package ru.infotech24.apk23main.security;

import java.beans.ConstructorProperties;
import java.time.LocalDate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.format.annotation.DateTimeFormat;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import ru.infotech24.apk23main.domain.address.Address;
import ru.infotech24.apk23main.domain.common.Journal;
import ru.infotech24.apk23main.domain.common.LookupObject;
import ru.infotech24.apk23main.domain.institution.Institution;
import ru.infotech24.apk23main.domain.institution.ServiceRegionSecureRelation;
import ru.infotech24.apk23main.domain.user.UserFunctions;
import ru.infotech24.apk23main.domain.user.UserSetting;
import ru.infotech24.apk23main.domain.user.UserSettingUi;
import ru.infotech24.apk23main.logic.address.AddressDao;
import ru.infotech24.apk23main.logic.common.journal.JournalBl;
import ru.infotech24.apk23main.logic.institution.dao.InstitutionDao;
import ru.infotech24.apk23main.logic.user.UserSettingDao;
import ru.infotech24.apk23main.resources.ApiResultDto;
import ru.infotech24.apk23main.resources.MultipartFileValidator;
import ru.infotech24.apk23main.security.aop.AppSecured;
import ru.infotech24.apk23main.security.aop.AppSecuredAspect;
import ru.infotech24.apk23main.security.aop.AppSecuredContext;
import ru.infotech24.apk23main.security.dao.SecurityRoleRightsDao;
import ru.infotech24.apk23main.security.domain.SecurityFunction;
import ru.infotech24.apk23main.security.domain.SecurityRole;
import ru.infotech24.apk23main.security.domain.User;
import ru.infotech24.apk23main.security.logic.ManageSecurityService;
import ru.infotech24.apk23main.security.user.UserService;
import ru.infotech24.common.helpers.ObjectUtils;

@RequestMapping(value = {"/security"}, produces = {"application/json"})
@RestController
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/SecurityResource.class */
public class SecurityResource {

    @Value("${application-settings.header-color}")
    private Integer headerColor;

    @Value("${application-settings.header-app-title}")
    private String headerAppTitle;

    @Value("${application-settings.main-institution-id}")
    private int mainInstitutionId;
    private final UserService userService;
    private final JournalBl journalBl;
    private final ManageSecurityService manageSecurityService;
    private final AppSecuredContext securedContext;
    private final UserSettingDao userSettingDao;
    private final SecurityRoleRightsDao securityRoleRightsDao;
    private final AddressDao addressDao;
    private final InstitutionDao institutionDao;
    private final MultipartFileValidator multipartFileValidator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/SecurityResource$GeneralizedObjectKind.class */
    public class GeneralizedObjectKind {
        private final Integer objKindId;
        private final Integer objId1;
        private final Integer objId2;

        public Integer getObjKindId() {
            return this.objKindId;
        }

        public Integer getObjId1() {
            return this.objId1;
        }

        public Integer getObjId2() {
            return this.objId2;
        }

        @ConstructorProperties({"objKindId", "objId1", "objId2"})
        public GeneralizedObjectKind(Integer num, Integer num2, Integer num3) {
            this.objKindId = num;
            this.objId1 = num2;
            this.objId2 = num3;
        }
    }

    @Autowired
    public SecurityResource(UserService userService, JournalBl journalBl, ManageSecurityService manageSecurityService, AppSecuredContext appSecuredContext, UserSettingDao userSettingDao, SecurityRoleRightsDao securityRoleRightsDao, AddressDao addressDao, InstitutionDao institutionDao, MultipartFileValidator multipartFileValidator) {
        this.userService = userService;
        this.journalBl = journalBl;
        this.manageSecurityService = manageSecurityService;
        this.securedContext = appSecuredContext;
        this.userSettingDao = userSettingDao;
        this.securityRoleRightsDao = securityRoleRightsDao;
        this.addressDao = addressDao;
        this.institutionDao = institutionDao;
        this.multipartFileValidator = multipartFileValidator;
    }

