package org.beangle.security.blueprint.data.service.internal;

import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.beangle.commons.collection.CollectUtils;
import org.beangle.commons.dao.impl.BaseServiceImpl;
import org.beangle.commons.dao.query.builder.Condition;
import org.beangle.commons.dao.query.builder.OqlBuilder;
import org.beangle.commons.lang.Strings;
import org.beangle.security.blueprint.Permission;
import org.beangle.security.blueprint.Resource;
import org.beangle.security.blueprint.Role;
import org.beangle.security.blueprint.User;
import org.beangle.security.blueprint.data.DataPermission;
import org.beangle.security.blueprint.data.Profile;
import org.beangle.security.blueprint.data.ProfileField;
import org.beangle.security.blueprint.data.Property;
import org.beangle.security.blueprint.data.RoleProfile;
import org.beangle.security.blueprint.data.UserProfile;
import org.beangle.security.blueprint.data.UserProperty;
import org.beangle.security.blueprint.data.model.DataPermissionBean;
import org.beangle.security.blueprint.data.service.DataPermissionService;
import org.beangle.security.blueprint.data.service.UserDataProvider;
import org.beangle.security.blueprint.data.service.UserDataResolver;
import org.beangle.security.blueprint.function.service.FuncPermissionService;
import org.beangle.security.blueprint.service.UserService;

/* loaded from: input_file:org/beangle/security/blueprint/data/service/internal/DataPermissionServiceImpl.class */
public class DataPermissionServiceImpl extends BaseServiceImpl implements DataPermissionService {
    protected UserService userService;
    protected Map<String, UserDataProvider> providers = CollectUtils.newHashMap();
    protected UserDataResolver dataResolver;
    protected FuncPermissionService permissionService;

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public List<UserProfile> getUserProfiles(User user) {
        return this.entityDao.search(OqlBuilder.from(UserProfile.class, "up").where("up.user=:user", user));
    }

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public RoleProfile getRoleProfile(Role role) {
        return (RoleProfile) this.entityDao.uniqueResult(OqlBuilder.from(RoleProfile.class, "rp").where("rp.role=:role", role).cacheable());
    }

    private List<? extends DataPermission> getPermissions(Role role, String str, final String str2) {
        List<? extends DataPermission> search = this.entityDao.search(OqlBuilder.from(DataPermissionBean.class, "dp").where("dp.resource.name=:name", str).cacheable());
        final String name = role.getName();
        final Date date = new Date();
        CollectionUtils.filter(search, new Predicate() { // from class: org.beangle.security.blueprint.data.service.internal.DataPermissionServiceImpl.1
            public boolean evaluate(Object obj) {
                DataPermissionBean dataPermissionBean = (DataPermissionBean) obj;
                if (null != dataPermissionBean.getEffectiveAt() && date.before(dataPermissionBean.getEffectiveAt())) {
                    return false;
                }
                if (null != dataPermissionBean.getInvalidAt() && date.after(dataPermissionBean.getInvalidAt())) {
                    return false;
                }
                if (dataPermissionBean.getRole() == null || dataPermissionBean.getRole().getName().equals(name)) {
                    return dataPermissionBean.getFuncResource() == null || dataPermissionBean.getFuncResource().getName().equals(str2);
                }
                return false;
            }
        });
        Collections.sort(search, new Comparator<DataPermissionBean>() { // from class: org.beangle.security.blueprint.data.service.internal.DataPermissionServiceImpl.2
            static final int general = 4;
            static final int onlyRoleMatch = 3;
            static final int onlyFuncMatch = 2;
            static final int matchAll = 1;

            @Override // java.util.Comparator
            public int compare(DataPermissionBean dataPermissionBean, DataPermissionBean dataPermissionBean2) {
                return getWeight(dataPermissionBean) - getWeight(dataPermissionBean2);
            }

            private int getWeight(DataPermissionBean dataPermissionBean) {
                return (dataPermissionBean.getRole() == null && dataPermissionBean.getFuncResource() == null) ? general : (dataPermissionBean.getRole() == null || dataPermissionBean.getFuncResource() != null) ? (dataPermissionBean.getRole() != null || dataPermissionBean.getFuncResource() == null) ? matchAll : onlyFuncMatch : onlyRoleMatch;
            }
        });
        return search;
    }

