package com.elitesland.yst.core.security.util;

import com.elitesland.yst.common.base.ApiCode;
import com.elitesland.yst.common.base.QBaseModel;
import com.elitesland.yst.common.exception.BusinessException;
import com.elitesland.yst.security.dto.SecurityOrgUserEmpBuDTO;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import com.elitesland.yst.system.vo.SysDataAuthVO;
import com.elitesland.yst.system.vo.SysDataRoleAuthScope;
import com.elitesland.yst.system.vo.SysDataRoleVO;
import com.querydsl.core.types.ExpressionUtils;
import com.querydsl.core.types.PathMetadata;
import com.querydsl.core.types.Predicate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/elitesland/yst/core/security/util/DataAuthJpaUtil.class */
public class DataAuthJpaUtil {
    private static final String ROUTE_KEY = "RouteKey";
    private static boolean dataPermissionEnable = false;

    public static Predicate dataAuthJpaPredicate(PathMetadata pathMetadata) {
        return getPredicate(pathMetadata, getSysDataPermissionVO());
    }

    public static SysDataAuthVO getSysDataPermissionVO() {
        return sysDataRoleOperation(SecurityUtil.getUser(), getRequestSysDataRoute());
    }

    private static Predicate getPredicate(PathMetadata pathMetadata, SysDataAuthVO sysDataAuthVO) {
        QBaseModel qBaseModel = new QBaseModel(pathMetadata);
        Predicate isNotNull = qBaseModel.id.isNotNull();
        if (!dataPermissionEnable) {
            return isNotNull;
        }
        if (!sysDataAuthVO.getIsAll().booleanValue()) {
            boolean z = sysDataAuthVO.getBuIdSet() != null && sysDataAuthVO.getBuIdSet().size() > 0;
            boolean z2 = sysDataAuthVO.getUserIdSet() != null && sysDataAuthVO.getUserIdSet().size() > 0;
            if (z && z2) {
                isNotNull = ExpressionUtils.and(isNotNull, qBaseModel.secBuId.in(new ArrayList(sysDataAuthVO.getBuIdSet())).or(qBaseModel.secUserId.in(new ArrayList(sysDataAuthVO.getUserIdSet()))));
            } else {
                if (z) {
                    isNotNull = ExpressionUtils.and(isNotNull, qBaseModel.secBuId.in(new ArrayList(sysDataAuthVO.getBuIdSet())));
                }
                if (z2) {
                    isNotNull = ExpressionUtils.and(isNotNull, qBaseModel.secUserId.in(new ArrayList(sysDataAuthVO.getUserIdSet())));
                }
            }
        }
        return isNotNull;
    }

    private static SysDataAuthVO sysDataRoleOperation(GeneralUserDetails generalUserDetails, String str) {
        if (str == null) {
            throw new BusinessException(ApiCode.FAIL, "数据权限过滤异常，RouterKey 为空");
        }
        Set sysDataRoleVOS = generalUserDetails.getUser().getSysDataRoleVOS();
        SysDataAuthVO sysDataAuthVO = new SysDataAuthVO();
        SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO = generalUserDetails.getSecurityOrgUserEmpBuDTO();
        if (securityOrgUserEmpBuDTO == null) {
            throw new BusinessException(ApiCode.FAIL, "登录没有获取到组织与员工信息.");
        }
        Set<Long> sysDataRoleBuScope = sysDataRoleBuScope(sysDataRoleVOS, str, securityOrgUserEmpBuDTO);
        Set<Long> sysDataRoleUserScope = sysDataRoleUserScope(sysDataRoleVOS, str, securityOrgUserEmpBuDTO);
        sysDataAuthVO.setBuIdSet(sysDataRoleBuScope);
        sysDataAuthVO.setUserIdSet(sysDataRoleUserScope);
        return sysDataAuthVO;
    }

    private static Set<Long> sysDataRoleUserScope(Set<SysDataRoleVO> set, String str, SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO) {
        HashSet hashSet = new HashSet();
        Iterator<SysDataRoleVO> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SysDataRoleVO next = it.next();
            Map stringSysDataPermissionVOMap = next.getStringSysDataPermissionVOMap();
            if (next.getAdvancedEnable() != null && next.getAdvancedEnable().booleanValue() && stringSysDataPermissionVOMap.containsKey(str)) {
                SysDataAuthVO sysDataAuthVO = (SysDataAuthVO) stringSysDataPermissionVOMap.get(str);
                if (sysDataAuthVO.getIsAll().booleanValue()) {
                    hashSet.clear();
                    break;
                }
                if (CollectionUtils.isNotEmpty(sysDataAuthVO.getUserIdSet())) {
                    hashSet.addAll(sysDataAuthVO.getUserIdSet());
                }
                if (getUserAuthScope(securityOrgUserEmpBuDTO, hashSet, sysDataAuthVO)) {
                    break;
                }
            } else {
                SysDataAuthVO sysDataAuthVO2 = next.getSysDataAuthVO();
                if (sysDataAuthVO2.getIsAll().booleanValue()) {
                    hashSet.clear();
                    break;
                }
                if (CollectionUtils.isNotEmpty(sysDataAuthVO2.getUserIdSet())) {
                    hashSet.addAll(sysDataAuthVO2.getUserIdSet());
                }
                if (getUserAuthScope(securityOrgUserEmpBuDTO, hashSet, sysDataAuthVO2)) {
                    break;
                }
            }
        }
        return hashSet;
    }

