package com.elitescloud.boot.datasecurity.dpr.service.impl;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.StrUtil;
import com.elitescloud.boot.auth.util.SecurityContextUtil;
import com.elitescloud.boot.auth.util.SecurityUtil;
import com.elitescloud.boot.common.annotation.BusinessObject;
import com.elitescloud.boot.common.annotation.BusinessObjectOperation;
import com.elitescloud.boot.common.constant.CompatibleModeEnum;
import com.elitescloud.boot.datasecurity.config.DataSecurityProperties;
import com.elitescloud.boot.datasecurity.dpr.service.RoleDataPermissionRuleCacheService;
import com.elitescloud.boot.datasecurity.dpr.service.RoleDataPermissionRuleService;
import com.elitescloud.cloudt.context.util.HttpServletUtil;
import com.elitescloud.cloudt.system.constant.DataPermissionType;
import com.elitescloud.cloudt.system.dto.SysDpcRoleApiFieldsDTO;
import com.elitescloud.cloudt.system.dto.SysDprRoleApiDataRuleListQueryDTO;
import com.elitescloud.cloudt.system.dto.SysDprRoleApiRowColumnRuleDTO;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/datasecurity/dpr/service/impl/RoleDataPermissionRuleServiceImpl.class */
public class RoleDataPermissionRuleServiceImpl implements RoleDataPermissionRuleService {
    private static final Logger log = LoggerFactory.getLogger(RoleDataPermissionRuleServiceImpl.class);
    private final RoleDataPermissionRuleCacheService roleDataPermissionRuleCacheInterface;
    private final DataSecurityProperties properties;

    public RoleDataPermissionRuleServiceImpl(RoleDataPermissionRuleCacheService roleDataPermissionRuleCacheService, DataSecurityProperties dataSecurityProperties) {
        this.roleDataPermissionRuleCacheInterface = roleDataPermissionRuleCacheService;
        this.properties = dataSecurityProperties;
    }

    @Override // com.elitescloud.boot.datasecurity.dpr.service.RoleDataPermissionRuleService
    public SysDprRoleApiRowColumnRuleDTO getMatchedDataPermission() {
        return queryDataPermission(true);
    }

    @Override // com.elitescloud.boot.datasecurity.dpr.service.RoleDataPermissionRuleService
    public SysDprRoleApiRowColumnRuleDTO getOriginalDataPermission() {
        return queryDataPermission(false);
    }

    private SysDprRoleApiRowColumnRuleDTO queryDataPermission(boolean z) {
        HttpServletRequest currentRequest = HttpServletUtil.currentRequest();
        if (!supportDataPermission(currentRequest)) {
            return null;
        }
        String currentToken = SecurityContextUtil.currentToken();
        if (!StringUtils.hasText(currentToken)) {
            log.error("数据权限：获取Token为空 ");
            SecurityUtil.throwUnauthorizedException();
            return null;
        }
        SysDprRoleApiRowColumnRuleDTO orElseGet = this.roleDataPermissionRuleCacheInterface.getTokenDprLocalCache(currentToken).orElseGet(() -> {
            return this.roleDataPermissionRuleCacheInterface.getTokenDprRedisCache(currentToken).orElseGet(() -> {
                return this.roleDataPermissionRuleCacheInterface.roleDataPermissionRuleRpc(currentToken);
            });
        });
        if (orElseGet == null || !z) {
            return orElseGet;
        }
        SysDprRoleApiRowColumnRuleDTO sysDprRoleApiRowColumnRuleDTO = new SysDprRoleApiRowColumnRuleDTO();
        sysDprRoleApiRowColumnRuleDTO.setUserId(orElseGet.getUserId());
        sysDprRoleApiRowColumnRuleDTO.setTenantId(orElseGet.getTenantId());
        sysDprRoleApiRowColumnRuleDTO.setTenantOrgId(orElseGet.getTenantOrgId());
        sysDprRoleApiRowColumnRuleDTO.setRoelIdList(orElseGet.getRoelIdList());
        sysDprRoleApiRowColumnRuleDTO.setRoleCodeList(orElseGet.getRoleCodeList());
        sysDprRoleApiRowColumnRuleDTO.setSysDprRoleApiDataRuleListQueryDTO(filterRowRule(currentRequest, orElseGet.getSysDprRoleApiDataRuleListQueryDTO()));
        sysDprRoleApiRowColumnRuleDTO.setSysDpcRoleApiFieldsDTOList(filterFieldRule(currentRequest, orElseGet.getSysDpcRoleApiFieldsDTOList()));
        return sysDprRoleApiRowColumnRuleDTO;
    }

