package com.elitescloud.cloudt.core.security.util;

import com.elitescloud.cloudt.authorization.core.SecurityContextUtil;
import com.elitescloud.cloudt.common.base.QBaseModel;
import com.elitescloud.cloudt.core.entity.QSecOrgBuTreedDO;
import com.elitescloud.cloudt.core.entity.QSecOrgEmpDO;
import com.elitescloud.cloudt.core.security.dataauth.AuthScope;
import com.elitescloud.cloudt.security.dto.SecurityOrgUserEmpBuDTO;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import com.elitescloud.cloudt.system.vo.SysDataAuthVO;
import com.elitescloud.cloudt.system.vo.SysDataRoleAuthScope;
import com.querydsl.core.types.ExpressionUtils;
import com.querydsl.core.types.PathMetadata;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.Expressions;
import com.querydsl.jpa.impl.JPAQuery;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:com/elitescloud/cloudt/core/security/util/DataAuthJpaUtil.class */
public class DataAuthJpaUtil {
    private static final String a = "RouteKey";
    private static final QSecOrgBuTreedDO b = QSecOrgBuTreedDO.secOrgBuTreedDO;
    private static final QSecOrgEmpDO c = QSecOrgEmpDO.secOrgEmpDO;
    private static boolean d = false;

    private DataAuthJpaUtil() {
    }

    public static <T> void dataAuthJpaFilter(JPAQuery<T> jPAQuery, PathMetadata pathMetadata) {
        a(jPAQuery, pathMetadata, (Integer) null);
    }

    public static <T> void dataAuthJpaFilter(JPAQuery<T> jPAQuery, PathMetadata pathMetadata, int i) {
        a(jPAQuery, pathMetadata, Integer.valueOf(i));
    }

    private static <T> void a(JPAQuery<T> jPAQuery, PathMetadata pathMetadata, Integer num) {
        GeneralUserDetails currentUser = SecurityContextUtil.currentUser();
        QBaseModel qBaseModel = new QBaseModel(pathMetadata);
        String a2 = a();
        Predicate a3 = a(currentUser, qBaseModel, a2);
        if (a3 != null) {
            jPAQuery.where(a3);
        } else {
            a(jPAQuery, qBaseModel, currentUser, a(currentUser, a2, true), num);
        }
    }

    public static Predicate dataAuthJpaPredicate(PathMetadata pathMetadata) {
        Predicate a2 = a(SecurityContextUtil.currentUser(), new QBaseModel(pathMetadata), a());
        if (a2 != null) {
            return a2;
        }
        return null;
    }

    private static Predicate a(GeneralUserDetails generalUserDetails, QBaseModel qBaseModel, String str) {
        return !d ? Expressions.booleanTemplate("1=1", new Object[0]) : (generalUserDetails == null || generalUserDetails.getUser() == null) ? Expressions.booleanTemplate("1=1", new Object[0]) : (generalUserDetails.isSystemAdmin() || generalUserDetails.isTenantAdmin()) ? Expressions.booleanTemplate("1=1", new Object[0]) : a(qBaseModel, generalUserDetails, a(generalUserDetails, str, false));
    }

