package com.esen.eacl.action;

import com.esen.eacl.Login;
import com.esen.eacl.Org;
import com.esen.eacl.PmChecker;
import com.esen.eacl.PmFactory;
import com.esen.eacl.PmService;
import com.esen.eacl.User;
import com.esen.eacl.UserOrgServiceFactory;
import com.esen.eacl.WebUtils;
import com.esen.eacl.cluster.EaclClusterConst;
import com.esen.eacl.log.EaclRoleModuleOperationRegistory;
import com.esen.eacl.log.EaclUserOrgModuleOperationRegistory;
import com.esen.eacl.org.OrgConst;
import com.esen.eacl.permission.AuditComparPm;
import com.esen.eacl.permission.AuthType;
import com.esen.eacl.permission.ExtendPmManager;
import com.esen.eacl.permission.ExtendPmService;
import com.esen.eacl.permission.Permission;
import com.esen.eacl.permission.PmAuditManager;
import com.esen.eacl.permission.PmCollection;
import com.esen.eacl.permission.PmHost;
import com.esen.eacl.resource.EaclResourceConst;
import com.esen.eacl.role.PowersSeparation;
import com.esen.eacl.role.Role;
import com.esen.eacl.role.RoleService;
import com.esen.ecluster.api.Cluster;
import com.esen.ecluster.api.lock.ResLockManager;
import com.esen.ecluster.api.message.ClusterMessage;
import com.esen.ecore.log.LogService;
import com.esen.ecore.log.Operation;
import com.esen.ecore.resource.ResourceId;
import com.esen.ecore.resource.ResourceUtil;
import com.esen.eres.ResourceOper;
import com.esen.eres.ResourceOperSets;
import com.esen.eres.ResourceTree;
import com.esen.exception.RuntimeException4I18N;
import com.esen.util.ArrayFunc;
import com.esen.util.ExceptionHandler;
import com.esen.util.JsonUtils;
import com.esen.util.StrFunc;
import com.esen.util.UNID;
import com.esen.util.i18n.I18N;
import com.esen.util.security.SecurityFunc;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping({"/eacl/permission"})
@Controller
/* loaded from: input_file:com/esen/eacl/action/ActionPermission.class */
public class ActionPermission {

    @Autowired
    private ResourceTree tree;

    @Autowired
    private PmService pmService;

    @Autowired
    private LogService logService;

    @Autowired
    private PmAuditManager auditService;

    @Autowired
    private PmFactory pmFactory;

    @Autowired
    ExtendPmManager extendPmManager;

    @Autowired
    private PowersSeparation powers;

    @Autowired
    private Cluster cluster;

    @Autowired
    private UserOrgServiceFactory userOrgService;

    @Autowired
    private RoleService roleService;
    private static final Logger SLF4J = LoggerFactory.getLogger(ActionPermission.class);

    private Login getLogin() {
        return WebUtils.getLogin();
    }

    @RequestMapping
    @ResponseBody
    protected Object jsexecute(HttpServletRequest httpServletRequest) throws Exception {
        String parameter = httpServletRequest.getParameter("action");
        if ("getrsconfig".equalsIgnoreCase(parameter)) {
            return doGetRsconfig(httpServletRequest);
        }
        if ("getpms".equalsIgnoreCase(parameter)) {
            return doGetPm(httpServletRequest);
        }
        if ("savepms".equalsIgnoreCase(parameter)) {
            doSavePm(httpServletRequest);
            return null;
        }
        if ("batchsavepms".equalsIgnoreCase(parameter)) {
            doBatchSavePm(httpServletRequest);
            return null;
        }
        if ("checkcanauth".equalsIgnoreCase(parameter)) {
            return doCheckCanAuth(httpServletRequest);
        }
        if ("getallbyres".equalsIgnoreCase(parameter) || "getpmsbyhost".equalsIgnoreCase(parameter) || "savebyres".equalsIgnoreCase(parameter)) {
            return null;
        }
        if ("getparentrids".equalsIgnoreCase(parameter)) {
            return doGetParentRids(httpServletRequest);
        }
        if ("getrescaption".equalsIgnoreCase(parameter)) {
            return doGetResCaption(httpServletRequest);
        }
        if ("getresbyrid".equalsIgnoreCase(parameter)) {
            return getResByRid(httpServletRequest);
        }
        return null;
    }

