package cn.iocoder.yudao.module.crm.framework.permission.core.aop;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjUtil;
import cn.hutool.core.util.StrUtil;
import cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil;
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
import cn.iocoder.yudao.framework.common.util.spring.SpringExpressionUtils;
import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
import cn.iocoder.yudao.module.crm.dal.dataobject.permission.CrmPermissionDO;
import cn.iocoder.yudao.module.crm.enums.ErrorCodeConstants;
import cn.iocoder.yudao.module.crm.enums.common.CrmBizTypeEnum;
import cn.iocoder.yudao.module.crm.enums.permission.CrmPermissionLevelEnum;
import cn.iocoder.yudao.module.crm.framework.permission.core.annotations.CrmPermission;
import cn.iocoder.yudao.module.crm.service.permission.CrmPermissionService;
import cn.iocoder.yudao.module.crm.util.CrmPermissionUtils;
import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
import jakarta.annotation.Resource;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:cn/iocoder/yudao/module/crm/framework/permission/core/aop/CrmPermissionAspect.class */
public class CrmPermissionAspect {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CrmPermissionAspect.class);

    @Resource
    private CrmPermissionService crmPermissionService;

    @Resource
    private AdminUserApi adminUserApi;

    @Before("@annotation(crmPermission)")
    public void doBefore(JoinPoint joinPoint, CrmPermission crmPermission) {
        Map<String, Object> parseExpressions = parseExpressions(joinPoint, crmPermission);
        Integer type = StrUtil.isEmpty(crmPermission.bizTypeValue()) ? crmPermission.bizType()[0].getType() : (Integer) parseExpressions.get(crmPermission.bizTypeValue());
        Object obj = parseExpressions.get(crmPermission.bizId());
        HashSet hashSet = new HashSet();
        if (obj instanceof Collection) {
            hashSet.addAll(CollectionUtils.convertSet((Collection) obj, obj2 -> {
                return Long.valueOf(Long.parseLong(obj2.toString()));
            }));
        } else {
            hashSet.add(Long.valueOf(Long.parseLong(obj.toString())));
        }
        Integer level = crmPermission.level().getLevel();
        Map convertMultiMap = CollectionUtils.convertMultiMap(this.crmPermissionService.getPermissionListByBiz(type, hashSet), (v0) -> {
            return v0.getBizId();
        });
        hashSet.forEach(l -> {
            validatePermission(type, (List) convertMultiMap.get(l), level);
        });
    }

    private void validatePermission(Integer num, List<CrmPermissionDO> list, Integer num2) {
        if (CrmPermissionUtils.isCrmAdmin()) {
            return;
        }
        if (CollUtil.isEmpty(list)) {
            if (!CrmPermissionLevelEnum.isRead(num2)) {
                throw ServiceExceptionUtil.exception(ErrorCodeConstants.CRM_PERMISSION_DENIED, new Object[]{CrmBizTypeEnum.getNameByType(num)});
            }
            return;
        }
        if (CollectionUtils.anyMatch(list, crmPermissionDO -> {
            return CrmPermissionLevelEnum.isOwner(crmPermissionDO.getLevel());
        }) || !CrmPermissionLevelEnum.isRead(num2)) {
            Long userId = getUserId();
            CrmPermissionDO crmPermissionDO2 = (CrmPermissionDO) CollUtil.findOne(list, crmPermissionDO3 -> {
                return ObjUtil.equal(crmPermissionDO3.getUserId(), userId);
            });
            if (crmPermissionDO2 == null || !isUserPermissionValid(crmPermissionDO2, num2)) {
                for (Long l : CollectionUtils.convertSet(this.adminUserApi.getUserListBySubordinate(userId), (v0) -> {
                    return v0.getId();
                })) {
                    CrmPermissionDO crmPermissionDO4 = (CrmPermissionDO) CollUtil.findOne(list, crmPermissionDO32 -> {
                        return ObjUtil.equal(crmPermissionDO32.getUserId(), l);
                    });
                    if (crmPermissionDO4 != null && isUserPermissionValid(crmPermissionDO4, num2)) {
                        return;
                    }
                }
                log.info("[doBefore][userId({}) 要求权限({}) 实际权限({}) 数据校验错误]", new Object[]{userId, num2, JsonUtils.toJsonString(crmPermissionDO2)});
                throw ServiceExceptionUtil.exception(ErrorCodeConstants.CRM_PERMISSION_DENIED, new Object[]{CrmBizTypeEnum.getNameByType(num)});
            }
        }
    }

    private boolean isUserPermissionValid(CrmPermissionDO crmPermissionDO, Integer num) {
        if (CrmPermissionLevelEnum.isOwner(crmPermissionDO.getLevel())) {
            return true;
        }
        if (CrmPermissionLevelEnum.isRead(num) && (CrmPermissionLevelEnum.isRead(crmPermissionDO.getLevel()) || CrmPermissionLevelEnum.isWrite(crmPermissionDO.getLevel()))) {
            return true;
        }
        return CrmPermissionLevelEnum.isWrite(num) && CrmPermissionLevelEnum.isWrite(crmPermissionDO.getLevel());
    }

    private static Long getUserId() {
        return WebFrameworkUtils.getLoginUserId();
    }

    private static Map<String, Object> parseExpressions(JoinPoint joinPoint, CrmPermission crmPermission) {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(crmPermission.bizId());
        if (StrUtil.isNotEmpty(crmPermission.bizTypeValue())) {
            arrayList.add(crmPermission.bizTypeValue());
        }
        return SpringExpressionUtils.parseExpressions(joinPoint, arrayList);
    }
}
