package com.elitescloud.cloudt.system.service.impl;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.StrUtil;
import com.elitescloud.boot.auth.client.config.AuthorizationProperties;
import com.elitescloud.boot.auth.client.config.support.AuthenticationCache;
import com.elitescloud.boot.auth.util.SecurityContextUtil;
import com.elitescloud.boot.common.param.IdCodeNameParam;
import com.elitescloud.boot.common.param.SysSendVerifyCodeVO;
import com.elitescloud.boot.core.base.BaseServiceImpl;
import com.elitescloud.boot.core.support.verifycode.VerifyCodeManager;
import com.elitescloud.boot.datasecurity.dpr.service.util.DataPermissionRuleServiceUtil;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.context.util.HttpServletUtil;
import com.elitescloud.cloudt.core.annotation.TenantOrgTransaction;
import com.elitescloud.cloudt.core.annotation.TenantTransaction;
import com.elitescloud.cloudt.core.annotation.common.TenantIsolateType;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import com.elitescloud.cloudt.system.constant.EmployeeType;
import com.elitescloud.cloudt.system.constant.OrgType;
import com.elitescloud.cloudt.system.convert.EmployeeConvert;
import com.elitescloud.cloudt.system.convert.PermissionConverter;
import com.elitescloud.cloudt.system.dto.SysDprRoleApiRowColumnRuleDTO;
import com.elitescloud.cloudt.system.dto.SysOrgBasicDTO;
import com.elitescloud.cloudt.system.dto.SysOuBasicDTO;
import com.elitescloud.cloudt.system.dto.SysTenantDTO;
import com.elitescloud.cloudt.system.model.bo.EmployeeOrgBO;
import com.elitescloud.cloudt.system.model.bo.UserOrgBO;
import com.elitescloud.cloudt.system.model.vo.resp.index.CurrentEmployeeRespVO;
import com.elitescloud.cloudt.system.model.vo.resp.index.UserDataPermissionRespVO;
import com.elitescloud.cloudt.system.model.vo.resp.index.UserFieldRespVO;
import com.elitescloud.cloudt.system.model.vo.resp.index.UserMenuRespVO;
import com.elitescloud.cloudt.system.model.vo.save.index.ModifyPasswordSaveVO;
import com.elitescloud.cloudt.system.model.vo.save.index.PasswordUpdateSaveVO;
import com.elitescloud.cloudt.system.service.FrontTableCfgService;
import com.elitescloud.cloudt.system.service.IndexUserService;
import com.elitescloud.cloudt.system.service.manager.EmployeeOrgManager;
import com.elitescloud.cloudt.system.service.manager.OuQueryManager;
import com.elitescloud.cloudt.system.service.manager.PermissionQueryManager;
import com.elitescloud.cloudt.system.service.manager.UserMngManager;
import com.elitescloud.cloudt.system.service.repo.EmployeeOrgRepoProc;
import com.elitescloud.cloudt.system.service.repo.EmployeeRepoProc;
import com.elitescloud.cloudt.system.service.repo.OrgRepoProc;
import com.elitescloud.cloudt.system.service.repo.UserRepoProc;
import com.elitescloud.cloudt.system.vo.SysUserDTO;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

@TenantTransaction(isolateType = TenantIsolateType.TENANT)
@Service
@TenantOrgTransaction(useTenantOrg = false)
/* loaded from: input_file:com/elitescloud/cloudt/system/service/impl/IndexUserServiceImpl.class */
public class IndexUserServiceImpl extends BaseServiceImpl implements IndexUserService {

    @Autowired
    private UserRepoProc userRepoProc;

    @Autowired
    private EmployeeRepoProc employeeRepoProc;

    @Autowired
    private EmployeeOrgManager employeeOrgManager;

    @Autowired
    private EmployeeOrgRepoProc employeeOrgRepoProc;

    @Autowired
    private UserMngManager userMngManager;

    @Autowired
    private OuQueryManager ouQueryManager;

    @Autowired
    private OrgRepoProc orgRepoProc;

    @Autowired
    private PermissionQueryManager permissionQueryManager;

    @Autowired
    private AuthorizationProperties authorizationProperties;

    @Autowired
    private AuthenticationCache authenticationCache;

    @Autowired
    private VerifyCodeManager verifyCodeManager;

    @Autowired
    private FrontTableCfgService frontTableCfgService;

