package com.elitesland.yst.core.security.util;

import com.elitesland.yst.common.base.ApiCode;
import com.elitesland.yst.common.base.QBaseModel;
import com.elitesland.yst.common.exception.BusinessException;
import com.elitesland.yst.security.dto.SecurityOrgUserEmpBuDTO;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import com.elitesland.yst.system.vo.SysDataAuthVO;
import com.elitesland.yst.system.vo.SysDataRoleAuthScope;
import com.querydsl.core.types.ExpressionUtils;
import com.querydsl.core.types.PathMetadata;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/elitesland/yst/core/security/util/DataAuthJpaUtil.class */
public class DataAuthJpaUtil {
    private static final String ROUTE_KEY = "RouteKey";
    private static boolean dataPermissionEnable = false;

    private DataAuthJpaUtil() {
    }

    public static Predicate dataAuthJpaPredicate(PathMetadata pathMetadata) {
        GeneralUserDetails user = SecurityUtil.getUser();
        QBaseModel qBaseModel = new QBaseModel(pathMetadata);
        String requestSysDataRoute = getRequestSysDataRoute();
        if (!dataPermissionEnable) {
            return qBaseModel.id.isNotNull();
        }
        if (StringUtils.isBlank(requestSysDataRoute)) {
            throw new BusinessException(ApiCode.FAIL, "数据权限异常，RouteKey 为空");
        }
        if (user == null || user.getUser() == null) {
            return qBaseModel.id.isNotNull();
        }
        if (user.getSecurityOrgUserEmpBuDTO() != null && !CollectionUtils.isEmpty(user.getUser().getSysDataRoleVOS())) {
            if (RoleWhiteListEnum.ADMIN.isEnable()) {
                Stream map = user.getUser().getSysDataRoleVOS().stream().map((v0) -> {
                    return v0.getCode();
                });
                String name = RoleWhiteListEnum.ADMIN.name();
                Objects.requireNonNull(name);
                if (map.anyMatch((v1) -> {
                    return r1.equals(v1);
                })) {
                    return qBaseModel.id.isNotNull();
                }
            }
            return getPredicate(qBaseModel, user, sysDataRoleOperation(user, requestSysDataRoute));
        }
        return qBaseModel.id.isNull();
    }

    private static Predicate getPredicate(QBaseModel qBaseModel, GeneralUserDetails generalUserDetails, SysDataAuthVO sysDataAuthVO) {
        BooleanExpression eq = qBaseModel.createUserId.eq(generalUserDetails.getUser().getId());
        Set buIdSet = sysDataAuthVO.getBuIdSet();
        Set userIdSet = sysDataAuthVO.getUserIdSet();
        return (CollectionUtils.isNotEmpty(buIdSet) && CollectionUtils.isNotEmpty(userIdSet)) ? ExpressionUtils.or(eq, qBaseModel.secBuId.in(buIdSet).or(qBaseModel.secUserId.in(userIdSet))) : CollectionUtils.isNotEmpty(buIdSet) ? ExpressionUtils.or(eq, qBaseModel.secBuId.in(buIdSet)) : CollectionUtils.isNotEmpty(userIdSet) ? ExpressionUtils.or(eq, qBaseModel.secUserId.in(userIdSet)) : qBaseModel.id.isNotNull();
    }

    private static SysDataAuthVO sysDataRoleOperation(GeneralUserDetails generalUserDetails, String str) {
        Set sysDataRoleVOS = generalUserDetails.getUser().getSysDataRoleVOS();
        SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO = generalUserDetails.getSecurityOrgUserEmpBuDTO();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        List list = (List) sysDataRoleVOS.stream().filter(sysDataRoleVO -> {
            return sysDataRoleVO.getAdvancedEnable() != null && sysDataRoleVO.getAdvancedEnable().booleanValue() && sysDataRoleVO.getStringSysDataPermissionVOMap() != null && sysDataRoleVO.getStringSysDataPermissionVOMap().containsKey(str);
        }).map(sysDataRoleVO2 -> {
            return (SysDataAuthVO) sysDataRoleVO2.getStringSysDataPermissionVOMap().get(str);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        if (CollectionUtils.isNotEmpty(list)) {
            calculateAuthIds(securityOrgUserEmpBuDTO, list, hashSet, hashSet2);
        } else {
            List list2 = (List) sysDataRoleVOS.stream().map((v0) -> {
                return v0.getSysDataAuthVO();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
            if (CollectionUtils.isNotEmpty(list2)) {
                calculateAuthIds(securityOrgUserEmpBuDTO, list2, hashSet, hashSet2);
            }
        }
        SysDataAuthVO sysDataAuthVO = new SysDataAuthVO();
        sysDataAuthVO.setBuIdSet(hashSet);
        sysDataAuthVO.setUserIdSet(hashSet2);
        return sysDataAuthVO;
    }

