package com.elitescloud.boot.datasecurity.common;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.SpringContextHolder;
import com.elitescloud.boot.datasecurity.common.extension.FieldPermissionCleaner;
import com.elitescloud.boot.datasecurity.config.DataSecurityProperties;
import com.elitescloud.boot.datasecurity.dpr.content.DprRuleRelationEnum;
import com.elitescloud.boot.datasecurity.dpr.service.RoleDataPermissionRuleService;
import com.elitescloud.boot.datasecurity.jpa.strategy.RuleStrategyManager;
import com.elitescloud.boot.util.ArrayUtil;
import com.elitescloud.boot.util.ObjUtil;
import com.elitescloud.cloudt.system.dto.SysDprRoleApiDataRuleListQueryDTO;
import com.elitescloud.cloudt.system.dto.SysDprRoleApiRowColumnRuleDTO;
import com.querydsl.core.BooleanBuilder;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.PathBuilder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.ConfigurablePropertyAccessor;
import org.springframework.beans.PropertyAccessorFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:com/elitescloud/boot/datasecurity/common/DataSecurityUtil.class */
public class DataSecurityUtil {
    private static final Logger log = LoggerFactory.getLogger(DataSecurityUtil.class);
    private static RoleDataPermissionRuleService roleDataPermissionRuleService;
    private static DataSecurityProperties dataSecurityProperties;
    private static List<FieldPermissionCleaner> fieldPermissionCleaners;

    private DataSecurityUtil() {
    }

    public static Predicate predicateForJPA(@NotNull Class<?> cls) {
        return predicateForJPA(cls, null, new String[0]);
    }

    public static Predicate predicateForJPA(@NotNull Class<?> cls, String str, String... strArr) {
        Assert.notNull(cls, "实体类为空");
        if (CharSequenceUtil.isBlank(str)) {
            String simpleName = cls.getSimpleName();
            str = simpleName.substring(0, 1).toLowerCase() + simpleName.substring(1);
        }
        try {
            return getAuthJpaPredicate(cls, str, strArr);
        } catch (Exception e) {
            log.error("数据权限条件生成异常：{}", cls.getName(), e);
            return new BooleanBuilder((Predicate) null);
        }
    }

    public static void eraseByFieldPermission(Object obj) {
        if (ObjUtil.isEmpty(obj)) {
            return;
        }
        Set<String> permissionFields = getPermissionFields();
        if (permissionFields.isEmpty()) {
            return;
        }
        long currentTimeMillis = System.currentTimeMillis();
        ObjUtil.unwrap(obj, obj2 -> {
            HashSet hashSet = new HashSet(permissionFields);
            hashSet.addAll(getPermissionFieldsByExtension(obj2, Collections.unmodifiableSet(permissionFields)));
            eraseObjectValue(obj2, hashSet, getDataSecurityProperties().getFieldPermission().getPlaceholder());
        });
        if (log.isErrorEnabled()) {
            log.debug("erase cost {}ms  by field permission", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        }
    }

    public static SysDprRoleApiRowColumnRuleDTO getDataPermission() {
        return getRoleDataPermissionRuleService().getMatchedDataPermission();
    }

    public static SysDprRoleApiRowColumnRuleDTO getAllDataPermission() {
        return getRoleDataPermissionRuleService().getOriginalDataPermission();
    }

    private static void eraseObjectValue(@NotNull Object obj, @NotEmpty Set<String> set, String str) {
        ConfigurablePropertyAccessor forDirectFieldAccess = PropertyAccessorFactory.forDirectFieldAccess(obj);
        for (String str2 : set) {
            if (!CharSequenceUtil.isBlank(str2)) {
                try {
                    Class propertyType = forDirectFieldAccess.getPropertyType(str2);
                    if (propertyType == null) {
                        log.warn("{}.{}不存在，将忽略", obj.getClass().getName(), str2);
                    } else {
                        forDirectFieldAccess.setPropertyValue(str2, eraseValue(propertyType, str));
                    }
                } catch (BeansException e) {
                    log.warn("数据权限清洗{}.{}失败：", new Object[]{obj.getClass().getName(), str2, e});
                }
            }
        }
    }

    private static Set<String> getPermissionFieldsByExtension(Object obj, Set<String> set) {
        HashSet hashSet = new HashSet();
        for (FieldPermissionCleaner fieldPermissionCleaner : getFieldPermissionCleaners()) {
            try {
                Set<String> eraseFields = fieldPermissionCleaner.getEraseFields(obj, set);
                if (CollUtil.isNotEmpty(eraseFields)) {
                    hashSet.addAll(eraseFields);
                }
            } catch (Exception e) {
                log.error("{}清洗权限字段出现异常：", fieldPermissionCleaner.getClass().getName(), e);
            }
        }
        return hashSet;
    }