    private String getResByRid(HttpServletRequest httpServletRequest) {
        String[] split = SecurityFunc.checkXSSParam(httpServletRequest, "rids").split(",");
        JSONArray jSONArray = new JSONArray();
        for (String str : split) {
            ResourceId resource = ResourceUtil.getResource(str);
            if (resource == null) {
                return null;
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("rid", str);
            jSONObject.put("caption", resource.getCaption());
            jSONObject.put(OrgConst.IMPORT_MODULE_TYPE, resource.getModuleId());
            jSONObject.put("type", resource.getType());
            JSONArray jSONArray2 = new JSONArray();
            while (true) {
                ResourceId parentNode = resource.getParentNode();
                resource = parentNode;
                if (parentNode != null) {
                    jSONArray2.put(resource.getId());
                }
            }
            jSONObject.put("parent", jSONArray2);
            jSONArray.put(jSONObject);
        }
        return jSONArray.toString();
    }

    private Map<String, ResourceOperSets> doGetRsconfig(HttpServletRequest httpServletRequest) throws Exception {
        return this.tree.listOpers();
    }

    private List<ResourceOper> doCheckCanAuth(HttpServletRequest httpServletRequest) throws Exception {
        String checkSQLParam = SecurityFunc.checkSQLParam(SecurityFunc.checkResID(httpServletRequest.getParameter("rid")));
        List<ResourceOper> resOpers = this.tree.getResOpers(checkSQLParam);
        Login login = getLogin();
        if (login.isAdmin()) {
            return resOpers;
        }
        PmChecker createAuthPmChecker = this.pmFactory.createAuthPmChecker(login);
        ArrayList arrayList = new ArrayList();
        for (ResourceOper resourceOper : resOpers) {
            try {
                if (createAuthPmChecker.check(checkSQLParam, resourceOper.getOperId(), resourceOper.getArea())) {
                    arrayList.add(resourceOper);
                }
            } catch (Exception e) {
                SLF4J.error(I18N.getString("com.esen.eacl.action.actionpermission.checkcanautherror", "校验资源:{0}的授权权限出错", new Object[]{checkSQLParam}), e);
            }
        }
        return arrayList;
    }

    private PmHost getPmHost(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("authtype");
        SecurityFunc.checkSQLParam(parameter);
        return PmHost.createPmHost(SecurityFunc.checkXSSParam(httpServletRequest.getParameter("authid")), StrFunc.str2int(parameter, 0));
    }

    private String doGetPm(HttpServletRequest httpServletRequest) throws Exception {
        boolean parseBoolean = StrFunc.parseBoolean(httpServletRequest.getParameter("accOtherUser"), false);
        Login login = WebUtils.getLogin(httpServletRequest);
        String parameter = httpServletRequest.getParameter("authid");
        if (!parseBoolean && !StrFunc.compareStr(parameter, login.getId())) {
            ExceptionHandler.throwRuntimeException("com.esen.eacl.action.actionpermission.notaccessotheruser", "不能访问其它用户的权限");
        }
        PmHost pmHost = getPmHost(httpServletRequest);
        ArrayList arrayList = new ArrayList();
        Collection<Permission> pmSet = this.pmService.getPmSet(pmHost);
        if (pmSet != null) {
            arrayList.addAll(pmSet);
        }
        ArrayNode createArray = JsonUtils.createArray();
        Collection<PmHost> listHosts = this.pmService.listHosts(pmHost);
        for (ExtendPmService extendPmService : this.extendPmManager.getAllExtendPmService()) {
            Collection<? extends Permission> listPms = extendPmService.listPms(listHosts);
            if (listPms != null) {
                arrayList.addAll(listPms);
            }
        }
        pmSet2Json(createArray, arrayList);
        return createArray.toString();
    }

    private void pmSet2Json(ArrayNode arrayNode, Collection<Permission> collection) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (collection != null) {
            Iterator<Permission> it = collection.iterator();
            while (it.hasNext()) {
                parsePm2Json(arrayNode, it.next(), hashMap, hashMap2);
            }
        }
    }