    @PostMapping(path = {"/user-setting/store"})
    @AppSecured(allowAnyAuthenticated = true)
    public ResponseEntity storeSettingUi(@RequestBody UserSettingUi userSettingUi) {
        int id = this.userService.getCurrentUser().getId();
        Optional<UserSetting> byId = this.userSettingDao.byId(Integer.valueOf(id));
        if (byId.isPresent()) {
            byId.get().setUserSettingUi(userSettingUi);
            this.userSettingDao.update(byId.get(), Integer.valueOf(id));
        } else {
            this.userSettingDao.insert(UserSetting.builder().uniqueUserId(Integer.valueOf(id)).userSettingUi(userSettingUi).build());
        }
        return ResponseEntity.ok().body(new ApiResultDto(new ArrayList(), (Object) null));
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/current-user-info"})
    public User getUserThroughService() {
        User currentUser = this.userService.getCurrentUser();
        Optional<UserSetting> byId = this.userSettingDao.byId(Integer.valueOf(this.userService.getCurrentUser().getId()));
        if (byId.isPresent()) {
            currentUser.setUserSettingUi(byId.get().getUserSettingUi());
        } else {
            currentUser.setUserSettingUi(UserSettingUi.builder().build());
        }
        currentUser.getUserSettingUi().setHeaderColor(this.headerColor);
        currentUser.getUserSettingUi().setHeaderAppTitle(this.headerAppTitle);
        currentUser.getUserSettingUi().setMainInstitutionId(Integer.valueOf(this.mainInstitutionId));
        currentUser.getUserSettingUi().setCancelImpersonationAvailable(Boolean.valueOf(this.userService.getMainUserIfImpersonated() != null));
        currentUser.getUserSettingUi().setMaxFileSize(this.multipartFileValidator.getMaxFileSize());
        if (currentUser.isNewUser()) {
            currentUser.getUserSettingUi().setUserFunctions(UserFunctions.builder().build());
            return currentUser;
        }
        currentUser.getUserSettingUi().setVisibleAdministrationBlock(Boolean.valueOf(currentUser.isAdministrator()));
        currentUser.getUserSettingUi().setVisibleUserRequestListFilters(Boolean.valueOf(hasRequestListAllObjectsAccess()));
        currentUser.getUserSettingUi().setHideAccessRequestRegionFilter(Boolean.valueOf(hasNoRightAccessRequestRegionFilter()));
        currentUser.getUserSettingUi().setUserFunctions(UserFunctions.builder().visibleObserverIpra(Boolean.valueOf(hasObserverIpraAccess())).requestDraftsAvailable(Boolean.valueOf(hasRequestDraftsAccess())).orderSearchAvailable(Boolean.valueOf(hasOrderSearchAccess())).orderDraftsAvailable(Boolean.valueOf(hasOrderDraftsAccess())).orderCreationAvailable(Boolean.valueOf(hasOrderCreationAccess())).agreementCreationAvailable(Boolean.valueOf(hasAgreementCreationAccess())).orderSetRequestAmountForDraftAccess(Boolean.valueOf(hasOrderSetRequestAmountForDraftAccess())).build());
        currentUser.getUserSettingUi().setAllUserFunctions(getAnyRightsFunctions());
        setRequestStoreAvailable(currentUser.getUserSettingUi().getUserFunctions());
        Institution orElseThrow = this.institutionDao.byId(currentUser.getInstitutionId()).orElseThrow(() -> {
            return new RuntimeException("Учреждение не найдено");
        });
        Integer num = null;
        if (orElseThrow.getAddressId() != null) {
            Optional<Address> byId2 = this.addressDao.byId(orElseThrow.getAddressId());
            if (byId2.isPresent()) {
                num = byId2.get().getRegionId();
            }
        }
        currentUser.getUserSettingUi().setInstitutionRegionId(num);
        currentUser.setInstitutionRequestTypeGroupIds((List) ObjectUtils.isNull(orElseThrow.getRequestTypeGroupIds(), new ArrayList()));
        currentUser.setInstitutionCategories(new ArrayList((Collection) ObjectUtils.isNull(orElseThrow.getCategories(), new ArrayList())));
        return currentUser;
    }

    private boolean hasObserverIpraAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "ObserverIpraResAccess");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasRequestDraftsAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "RequestDraftsGetForUser");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasOrderSearchAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "OrderResSearch");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasOrderDraftsAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "OrderDraftResSearch");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasOrderCreationAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "OrderResCreateDraft");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasAgreementCreationAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "AgreementResCreateDraft");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasOrderSetRequestAmountForDraftAccess() {
        try {
            AppSecuredAspect.ensureAllowed(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, false, null, null, null, "OrderResSetRequestAmountForDraft");
            return true;
        } catch (AppSecurityException e) {
            return false;
        }
    }