    private static Set<String> getPermissionFields() {
        DataSecurityProperties dataSecurityProperties2 = getDataSecurityProperties();
        if (Boolean.FALSE.equals(dataSecurityProperties2.getEnabled()) || Boolean.FALSE.equals(dataSecurityProperties2.getFieldPermission().getEnabled())) {
            log.info("field permission is disabled");
            return Collections.emptySet();
        }
        SysDprRoleApiRowColumnRuleDTO matchedDataPermission = getRoleDataPermissionRuleService().getMatchedDataPermission();
        return (matchedDataPermission == null || CollUtil.isEmpty(matchedDataPermission.getSysDpcRoleApiFieldsDTOList())) ? Collections.emptySet() : (Set) matchedDataPermission.getSysDpcRoleApiFieldsDTOList().stream().filter(sysDpcRoleApiFieldsDTO -> {
            return Boolean.FALSE.equals(sysDpcRoleApiFieldsDTO.getReadable());
        }).map((v0) -> {
            return v0.getFieldName();
        }).collect(Collectors.toSet());
    }

    private static Object eraseValue(@NotNull Class<?> cls, String str) {
        if (String.class.isAssignableFrom(cls)) {
            return CharSequenceUtil.blankToDefault(str, (String) null);
        }
        if (!cls.isPrimitive()) {
            return null;
        }
        if (!cls.equals(Byte.TYPE) && !cls.equals(Short.TYPE) && !cls.equals(Integer.TYPE) && !cls.equals(Long.TYPE) && !cls.equals(Float.TYPE) && !cls.equals(Double.TYPE) && !cls.equals(Character.TYPE)) {
            return cls.equals(Boolean.TYPE) ? false : null;
        }
        return 0;
    }

    private static Predicate getAuthJpaPredicate(Class<?> cls, String str, String[] strArr) {
        SysDprRoleApiRowColumnRuleDTO matchedDataPermission = getRoleDataPermissionRuleService().getMatchedDataPermission();
        if (matchedDataPermission == null || CollUtil.isEmpty(matchedDataPermission.getSysDprRoleApiDataRuleListQueryDTO())) {
            log.info("没有找到当前用户数据权限配置-跳过数据权限");
            return new BooleanBuilder((Predicate) null);
        }
        List sysDprRoleApiDataRuleListQueryDTO = matchedDataPermission.getSysDprRoleApiDataRuleListQueryDTO();
        if (ArrayUtil.isNotEmpty(strArr)) {
            List asList = Arrays.asList(strArr);
            sysDprRoleApiDataRuleListQueryDTO = (List) sysDprRoleApiDataRuleListQueryDTO.stream().filter(sysDprRoleApiDataRuleListQueryDTO2 -> {
                return asList.contains(sysDprRoleApiDataRuleListQueryDTO2.getDprRuleField());
            }).collect(Collectors.toList());
        }
        if (CollUtil.isEmpty(sysDprRoleApiDataRuleListQueryDTO)) {
            log.info("没有找到当前用户数据权限配置匹配规则-跳过数据权限");
            return new BooleanBuilder((Predicate) null);
        }
        PathBuilder pathBuilder = new PathBuilder(cls, str);
        BooleanBuilder booleanBuilder = new BooleanBuilder();
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : ((Map) sysDprRoleApiDataRuleListQueryDTO.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getRoleCode();
        }))).entrySet()) {
            BooleanBuilder booleanBuilder2 = new BooleanBuilder();
            for (SysDprRoleApiDataRuleListQueryDTO sysDprRoleApiDataRuleListQueryDTO3 : (List) entry.getValue()) {
                try {
                    Predicate pathAutomatically = RuleStrategyManager.getPathAutomatically(pathBuilder, sysDprRoleApiDataRuleListQueryDTO3);
                    if (DprRuleRelationEnum.DPR_RULE_RELATION_AND.name().equals(sysDprRoleApiDataRuleListQueryDTO3.getDprRuleRelation())) {
                        booleanBuilder2.and(pathAutomatically);
                    } else if (DprRuleRelationEnum.DPR_RULE_RELATION_OR.name().equals(sysDprRoleApiDataRuleListQueryDTO3.getDprRuleRelation())) {
                        booleanBuilder2.or(pathAutomatically);
                    } else {
                        log.error("规则的关系异常:{}", sysDprRoleApiDataRuleListQueryDTO3);
                    }
                } catch (Exception e) {
                    log.error("规则字段匹配异常：", e);
                }
            }
            if (booleanBuilder2.hasValue()) {
                arrayList.add(booleanBuilder2.getValue());
            }
        }
        return booleanBuilder.andAnyOf((Predicate[]) arrayList.toArray(i -> {
            return new Predicate[i];
        }));
    }

    private static RoleDataPermissionRuleService getRoleDataPermissionRuleService() {
        if (roleDataPermissionRuleService == null) {
            roleDataPermissionRuleService = (RoleDataPermissionRuleService) SpringContextHolder.getBean(RoleDataPermissionRuleService.class);
        }
        return roleDataPermissionRuleService;
    }

    private static DataSecurityProperties getDataSecurityProperties() {
        if (dataSecurityProperties == null) {
            dataSecurityProperties = (DataSecurityProperties) SpringContextHolder.getBean(DataSecurityProperties.class);
        }
        return dataSecurityProperties;
    }

    private static List<FieldPermissionCleaner> getFieldPermissionCleaners() {
        if (fieldPermissionCleaners == null) {
            fieldPermissionCleaners = (List) SpringContextHolder.getObjectProvider(FieldPermissionCleaner.class).stream().collect(Collectors.toList());
        }
        return fieldPermissionCleaners;
    }
}
