package com.digiwin.dap.middleware.iam.support.aspect.entity;

import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.entity.Association;
import com.digiwin.dap.middleware.iam.entity.Role;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.service.WhiteListService;
import com.digiwin.dap.middleware.iam.service.role.RoleCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.util.UserUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:com/digiwin/dap/middleware/iam/support/aspect/entity/DigiSecurityAspect.class */
public class DigiSecurityAspect {

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private RoleCrudService roleCrudService;

    @Autowired
    private WhiteListService whiteListService;

    @Before("execution(public * com.digiwin.dap.middleware.service.impl.BaseEntityManagerService.create(..))&& target(com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService)")
    public void banNonAdFromDigi(JoinPoint joinPoint) {
        UserInTenant userInTenant = (UserInTenant) joinPoint.getArgs()[0];
        if (IamConstants.DIGIWIN_TENANT_ID.equals(this.tenantCrudService.findBySid(userInTenant.getTenantSid()).getId())) {
            User findBySid = this.userCrudService.findBySid(userInTenant.getUserSid());
            if (findBySid.normal() && !findBySid.getId().toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL)) {
                throw new BusinessException(I18nError.IAM_DIGI_SECURITY_AD);
            }
        }
    }

    @Before("execution(public * com.digiwin.dap.middleware.service.impl.BaseEntityManagerService.create(..))&& target(com.digiwin.dap.middleware.iam.service.user.UserInRoleCrudService)")
    public void controlDigiAdmin(JoinPoint joinPoint) {
        Association association = (Association) joinPoint.getArgs()[0];
        Role findByTenantSidAndSid = this.roleCrudService.findByTenantSidAndSid(association.getTenantSid(), association.getRoleSid());
        if (findByTenantSidAndSid != null && "superadmin".equals(findByTenantSidAndSid.getId()) && IamConstants.DIGIWIN_TENANT_ID.equals(this.tenantCrudService.findBySid(findByTenantSidAndSid.getTenantSid()).getId()) && !this.whiteListService.getWhiteList(IamConstants.ALLOW_GRANT_ADMIN).contains(UserUtils.getUserId())) {
            throw new BusinessException(I18nError.IAM_DIGI_SECURITY_ADMIN);
        }
    }
}