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public DataPermission getPermission(Long l, String str, String str2) {
        Iterator<Role> it = this.userService.getRoles(l).iterator();
        while (it.hasNext()) {
            List<? extends DataPermission> permissions = getPermissions(it.next(), str, str2);
            if (!permissions.isEmpty()) {
                return permissions.get(0);
            }
        }
        return null;
    }

    public Collection<RoleProfile> getProfiles(Collection<Role> collection, Resource resource) {
        if (collection.isEmpty()) {
            return Collections.EMPTY_LIST;
        }
        OqlBuilder from = OqlBuilder.from("from " + Permission.class.getName() + " au," + RoleProfile.class.getName() + " gp");
        from.where("au.role in (:roles) and au.resource = :resource and au.role=gp.role", collection, resource);
        from.select("gp");
        return this.entityDao.search(from);
    }

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public List<?> getFieldValues(ProfileField profileField, Object... objArr) {
        if (null == profileField.getSource()) {
            return Collections.emptyList();
        }
        String source = profileField.getSource();
        String substringBefore = Strings.substringBefore(source, ":");
        String substringAfter = Strings.substringAfter(source, ":");
        UserDataProvider userDataProvider = this.providers.get(substringBefore);
        if (null != userDataProvider) {
            return userDataProvider.getData(profileField, substringAfter, objArr);
        }
        throw new RuntimeException("not support data provider:" + substringBefore);
    }

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public Object getPropertyValue(ProfileField profileField, Profile profile) {
        Property property = profile.getProperty(profileField);
        if (null == property) {
            return null;
        }
        return unmarshal(property.getValue(), profileField);
    }

    private Object unmarshal(String str, ProfileField profileField) {
        try {
            List unmarshal = this.dataResolver.unmarshal(profileField, str);
            if (profileField.isMultiple()) {
                return unmarshal;
            }
            if (1 != unmarshal.size()) {
                return null;
            }
            return unmarshal.get(0);
        } catch (Exception e) {
            this.logger.error("exception with param type:" + profileField.getType().getTypeName() + " value:" + str, e);
            return null;
        }
    }

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public void apply(OqlBuilder<?> oqlBuilder, DataPermission dataPermission, UserProfile userProfile) {
        List newArrayList = CollectUtils.newArrayList();
        if (Strings.isEmpty(dataPermission.getFilters())) {
            return;
        }
        String[] split = Strings.split(Strings.replace(Strings.replace(dataPermission.getFilters(), "{alias}", oqlBuilder.getAlias()), " and ", "$"), "$");
        StringBuilder sb = new StringBuilder("(");
        for (int i = 0; i < split.length; i++) {
            String str = split[i];
            for (String str2 : new Condition(str).getParamNames()) {
                UserProperty property = userProfile.getProperty(str2);
                String value = null == property ? null : property.getValue();
                if (!Strings.isNotEmpty(value)) {
                    throw new RuntimeException(str2 + " had not been initialized");
                }
                if (value.equals("*")) {
                    str = "";
                } else {
                    newArrayList.add(unmarshal(value, property.getField()));
                }
            }
            if (sb.length() > 1 && str.length() > 0) {
                sb.append(" and ");
            }
            sb.append(str);
        }
        if (sb.length() > 1) {
            sb.append(')');
            Condition condition = new Condition(sb.toString());
            condition.params(newArrayList);
            oqlBuilder.where(condition);
        }
    }

    @Override // org.beangle.security.blueprint.data.service.DataPermissionService
    public ProfileField getProfileField(String str) {
        List list = this.entityDao.get(ProfileField.class, "name", new Object[]{str});
        if (1 != list.size()) {
            throw new RuntimeException("bad pattern parameter named :" + str);
        }
        return (ProfileField) list.get(0);
    }

    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    public void setPermissionService(FuncPermissionService funcPermissionService) {
        this.permissionService = funcPermissionService;
    }

    public Map<String, UserDataProvider> getProviders() {
        return this.providers;
    }

    public void setProviders(Map<String, UserDataProvider> map) {
        this.providers = map;
    }

    public void setDataResolver(UserDataResolver userDataResolver) {
        this.dataResolver = userDataResolver;
    }
}