    private boolean supportDataPermission(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null || Boolean.FALSE.equals(this.properties.getEnabled()) || httpServletRequest.getRequestURI().startsWith("/rpc")) {
            return false;
        }
        return (this.properties.getCompatible() == CompatibleModeEnum.LATEST && httpServletRequest.getAttribute("cloudt-udc-filter-support") == null && httpServletRequest.getAttribute("cloudt-businessObject") == null) ? false : true;
    }

    private List<SysDpcRoleApiFieldsDTO> filterFieldRule(HttpServletRequest httpServletRequest, List<SysDpcRoleApiFieldsDTO> list) {
        if (!CollUtil.isEmpty(list) && this.properties.getCompatible() != CompatibleModeEnum.LATEST) {
            String header = httpServletRequest.getHeader("menuCode");
            return CharSequenceUtil.isBlank(header) ? Collections.emptyList() : (List) list.stream().filter(sysDpcRoleApiFieldsDTO -> {
                if (header.equals(sysDpcRoleApiFieldsDTO.getMenusCode())) {
                    return isMatchRequestForOperation(httpServletRequest, sysDpcRoleApiFieldsDTO);
                }
                return false;
            }).collect(Collectors.toList());
        }
        return Collections.emptyList();
    }

    private List<SysDprRoleApiDataRuleListQueryDTO> filterRowRule(HttpServletRequest httpServletRequest, List<SysDprRoleApiDataRuleListQueryDTO> list) {
        if (CollUtil.isEmpty(list)) {
            return Collections.emptyList();
        }
        BusinessObject businessObject = (BusinessObject) httpServletRequest.getAttribute("cloudt-businessObject");
        BusinessObjectOperation businessObjectOperation = (BusinessObjectOperation) httpServletRequest.getAttribute("cloudt-businessObject-operation");
        String obtainBusinessObjectCode = obtainBusinessObjectCode(businessObject, businessObjectOperation);
        List<SysDprRoleApiDataRuleListQueryDTO> filterByMenuOperation = filterByMenuOperation(httpServletRequest, list, obtainBusinessObjectCode, businessObjectOperation);
        if (!filterByMenuOperation.isEmpty()) {
            return filterByMenuOperation;
        }
        if (this.properties.getCompatible() == CompatibleModeEnum.OLDEST) {
            return Collections.emptyList();
        }
        if (CharSequenceUtil.isBlank(obtainBusinessObjectCode) || !businessObjectOperation.dataPermissionEnabled()) {
            return Collections.emptyList();
        }
        List<SysDprRoleApiDataRuleListQueryDTO> filterByBusinessOperation = filterByBusinessOperation(httpServletRequest, list, obtainBusinessObjectCode, businessObjectOperation);
        if (!filterByBusinessOperation.isEmpty()) {
            return filterByBusinessOperation;
        }
        List<SysDprRoleApiDataRuleListQueryDTO> filterByBusinessObject = filterByBusinessObject(list, obtainBusinessObjectCode, businessObjectOperation);
        if (!filterByBusinessObject.isEmpty()) {
            return filterByBusinessObject;
        }
        log.info("未匹配到有效的数据权限规则：{}", httpServletRequest.getRequestURI());
        return filterByBusinessObject;
    }

    private List<SysDprRoleApiDataRuleListQueryDTO> filterByMenuOperation(HttpServletRequest httpServletRequest, List<SysDprRoleApiDataRuleListQueryDTO> list, String str, BusinessObjectOperation businessObjectOperation) {
        String header = httpServletRequest.getHeader("menuCode");
        if (CharSequenceUtil.isBlank(header)) {
            return Collections.emptyList();
        }
        CompatibleModeEnum compatible = this.properties.getCompatible();
        return (List) list.stream().filter(sysDprRoleApiDataRuleListQueryDTO -> {
            if (compatible == CompatibleModeEnum.OLDEST) {
                if (StringUtils.hasText(sysDprRoleApiDataRuleListQueryDTO.getPermissionType())) {
                    return false;
                }
            } else if (compatible == CompatibleModeEnum.LATEST && !StringUtils.hasText(sysDprRoleApiDataRuleListQueryDTO.getPermissionType())) {
                return false;
            }
            if (!header.equals(sysDprRoleApiDataRuleListQueryDTO.getMenusCode())) {
                return false;
            }
            if (!StringUtils.hasText(sysDprRoleApiDataRuleListQueryDTO.getPermissionType()) || (DataPermissionType.MENU_OPERATION_RULE.name().equals(sysDprRoleApiDataRuleListQueryDTO.getPermissionType()) && sysDprRoleApiDataRuleListQueryDTO.getBusinessObjectCode().equals(str) && businessObjectOperation != null && businessObjectOperation.dataPermissionEnabled())) {
                return isMatchRequestForOperation(httpServletRequest, sysDprRoleApiDataRuleListQueryDTO);
            }
            return false;
        }).collect(Collectors.toList());
    }

