package cn.ibizlab.util.service;

import cn.ibizlab.util.domain.IEntity;
import cn.ibizlab.util.filter.ISearchContext;
import cn.ibizlab.util.filter.QueryFilter;
import cn.ibizlab.util.helper.BeanCache;
import cn.ibizlab.util.security.AuthenticationUser;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:cn/ibizlab/util/service/AbstractPermissionEvaluator.class */
public class AbstractPermissionEvaluator implements PermissionEvaluator {

    @Value("${ibiz.enablePermissionValid:false}")
    boolean enablePermissionValid;

    public boolean isEnablePermissionValid() {
        return this.enablePermissionValid;
    }

    public boolean hasPermission(Authentication authentication, Serializable serializable, String str, Object obj) {
        return true;
    }

    public boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        if (!isEnablePermissionValid()) {
            return true;
        }
        Object principal = authentication.getPrincipal();
        if (ObjectUtils.isEmpty(principal)) {
            return false;
        }
        AuthenticationUser authenticationUser = null;
        if (principal instanceof AuthenticationUser) {
            authenticationUser = (AuthenticationUser) authentication.getPrincipal();
            if (authenticationUser.isSuperUser()) {
                return true;
            }
        }
        if (ObjectUtils.isEmpty(authentication.getAuthorities())) {
            return false;
        }
        String[] split = String.valueOf(obj2).split("-|:");
        String str = split.length >= 2 ? split[1] : "";
        String str2 = split.length >= 3 ? split[2] : "";
        Set<String> set = (Set) authentication.getAuthorities().stream().filter(grantedAuthority -> {
            return grantedAuthority.getAuthority().startsWith((String) obj2);
        }).map(grantedAuthority2 -> {
            return grantedAuthority2.getAuthority();
        }).collect(Collectors.toSet());
        if (set.size() == 0) {
            return false;
        }
        if (set.stream().filter(str3 -> {
            return str3.endsWith(String.format("%s-all", str2));
        }).findAny().isPresent()) {
            return true;
        }
        if ((obj instanceof ArrayList) && !((ArrayList) obj).isEmpty() && (((ArrayList) obj).get(0) instanceof IEntity)) {
            Iterator it = ((List) obj).iterator();
            while (it.hasNext()) {
                if (!actionValid((IEntity) it.next(), str, str2, (String) obj2, set, authenticationUser)) {
                    return false;
                }
            }
            return true;
        }
        if (obj instanceof ISearchContext) {
            addFetchPermissionCondition((ISearchContext) obj, str, str2, (String) obj2, set, authenticationUser);
            return true;
        }
        if (obj instanceof IEntity) {
            return actionValid((IEntity) obj, str, str2, (String) obj2, set, authenticationUser);
        }
        return true;
    }

    public BeanCache.BeanSchema getSchema(String str) {
        return BeanCache.get(str);
    }

    public void addFetchPermissionCondition(ISearchContext iSearchContext, String str, String str2, String str3, Set<String> set, AuthenticationUser authenticationUser) {
        BeanCache.BeanSchema schema = getSchema(str);
        if (schema == null) {
            schema = getSchema(iSearchContext.getClass().getSimpleName());
        }
        if (schema == null) {
            return;
        }
        String fieldName = schema.getOrgField() != null ? schema.getOrgField().getFieldName() : null;
        String fieldName2 = schema.getOrgDeptField() != null ? schema.getOrgDeptField().getFieldName() : null;
        String fieldName3 = schema.getOrgTeamField() != null ? schema.getOrgTeamField().getFieldName() : null;
        String fieldName4 = schema.getCreateManField() != null ? schema.getCreateManField().getFieldName() : null;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        for (String str4 : set) {
            if (str4.endsWith("curorg")) {
                hashSet.addAll(authenticationUser.getCurOrgIds());
            } else if (str4.endsWith("porg")) {
                hashSet.addAll(authenticationUser.getParentOrgIds());
            } else if (str4.endsWith("sorg")) {
                hashSet.addAll(authenticationUser.getCurOrgIds());
                hashSet.addAll(authenticationUser.getSubOrgIds());
            } else if (str4.endsWith("curorgdept")) {
                hashSet2.addAll(authenticationUser.getCurDeptIds());
            } else if (str4.endsWith("porgdept")) {
                hashSet2.addAll(authenticationUser.getParentDeptIds());
            } else if (str4.endsWith("sorgdept")) {
                hashSet2.addAll(authenticationUser.getCurDeptIds());
                hashSet2.addAll(authenticationUser.getSubDeptIds());
            } else if (str4.endsWith("curteam")) {
                hashSet3.addAll(authenticationUser.getCurTeamIds());
            } else if (str4.endsWith("createman")) {
                hashSet4.add(str4);
            }
        }
        iSearchContext.setFilter(QueryFilter.createQuery());
        if (hashSet.size() == 0 && hashSet2.size() == 0 && hashSet4.size() == 0) {
            iSearchContext.getFilter().custom("1<>1");
            return;
        }
        if (!ObjectUtils.isEmpty(fieldName) && hashSet.size() > 0) {
            iSearchContext.getFilter().or(QueryFilter.createQuery().in(fieldName, hashSet));
        }
        if (!ObjectUtils.isEmpty(fieldName2) && hashSet2.size() > 0) {
            iSearchContext.getFilter().or(QueryFilter.createQuery().in(fieldName2, hashSet2));
        }
        if (!ObjectUtils.isEmpty(fieldName3) && hashSet3.size() > 0) {
            iSearchContext.getFilter().or(QueryFilter.createQuery().in(fieldName3, hashSet3));
        }
        if (ObjectUtils.isEmpty(fieldName4) || hashSet4.size() <= 0) {
            return;
        }
        iSearchContext.getFilter().or(QueryFilter.createQuery().eq(fieldName4, authenticationUser.getUserid()));
    }