    private void parsePm2Json(ArrayNode arrayNode, Permission permission, Map<String, String> map, Map<String, String> map2) {
        String resourceid = permission.getResourceid();
        saveRidparents(map, map2, resourceid);
        String str = map2.get(resourceid);
        if (StrFunc.isNull(str)) {
            return;
        }
        String str2 = map.get(resourceid);
        ObjectNode addObject = arrayNode.addObject();
        addObject.put("parentids", str);
        addObject.put("rescaption", StrFunc.null2blank(str2));
        addObject.put("id", permission.getId());
        addObject.put("authType", permission.getAuthType());
        addObject.put("authid", permission.getAuthid());
        addObject.put("resourceid", resourceid);
        addObject.put("operation", permission.getOperation());
        addObject.put("operarea", permission.getOperarea());
        addObject.put("deny", permission.isDeny());
        addObject.put("ownerUserid", permission.getOwnerUserid());
        addObject.put("pmCondition", StrFunc.null2blank(permission.getPmCondition()));
        addObject.put("resourceType", permission.getResourceType());
        addObject.put("moduleType", permission.getModuleType());
        addObject.put("match", permission.isMatch());
        addObject.put("pmProperty", permission.getPmProperty());
    }

    private void saveRidparents(Map<String, String> map, Map<String, String> map2, String str) {
        if (map2.containsKey(str)) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        try {
            ResourceId resource = this.tree.getResource(str);
            if (resource == null) {
                map2.put(str, null);
                return;
            }
            String caption = resource.getCaption();
            if (StrFunc.compareStr("SELF", resource.getName())) {
                arrayList.add(str);
            } else {
                if (resource != null) {
                    int i = 0;
                    while (true) {
                        ResourceId parentNode = resource.getParentNode();
                        resource = parentNode;
                        if (parentNode == null) {
                            break;
                        }
                        arrayList.add(0, resource.getId());
                        if (i > 50) {
                            ExceptionHandler.throwRuntimeException("com.esen.eacl.pmchecker.pmcheckerlmpl.cantgetparent", "资源id{0}上级超过50级！", new Object[]{str});
                        }
                        i++;
                    }
                }
                arrayList.add(str);
            }
            map.put(str, caption);
            map2.put(str, ArrayFunc.list2Str(arrayList, "/"));
        } catch (Exception e) {
            SLF4J.error(I18N.getString("com.esen.eacl.action.actionpermission.canotfindupids", "查找资源:{0}和上级资源id出错", new Object[]{str}), e);
            map2.put(str, null);
        }
    }

    private void doSavePm(HttpServletRequest httpServletRequest) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        PmHost pmHost = getPmHost(httpServletRequest);
        Login login = WebUtils.getLogin(httpServletRequest);
        try {
            Collection<Permission> filterSavePms = filterSavePms(pmHost, getPms(httpServletRequest), login);
            ResLockManager resLockManager = this.cluster.getResLockManager();
            resLockManager.lock(EaclResourceConst.RES_USERPERMISSION, I18N.getString("com.esen.eacl.action.actionorgset.savepmlock", "保存权限操作上锁"), login.getId());
            try {
                AuditComparPm saveAuditPermission = this.auditService.saveAuditPermission(filterSavePms, pmHost);
                resLockManager.unlock(EaclResourceConst.RES_USERPERMISSION, login.getId());
                if (this.cluster.isCluster()) {
                    this.cluster.syncResource(EaclResourceConst.MOUDLE_ID, "", EaclClusterConst.OPER_PM, (ClusterMessage) null);
                }
                loginfo(httpServletRequest, currentTimeMillis, pmHost, saveAuditPermission);
            } catch (Throwable th) {
                resLockManager.unlock(EaclResourceConst.RES_USERPERMISSION, login.getId());
                throw th;
            }
        } catch (Exception e) {
            logerr(httpServletRequest, currentTimeMillis, pmHost, e);
            ExceptionHandler.rethrowRuntimeException(e);
        }
    }