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<CurrentEmployeeRespVO> getEmployeeInfo() {
        GeneralUserDetails currentUser = super.currentUser(true);
        return (ApiResult) this.employeeRepoProc.getByUserId(currentUser.getUserId()).map(sysEmployeeDO -> {
            CurrentEmployeeRespVO do2CurrentRespVO = EmployeeConvert.INSTANCE.do2CurrentRespVO(sysEmployeeDO);
            if (CharSequenceUtil.isNotBlank(do2CurrentRespVO.getType())) {
                do2CurrentRespVO.setTypeName(super.udcValue(new EmployeeType(do2CurrentRespVO.getType())));
            }
            do2CurrentRespVO.setUsername(currentUser.getUsername());
            do2CurrentRespVO.setFullName(currentUser.getUser().getPrettyName());
            if (currentUser.getOrgId() != null) {
                CurrentEmployeeRespVO.EmployeeOrg employeeOrg = new CurrentEmployeeRespVO.EmployeeOrg();
                do2CurrentRespVO.setOrgInfo(employeeOrg);
                employeeOrg.setOrgId(currentUser.getOrgId());
                employeeOrg.setOrgCode(currentUser.getUser().getOrg().getCode());
                employeeOrg.setOrgName(currentUser.getUser().getOrg().getName());
                IdCodeNameParam idCodeNameParam = this.orgRepoProc.queryParentNameForType(List.of(currentUser.getOrgId()), OrgType.COMPANY.getValue(), true).get(currentUser.getOrgId());
                if (idCodeNameParam != null) {
                    employeeOrg.setCompanyOrgId(idCodeNameParam.getId());
                    employeeOrg.setCompanyOrgCode(idCodeNameParam.getCode());
                    employeeOrg.setCompanyOrgName(idCodeNameParam.getName());
                }
                List<EmployeeOrgBO> leaders = this.employeeOrgRepoProc.getLeaders(List.of(sysEmployeeDO.getId()));
                if (!leaders.isEmpty()) {
                    for (EmployeeOrgBO employeeOrgBO : leaders) {
                        if (employeeOrgBO.getOrgId().equals(currentUser.getOrgId())) {
                            employeeOrg.setLeaderId(employeeOrgBO.getEmployeeId());
                            employeeOrg.setLeaderCode(employeeOrgBO.getEmployeeCode());
                            employeeOrg.setLeaderUserId(employeeOrgBO.getUserId());
                            employeeOrg.setLeaderUsername(employeeOrgBO.getUsername());
                            employeeOrg.setLeaderFullName(employeeOrgBO.getFullName());
                        }
                    }
                }
            }
            return do2CurrentRespVO;
        }).map((v0) -> {
            return ApiResult.ok(v0);
        }).orElse(ApiResult.ok());
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    @Transactional(rollbackFor = {Exception.class})
    public ApiResult<Boolean> updatePassword(ModifyPasswordSaveVO modifyPasswordSaveVO) {
        if (!CharSequenceUtil.equals(modifyPasswordSaveVO.getPdRepeat(), modifyPasswordSaveVO.getPdNew())) {
            return ApiResult.fail("两次输入密码不一致");
        }
        this.userMngManager.updatePassword(super.currentUser(true).getUserId().longValue(), modifyPasswordSaveVO.getPdNew(), modifyPasswordSaveVO.getPd(), false);
        String currentToken = SecurityContextUtil.currentToken();
        if (StringUtils.hasText(currentToken)) {
            this.authenticationCache.removeUserDetail(currentToken);
        }
        return ApiResult.ok(true);
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    @TenantTransaction(isolateType = TenantIsolateType.DEFAULT)
    @TenantOrgTransaction(useTenantOrg = false)
    public ApiResult<String> sendVerifyCodeForUpdatePwd(boolean z, SysSendVerifyCodeVO sysSendVerifyCodeVO) {
        if (!z) {
            GeneralUserDetails currentUserIfUnauthorizedThrow = SecurityContextUtil.currentUserIfUnauthorizedThrow();
            if ("mobile".equals(sysSendVerifyCodeVO.getAccountType())) {
                Assert.isTrue(Objects.equals(currentUserIfUnauthorizedThrow.getUser().getMobile(), sysSendVerifyCodeVO.getAccount()), "手机号输入错误");
            } else if ("email".equals(sysSendVerifyCodeVO.getAccountType())) {
                Assert.isTrue(Objects.equals(currentUserIfUnauthorizedThrow.getUser().getEmail(), sysSendVerifyCodeVO.getAccount()), "邮箱输入错误");
            }
        } else if (CharSequenceUtil.isBlank(sysSendVerifyCodeVO.getAccountType()) || "mobile".equals(sysSendVerifyCodeVO.getAccountType())) {
            Assert.isTrue(this.userRepoProc.existsMobile(sysSendVerifyCodeVO.getAccount()), "未查询到用户信息，请输入正确的手机号");
        } else if ("email".equals(sysSendVerifyCodeVO.getAccountType())) {
            Assert.isTrue(this.userRepoProc.existsEmail(sysSendVerifyCodeVO.getAccount()), "未查询到用户信息，请输入正确的邮箱");
        }
        if (StrUtil.isBlank(sysSendVerifyCodeVO.getAccountType())) {
            sysSendVerifyCodeVO.setAccountType("mobile");
        }
        String send = this.verifyCodeManager.send(z ? "cloudt_system_retrieve_pwd" : "cloudt_system_update_pwd", sysSendVerifyCodeVO);
        return send == null ? ApiResult.ok() : ApiResult.ok("模拟发送验证码，验证码是" + send);
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    @TenantTransaction(isolateType = TenantIsolateType.DEFAULT)
    @Transactional(rollbackFor = {Exception.class})
    @TenantOrgTransaction(useTenantOrg = false)