    private boolean hasRequestListAllObjectsAccess() {
        Optional<Integer> userRolesFunctionMaxObjectScope = AppSecuredAspect.getUserRolesFunctionMaxObjectScope(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, "RequestResGetForUser");
        return userRolesFunctionMaxObjectScope.isPresent() && userRolesFunctionMaxObjectScope.get().intValue() == 10;
    }

    private boolean hasNoRightAccessRequestRegionFilter() {
        Optional<AppSecuredAspect.ScopeMetaValues> userRolesFunctionMetaValues = AppSecuredAspect.getUserRolesFunctionMetaValues(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, "AccessRequestResSearch", (byte) 1);
        return userRolesFunctionMetaValues.isPresent() && userRolesFunctionMetaValues.get().getMetaKind().intValue() == 1 && userRolesFunctionMetaValues.get().getMetaValues() != null && userRolesFunctionMetaValues.get().getMetaValues().stream().anyMatch(num -> {
            return Objects.equals(num, Integer.valueOf(ServiceRegionSecureRelation.RELATED.getValue()));
        });
    }

    private void setRequestStoreAvailable(UserFunctions userFunctions) {
        Optional<AppSecuredAspect.ScopeMetaValues> userRolesFunctionMetaValues = AppSecuredAspect.getUserRolesFunctionMetaValues(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, "RequestResStore", (byte) 1);
        if (userRolesFunctionMetaValues.isPresent()) {
            userFunctions.setRequestStoreAvailable(true);
            userFunctions.setRequestStoreRequestTypeIds(UserFunctions.FunctionMetaIds.builder().areIncluded(Boolean.valueOf(userRolesFunctionMetaValues.get().getMetaKind().intValue() == 1)).values(userRolesFunctionMetaValues.get().getMetaValues()).build());
        } else {
            userFunctions.setRequestStoreAvailable(false);
            userFunctions.setRequestStoreRequestTypeIds(UserFunctions.FunctionMetaIds.builder().areIncluded(false).build());
        }
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/user/roles-meta-val/{methodId}"})
    public AppSecuredAspect.ScopeMetaValues getUserRolesFunctionMetaValues(@PathVariable("methodId") String str) {
        return AppSecuredAspect.getUserRolesFunctionMetaValues(this.userService.getCurrentUser().getRoleIds(), this.securityRoleRightsDao, str, (byte) 1).orElse(null);
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/user/lookup/{userId:-?[\\d]+}"})
    public LookupObject getUserForLookup(@PathVariable("userId") Integer num) {
        return this.manageSecurityService.getUserForLookup(num);
    }

    @PostMapping(path = {"/user/lookup"}, consumes = {"application/json"})
    @AppSecured(allowAnyAuthenticated = true)
    public List<LookupObject> getUserForLookup2(@RequestBody List<Integer> list) {
        return (List) list.stream().map(this::getUserForLookup).collect(Collectors.toList());
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/journal/by-user/{userId:-?[\\d]+}/{dateFrom}/{dateTo}"})
    public List<Journal> readJournal(@PathVariable("userId") Integer num, @PathVariable("dateFrom") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate localDate, @PathVariable("dateTo") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate localDate2) {
        return this.journalBl.readJournalByUserAndTime(num, localDate, localDate2);
    }

    @AppSecured(caption = "Журнал действий: просмотр по объекту (вариант 1)", methodId = "SecurityResReadJournal1", appliesScopes = true)
    @GetMapping({"/journal/by-object/{objKindId:-?[\\d]+}/{objId1:-?[\\d]+}/{objId2:-?[\\d]+}"})
    public List<Journal> readJournal(@PathVariable("objKindId") Integer num, @PathVariable("objId1") Integer num2, @PathVariable("objId2") Integer num3) {
        GeneralizedObjectKind generalizeObjectKindForRightsValidation = generalizeObjectKindForRightsValidation(num, num2, num3);
        this.securedContext.validateRights(generalizeObjectKindForRightsValidation.getObjKindId(), generalizeObjectKindForRightsValidation.getObjId1(), generalizeObjectKindForRightsValidation.getObjId2());
        return this.journalBl.readJournalByObject(num, num2, num3);
    }

