package cn.gtmap.onemap.server.service.impl;

import cn.gtmap.onemap.core.event.EntityEvent;
import cn.gtmap.onemap.core.ex.EntityAlreadyExistException;
import cn.gtmap.onemap.core.ex.EntityNotFoundException;
import cn.gtmap.onemap.core.ex.NoPermissonException;
import cn.gtmap.onemap.core.util.ArrayUtils;
import cn.gtmap.onemap.model.Operation;
import cn.gtmap.onemap.model.Privilege;
import cn.gtmap.onemap.model.PrivilegeAcl;
import cn.gtmap.onemap.security.AuthorizationService;
import cn.gtmap.onemap.security.Constants;
import cn.gtmap.onemap.security.IdentityService;
import cn.gtmap.onemap.security.Role;
import cn.gtmap.onemap.server.dao.OperationDAO;
import cn.gtmap.onemap.server.dao.PrivilegeAclDAO;
import cn.gtmap.onemap.server.dao.PrivilegeDAO;
import cn.gtmap.onemap.server.service.PrivilegeManager;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:WEB-INF/classes/cn/gtmap/onemap/server/service/impl/AuthorizationServiceImpl.class */
public class AuthorizationServiceImpl implements AuthorizationService, PrivilegeManager, ApplicationListener<EntityEvent> {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizationServiceImpl.class);

    @Autowired
    private PrivilegeDAO privilegeDAO;

    @Autowired
    private OperationDAO operationDAO;

    @Autowired
    private PrivilegeAclDAO privilegeAclDAO;

    @Autowired
    private IdentityService identityService;

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public boolean isPermitted(String str, String str2, String str3) {
        return isPermitted(str, str2, Collections.singleton(str3));
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public boolean isPermitted(String str, String str2, Collection<String> collection) {
        Set<String> permittedOperationNames = getPermittedOperationNames(str, str2);
        Iterator<String> it2 = collection.iterator();
        while (it2.hasNext()) {
            if (!permittedOperationNames.contains(it2.next())) {
                return false;
            }
        }
        return true;
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public boolean isAnyPermitted(String str, String str2, Collection<String> collection) {
        Set<String> permittedOperationNames = getPermittedOperationNames(str, str2);
        Iterator<String> it2 = collection.iterator();
        while (it2.hasNext()) {
            if (permittedOperationNames.contains(it2.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public Map<String, Boolean> isPermitted(String str, Map<String, Collection<String>> map) {
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(map.size());
        for (Map.Entry<String, Collection<String>> entry : map.entrySet()) {
            newHashMapWithExpectedSize.put(entry.getKey(), Boolean.valueOf(isPermitted(str, entry.getKey(), entry.getValue())));
        }
        return newHashMapWithExpectedSize;
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public Set<String> getPermittedOperationNames(String str, String str2) {
        HashSet newHashSet = Sets.newHashSet();
        try {
            Privilege privilege = getPrivilege(str2);
            Iterator<Role> it2 = this.identityService.getUserRoles(str).iterator();
            while (it2.hasNext()) {
                fillPermittedOperationNames(it2.next().getId(), privilege, newHashSet);
            }
            return newHashSet;
        } catch (EntityNotFoundException e) {
            return Collections.emptySet();
        }
    }