    public ApiResult<Long> updatePwdByVerifyCode(boolean z, PasswordUpdateSaveVO passwordUpdateSaveVO) {
        List<Long> idByEmail;
        GeneralUserDetails currentUserIfUnauthorizedThrow = z ? null : SecurityContextUtil.currentUserIfUnauthorizedThrow();
        if (StrUtil.isBlank(passwordUpdateSaveVO.getAccountType())) {
            passwordUpdateSaveVO.setAccountType("mobile");
        }
        String verify = this.verifyCodeManager.verify(z ? "cloudt_system_retrieve_pwd" : "cloudt_system_update_pwd", passwordUpdateSaveVO.getAccount(), passwordUpdateSaveVO.getVerifyCode());
        if (verify != null) {
            return ApiResult.fail(verify);
        }
        String accountType = passwordUpdateSaveVO.getAccountType();
        boolean z2 = -1;
        switch (accountType.hashCode()) {
            case -1068855134:
                if (accountType.equals("mobile")) {
                    z2 = false;
                    break;
                }
                break;
            case 96619420:
                if (accountType.equals("email")) {
                    z2 = true;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                idByEmail = this.userRepoProc.getIdByMobile(passwordUpdateSaveVO.getAccount());
                break;
            case true:
                idByEmail = this.userRepoProc.getIdByEmail(passwordUpdateSaveVO.getAccount());
                break;
            default:
                throw new IllegalArgumentException("暂不支持的账号类型");
        }
        if (CollectionUtils.isEmpty(idByEmail)) {
            return ApiResult.fail("未查询到用户信息，请确认账号输入正确");
        }
        if (currentUserIfUnauthorizedThrow != null) {
            if (!idByEmail.contains(currentUserIfUnauthorizedThrow.getUserId())) {
                return ApiResult.fail("修改失败，您尚未绑定该账号");
            }
            this.userMngManager.updatePassword(currentUserIfUnauthorizedThrow.getUserId().longValue(), passwordUpdateSaveVO.getPassword(), null, false);
            return ApiResult.ok(currentUserIfUnauthorizedThrow.getUserId());
        }
        if (idByEmail.size() > 1) {
            return ApiResult.fail("账号不唯一，无法确定唯一用户");
        }
        this.userMngManager.updatePassword(idByEmail.get(0).longValue(), passwordUpdateSaveVO.getPassword(), null, false);
        return ApiResult.ok(idByEmail.get(0));
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<List<UserMenuRespVO>> getUserMenu(Boolean bool, Boolean bool2) {
        return ApiResult.ok(this.permissionQueryManager.queryUserMenu(bool, bool2));
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<List<UserMenuRespVO>> getUserAction(String str) {
        return ApiResult.ok(StringUtils.hasText(str) ? this.permissionQueryManager.queryUserActionByMenu(str) : this.permissionQueryManager.queryAllUserAction());
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<List<UserFieldRespVO>> getUserField(String str, String str2) {
        return ApiResult.ok(this.permissionQueryManager.queryUserField(str, str2));
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<String> getFrontTableCfg(String str) {
        return this.frontTableCfgService.getUserCfg(str);
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<SysUserDTO> switchTenant(Long l) {
        GeneralUserDetails currentUserIfUnauthorizedThrow = SecurityContextUtil.currentUserIfUnauthorizedThrow();
        if (currentUserIfUnauthorizedThrow.getTenantId() != null && currentUserIfUnauthorizedThrow.getTenantId().longValue() == l.longValue()) {
            return ApiResult.fail("已在[" + currentUserIfUnauthorizedThrow.getTenant().getTenantName() + "]，无需切换");
        }
        SysUserDTO user = currentUserIfUnauthorizedThrow.getUser();
        if (CollectionUtils.isEmpty(user.getSysTenantDTOList())) {
            return ApiResult.fail("当前用户无租户");
        }
        Optional findAny = user.getSysTenantDTOList().stream().filter(sysTenantDTO -> {
            return sysTenantDTO.getId().longValue() == l.longValue();
        }).findAny();
        if (findAny.isEmpty()) {
            return ApiResult.fail("切换失败，不在指定租户下");
        }
        switchCurrentTenant(currentUserIfUnauthorizedThrow, (SysTenantDTO) findAny.get());
        return ApiResult.ok(user);
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<SysUserDTO> switchOrg(Long l) {
        GeneralUserDetails currentUserIfUnauthorizedThrow = SecurityContextUtil.currentUserIfUnauthorizedThrow();
        if (currentUserIfUnauthorizedThrow.getOrgId() != null && currentUserIfUnauthorizedThrow.getOrgId().longValue() == l.longValue()) {
            return ApiResult.fail("已在[" + currentUserIfUnauthorizedThrow.getUser().getOrg().getName() + "]，无需切换");
        }
        List orgList = currentUserIfUnauthorizedThrow.getUser().getOrgList();
        if (CollectionUtils.isEmpty(orgList)) {
            return ApiResult.fail("当前用户无组织");
        }
        Optional findAny = orgList.stream().filter(sysOrgBasicDTO -> {
            return sysOrgBasicDTO.getId().longValue() == l.longValue();
        }).findAny();
        if (findAny.isEmpty()) {
            return ApiResult.fail("切换失败，不在指定组织下");
        }
        switchCurrentOrg(currentUserIfUnauthorizedThrow, (SysOrgBasicDTO) findAny.get());
        return ApiResult.ok(currentUserIfUnauthorizedThrow.getUser());
    }