    private static Set<Long> sysDataRoleBuScope(Set<SysDataRoleVO> set, String str, SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO) {
        HashSet hashSet = new HashSet();
        Iterator<SysDataRoleVO> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SysDataRoleVO next = it.next();
            Map stringSysDataPermissionVOMap = next.getStringSysDataPermissionVOMap();
            if (next.getAdvancedEnable() != null && next.getAdvancedEnable().booleanValue() && stringSysDataPermissionVOMap.containsKey(str)) {
                SysDataAuthVO sysDataAuthVO = (SysDataAuthVO) stringSysDataPermissionVOMap.get(str);
                if (sysDataAuthVO.getIsAll().booleanValue()) {
                    hashSet.clear();
                    break;
                }
                if (CollectionUtils.isNotEmpty(sysDataAuthVO.getBuIdSet())) {
                    hashSet.addAll(sysDataAuthVO.getBuIdSet());
                }
                if (getBuAuthScope(securityOrgUserEmpBuDTO, hashSet, sysDataAuthVO)) {
                    break;
                }
            } else {
                SysDataAuthVO sysDataAuthVO2 = next.getSysDataAuthVO();
                if (sysDataAuthVO2.getIsAll().booleanValue()) {
                    sysDataAuthVO2.getBuIdSet().clear();
                    break;
                }
                if (CollectionUtils.isNotEmpty(sysDataAuthVO2.getBuIdSet())) {
                    hashSet.addAll(sysDataAuthVO2.getBuIdSet());
                }
                if (getBuAuthScope(securityOrgUserEmpBuDTO, hashSet, sysDataAuthVO2)) {
                    break;
                }
            }
        }
        return hashSet;
    }

    private static boolean getUserAuthScope(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, Set<Long> set, SysDataAuthVO sysDataAuthVO) {
        if (sysDataAuthVO.getEmpAuthEnable() == null || !sysDataAuthVO.getEmpAuthEnable().booleanValue()) {
            return false;
        }
        if (sysDataAuthVO.getUserDataAuthScope().name().equals(SysDataRoleAuthScope.SELF.name())) {
            Long empId = securityOrgUserEmpBuDTO.getEmpId();
            if (empId == null) {
                return false;
            }
            set.add(empId);
            return false;
        }
        if (!sysDataAuthVO.getUserDataAuthScope().name().equals(SysDataRoleAuthScope.SELF_CHILDES.name())) {
            if (!sysDataAuthVO.getUserDataAuthScope().name().equals(SysDataRoleAuthScope.ALL.name())) {
                return false;
            }
            set.clear();
            return true;
        }
        List childEmpIds = securityOrgUserEmpBuDTO.getChildEmpIds();
        if (!CollectionUtils.isNotEmpty(childEmpIds)) {
            return false;
        }
        set.addAll(childEmpIds);
        return false;
    }

    private static boolean getBuAuthScope(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, Set<Long> set, SysDataAuthVO sysDataAuthVO) {
        if (sysDataAuthVO.getBuAuthEnable() == null || !sysDataAuthVO.getBuAuthEnable().booleanValue()) {
            return false;
        }
        if (sysDataAuthVO.getBuDataAuthScope().name().equals(SysDataRoleAuthScope.SELF.name())) {
            List empBuIds = securityOrgUserEmpBuDTO.getEmpBuIds();
            if (!CollectionUtils.isNotEmpty(empBuIds)) {
                return false;
            }
            set.addAll(empBuIds);
            return false;
        }
        if (!sysDataAuthVO.getBuDataAuthScope().name().equals(SysDataRoleAuthScope.SELF_CHILDES.name())) {
            if (!sysDataAuthVO.getBuDataAuthScope().name().equals(SysDataRoleAuthScope.ALL.name())) {
                return false;
            }
            set.clear();
            return true;
        }
        List childEmpBuIds = securityOrgUserEmpBuDTO.getChildEmpBuIds();
        if (!CollectionUtils.isNotEmpty(childEmpBuIds)) {
            return false;
        }
        set.addAll(childEmpBuIds);
        return false;
    }

    private static String getRequestSysDataRoute() {
        return ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest().getHeader(ROUTE_KEY);
    }

    public static Predicate testDataAuthJpaPredicate(PathMetadata pathMetadata) throws Exception {
        return getPredicate(pathMetadata, getTestSysDataPermissionVO());
    }

    protected static SysDataAuthVO getTestSysDataPermissionVO() {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (Long l = 1L; l.longValue() < 300; l = Long.valueOf(l.longValue() + 1)) {
            hashSet.add(l);
            hashSet2.add(l);
        }
        SysDataAuthVO sysDataAuthVO = new SysDataAuthVO();
        sysDataAuthVO.setBuIdSet(hashSet);
        sysDataAuthVO.setUserIdSet(hashSet2);
        return sysDataAuthVO;
    }

    public static String getROUTE_KEY() {
        return ROUTE_KEY;
    }

    public static boolean isDataPermissionEnable() {
        return dataPermissionEnable;
    }

    public static void setDataPermissionEnable(boolean z) {
        dataPermissionEnable = z;
    }
}