    private String obtainBusinessObjectCode(BusinessObject businessObject, BusinessObjectOperation businessObjectOperation) {
        if (businessObjectOperation == null && businessObject == null) {
            return null;
        }
        if (businessObjectOperation == null) {
            return businessObject.businessType().split(":")[0];
        }
        if (!"@BusinessObject".equals(businessObjectOperation.businessObjectType())) {
            return businessObjectOperation.businessObjectType().split(":")[0];
        }
        if (businessObject == null) {
            return null;
        }
        return businessObject.businessType().split(":")[0];
    }

    private List<SysDprRoleApiDataRuleListQueryDTO> filterByBusinessOperation(HttpServletRequest httpServletRequest, List<SysDprRoleApiDataRuleListQueryDTO> list, String str, BusinessObjectOperation businessObjectOperation) {
        return !StringUtils.hasText(str) ? Collections.emptyList() : (List) list.stream().filter(sysDprRoleApiDataRuleListQueryDTO -> {
            if (DataPermissionType.BUSINESS_OPERATION_RULE.name().equals(sysDprRoleApiDataRuleListQueryDTO.getPermissionType()) && str.equals(sysDprRoleApiDataRuleListQueryDTO.getBusinessObjectCode())) {
                return isMatchRequestForOperation(httpServletRequest, sysDprRoleApiDataRuleListQueryDTO);
            }
            return false;
        }).collect(Collectors.toList());
    }

    private List<SysDprRoleApiDataRuleListQueryDTO> filterByBusinessObject(List<SysDprRoleApiDataRuleListQueryDTO> list, String str, BusinessObjectOperation businessObjectOperation) {
        return !StringUtils.hasText(str) ? Collections.emptyList() : (List) list.stream().filter(sysDprRoleApiDataRuleListQueryDTO -> {
            return DataPermissionType.BUSINESS_OBJECT_RULE.name().equals(sysDprRoleApiDataRuleListQueryDTO.getPermissionType()) && str.equals(sysDprRoleApiDataRuleListQueryDTO.getBusinessObjectCode());
        }).collect(Collectors.toList());
    }

    private boolean isMatchRequestForOperation(HttpServletRequest httpServletRequest, SysDprRoleApiDataRuleListQueryDTO sysDprRoleApiDataRuleListQueryDTO) {
        String header = httpServletRequest.getHeader("apiCode");
        if (StringUtils.hasText(header)) {
            return header.equals(sysDprRoleApiDataRuleListQueryDTO.getApiPermissionCode());
        }
        if (!httpServletRequest.getMethod().equalsIgnoreCase(sysDprRoleApiDataRuleListQueryDTO.getApiPermissionRequestType())) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        Map pathVariables = HttpServletUtil.getPathVariables(httpServletRequest);
        if (pathVariables.isEmpty()) {
            return requestURI.equals(sysDprRoleApiDataRuleListQueryDTO.getApiPermissionPath());
        }
        return requestURI.equals(StringUtils.hasText(sysDprRoleApiDataRuleListQueryDTO.getPermissionType()) ? StrUtil.format(sysDprRoleApiDataRuleListQueryDTO.getApiPermissionPath(), pathVariables) : MessageFormat.format(sysDprRoleApiDataRuleListQueryDTO.getApiPermissionPath(), pathVariables.values()));
    }

    private boolean isMatchRequestForOperation(HttpServletRequest httpServletRequest, SysDpcRoleApiFieldsDTO sysDpcRoleApiFieldsDTO) {
        String header = httpServletRequest.getHeader("apiCode");
        if (StringUtils.hasText(header)) {
            return header.equals(sysDpcRoleApiFieldsDTO.getApiPermissionCode());
        }
        if (!httpServletRequest.getMethod().equalsIgnoreCase(sysDpcRoleApiFieldsDTO.getApiPermissionRequestType())) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        Map pathVariables = HttpServletUtil.getPathVariables(httpServletRequest);
        return pathVariables.isEmpty() ? requestURI.equals(sysDpcRoleApiFieldsDTO.getApiPermissionPath()) : requestURI.equals(MessageFormat.format(sysDpcRoleApiFieldsDTO.getApiPermissionPath(), pathVariables.values()));
    }
}