    private static void calculateAuthIds(SecurityOrgUserEmpBuDTO securityOrgUserEmpBuDTO, List<SysDataAuthVO> list, Set<Long> set, Set<Long> set2) {
        boolean z = false;
        boolean z2 = false;
        for (SysDataAuthVO sysDataAuthVO : list) {
            if (sysDataAuthVO.getIsAll() != null && sysDataAuthVO.getIsAll().booleanValue()) {
                set.clear();
                set2.clear();
                return;
            }
            if (z && z2) {
                return;
            }
            if (!z && sysDataAuthVO.getBuAuthEnable() != null && sysDataAuthVO.getBuAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getBuDataAuthScope() == null) {
                    throw new BusinessException(ApiCode.BUSINESS_EXCEPTION, "组织数据权限异常，授权枚举方式为空");
                }
                if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                    set.clear();
                    z = true;
                } else if (!SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                    if (!SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getBuDataAuthScope().name())) {
                        throw new BusinessException(ApiCode.BUSINESS_EXCEPTION, "组织数据权限异常，无法判断的授权枚举方式：" + sysDataAuthVO.getBuDataAuthScope().name());
                    }
                    if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpBuIds())) {
                        set.addAll(securityOrgUserEmpBuDTO.getChildEmpBuIds());
                    }
                } else if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getEmpBuIds())) {
                    set.addAll(securityOrgUserEmpBuDTO.getEmpBuIds());
                }
                if (CollectionUtils.isNotEmpty(sysDataAuthVO.getBuIdSet())) {
                    set.addAll(sysDataAuthVO.getBuIdSet());
                }
            }
            if (!z2 && sysDataAuthVO.getEmpAuthEnable() != null && sysDataAuthVO.getEmpAuthEnable().booleanValue()) {
                if (sysDataAuthVO.getUserDataAuthScope() == null) {
                    throw new BusinessException(ApiCode.BUSINESS_EXCEPTION, "人员数据权限异常，授权枚举方式为空");
                }
                if (SysDataRoleAuthScope.ALL.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                    set2.clear();
                    z2 = true;
                } else if (!SysDataRoleAuthScope.SELF.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                    if (!SysDataRoleAuthScope.SELF_CHILDES.name().equals(sysDataAuthVO.getUserDataAuthScope().name())) {
                        throw new BusinessException(ApiCode.BUSINESS_EXCEPTION, "人员数据权限异常，无法判断的授权枚举方式：" + sysDataAuthVO.getUserDataAuthScope().name());
                    }
                    if (CollectionUtils.isNotEmpty(securityOrgUserEmpBuDTO.getChildEmpIds())) {
                        set2.addAll(securityOrgUserEmpBuDTO.getChildEmpIds());
                    }
                } else if (securityOrgUserEmpBuDTO.getEmpId() != null) {
                    set2.add(securityOrgUserEmpBuDTO.getEmpId());
                }
                if (CollectionUtils.isNotEmpty(sysDataAuthVO.getUserIdSet())) {
                    set.addAll(sysDataAuthVO.getUserIdSet());
                }
            }
        }
    }

    private static String getRequestSysDataRoute() {
        return ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest().getHeader(ROUTE_KEY);
    }

    public static Predicate testDataAuthJpaPredicate(PathMetadata pathMetadata) throws Exception {
        return getPredicate(new QBaseModel(pathMetadata), SecurityUtil.getUser(), getTestSysDataPermissionVO());
    }

    protected static SysDataAuthVO getTestSysDataPermissionVO() {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (Long l = 1L; l.longValue() < 300; l = Long.valueOf(l.longValue() + 1)) {
            hashSet.add(l);
            hashSet2.add(l);
        }
        SysDataAuthVO sysDataAuthVO = new SysDataAuthVO();
        sysDataAuthVO.setBuIdSet(hashSet);
        sysDataAuthVO.setUserIdSet(hashSet2);
        return sysDataAuthVO;
    }

    public static String getROUTE_KEY() {
        return ROUTE_KEY;
    }

    public static boolean isDataPermissionEnable() {
        return dataPermissionEnable;
    }

    public static void setDataPermissionEnable(boolean z) {
        dataPermissionEnable = z;
    }
}