    private void fillPermittedOperationNames(String str, Privilege privilege, Set<String> set) {
        while (privilege != null) {
            List<PrivilegeAcl> privilegeAcls = getPrivilegeAcls(str, privilege.getId());
            if (!privilegeAcls.isEmpty()) {
                Map<String, Operation> operationsMap = privilege.getOperationsMap();
                Iterator<PrivilegeAcl> it2 = privilegeAcls.iterator();
                while (it2.hasNext()) {
                    set.add(operationsMap.get(it2.next().getOperationId()).getName());
                }
            }
            privilege = privilege.getParent();
        }
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public Map<String, Collection<Operation>> getPermittedOperations(String str, Collection<String> collection) {
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(collection.size());
        for (String str2 : collection) {
            try {
                HashSet newHashSet = Sets.newHashSet(getPrivilege(str2).getOperations());
                Iterator<String> it2 = getPermittedOperationNames(str, str2).iterator();
                while (it2.hasNext()) {
                    Operation operation = new Operation(it2.next());
                    if (!newHashSet.contains(operation)) {
                        newHashSet.remove(operation);
                    }
                }
                newHashMapWithExpectedSize.put(str2, newHashSet);
            } catch (EntityNotFoundException e) {
            }
        }
        return newHashMapWithExpectedSize;
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    public Privilege getPrivilegeById(String str) {
        return this.privilegeDAO.findOne(str);
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService, cn.gtmap.onemap.server.service.PrivilegeManager
    public Privilege getPrivilege(String str) {
        String[] split = StringUtils.split(str, ":");
        if (ArrayUtils.isNotEmpty(split)) {
            int length = split.length;
            int i = 0 + 1;
            Privilege privilege = getPrivilege(split[0], null);
            while (true) {
                Privilege privilege2 = privilege;
                if (privilege2 == null) {
                    break;
                }
                if (i == length) {
                    return privilege2;
                }
                int i2 = i;
                i++;
                privilege = getPrivilege(split[i2], privilege2.getId());
            }
        }
        throw new EntityNotFoundException(Privilege.class, str);
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public Set<Privilege> getChildrenPrivileges(String str) {
        Set<Privilege> children = getPrivilege(str).getChildren();
        HashSet newHashSet = Sets.newHashSet();
        for (Privilege privilege : children) {
            privilege.setParent(null);
            privilege.setChildren(null);
            newHashSet.add(privilege);
        }
        return newHashSet;
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public Set<Privilege> getPermittedPrivileges(String str, String str2) {
        Set<Privilege> childrenPrivileges = getChildrenPrivileges(str2);
        if (str == null) {
            throw new NoPermissonException("userId is required");
        }
        Set<Role> userRoles = this.identityService.getUserRoles(str);
        if (userRoles.contains(Constants.ROLE_ADMIN)) {
            return childrenPrivileges;
        }
        HashMap newHashMap = Maps.newHashMap();
        for (Privilege privilege : childrenPrivileges) {
            newHashMap.put(privilege.getId(), privilege);
            privilege.setOperations(Sets.newHashSet());
        }
        HashSet newHashSet = Sets.newHashSet();
        Iterator<Role> it2 = userRoles.iterator();
        while (it2.hasNext()) {
            for (PrivilegeAcl privilegeAcl : getPrivilegeAcls(it2.next().getId(), null)) {
                Privilege privilege2 = (Privilege) newHashMap.get(privilegeAcl.getPrivilegeId());
                if (privilege2 != null) {
                    Operation findOne = this.operationDAO.findOne(privilegeAcl.getOperationId());
                    findOne.setPrivilege(null);
                    privilege2.getOperations().add(findOne);
                    newHashSet.add(privilege2);
                }
            }
        }
        return newHashSet;
    }

    private Privilege getPrivilege(String str, String str2) {
        return str2 == null ? this.privilegeDAO.findRoot(str) : this.privilegeDAO.findChild(str2, str);
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    public Collection<Privilege> getRootPrivileges() {
        return this.privilegeDAO.findRoots();
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    public Map<String, Privilege> getPrivileges(Collection<String> collection) {
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(collection.size());
        for (String str : collection) {
            newHashMapWithExpectedSize.put(str, getPrivilege(str));
        }
        return newHashMapWithExpectedSize;
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    @Transactional
    public Privilege savePrivilege(Privilege privilege) {
        String resource = privilege.getResource();
        if (StringUtils.isEmpty(resource) && resource.contains(":")) {
            throw new IllegalArgumentException("resource name [" + resource + "] is invalid");
        }
        Privilege parent = privilege.getParent();
        Privilege privilege2 = getPrivilege(resource, parent == null ? null : parent.getId());
        if (privilege2 == null || privilege2.getId().equals(privilege.getId())) {
            return (Privilege) this.privilegeDAO.save((PrivilegeDAO) privilege);
        }
        throw new EntityAlreadyExistException(Privilege.class, "resource", resource);
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    @Transactional
    public Privilege registerPrivilege(Privilege privilege) {
        String path = privilege.getPath();
        return savePrivilege(initPrivilegeDefinition(privilege, StringUtils.isEmpty(path) ? null : getPrivilege(path)));
    }

