package ru.infotech24.apk23main.security.aop;

import com.google.common.collect.Lists;
import java.beans.ConstructorProperties;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.springframework.stereotype.Service;
import ru.infotech24.apk23main.domain.common.JournalLite;
import ru.infotech24.apk23main.logic.common.journal.JournalBl;
import ru.infotech24.apk23main.security.AppSecurityException;
import ru.infotech24.apk23main.security.aop.AppSecuredContextData;
import ru.infotech24.apk23main.security.domain.User;
import ru.infotech24.apk23main.security.user.UserService;
import ru.infotech24.common.exceptions.BusinessLogicException;
import ru.infotech24.common.helpers.ObjectUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/aop/AppSecuredContext.class */
public class AppSecuredContext {
    private final JournalBl journalBl;
    private final UserService userService;
    private static List<Integer> allScopesPriorityOrdered = Lists.newArrayList(10, 20, 30, 40, 50);

    /* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/aop/AppSecuredContext$UserScopeFilter.class */
    public static class UserScopeFilter {
        private Integer authorUserId;
        private Integer relatedInstitutionIdFilter;

        @ConstructorProperties({"authorUserId", "relatedInstitutionIdFilter"})
        public UserScopeFilter(Integer num, Integer num2) {
            this.authorUserId = num;
            this.relatedInstitutionIdFilter = num2;
        }

        public Integer getAuthorUserId() {
            return this.authorUserId;
        }

        public Integer getRelatedInstitutionIdFilter() {
            return this.relatedInstitutionIdFilter;
        }
    }

    public AppSecuredContext(JournalBl journalBl, UserService userService) {
        AppSecuredContextManager.writeContext(null);
        this.journalBl = journalBl;
        this.userService = userService;
    }

    public boolean hasRights(Integer num, Integer num2, Integer num3) {
        AppSecuredContextData readContext = AppSecuredContextManager.readContext();
        int i = 10;
        if (readContext != null && readContext.getScopes().get(10) == null) {
            i = calculateObjectScope(num, num2, num3);
        }
        return hasRights(Integer.valueOf(i));
    }

    public int calculateObjectScope(Integer num, Integer num2, Integer num3) {
        AppSecuredContextData readContext = AppSecuredContextManager.readContext();
        if (readContext != null) {
            return readContext.getContextCalculatedScopes().computeIfAbsent(String.format("%s-%s-%s", num, num2, num3), str -> {
                return Integer.valueOf(readObjectScopeFromJournal(num, num2, num3));
            }).intValue();
        }
        return 10;
    }

    public Optional<Integer> getMinObjectScopeRequired() {
        AppSecuredContextData readContext = AppSecuredContextManager.readContext();
        if (readContext == null || readContext.isUnrestrictedAccess()) {
            return Optional.of(10);
        }
        for (Integer num : allScopesPriorityOrdered) {
            if (readContext.getScopes().get(num) != null) {
                return Optional.of(num);
            }
        }
        return Optional.empty();
    }

    public UserScopeFilter calculateUserScopeFilter() {
        Optional<Integer> minObjectScopeRequired = getMinObjectScopeRequired();
        if (!minObjectScopeRequired.isPresent()) {
            throw new AppSecurityException("У запрошенной функции не настроен уровень доступа к объекту");
        }
        Integer num = null;
        Integer num2 = null;
        switch (minObjectScopeRequired.get().intValue()) {
            case 10:
                break;
            case 30:
            case 40:
                if (this.userService.getCurrentUser() != null) {
                    num2 = this.userService.getCurrentUser().getInstitutionId();
                    break;
                }
                break;
            case 50:
                num = this.userService.getCurrentUserId();
                break;
            default:
                throw new BusinessLogicException(null, "Уровень доступа %s на данный момент не поддерживается функцией получения списка заявок", minObjectScopeRequired.get());
        }
        return new UserScopeFilter(num, num2);
    }

    public boolean hasRights(Integer num) {
        AppSecuredContextData readContext = AppSecuredContextManager.readContext();
        if (readContext == null) {
            return true;
        }
        if (readContext.isAppliesMetas()) {
            throw new AssertionError("Некорректная настройка безопасности. Попытка проверить права без учета справочников для метода, предполагающего проверку справочников");
        }
        if (readContext.isUnrestrictedAccess()) {
            return true;
        }
        for (int intValue = num.intValue(); intValue > 0; intValue--) {
            if (readContext.getScopes().get(Integer.valueOf(intValue)) != null) {
                return true;
            }
        }
        return false;
    }

    public boolean hasMetaRights(Integer num, Integer num2, Integer num3, String str, Integer num4) {
        return hasMetaRights(num, num2, num3, str, num4, null, null, null, null);
    }

    public boolean hasMetaRights(Integer num, Integer num2, Integer num3, String str, Integer num4, String str2, Integer num5, String str3, Integer num6) {
        AppSecuredContextData readContext = AppSecuredContextManager.readContext();
        if (readContext == null || readContext.isUnrestrictedAccess()) {
            return true;
        }
        Map<Integer, Map<String, AppSecuredContextData.ScopeInfo>> map = readContext.getScopes().get(10);
        if (map == null || !hasScopeRights(map, str, num4, str2, num5, str3, num6)) {
            return hasMetaRights(Integer.valueOf(calculateObjectScope(num, num2, num3)), str, num4, str2, num5, str3, num6);
        }
        return true;
    }