    private static <T> void a(JPAQuery<T> jPAQuery, QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, AuthScope authScope, Integer num) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (CollectionUtils.isNotEmpty(authScope.getBuIds())) {
            hashSet.addAll(authScope.getBuIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getCustomizedBuIds())) {
            hashSet.addAll(authScope.getCustomizedBuIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getChildBuIds()) && CollectionUtils.isNotEmpty(authScope.getBuCodePath())) {
            if (num == null || hashSet.size() + authScope.getChildBuIds().size() <= num.intValue()) {
                hashSet.addAll(authScope.getChildBuIds());
            } else {
                arrayList.add(ExpressionUtils.anyOf((List) authScope.getBuCodePath().stream().map(str -> {
                    return b.codePath.like(str + "%");
                }).collect(Collectors.toList())));
            }
        }
        if (CollectionUtils.isNotEmpty(hashSet)) {
            arrayList.add(qBaseModel.secBuId.in(hashSet));
        }
        if (CollectionUtils.isNotEmpty(authScope.getEmpIds())) {
            hashSet2.addAll(authScope.getEmpIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getCustomizedEmpIds())) {
            hashSet2.addAll(authScope.getCustomizedEmpIds());
        }
        if (CollectionUtils.isNotEmpty(authScope.getChildEmpIds()) && CollectionUtils.isNotEmpty(authScope.getEmpCodePath())) {
            if (num == null || hashSet2.size() + authScope.getChildEmpIds().size() <= num.intValue()) {
                hashSet2.addAll(authScope.getChildEmpIds());
            } else {
                jPAQuery.leftJoin(c).on(c.id.eq(qBaseModel.secUserId));
                arrayList.add(ExpressionUtils.anyOf((List) authScope.getEmpCodePath().stream().map(str2 -> {
                    return c.codePath.like(str2 + "%");
                }).collect(Collectors.toList())));
            }
        }
        if (CollectionUtils.isNotEmpty(hashSet2)) {
            arrayList.add(qBaseModel.secUserId.in(hashSet2));
        }
        if (CollectionUtils.isNotEmpty(authScope.getOuIds())) {
            arrayList.add(qBaseModel.secOuId.in(authScope.getOuIds()));
        }
        if (CollectionUtils.isNotEmpty(arrayList)) {
            arrayList.add(qBaseModel.createUserId.eq(generalUserDetails.getUser().getId()));
            jPAQuery.where(ExpressionUtils.anyOf(arrayList));
        }
    }

    private static Predicate a(QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, AuthScope authScope) {
        Set<Long> buIds = authScope.getBuIds();
        Set<Long> empIds = authScope.getEmpIds();
        Set<Long> ouIds = authScope.getOuIds();
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(buIds)) {
            arrayList.add(qBaseModel.secBuId.in(buIds));
        }
        if (CollectionUtils.isNotEmpty(empIds)) {
            arrayList.add(qBaseModel.secUserId.in(empIds));
        }
        if (CollectionUtils.isNotEmpty(ouIds)) {
            arrayList.add(qBaseModel.secOuId.in(ouIds));
        }
        if (!CollectionUtils.isNotEmpty(arrayList)) {
            return Expressions.booleanTemplate("1=1", new Object[0]);
        }
        arrayList.add(qBaseModel.createUserId.eq(generalUserDetails.getUser().getId()));
        return ExpressionUtils.anyOf(arrayList);
    }

    private static AuthScope a(GeneralUserDetails generalUserDetails, String str, boolean z) {
        return new AuthScope();
    }

    private static void a(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, List<SysDataAuthVO> list, AuthScope authScope) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        authScope.setBuIds(hashSet);
        authScope.setEmpIds(hashSet2);
        authScope.setOuIds(hashSet3);
        for (SysDataAuthVO sysDataAuthVO : list) {
            if (sysDataAuthVO.getIsAll() != null && sysDataAuthVO.getIsAll().booleanValue()) {
                hashSet.clear();
                hashSet2.clear();
                hashSet3.clear();
                return;
            }
            if (!z && sysDataAuthVO.getBuAuthEnable() != null && sysDataAuthVO.getBuAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getBuDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        hashSet.clear();
                        z = true;
                    } else if (!z2 && SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        z2 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpBuIds())) {
                            hashSet.addAll(securityOrgUserEmpBuDTO.getChildEmpBuIds());
                        }
                    } else if (!z2 && !z3 && SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        z3 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuIds())) {
                            hashSet.addAll(securityOrgUserEmpBuDTO.getEmpBuIds());
                        }
                    }
                }
                if (!z && CollectionUtils.isNotEmpty(sysDataAuthVO.getBuIdSet())) {
                    hashSet.addAll(sysDataAuthVO.getBuIdSet());
                }
            }
            if (!z4 && sysDataAuthVO.getEmpAuthEnable() != null && sysDataAuthVO.getEmpAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getUserDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        hashSet2.clear();
                        z4 = true;
                    } else if (!z5 && SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        z5 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpIds())) {
                            hashSet2.addAll(securityOrgUserEmpBuDTO.getChildEmpIds());
                        }
                    } else if (!z5 && !z6 && SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        z6 = true;
                        if (securityOrgUserEmpBuDTO.getEmpId() != null) {
                            hashSet2.add(securityOrgUserEmpBuDTO.getEmpId());
                        }
                    }
                }
                if (!z4 && CollectionUtils.isNotEmpty(sysDataAuthVO.getUserIdSet())) {
                    hashSet2.addAll(sysDataAuthVO.getUserIdSet());
                }
            }
            if (sysDataAuthVO.getOuAuthEnable() != null && sysDataAuthVO.getOuAuthEnable().booleanValue() && CollectionUtils.isNotEmpty(sysDataAuthVO.getOuIdSet())) {
                hashSet3.addAll(sysDataAuthVO.getOuIdSet());
            }
        }
    }