    @Override // com.elitescloud.cloudt.system.service.IndexUserService
    public ApiResult<UserDataPermissionRespVO> getDataPermission(Boolean bool) {
        List<UserDataPermissionRespVO.RowRule> list;
        List<UserDataPermissionRespVO.ApiField> list2;
        Boolean valueOf = Boolean.valueOf(bool != null && bool.booleanValue());
        UserDataPermissionRespVO userDataPermissionRespVO = new UserDataPermissionRespVO();
        GeneralUserDetails currentUserIfUnauthorizedThrow = SecurityContextUtil.currentUserIfUnauthorizedThrow();
        userDataPermissionRespVO.setUsername(currentUserIfUnauthorizedThrow.getUsername());
        userDataPermissionRespVO.setFullName(currentUserIfUnauthorizedThrow.getUser().getPrettyName());
        userDataPermissionRespVO.setRoles(currentUserIfUnauthorizedThrow.getUser().getRoles());
        HttpServletRequest currentRequest = HttpServletUtil.currentRequest();
        if (currentRequest == null) {
            return ApiResult.ok(userDataPermissionRespVO);
        }
        SysDprRoleApiRowColumnRuleDTO dataPermissionOfCurrentUser = this.permissionQueryManager.getDataPermissionOfCurrentUser();
        List sysDprRoleApiDataRuleListQueryDTO = dataPermissionOfCurrentUser.getSysDprRoleApiDataRuleListQueryDTO();
        List sysDpcRoleApiFieldsDTOList = dataPermissionOfCurrentUser.getSysDpcRoleApiFieldsDTOList();
        if (!valueOf.booleanValue()) {
            String header = currentRequest.getHeader("menuCode");
            if (CharSequenceUtil.isBlank(header)) {
                return ApiResult.fail("菜单编码为空");
            }
            boolean hasText = StringUtils.hasText(currentRequest.getHeader("apiCode"));
            sysDprRoleApiDataRuleListQueryDTO = CollUtil.isEmpty(sysDprRoleApiDataRuleListQueryDTO) ? Collections.emptyList() : (List) sysDprRoleApiDataRuleListQueryDTO.stream().filter(sysDprRoleApiDataRuleListQueryDTO2 -> {
                if (!header.equals(sysDprRoleApiDataRuleListQueryDTO2.getMenusCode())) {
                    return false;
                }
                if (hasText) {
                    return DataPermissionRuleServiceUtil.filterRowAuthApiUrl(sysDprRoleApiDataRuleListQueryDTO2, currentRequest, (String[]) null);
                }
                return true;
            }).collect(Collectors.toList());
            sysDpcRoleApiFieldsDTOList = CollUtil.isEmpty(sysDpcRoleApiFieldsDTOList) ? Collections.emptyList() : (List) sysDpcRoleApiFieldsDTOList.stream().filter(sysDpcRoleApiFieldsDTO -> {
                if (!header.equals(sysDpcRoleApiFieldsDTO.getMenusCode())) {
                    return false;
                }
                if (hasText) {
                    return DataPermissionRuleServiceUtil.filterColumnAuthApiUrl(sysDpcRoleApiFieldsDTO, currentRequest, (String[]) null);
                }
                return true;
            }).collect(Collectors.toList());
        }
        if (CollUtil.isEmpty(sysDprRoleApiDataRuleListQueryDTO)) {
            list = Collections.emptyList();
        } else {
            Stream stream = sysDprRoleApiDataRuleListQueryDTO.stream();
            PermissionConverter permissionConverter = PermissionConverter.INSTANCE;
            Objects.requireNonNull(permissionConverter);
            list = (List) stream.map(permissionConverter::convertRowRule).collect(Collectors.toList());
        }
        userDataPermissionRespVO.setRowRuleList(list);
        if (CollUtil.isEmpty(sysDpcRoleApiFieldsDTOList)) {
            list2 = Collections.emptyList();
        } else {
            Stream stream2 = sysDpcRoleApiFieldsDTOList.stream();
            PermissionConverter permissionConverter2 = PermissionConverter.INSTANCE;
            Objects.requireNonNull(permissionConverter2);
            list2 = (List) stream2.map(permissionConverter2::convertApiField).collect(Collectors.toList());
        }
        userDataPermissionRespVO.setApiFieldList(list2);
        return ApiResult.ok(userDataPermissionRespVO);
    }