    public boolean actionValid(IEntity iEntity, String str, String str2, String str3, Set<String> set, AuthenticationUser authenticationUser) {
        BeanCache.BeanSchema schema = getSchema(str);
        if (schema == null) {
            schema = getSchema(iEntity.getClass().getSimpleName());
        }
        if (schema == null) {
            return false;
        }
        Object obj = schema.getOrgField() != null ? iEntity.get(schema.getOrgField().getCodeName()) : null;
        Object obj2 = schema.getOrgDeptField() != null ? iEntity.get(schema.getOrgDeptField().getCodeName()) : null;
        Object obj3 = schema.getOrgTeamField() != null ? iEntity.get(schema.getOrgTeamField().getCodeName()) : null;
        Object obj4 = schema.getCreateManField() != null ? iEntity.get(schema.getCreateManField().getCodeName()) : null;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (String str4 : set) {
            if (str4.endsWith("curorg")) {
                hashSet.addAll(authenticationUser.getCurOrgIds());
            } else if (str4.endsWith("porg")) {
                hashSet.addAll(authenticationUser.getParentOrgIds());
            } else if (str4.endsWith("sorg")) {
                hashSet.addAll(authenticationUser.getCurOrgIds());
                hashSet.addAll(authenticationUser.getSubOrgIds());
            } else if (str4.endsWith("curorgdept")) {
                hashSet2.addAll(authenticationUser.getCurDeptIds());
            } else if (str4.endsWith("porgdept")) {
                hashSet2.addAll(authenticationUser.getParentDeptIds());
            } else if (str4.endsWith("sorgdept")) {
                hashSet2.addAll(authenticationUser.getCurDeptIds());
                hashSet2.addAll(authenticationUser.getSubDeptIds());
            } else if (str4.endsWith("curteam")) {
                hashSet3.addAll(authenticationUser.getCurTeamIds());
            }
        }
        if (str2.endsWith("Create") || str2.endsWith("Save")) {
            if (!ObjectUtils.isEmpty(obj) && !hashSet.contains(obj)) {
                return false;
            }
            if (!ObjectUtils.isEmpty(obj2) && !hashSet2.contains(obj2)) {
                return false;
            }
            if (ObjectUtils.isEmpty(obj3) || hashSet3.contains(obj3)) {
                return ObjectUtils.isEmpty(obj4) || authenticationUser.getUserid().equals(obj4);
            }
            return false;
        }
        if (!ObjectUtils.isEmpty(obj) && hashSet.contains(obj)) {
            return true;
        }
        if (!ObjectUtils.isEmpty(obj2) && hashSet2.contains(obj2)) {
            return true;
        }
        if (ObjectUtils.isEmpty(obj3) || !hashSet3.contains(obj3)) {
            return !ObjectUtils.isEmpty(obj4) && authenticationUser.getUserid().equals(obj4);
        }
        return true;
    }
}
