package com.elitescloud.cloudt.core.security.util;

import com.elitescloud.boot.datasecurity.dataauth.AuthScope;
import com.elitescloud.cloudt.authorization.core.SecurityContextUtil;
import com.elitescloud.cloudt.common.base.QBaseModel;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import com.querydsl.core.types.ExpressionUtils;
import com.querydsl.core.types.PathMetadata;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.Expressions;
import com.querydsl.jpa.impl.JPAQuery;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.springframework.web.context.request.RequestContextHolder;

@Deprecated(forRemoval = true, since = "3.2.0")
/* loaded from: input_file:com/elitescloud/cloudt/core/security/util/DataAuthJpaUtil.class */
public class DataAuthJpaUtil {
    private static final String ROUTE_KEY = "RouteKey";
    private static boolean dataPermissionEnable = false;

    private DataAuthJpaUtil() {
    }

    public static <T> void dataAuthJpaFilter(JPAQuery<T> jPAQuery, PathMetadata pathMetadata) {
        dataAuthFilter(jPAQuery, pathMetadata, null);
    }

    public static <T> void dataAuthJpaFilter(JPAQuery<T> jPAQuery, PathMetadata pathMetadata, int i) {
        dataAuthFilter(jPAQuery, pathMetadata, Integer.valueOf(i));
    }

    private static <T> void dataAuthFilter(JPAQuery<T> jPAQuery, PathMetadata pathMetadata, Integer num) {
        GeneralUserDetails currentUser = SecurityContextUtil.currentUser();
        QBaseModel qBaseModel = new QBaseModel(pathMetadata);
        String requestSysDataRoute = getRequestSysDataRoute();
        Predicate preCheck = preCheck(currentUser, qBaseModel, requestSysDataRoute);
        if (preCheck != null) {
            jPAQuery.where(preCheck);
        } else {
            buildCodePathPredicate(jPAQuery, qBaseModel, currentUser, sysDataRoleOperation(currentUser, requestSysDataRoute, true), num);
        }
    }

    public static Predicate dataAuthJpaPredicate(PathMetadata pathMetadata) {
        Predicate preCheck = preCheck(SecurityContextUtil.currentUser(), new QBaseModel(pathMetadata), getRequestSysDataRoute());
        if (preCheck != null) {
            return preCheck;
        }
        return null;
    }

    private static Predicate preCheck(GeneralUserDetails generalUserDetails, QBaseModel qBaseModel, String str) {
        return !dataPermissionEnable ? Expressions.booleanTemplate("1=1", new Object[0]) : (generalUserDetails == null || generalUserDetails.getUser() == null) ? Expressions.booleanTemplate("1=1", new Object[0]) : (generalUserDetails.isSystemAdmin() || generalUserDetails.isTenantAdmin()) ? Expressions.booleanTemplate("1=1", new Object[0]) : buildIdInPredicate(qBaseModel, generalUserDetails, sysDataRoleOperation(generalUserDetails, str, false));
    }

    private static <T> void buildCodePathPredicate(JPAQuery<T> jPAQuery, QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, AuthScope authScope, Integer num) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (CollectionUtils.isNotEmpty(authScope.getBuIds())) {
            hashSet.addAll(authScope.getBuIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getCustomizedBuIds())) {
            hashSet.addAll(authScope.getCustomizedBuIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getChildBuIds()) && CollectionUtils.isNotEmpty(authScope.getBuCodePath()) && (num == null || hashSet.size() + authScope.getChildBuIds().size() <= num.intValue())) {
            hashSet.addAll(authScope.getChildBuIds());
        }
        if (CollectionUtils.isNotEmpty(hashSet)) {
            arrayList.add(qBaseModel.secBuId.in(hashSet));
        }
        if (CollectionUtils.isNotEmpty(authScope.getEmpIds())) {
            hashSet2.addAll(authScope.getEmpIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getCustomizedEmpIds())) {
            hashSet2.addAll(authScope.getCustomizedEmpIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getChildEmpIds()) && CollectionUtils.isNotEmpty(authScope.getEmpCodePath()) && (num == null || hashSet2.size() + authScope.getChildEmpIds().size() <= num.intValue())) {
            hashSet2.addAll(authScope.getChildEmpIds());
        }
        if (CollectionUtils.isNotEmpty(hashSet2)) {
            arrayList.add(qBaseModel.secUserId.in(hashSet2));
        }
        if (CollectionUtils.isNotEmpty(authScope.getOuIds())) {
            arrayList.add(qBaseModel.secOuId.in(authScope.getOuIds()));
        }
        if (CollectionUtils.isNotEmpty(arrayList)) {
            arrayList.add(qBaseModel.createUserId.eq(generalUserDetails.getUser().getId()));
            jPAQuery.where(ExpressionUtils.anyOf(arrayList));
        }
    }

    private static Predicate buildIdInPredicate(QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, AuthScope authScope) {
        Set<Long> buIds = authScope.getBuIds();
        Set<Long> empIds = authScope.getEmpIds();
        Set<Long> ouIds = authScope.getOuIds();
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(buIds)) {
            arrayList.add(qBaseModel.secBuId.in(buIds));
        }
        if (CollectionUtils.isNotEmpty(empIds)) {
            arrayList.add(qBaseModel.secUserId.in(empIds));
        }
        if (CollectionUtils.isNotEmpty(ouIds)) {
            arrayList.add(qBaseModel.secOuId.in(ouIds));
        }
        if (!CollectionUtils.isNotEmpty(arrayList)) {
            return Expressions.booleanTemplate("1=1", new Object[0]);
        }
        arrayList.add(qBaseModel.createUserId.eq(generalUserDetails.getUser().getId()));
        return ExpressionUtils.anyOf(arrayList);
    }

    private static AuthScope sysDataRoleOperation(GeneralUserDetails generalUserDetails, String str, boolean z) {
        return new AuthScope();
    }

    private static String getRequestSysDataRoute() {
        if (RequestContextHolder.getRequestAttributes() == null) {
            return null;
        }
        return RequestContextHolder.getRequestAttributes().getRequest().getHeader(ROUTE_KEY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setDataPermissionEnable(boolean z) {
        dataPermissionEnable = z;
    }
}