    private void doBatchSavePm(HttpServletRequest httpServletRequest) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        Login login = WebUtils.getLogin(httpServletRequest);
        if (!login.isAdmin()) {
            ExceptionHandler.throwRuntimeException("com.esen.eacl.action.actionorgset.noper", "非管理员用户不能使用批量授权接口。");
        }
        JSONArray jSONArray = new JSONArray(SecurityFunc.checkXSSParam(httpServletRequest.getParameter("content")));
        HashMap hashMap = new HashMap();
        int length = jSONArray.length();
        for (int i = 0; i < length; i++) {
            JSONObject defaultValue = defaultValue(jSONArray.optJSONObject(i));
            PmHost createPmHost = PmHost.createPmHost(defaultValue.optString("authid"), defaultValue.optInt("authType"));
            String optString = defaultValue.optString("operation");
            JSONArray optJSONArray = defaultValue.optJSONArray("pmProperty");
            ExtendPmService expOperPermissionByOper = this.extendPmManager.getExpOperPermissionByOper(optString);
            Collection collection = (Collection) hashMap.get(createPmHost);
            if (collection == null) {
                collection = new ArrayList();
                hashMap.put(createPmHost, collection);
            }
            if (optJSONArray != null) {
                int length2 = optJSONArray.length();
                for (int i2 = 0; i2 < length2; i2++) {
                    Permission permission = expOperPermissionByOper == null ? new Permission(defaultValue) : expOperPermissionByOper.createPermission(defaultValue);
                    permission.markNewId();
                    permission.setPmProperty(optJSONArray.optString(i2));
                    collection.add(permission);
                }
            } else {
                Permission permission2 = expOperPermissionByOper == null ? new Permission(defaultValue) : expOperPermissionByOper.createPermission(defaultValue);
                permission2.markNewId();
                collection.add(permission2);
            }
        }
        ResLockManager resLockManager = this.cluster.getResLockManager();
        for (PmHost pmHost : hashMap.keySet()) {
            try {
                resLockManager.lock(EaclResourceConst.RES_USERPERMISSION, I18N.getString("com.esen.eacl.action.actionorgset.savepmlock", "保存权限操作上锁"), login.getId());
                try {
                    AuditComparPm saveAuditPermission = this.auditService.saveAuditPermission((Collection) hashMap.get(pmHost), pmHost);
                    resLockManager.unlock(EaclResourceConst.RES_USERPERMISSION, login.getId());
                    loginfo(httpServletRequest, currentTimeMillis, pmHost, saveAuditPermission);
                } catch (Throwable th) {
                    resLockManager.unlock(EaclResourceConst.RES_USERPERMISSION, login.getId());
                    throw th;
                    break;
                }
            } catch (Exception e) {
                logerr(httpServletRequest, currentTimeMillis, pmHost, e);
            }
        }
        if (this.cluster.isCluster()) {
            this.cluster.syncResource(EaclResourceConst.MOUDLE_ID, "", EaclClusterConst.OPER_PM, (ClusterMessage) null);
        }
    }

    private JSONObject defaultValue(JSONObject jSONObject) {
        if (StrFunc.isNull(jSONObject.optString("ownerUserid"))) {
            jSONObject.put("ownerUserid", "admin");
        }
        return jSONObject;
    }

    private Collection<Permission> getPms(HttpServletRequest httpServletRequest) throws InstantiationException, IllegalAccessException {
        String filter = SecurityFunc.filter(httpServletRequest.getParameter("content"));
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray = new JSONArray(filter);
        int length = jSONArray.length();
        for (int i = 0; i < length; i++) {
            JSONObject optJSONObject = jSONArray.optJSONObject(i);
            ExtendPmService expOperPermissionByOper = this.extendPmManager.getExpOperPermissionByOper(optJSONObject.optString("operation"));
            arrayList.add(expOperPermissionByOper == null ? new Permission(optJSONObject) : expOperPermissionByOper.createPermission(optJSONObject));
        }
        return arrayList;
    }