    private static void b(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, List<SysDataAuthVO> list, AuthScope authScope) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        HashSet hashSet6 = new HashSet();
        HashSet hashSet7 = new HashSet();
        HashSet hashSet8 = new HashSet();
        HashSet hashSet9 = new HashSet();
        authScope.setBuIds(hashSet);
        authScope.setBuCodePath(hashSet2);
        authScope.setChildBuIds(hashSet3);
        authScope.setCustomizedBuIds(hashSet4);
        authScope.setEmpIds(hashSet5);
        authScope.setEmpCodePath(hashSet6);
        authScope.setChildEmpIds(hashSet7);
        authScope.setCustomizedEmpIds(hashSet8);
        authScope.setOuIds(hashSet9);
        for (SysDataAuthVO sysDataAuthVO : list) {
            if (sysDataAuthVO.getIsAll() != null && sysDataAuthVO.getIsAll().booleanValue()) {
                hashSet.clear();
                hashSet2.clear();
                hashSet3.clear();
                hashSet4.clear();
                hashSet5.clear();
                hashSet6.clear();
                hashSet7.clear();
                hashSet8.clear();
                hashSet9.clear();
                return;
            }
            if (!z && sysDataAuthVO.getBuAuthEnable() != null && sysDataAuthVO.getBuAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getBuDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        hashSet.clear();
                        hashSet2.clear();
                        hashSet3.clear();
                        hashSet4.clear();
                        z = true;
                    } else if (!z2 && SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        z2 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuCodePath()) && CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpBuIds())) {
                            hashSet.clear();
                            hashSet2.addAll(securityOrgUserEmpBuDTO.getEmpBuCodePath());
                            hashSet3.addAll(securityOrgUserEmpBuDTO.getChildEmpBuIds());
                        }
                    } else if (!z2 && !z3 && SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        z3 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuIds())) {
                            hashSet.addAll(securityOrgUserEmpBuDTO.getEmpBuIds());
                        }
                    }
                }
                if (!z && CollectionUtils.isNotEmpty(sysDataAuthVO.getBuIdSet())) {
                    hashSet4.addAll(sysDataAuthVO.getBuIdSet());
                }
            }
            if (!z4 && sysDataAuthVO.getEmpAuthEnable() != null && sysDataAuthVO.getEmpAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getUserDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        hashSet5.clear();
                        hashSet6.clear();
                        hashSet7.clear();
                        hashSet8.clear();
                        z4 = true;
                    } else if (!z5 && SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        z6 = true;
                        if (StringUtils.isNotBlank(securityOrgUserEmpBuDTO.getEmpCodePath()) && CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpIds())) {
                            hashSet5.clear();
                            hashSet6.add(securityOrgUserEmpBuDTO.getEmpCodePath());
                            hashSet7.addAll(securityOrgUserEmpBuDTO.getChildEmpIds());
                        }
                    } else if (!z5 && !z6 && SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        z5 = true;
                        if (securityOrgUserEmpBuDTO.getEmpId() != null) {
                            hashSet5.add(securityOrgUserEmpBuDTO.getEmpId());
                        }
                    }
                }
                if (!z4 && CollectionUtils.isNotEmpty(sysDataAuthVO.getUserIdSet())) {
                    hashSet8.addAll(sysDataAuthVO.getUserIdSet());
                }
            }
            if (sysDataAuthVO.getOuAuthEnable() != null && sysDataAuthVO.getOuAuthEnable().booleanValue() && CollectionUtils.isNotEmpty(sysDataAuthVO.getOuIdSet())) {
                hashSet9.addAll(sysDataAuthVO.getOuIdSet());
            }
        }
    }

    private static String a() {
        if (RequestContextHolder.getRequestAttributes() == null) {
            return null;
        }
        return RequestContextHolder.getRequestAttributes().getRequest().getHeader(a);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setDataPermissionEnable(boolean z) {
        d = z;
    }
}
