package com.elitesland.yst.core.security.util;

import com.elitesland.yst.common.base.ApiCode;
import com.elitesland.yst.common.base.QBaseModel;
import com.elitesland.yst.common.exception.BusinessException;
import com.elitesland.yst.core.entity.QSecOrgBuTreedDO;
import com.elitesland.yst.core.entity.QSecOrgEmpDO;
import com.elitesland.yst.security.dto.SecurityOrgUserEmpBuDTO;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import com.elitesland.yst.system.vo.SysDataAuthVO;
import com.elitesland.yst.system.vo.SysDataRoleAuthScope;
import com.querydsl.core.types.EntityPath;
import com.querydsl.core.types.ExpressionUtils;
import com.querydsl.core.types.PathMetadata;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import com.querydsl.jpa.JPAExpressions;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/elitesland/yst/core/security/util/DataAuthJpaUtil.class */
public class DataAuthJpaUtil {
    private static final String ROUTE_KEY = "RouteKey";
    private static final QSecOrgBuTreedDO secOrgBuTreedDO = QSecOrgBuTreedDO.secOrgBuTreedDO;
    private static final QSecOrgEmpDO secOrgEmpDO = QSecOrgEmpDO.secOrgEmpDO;
    private static boolean dataPermissionEnable = false;

    private DataAuthJpaUtil() {
    }

    public static Predicate dataAuthJpaPredicate1(PathMetadata pathMetadata) {
        GeneralUserDetails user = SecurityUtil.getUser();
        QBaseModel qBaseModel = new QBaseModel(pathMetadata);
        String requestSysDataRoute = getRequestSysDataRoute();
        Predicate preCheck = preCheck(user, qBaseModel, requestSysDataRoute);
        return preCheck != null ? preCheck : getPredicate(qBaseModel, user, requestSysDataRoute, true);
    }

    public static Predicate dataAuthJpaPredicate(PathMetadata pathMetadata) {
        GeneralUserDetails user = SecurityUtil.getUser();
        QBaseModel qBaseModel = new QBaseModel(pathMetadata);
        String requestSysDataRoute = getRequestSysDataRoute();
        Predicate preCheck = preCheck(user, qBaseModel, requestSysDataRoute);
        return preCheck != null ? preCheck : getPredicate(qBaseModel, user, requestSysDataRoute, false);
    }

    private static Predicate preCheck(GeneralUserDetails generalUserDetails, QBaseModel qBaseModel, String str) {
        if (!dataPermissionEnable) {
            return qBaseModel.id.isNotNull();
        }
        if (StringUtils.isBlank(str)) {
            throw new BusinessException(ApiCode.FAIL, "数据权限异常，RouteKey 为空");
        }
        if (generalUserDetails == null || generalUserDetails.getUser() == null) {
            return qBaseModel.id.isNotNull();
        }
        if (CollectionUtils.isEmpty(generalUserDetails.getUser().getSysDataRoleVOS())) {
            return qBaseModel.id.isNull();
        }
        if (RoleWhiteListEnum.ADMIN.isEnable()) {
            Stream map = generalUserDetails.getUser().getSysDataRoleVOS().stream().map((v0) -> {
                return v0.getCode();
            });
            String name = RoleWhiteListEnum.ADMIN.name();
            Objects.requireNonNull(name);
            if (map.anyMatch((v1) -> {
                return r1.equals(v1);
            })) {
                return qBaseModel.id.isNotNull();
            }
        }
        if (generalUserDetails.getSecurityOrgUserEmpBuDTO() == null || generalUserDetails.getSecurityOrgUserEmpBuDTO().getEmpId() == null) {
            return qBaseModel.id.isNull();
        }
        return null;
    }

    private static Predicate getPredicate(QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, String str, boolean z) {
        return z ? buildCodePathPredicate(qBaseModel, generalUserDetails, sysDataRoleOperation(generalUserDetails, str, true)) : buildIdInPredicate(qBaseModel, generalUserDetails, sysDataRoleOperation(generalUserDetails, str, false));
    }