    @AppSecured(caption = "Журнал действий: просмотр по объекту (вариант 2)", methodId = "SecurityResReadJournal2", appliesScopes = true)
    @GetMapping({"/journal/by-object/{objKindId:-?[\\d]+}/{objId1:-?[\\d]+}"})
    public List<Journal> readJournal(@PathVariable("objKindId") Integer num, @PathVariable("objId1") Integer num2) {
        GeneralizedObjectKind generalizeObjectKindForRightsValidation = generalizeObjectKindForRightsValidation(num, num2, null);
        this.securedContext.validateRights(generalizeObjectKindForRightsValidation.getObjKindId(), generalizeObjectKindForRightsValidation.getObjId1(), null);
        return this.journalBl.readJournalByObject(num, num2, null);
    }

    private GeneralizedObjectKind generalizeObjectKindForRightsValidation(Integer num, Integer num2, Integer num3) {
        switch (num.intValue()) {
            case 1:
            case 3:
            case 16:
            case 21:
                return new GeneralizedObjectKind(2, num2, null);
            case 2:
            case 4:
            case 10:
            case 12:
            case 14:
            case 17:
            case 18:
            case 19:
            case 20:
            default:
                return new GeneralizedObjectKind(num, num2, num3);
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 11:
            case 13:
            case 15:
                return new GeneralizedObjectKind(4, num2, null);
        }
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/meta/roles/all"})
    public List<SecurityRole> allRoles() {
        return this.manageSecurityService.allRoles();
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/meta/functions/all"})
    public Collection<SecurityFunction> allFunctions() {
        if (this.userService.getCurrentUser().isAdministrator()) {
            return this.manageSecurityService.getSecurityFunctions().values();
        }
        throw new AppSecurityException("Доступ разрешен только администратору");
    }

    @AppSecured(allowAnyAuthenticated = true)
    @GetMapping({"/meta/roles/{id:-?[\\d]+}"})
    public SecurityRole byId(@PathVariable("id") int i) {
        return this.manageSecurityService.readForEdit(Integer.valueOf(i));
    }

    @PostMapping({"/meta/roles/store"})
    @AppSecured(caption = "Роли пользователя: сохранение", methodId = "SecurityResStore")
    public ResponseEntity store(@RequestBody SecurityRole securityRole) {
        ArrayList arrayList = new ArrayList();
        SecurityRole store = this.manageSecurityService.store(securityRole, arrayList);
        return store == null ? ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build() : ResponseEntity.ok().body(new ApiResultDto(arrayList, store));
    }

    @PostMapping({"/meta/roles/delete/{id:-?[\\d]+}"})
    @AppSecured(caption = "Роли пользователя: удаление", methodId = "SecurityResDelete")
    public ResponseEntity deleteRole(@PathVariable("id") int i) {
        this.manageSecurityService.deleteRole(Integer.valueOf(i));
        return ResponseEntity.ok().body(new ApiResultDto(new ArrayList(), (Object) null));
    }

    private Map<String, Boolean> getAnyRightsFunctions() {
        HashMap hashMap = new HashMap();
        HashMap<String, SecurityFunction> securityFunctions = this.manageSecurityService.getSecurityFunctions();
        if (this.userService.getCurrentUser().isAdministrator()) {
            securityFunctions.keySet().forEach(str -> {
                hashMap.put(str, true);
            });
        } else {
            this.userService.getCurrentUser().getRoleIds().forEach(num -> {
                this.securityRoleRightsDao.readByRoleId(num).forEach(securityRoleRights -> {
                    hashMap.put(securityRoleRights.getFunctionId(), true);
                    SecurityFunction securityFunction = (SecurityFunction) securityFunctions.get(securityRoleRights.getFunctionId());
                    if (securityFunction == null || securityFunction.getChildIds() == null) {
                        return;
                    }
                    securityFunction.getChildIds().forEach(str2 -> {
                        hashMap.put(str2, true);
                    });
                });
            });
        }
        return hashMap;
    }
}
