BusinessException(I18nError.PERMISSION_URI_ERROR, new Object[]{userPermissionVO.getTarget()});
        }
        userPermissionVO.setSysId(split[3]);
        CalcUser calcUser = new CalcUser();
        if (StrUtils.isEmpty(userPermissionVO.getTenantId())) {
            if (iamAuthoredUser.getTenantSid() == 0) {
                throw new BusinessException(I18nError.PERMISSION_USER_NO_TENANT, new Object[]{calcUser.getUserId()});
            }
            calcUser.setTenantSid(iamAuthoredUser.getTenantSid());
            calcUser.setTenantId(iamAuthoredUser.getTenantId());
        } else {
            if (!iamAuthoredUser.getTenantId().equalsIgnoreCase(userPermissionVO.getTenantId()) && !checkAccessPermission("Sys", AppAuthContextHolder.getContext().getRequestInfo().getMethod(), AppAuthContextHolder.getContext().getRequestInfo().getPath(), UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
            }
            Tenant tenant = (Tenant) this.tenantCrudService.findById(userPermissionVO.getTenantId());
            if (tenant == null) {
                throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{userPermissionVO.getTenantId()});
            }
            calcUser.setTenantSid(tenant.getSid());
            calcUser.setTenantId(tenant.getId());
        }
        User findUserByTenantSidAndUserId = this.authMapper.findUserByTenantSidAndUserId(Long.valueOf(calcUser.getTenantSid()), userPermissionVO.getUserId());
        if (findUserByTenantSidAndUserId == null) {
            throw new BusinessException(I18nError.USER_TENANT_EXISTED_ERROR, new Object[]{calcUser.getTenantId(), userPermissionVO.getUserId()});
        }
        calcUser.setUserSid(findUserByTenantSidAndUserId.getSid());
        calcUser.setUserId(findUserByTenantSidAndUserId.getId());
        calcUser.setUserName(findUserByTenantSidAndUserId.getName());
        Sys findSysByTenantSidAndSysId = this.authMapper.findSysByTenantSidAndSysId(calcUser.getTenantSid(), userPermissionVO.getSysId());
        if (findSysByTenantSidAndSysId == null) {
            throw new BusinessException(I18nError.PERMISSION_SYS_NO_TENANT, new Object[]{userPermissionVO.getSysId(), calcUser.getTenantId()});
        }
        if (0 == this.envProperties.getCloud().intValue() && IamConstants.DIGIWIN_CLOUD_APP.equalsIgnoreCase(findSysByTenantSidAndSysId.getId())) {
            String cacAuthKey = LoginUser.cacAuthKey(calcUser.getTenantId(), calcUser.getUserId(), "landingconsole");
            if (((AuthAppResultVO) RedisUtils.get(cacAuthKey, AuthAppResultVO.class)) != null) {
                calcUser.setAuthLandingConsole(true);
            } else {
                AuthAppResultVO authAppResult = this.cacService.getAuthAppResult(calcUser.getTenantId(), calcUser.getUserId(), "landingconsole");
                if (authAppResult != null && authAppResult.getSuccess()) {
                    calcUser.setAuthLandingConsole(true);
                    RedisUtils.set(cacAuthKey, authAppResult, RedisUtil.calcDuration(authAppResult.getExpiredDateTime()));
                }
            }
        }
        calcUser.setAppSid(findSysByTenantSidAndSysId.getSid());
        calcUser.setAppId(findSysByTenantSidAndSysId.getId());
        calcUser.setInside(findSysByTenantSidAndSysId.isInside());
        calcUser.setDealer(iamAuthoredUser.isDealer());
        calcUser.setEoc(iamAuthoredUser.isEoc());
        calcUser.setCorpWechat(iamAuthoredUser.isCorpWechat());
        return calcUser;
    }

    @Override // com.digiwin.dap.middleware.iam.support.validate.AuthValidateService
    public void checkDataPermission(DataTargetVO dataTargetVO, AuthoredUser authoredUser, Sys sys, Boolean bool) {