    private static Predicate buildCodePathPredicate(QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, AuthScope authScope) {
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isNotEmpty(authScope.getSecBuIds()) || CollectionUtils.isNotEmpty(authScope.getCustomizedBuIds())) {
            Set<Long> secBuIds = authScope.getSecBuIds();
            secBuIds.addAll(authScope.getCustomizedBuIds());
            arrayList.add(qBaseModel.secBuId.in(secBuIds));
        }
        if (CollectionUtils.isNotEmpty(authScope.getBuCodePath())) {
            arrayList.add(JPAExpressions.selectOne().from(new EntityPath[]{secOrgBuTreedDO}).where(new Predicate[]{secOrgBuTreedDO.buTreeId.eq(generalUserDetails.getSecurityOrgUserEmpBuDTO().getEmpBuTreeId()).and(secOrgBuTreedDO.buId.eq(qBaseModel.secBuId)).and(ExpressionUtils.anyOf((List) authScope.getBuCodePath().stream().map(str -> {
                return secOrgBuTreedDO.codePath.like(str + "%");
            }).collect(Collectors.toList())))}).exists());
        }
        if (CollectionUtils.isNotEmpty(authScope.getSecEmpIds()) || CollectionUtils.isNotEmpty(authScope.getCustomizedEmpIds())) {
            Set<Long> secEmpIds = authScope.getSecEmpIds();
            secEmpIds.addAll(authScope.getCustomizedEmpIds());
            arrayList.add(qBaseModel.secUserId.in(secEmpIds));
        }
        if (CollectionUtils.isNotEmpty(authScope.getEmpCodePath())) {
            arrayList.add(JPAExpressions.selectOne().from(new EntityPath[]{secOrgEmpDO}).where(new Predicate[]{secOrgEmpDO.id.eq(qBaseModel.secUserId).and(ExpressionUtils.anyOf((List) authScope.getEmpCodePath().stream().map(str2 -> {
                return secOrgEmpDO.codePath.like(str2 + "%");
            }).collect(Collectors.toList())))}).exists());
        }
        if (!CollectionUtils.isNotEmpty(arrayList)) {
            return qBaseModel.id.isNotNull();
        }
        arrayList.add(qBaseModel.createUserId.eq(generalUserDetails.getUser().getId()));
        return ExpressionUtils.anyOf(arrayList);
    }

    private static Predicate buildIdInPredicate(QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, AuthScope authScope) {
        BooleanExpression eq = qBaseModel.createUserId.eq(generalUserDetails.getUser().getId());
        Set<Long> secBuIds = authScope.getSecBuIds();
        Set<Long> secEmpIds = authScope.getSecEmpIds();
        return (CollectionUtils.isNotEmpty(secBuIds) && CollectionUtils.isNotEmpty(secEmpIds)) ? ExpressionUtils.or(eq, qBaseModel.secBuId.in(secBuIds).or(qBaseModel.secUserId.in(secEmpIds))) : CollectionUtils.isNotEmpty(secBuIds) ? ExpressionUtils.or(eq, qBaseModel.secBuId.in(secBuIds)) : CollectionUtils.isNotEmpty(secEmpIds) ? ExpressionUtils.or(eq, qBaseModel.secUserId.in(secEmpIds)) : qBaseModel.id.isNotNull();
    }

    private static AuthScope sysDataRoleOperation(GeneralUserDetails generalUserDetails, String str, boolean z) {
        Set sysDataRoleVOS = generalUserDetails.getUser().getSysDataRoleVOS();
        SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO = generalUserDetails.getSecurityOrgUserEmpBuDTO();
        AuthScope authScope = new AuthScope();
        List list = (List) sysDataRoleVOS.stream().filter(sysDataRoleVO -> {
            return sysDataRoleVO.getAdvancedEnable() != null && sysDataRoleVO.getAdvancedEnable().booleanValue() && sysDataRoleVO.getStringSysDataPermissionVOMap() != null && sysDataRoleVO.getStringSysDataPermissionVOMap().containsKey(str);
        }).map(sysDataRoleVO2 -> {
            return (SysDataAuthVO) sysDataRoleVO2.getStringSysDataPermissionVOMap().get(str);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        if (!CollectionUtils.isNotEmpty(list)) {
            List list2 = (List) sysDataRoleVOS.stream().map((v0) -> {
                return v0.getSysDataAuthVO();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
            if (CollectionUtils.isNotEmpty(list2)) {
                if (z) {
                    calculateAuthScope(securityOrgUserEmpBuDTO, list2, authScope);
                } else {
                    calculateAuthIds(securityOrgUserEmpBuDTO, list2, authScope);
                }
            }
        } else if (z) {
            calculateAuthScope(securityOrgUserEmpBuDTO, list, authScope);
        } else {
            calculateAuthIds(securityOrgUserEmpBuDTO, list, authScope);
        }
        return authScope;
    }