    private Collection<Permission> filterSavePms(PmHost pmHost, Collection<Permission> collection, Login login) {
        List<PmCollection> allPm = login.getPmChecker().getAllPm();
        HashMap hashMap = new HashMap();
        if (allPm != null) {
            Iterator<PmCollection> it = allPm.iterator();
            while (it.hasNext()) {
                List<Permission> pm = it.next().getPm(true);
                if (pm != null) {
                    Iterator<Permission> it2 = pm.iterator();
                    while (it2.hasNext()) {
                        Permission m47clone = it2.next().m47clone();
                        m47clone.setId(UNID.randomID());
                        m47clone.setAuthid(pmHost.getAuthid());
                        m47clone.setAuthType(pmHost.getAuthType());
                        m47clone.setMatch(false);
                        m47clone.setOwnerUserid(login.getId());
                        hashMap.put(Integer.valueOf(m47clone.hashCode()), m47clone);
                    }
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        for (Permission permission : collection) {
            if (!permission.isMatch() && StrFunc.compareStr(pmHost.getAuthid(), permission.getAuthid()) && pmHost.getAuthType() == permission.getAuthType()) {
                arrayList.add(permission);
                hashMap.remove(Integer.valueOf(permission.hashCode()));
            }
        }
        Iterator it3 = hashMap.values().iterator();
        while (it3.hasNext()) {
            arrayList.add((Permission) it3.next());
        }
        return arrayList;
    }

    private Map<String, Object> pmHost2log(PmHost pmHost) {
        Org query;
        Org query2;
        Role find;
        User query3;
        HashMap hashMap = new HashMap();
        int authType = pmHost.getAuthType();
        String authid = pmHost.getAuthid();
        String authname = pmHost.getAuthname();
        if (authType == AuthType.USER.getType()) {
            hashMap.put("resid", ResourceUtil.getResourceId(EaclResourceConst.MOUDLE_ID, EaclResourceConst.RES_TYPE_USER.getType(), authid));
            hashMap.put("oper", EaclUserOrgModuleOperationRegistory.EaclUserOrgLogOperation.OP_EDITUSERPM);
            hashMap.put("caption", I18N.getString("com.esen.eacl.action.actionpermission.modiuserpermission", "修改用户“{0}”权限", I18N.getDefaultLocale(), new Object[]{authid}));
            if (authname == null && (query3 = this.userOrgService.getUserService().query(authid, false)) != null) {
                authname = query3.getCaption();
            }
        } else if (authType == AuthType.ROLE.getType()) {
            hashMap.put("resid", ResourceUtil.getResourceId(EaclResourceConst.MOUDLE_ID, EaclResourceConst.RES_TYPE_ROLE.getType(), authid));
            hashMap.put("oper", EaclRoleModuleOperationRegistory.EaclRoleLogOperation.OP_EDITROLEPM);
            hashMap.put("caption", I18N.getString("com.esen.eacl.action.actionpermission.modirolepermission", "修改角色“{0}”权限", I18N.getDefaultLocale(), new Object[]{authid}));
            if (authname == null && (find = this.roleService.find(authid)) != null) {
                authname = find.getName();
            }
        } else if (authType == AuthType.ORG.getType()) {
            hashMap.put("resid", ResourceUtil.getResourceId(EaclResourceConst.MOUDLE_ID, EaclResourceConst.RES_TYPE_ORG.getType(), authid));
            hashMap.put("oper", EaclUserOrgModuleOperationRegistory.EaclUserOrgLogOperation.OP_EDITORGPM);
            hashMap.put("caption", I18N.getString("com.esen.eacl.action.actionpermission.modiorgpermission", "修改机构“{0}”权限", I18N.getDefaultLocale(), new Object[]{authid}));
            if (authname == null && (query2 = this.userOrgService.getOrgService().query(null, authid, false)) != null) {
                authname = query2.getCaption();
            }
        } else {
            if (authType != AuthType.SUBORG.getType()) {
                throw new RuntimeException4I18N("com.esen.eacl.action.actionpermission.illegaltype", "不合法的授权者类型{0}", new Object[]{Integer.valueOf(authType)});
            }
            hashMap.put("resid", ResourceUtil.getResourceId(EaclResourceConst.MOUDLE_ID, EaclResourceConst.RES_TYPE_ORG.getType(), authid));
            hashMap.put("oper", EaclUserOrgModuleOperationRegistory.EaclUserOrgLogOperation.OP_EDITDPCHPM);
            hashMap.put("caption", I18N.getString("com.esen.eacl.action.actionpermission.modiorglowerpermission", "修改机构“{0}”所有下级权限", I18N.getDefaultLocale(), new Object[]{authid}));
            if (authname == null && (query = this.userOrgService.getOrgService().query(null, authid, false)) != null) {
                authname = query.getCaption();
            }
        }
        hashMap.put("resName", authname);
        return hashMap;
    }