    private void switchCurrentTenant(GeneralUserDetails generalUserDetails, SysTenantDTO sysTenantDTO) {
        SysUserDTO user = generalUserDetails.getUser();
        generalUserDetails.getUser().setSysTenantVO(sysTenantDTO);
        UserOrgBO queryOrgByUser = this.employeeOrgManager.queryOrgByUser(generalUserDetails.getUserId());
        user.setOrgList(queryOrgByUser.getOrgList());
        user.setOrg(queryOrgByUser.getOrg());
        user.setTenantOrg(queryOrgByUser.getTenantOrg());
        user.setTenantOrgAdminId(queryOrgByUser.getTenantOrgAdminId());
        user.setRoleCodes(normalizeLoginUserRole(this.permissionQueryManager.queryRoleByUser(user)));
        SecurityContextUtil.updateCurrentUser(generalUserDetails);
    }

    private void switchCurrentOrg(GeneralUserDetails generalUserDetails, SysOrgBasicDTO sysOrgBasicDTO) {
        SysOuBasicDTO ouBasicDTO;
        SysUserDTO user = generalUserDetails.getUser();
        user.setOrg(sysOrgBasicDTO);
        Map<SysOrgBasicDTO, Long> tenantOrg = this.employeeOrgManager.getTenantOrg(sysOrgBasicDTO.getId());
        if (!tenantOrg.isEmpty()) {
            for (Map.Entry<SysOrgBasicDTO, Long> entry : tenantOrg.entrySet()) {
                user.setTenantOrg(entry.getKey());
                user.setTenantOrgAdminId(entry.getValue());
            }
        }
        user.setRoleCodes(normalizeLoginUserRole(this.permissionQueryManager.queryRoleByUser(user)));
        if (sysOrgBasicDTO.getOuId() != null && (ouBasicDTO = this.ouQueryManager.getOuBasicDTO(sysOrgBasicDTO.getOuId().longValue())) != null && Boolean.TRUE.equals(ouBasicDTO.getEnabled())) {
            user.setOuId(ouBasicDTO.getId());
            user.setOuCode(ouBasicDTO.getOuCode());
            user.setOuName(ouBasicDTO.getOuName());
        }
        SecurityContextUtil.updateCurrentUser(generalUserDetails);
    }

    private Set<String> normalizeLoginUserRole(Set<String> set) {
        if (CollectionUtils.isEmpty(set)) {
            return Collections.emptySet();
        }
        if (!StringUtils.hasText(this.authorizationProperties.getRolePrefix())) {
            return set;
        }
        String rolePrefix = this.authorizationProperties.getRolePrefix();
        return (Set) set.stream().map(str -> {
            return str.indexOf(rolePrefix) < 0 ? rolePrefix + str : str;
        }).collect(Collectors.toSet());
    }
}