    private static void calculateAuthIds(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, List<SysDataAuthVO> list, AuthScope authScope) {
        boolean z = false;
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        authScope.setSecBuIds(hashSet);
        authScope.setSecEmpIds(hashSet2);
        for (SysDataAuthVO sysDataAuthVO : list) {
            if (sysDataAuthVO.getIsAll() != null && sysDataAuthVO.getIsAll().booleanValue()) {
                hashSet.clear();
                hashSet2.clear();
                return;
            }
            if (z && z2) {
                return;
            }
            if (!z && sysDataAuthVO.getBuAuthEnable() != null && sysDataAuthVO.getBuAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getBuDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        hashSet.clear();
                        z = true;
                    } else if (!SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        if (!SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                            throw new BusinessException(ApiCode.BUSINESS_EXCEPTION, "组织数据权限异常，无法判断的授权枚举方式：" + sysDataAuthVO.getBuDataAuthScope().name());
                        }
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpBuIds())) {
                            hashSet.addAll(securityOrgUserEmpBuDTO.getChildEmpBuIds());
                        }
                    } else if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuIds())) {
                        hashSet.addAll(securityOrgUserEmpBuDTO.getEmpBuIds());
                    }
                }
                if (!z && CollectionUtils.isNotEmpty(sysDataAuthVO.getBuIdSet())) {
                    hashSet.addAll(sysDataAuthVO.getBuIdSet());
                }
            }
            if (!z2 && sysDataAuthVO.getEmpAuthEnable() != null && sysDataAuthVO.getEmpAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getUserDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        hashSet2.clear();
                        z2 = true;
                    } else if (!SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        if (!SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                            throw new BusinessException(ApiCode.BUSINESS_EXCEPTION, "人员数据权限异常，无法判断的授权枚举方式：" + sysDataAuthVO.getUserDataAuthScope().name());
                        }
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpIds())) {
                            hashSet2.addAll(securityOrgUserEmpBuDTO.getChildEmpIds());
                        }
                    } else if (securityOrgUserEmpBuDTO.getEmpId() != null) {
                        hashSet2.add(securityOrgUserEmpBuDTO.getEmpId());
                    }
                }
                if (!z2 && CollectionUtils.isNotEmpty(sysDataAuthVO.getUserIdSet())) {
                    hashSet2.addAll(sysDataAuthVO.getUserIdSet());
                }
            }
        }
    }

    private static void calculateAuthScope(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, List<SysDataAuthVO> list, AuthScope authScope) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        HashSet hashSet6 = new HashSet();
        authScope.setSecBuIds(hashSet);
        authScope.setBuCodePath(hashSet2);
        authScope.setCustomizedBuIds(hashSet3);
        authScope.setSecEmpIds(hashSet4);
        authScope.setEmpCodePath(hashSet5);
        authScope.setCustomizedEmpIds(hashSet6);
        for (SysDataAuthVO sysDataAuthVO : list) {
            if (sysDataAuthVO.getIsAll() != null && sysDataAuthVO.getIsAll().booleanValue()) {
                hashSet.clear();
                hashSet2.clear();
                hashSet4.clear();
                hashSet5.clear();
                return;
            }
            if (z && z4) {
                return;
            }
            if (!z && sysDataAuthVO.getBuAuthEnable() != null && sysDataAuthVO.getBuAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getBuDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        hashSet.clear();
                        hashSet2.clear();
                        hashSet3.clear();
                        z = true;
                    } else if (!z2 && SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        z2 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuCodePath())) {
                            hashSet.clear();
                            hashSet2.addAll(securityOrgUserEmpBuDTO.getEmpBuCodePath());
                        }
                    } else if (!z2 && !z3 && SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        z3 = true;
                        if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuIds())) {
                            hashSet.addAll(securityOrgUserEmpBuDTO.getEmpBuIds());
                        }
                    }
                }
                if (!z && CollectionUtils.isNotEmpty(sysDataAuthVO.getBuIdSet())) {
                    hashSet3.addAll(sysDataAuthVO.getBuIdSet());
                }
            }
            if (!z4 && sysDataAuthVO.getEmpAuthEnable() != null && sysDataAuthVO.getEmpAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getUserDataAuthScope() != null) {
                    if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        hashSet4.clear();
                        hashSet5.clear();
                        hashSet6.clear();
                        z4 = true;
                    } else if (!z5 && SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        z6 = true;
                        if (StringUtils.isNotBlank(securityOrgUserEmpBuDTO.getEmpCodePath())) {
                            hashSet4.clear();
                            hashSet5.add(securityOrgUserEmpBuDTO.getEmpCodePath());
                        }
                    } else if (!z5 && !z6 && SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        z5 = true;
                        if (securityOrgUserEmpBuDTO.getEmpId() != null) {
                            hashSet4.add(securityOrgUserEmpBuDTO.getEmpId());
                        }
                    }
                }
                if (!z4 && CollectionUtils.isNotEmpty(sysDataAuthVO.getUserIdSet())) {
                    hashSet6.addAll(sysDataAuthVO.getUserIdSet());
                }
            }
        }
    }

    private static String getRequestSysDataRoute() {
        return ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest().getHeader(ROUTE_KEY);
    }

    public static String getROUTE_KEY() {
        return ROUTE_KEY;
    }

    public static boolean isDataPermissionEnable() {
        return dataPermissionEnable;
    }

    public static void setDataPermissionEnable(boolean z) {
        dataPermissionEnable = z;
    }
}