    private void loginfo(HttpServletRequest httpServletRequest, long j, PmHost pmHost, AuditComparPm auditComparPm) {
        String str;
        String string;
        Map<String, Object> pmHost2log = pmHost2log(pmHost);
        long currentTimeMillis = System.currentTimeMillis();
        String str2 = (String) pmHost2log.get("caption");
        Collection<String> addPms = auditComparPm.getAddPms(true);
        Collection<String> removePms = auditComparPm.getRemovePms(true);
        if (this.powers.isOpenPmAudit()) {
            str = I18N.getString("com.esen.eacl.action.actionpermission.submitauditpermissioncaption", "提交审核权限申请成功。申请内容如下：\r\n{0}。", I18N.getDefaultLocale(), new Object[]{str2});
            string = I18N.getString("com.esen.eacl.action.actionpermission.submitauditpermissiondetail", "提交审核权限申请成功，申请详细内容如下：\r\n{0}。\r\n新增权限如下:{1};\r\n删除权限如下:{2}。\r\n花费时间为：{3}毫秒。", I18N.getDefaultLocale(), new Object[]{str2, JsonUtils.toJSONString(addPms), JsonUtils.toJSONString(removePms), Long.valueOf(currentTimeMillis - j)});
        } else {
            str = str2;
            string = I18N.getString("com.esen.eacl.action.actionpermission.savepermissiondetail", "{0}。\r\n新增权限如下:{1};\r\n删除权限如下:{2}。\r\n花费时间为：{3}毫秒。", I18N.getDefaultLocale(), new Object[]{str2, JsonUtils.toJSONString(addPms), JsonUtils.toJSONString(removePms), Long.valueOf(currentTimeMillis - j)});
        }
        this.logService.create().rid((String) pmHost2log.get("resid")).rname((String) pmHost2log.get("resName")).start(j).desc(str).op((Operation) pmHost2log.get("oper")).detail(string).info().end(currentTimeMillis).add();
    }

    private void logerr(HttpServletRequest httpServletRequest, long j, PmHost pmHost, Exception exc) {
        Map<String, Object> pmHost2log = pmHost2log(pmHost);
        Operation operation = (Operation) pmHost2log.get("oper");
        String str = (String) pmHost2log.get("resid");
        String str2 = (String) pmHost2log.get("resName");
        String str3 = (String) pmHost2log.get("caption");
        this.logService.create().error().desc(this.powers.isOpenPmAudit() ? I18N.getString("com.esen.eacl.action.actionpermission.submitauditpermissioncaptionfail", "提交审核权限申请失败。失败申请内容如下：\r\n{0}。", I18N.getDefaultLocale(), new Object[]{str3}) : I18N.getString("com.esen.eacl.action.actionpermission.savepermissioncaptionfail", "保存权限失败。失败内容如下：\r\n{0}。", I18N.getDefaultLocale(), new Object[]{str3})).start(j).op(operation).rid(str).rname(str2).exception(exc).end(System.currentTimeMillis()).add();
    }

    private String doGetParentRids(HttpServletRequest httpServletRequest) {
        ResourceId resource = this.tree.getResource(httpServletRequest.getParameter("rid"));
        if (resource == null) {
            return "";
        }
        JSONArray jSONArray = new JSONArray();
        while (true) {
            ResourceId parentNode = resource.getParentNode();
            resource = parentNode;
            if (parentNode == null) {
                return jSONArray.toString();
            }
            jSONArray.put(resource.getId());
        }
    }

    private String doGetResCaption(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("rid");
        SecurityFunc.checkXSSParam(parameter);
        String[] split = parameter.split(",");
        JSONArray jSONArray = new JSONArray();
        for (String str : split) {
            ResourceId resource = this.tree.getResource(str);
            jSONArray.put(resource == null ? "" : resource.getCaption());
        }
        return jSONArray.toString();
    }
}