        if ("boss-notifier-management".equals(dataTargetVO.getActionId())) {
            dataTargetVO.setActionId("boss-message-center");
        }
        if (StringUtils.isEmpty(dataTargetVO.getTenantId())) {
            dataTargetVO.setTenantId(authoredUser.getTenantId());
        }
        if (StringUtils.isEmpty(dataTargetVO.getUserId())) {
            dataTargetVO.setUserId(authoredUser.getUserId());
        }
        if (StringUtils.isEmpty(dataTargetVO.getSysId())) {
            dataTargetVO.setSysId(sys.getId());
        }
        if (!authoredUser.getTenantId().equalsIgnoreCase(dataTargetVO.getTenantId()) && !IamConstants.DIGIWIN_TENANT_ID.equals(authoredUser.getTenantId())) {
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        }
        Tenant tenant = (Tenant) this.tenantCrudService.findById(dataTargetVO.getTenantId());
        if (tenant == null) {
            throw new BusinessException(I18nError.ERROR_21005, dataTargetVO.getTenantId());
        }
        dataTargetVO.setTenantSid(tenant.getSid());
        dataTargetVO.setTenantId(tenant.getId());
        if (bool.booleanValue()) {
            if (!authoredUser.getUserId().equalsIgnoreCase(dataTargetVO.getUserId()) && !IamConstants.INTEGRATION.equalsIgnoreCase(authoredUser.getUserId())) {
                throw new BusinessException(I18nError.IAM_USER_PERMISSION_ERROR);
            }
            User findUserByTenantSidAndUserId = this.authMapper.findUserByTenantSidAndUserId(Long.valueOf(dataTargetVO.getTenantSid()), dataTargetVO.getUserId());
            if (findUserByTenantSidAndUserId == null) {
                throw new BusinessException(I18nError.USER_TENANT_EXISTED_ERROR, new Object[]{dataTargetVO.getTenantId(), dataTargetVO.getUserId()});
            }
            dataTargetVO.setUserSid(findUserByTenantSidAndUserId.getSid());
            dataTargetVO.setUserId(findUserByTenantSidAndUserId.getId());
        }
        Sys findSysByTenantSidAndSysId = this.authMapper.findSysByTenantSidAndSysId(dataTargetVO.getTenantSid(), dataTargetVO.getSysId());
        if (findSysByTenantSidAndSysId == null) {
            throw new BusinessException(I18nError.PERMISSION_SYS_NO_TENANT, new Object[]{dataTargetVO.getSysId(), dataTargetVO.getTenantId()});
        }
        dataTargetVO.setSysSid(findSysByTenantSidAndSysId.getSid());
        dataTargetVO.setSysId(findSysByTenantSidAndSysId.getId());
        long sidByUnionKey = this.moduleCrudService.getSidByUnionKey(new Object[]{dataTargetVO.getModuleId(), Long.valueOf(dataTargetVO.getSysSid())});
        if (sidByUnionKey == 0) {
            throw new BusinessException(I18nError.PERMISSION_MODULE_NO_SYS, new Object[]{dataTargetVO.getModuleId(), dataTargetVO.getSysId()});
        }
        dataTargetVO.setModuleSid(sidByUnionKey);
        long j = 0;
        if (dataTargetVO.getSelf()) {
            j = dataTargetVO.getTenantSid();
        }
        long sidByUnionKey2 = this.actionCrudService.getSidByUnionKey(new Object[]{dataTargetVO.getActionId(), Long.valueOf(sidByUnionKey), Long.valueOf(j)});
        if (sidByUnionKey2 == 0) {
            throw new BusinessException(I18nError.PERMISSION_ACTION_NO_MODULE, new Object[]{dataTargetVO.getActionId(), dataTargetVO.getModuleId()});
        }
        dataTargetVO.setActionSid(sidByUnionKey2);
    }

    @Override // com.digiwin.dap.middleware.iam.support.validate.AuthValidateService
    public Boolean checkAccessPermission(String str, String str2, String str3, String str4) {
        return Boolean.valueOf(this.ramService.targetCanAccessPath(str, str4, str2, str3));
    }
}
