package com.asiainfo.aisquare.aisp.security.auth.service.impl;

import com.asiainfo.aisquare.aisp.common.basic.exception.BizException;
import com.asiainfo.aisquare.aisp.common.basic.utils.MessageUtils;
import com.asiainfo.aisquare.aisp.entity.auth.AuthPermission;
import com.asiainfo.aisquare.aisp.entity.auth.AuthProfile;
import com.asiainfo.aisquare.aisp.entity.auth.enums.AuthRoleTypeEnum;
import com.asiainfo.aisquare.aisp.redis.service.IRedisService;
import com.asiainfo.aisquare.aisp.security.auth.service.AuthPermissionService;
import com.asiainfo.aisquare.aisp.security.authResource.entity.AuthResourceType;
import com.asiainfo.aisquare.aisp.security.authResource.service.AuthResourceIdService;
import com.asiainfo.aisquare.aisp.security.authResource.service.AuthResourceTypeService;
import com.asiainfo.aisquare.aisp.security.resourceType.entity.ResourceType;
import com.asiainfo.aisquare.aisp.security.resourceType.service.ResourceTypeService;
import com.asiainfo.aisquare.aisp.security.role.service.RoleService;
import com.asiainfo.aisquare.aisp.security.utils.SecurityUtils;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.Resource;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("aps")
/* loaded from: input_file:com/asiainfo/aisquare/aisp/security/auth/service/impl/AuthPermissionServiceImpl.class */
public class AuthPermissionServiceImpl implements AuthPermissionService {
    private static final Logger log = LoggerFactory.getLogger(AuthPermissionServiceImpl.class);

    @Resource
    IRedisService redisService;

    @Resource
    RoleService roleService;

    @Resource
    ResourceTypeService sourceTypeService;

    @Resource
    AuthResourceTypeService authSourceTypeService;

    @Resource
    AuthResourceIdService authSourceIdService;

    public boolean hasPermission(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        List<String> rolePermissions = SecurityUtils.getRolePermissions(SecurityUtils.getAuthProfile().getRoleId());
        if (!CollectionUtils.isNotEmpty(rolePermissions)) {
            return false;
        }
        for (String str2 : str.split(",")) {
            if (StringUtils.isNotEmpty(str2) && hasPermissions(rolePermissions, str2)) {
                return true;
            }
        }
        return false;
    }

    public boolean isAdmin() {
        return AuthRoleTypeEnum.ADMIN.getTypeId().equals(this.roleService.getRoleById(SecurityUtils.getAuthProfile().getRoleId()).getRoleType());
    }

    public AuthPermission getAuthPermission(String str) {
        AuthProfile authProfile = SecurityUtils.getAuthProfile();
        if (authProfile == null) {
            throw new BizException(MessageUtils.message("auth.token.error", new Object[0]));
        }
        AuthPermission authPermission = new AuthPermission();
        authPermission.setDataType(str);
        ResourceType sourceTypeByCode = this.sourceTypeService.getSourceTypeByCode(str);
        if (sourceTypeByCode == null) {
            throw new BizException(MessageUtils.message("invalid.source.type", new Object[0]));
        }
        Long id = sourceTypeByCode.getId();
        AuthResourceType explicitAuthResourceType = this.authSourceTypeService.getExplicitAuthResourceType(id, authProfile.getRoleId());
        if (explicitAuthResourceType != null) {
            verbAuthPermission(explicitAuthResourceType.getAuthLevel(), authPermission);
        } else {
            verbAuthPermission(5, authPermission);
        }
        List<Long> resourceIds = this.authSourceIdService.getResourceIds(id, authProfile);
        if (CollectionUtils.isNotEmpty(resourceIds)) {
            authPermission.setResIds((List) resourceIds.stream().map(l -> {
                return String.valueOf(l);
            }).collect(Collectors.toList()));
        }
        log.info("得到的权限authPermission:{}", authPermission);
        return authPermission;
    }

    private AuthPermission verbAuthPermission(Integer num, AuthPermission authPermission) {
        if (authPermission == null) {
            authPermission = new AuthPermission();
        }
        AuthProfile authProfile = SecurityUtils.getAuthProfile();
        if (authProfile != null) {
            if (num.intValue() == 5) {
                log.info("资源{}是平台级可见", authPermission.getDataType());
            } else if (num.intValue() == 4) {
                log.info("资源{}是租户级可见", authPermission.getDataType());
                authPermission.setTenantId(authProfile.getTenantId() == null ? null : String.valueOf(authProfile.getTenantId()));
            } else if (num.intValue() == 3) {
                log.info("资源{}是项目级可见", authPermission.getDataType());
                authPermission.setProjectId(authProfile.getProjectId() == null ? null : String.valueOf(authProfile.getProjectId()));
                authPermission.setTenantId(authProfile.getTenantId() == null ? null : String.valueOf(authProfile.getTenantId()));
            } else if (num.intValue() == 2) {
                log.info("资源{}是角色级可见", authPermission.getDataType());
                authPermission.setRoleId(authProfile.getRoleId() == null ? null : String.valueOf(authProfile.getRoleId()));
            } else if (num.intValue() == 1) {
                log.info("资源{}是个人级可见", authPermission.getDataType());
                authPermission.setUserId(authProfile.getUserId() == null ? null : String.valueOf(authProfile.getUserId()));
            } else {
                log.error("资源{}的隔离级别{}不符合定义", authPermission.getDataType(), num);
            }
        }
        return authPermission;
    }

    private boolean hasPermissions(List<String> list, String str) {
        return list.contains("*.*.*") || list.contains(str.trim());
    }
}