    public boolean hasMetaRights(Integer num, String str, Integer num2) {
        return hasMetaRights(num, str, num2, null, null, null, null);
    }

    public boolean hasMetaRights(Integer num, String str, Integer num2, String str2, Integer num3, String str3, Integer num4) {
        AppSecuredContextData readContext = AppSecuredContextManager.readContext();
        if (readContext == null || readContext.isUnrestrictedAccess()) {
            return true;
        }
        for (int intValue = num.intValue(); intValue >= 10; intValue--) {
            if (hasScopeRights(readContext.getScopes().get(Integer.valueOf(intValue)), str, num2, str2, num3, str3, num4)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasMetaRights(Integer num, String str, Integer num2, String str2, Integer num3) {
        return hasMetaRights(num, str, num2, str2, num3, null, null);
    }

    public void validateRights(Integer num, Integer num2, Integer num3) {
        if (hasRights(num, num2, num3)) {
            return;
        }
        throwAppSecurityException();
    }

    public void validateRights(Integer num) {
        if (hasRights(num)) {
            return;
        }
        throwAppSecurityException();
    }

    public void validateMetaRights(Integer num, Integer num2, Integer num3, String str, Integer num4) {
        if (hasMetaRights(num, num2, num3, str, num4, null, null, null, null)) {
            return;
        }
        throwAppSecurityException();
    }

    public void validateMetaRights(Integer num, String str, Integer num2) {
        if (hasMetaRights(num, str, num2, null, null, null, null)) {
            return;
        }
        throwAppSecurityException();
    }

    public void validateMetaRightsScope(Integer num, String str, Integer num2, String str2, Integer num3) {
        if (hasMetaRights(num, str, num2, str2, num3, null, null)) {
            return;
        }
        throwAppSecurityException();
    }

    public void validateMetaRights(Integer num, Integer num2, Integer num3, String str, Integer num4, String str2, Integer num5) {
        if (hasMetaRights(num, num2, num3, str, num4, str2, num5, null, null)) {
            return;
        }
        throwAppSecurityException();
    }

    public void validateMetaRights(Integer num, Integer num2, Integer num3, String str, Integer num4, String str2, Integer num5, String str3, Integer num6) {
        if (hasMetaRights(num, num2, num3, str, num4, str2, num5, str3, num6)) {
            return;
        }
        throwAppSecurityException();
    }

    public void throwAppSecurityExceptionIf(boolean z) {
        if (z) {
            throwAppSecurityException();
        }
    }

    public void throwAppSecurityException() {
        throw new AppSecurityException("Доступ запрещен в соответствии с настройками прав доступа");
    }

    private boolean hasScopeRights(Map<Integer, Map<String, AppSecuredContextData.ScopeInfo>> map, String str, Integer num, String str2, Integer num2, String str3, Integer num3) {
        if (map == null) {
            return false;
        }
        for (Map<String, AppSecuredContextData.ScopeInfo> map2 : map.values()) {
            if (hasScopeMetaRights(num, str != null ? map2.get(str) : null)) {
                if (hasScopeMetaRights(num2, str2 != null ? map2.get(str2) : null)) {
                    if (hasScopeMetaRights(num3, str3 != null ? map2.get(str3) : null)) {
                        return true;
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    private boolean hasScopeMetaRights(Integer num, AppSecuredContextData.ScopeInfo scopeInfo) {
        if (scopeInfo == null || num == null || scopeInfo.isAllMetasAllowed()) {
            return true;
        }
        if (scopeInfo.isHasAllowedObjects() && scopeInfo.getAllowedObjects().contains(num)) {
            return true;
        }
        return scopeInfo.isHasDisallowedObjects() && !scopeInfo.getDisallowedObjects().contains(num);
    }

    private int readObjectScopeFromJournal(Integer num, Integer num2, Integer num3) {
        if (num2 == null) {
            return 50;
        }
        User currentUser = this.userService.getCurrentUser();
        int i = 10;
        for (JournalLite journalLite : this.journalBl.readJournalLiteByObject(num, num2, num3)) {
            if (journalLite.getChangeType().intValue() == 1 && journalLite.getUserId().intValue() == currentUser.getId()) {
                return 50;
            }
            if (journalLite.getChangeType().intValue() == 5 && Objects.equals(journalLite.getTargetUserId(), Integer.valueOf(currentUser.getId()))) {
                return 50;
            }
            if (journalLite.getChangeType().intValue() == 1 && i < 40 && journalLite.getInstitutionId().equals(currentUser.getInstitutionId())) {
                i = 40;
            }
            if (journalLite.getChangeType().intValue() == 4 && i < 30 && journalLite.getInstitutionId().equals(currentUser.getInstitutionId())) {
                i = 30;
            }
            if (ObjectUtils.equalsSome(journalLite.getChangeType(), 4, 1) && i < 20 && Objects.equals(journalLite.getInstitutionId(), currentUser.getHeadInstitutionId())) {
                i = 20;
            }
        }
        return i;
    }

    public void grantAccess(Integer num, Integer num2, Integer num3, Integer num4) {
        if (num4 == null) {
            return;
        }
        this.journalBl.accessGrantedIfNotExistsForInstitution(num, num2, num3, num4);
    }

    public void grantUserAccess(Integer num, Integer num2, Integer num3, Integer num4) {
        if (num4 == null) {
            return;
        }
        this.journalBl.accessGrantedIfNotExistsForUser(num, num2, num3, num4);
    }
}