    private Privilege initPrivilegeDefinition(Privilege privilege, Privilege privilege2) {
        if (StringUtils.isNotEmpty(privilege.getId())) {
            throw new IllegalArgumentException("Id can not be set");
        }
        Privilege privilege3 = null;
        String resource = privilege.getResource();
        if (privilege2 == null) {
            privilege3 = getPrivilege(resource, null);
        } else {
            privilege.setParent(privilege2);
            String id = privilege2.getId();
            if (id != null) {
                privilege3 = getPrivilege(resource, id);
            }
        }
        if (privilege3 != null) {
            LOG.info("Old privilege definition " + privilege3 + " found");
            privilege.setId(privilege3.getId());
            Set<Operation> operations = privilege3.getOperations();
            if (!operations.isEmpty()) {
                HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(operations.size());
                for (Operation operation : operations) {
                    newHashMapWithExpectedSize.put(operation.getName(), operation.getId());
                }
                if (privilege.getOperations().isEmpty()) {
                    privilege.setOperations(operations);
                } else {
                    for (Operation operation2 : privilege.getOperations()) {
                        String str = (String) newHashMapWithExpectedSize.get(operation2.getName());
                        if (str != null) {
                            operation2.setId(str);
                        }
                    }
                }
            }
        } else {
            LOG.info("Create new privilege definition " + privilege + "");
        }
        if (privilege.getOperationsMap().isEmpty()) {
            Operation operation3 = new Operation(Operation.VIEW);
            operation3.setTitle("查看");
            privilege.getOperations().add(operation3);
        }
        Iterator<Operation> it2 = privilege.getOperations().iterator();
        while (it2.hasNext()) {
            it2.next().setPrivilege(privilege);
        }
        Iterator<Privilege> it3 = privilege.getChildren().iterator();
        while (it3.hasNext()) {
            initPrivilegeDefinition(it3.next(), privilege);
        }
        return privilege;
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    @Transactional
    public void removePrivilegeById(String str) {
        this.privilegeDAO.delete((PrivilegeDAO) str);
    }

    @Override // cn.gtmap.onemap.security.AuthorizationService
    @Transactional
    public void removePrivilege(String str) {
        removePrivilegeById(getPrivilege(str).getId());
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    public List<PrivilegeAcl> getPrivilegeAcls(String str, String str2) {
        return StringUtils.isEmpty(str2) ? this.privilegeAclDAO.findByRoleId(str) : this.privilegeAclDAO.findByRoleIdAndPrivilegeId(str, str2);
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    public Map<String, Map<String, Operation>> getGranttedOperations(String str, Collection<String> collection) {
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(collection.size());
        for (String str2 : collection) {
            Privilege privilegeById = getPrivilegeById(str2);
            List<PrivilegeAcl> privilegeAcls = getPrivilegeAcls(str, privilegeById.getId());
            HashMap newHashMapWithExpectedSize2 = Maps.newHashMapWithExpectedSize(privilegeAcls.size());
            if (!privilegeAcls.isEmpty()) {
                Map<String, Operation> operationsMap = privilegeById.getOperationsMap();
                Iterator<PrivilegeAcl> it2 = privilegeAcls.iterator();
                while (it2.hasNext()) {
                    String operationId = it2.next().getOperationId();
                    newHashMapWithExpectedSize2.put(operationId, operationsMap.get(operationId));
                }
            }
            newHashMapWithExpectedSize.put(str2, newHashMapWithExpectedSize2);
        }
        return newHashMapWithExpectedSize;
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    @Transactional
    public void grant(Collection<PrivilegeAcl> collection) {
        this.privilegeAclDAO.save((Iterable) collection);
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    @Transactional
    public void revoke(Collection<PrivilegeAcl> collection) {
        this.privilegeAclDAO.delete((Iterable) collection);
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    public Operation getOperationById(String str) {
        return this.operationDAO.findOne(str);
    }

    @Override // cn.gtmap.onemap.server.service.PrivilegeManager
    @Transactional
    public Operation saveOperation(Operation operation) {
        return (Operation) this.operationDAO.save((OperationDAO) operation);
    }

    @Override // org.springframework.context.ApplicationListener
    public void onApplicationEvent(EntityEvent entityEvent) {
    }
}
