package ru.infotech24.apk23main.security.logic;

import com.google.common.base.Strings;
import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.core.type.filter.AnnotationTypeFilter;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import ru.infotech24.apk23main.AppCacheControl;
import ru.infotech24.apk23main.domain.common.LookupObject;
import ru.infotech24.apk23main.domain.institution.InstitutionEmployee;
import ru.infotech24.apk23main.logic.common.journal.JournalBl;
import ru.infotech24.apk23main.logic.institution.dao.InstitutionEmployeeDao;
import ru.infotech24.apk23main.security.aop.AppSecured;
import ru.infotech24.apk23main.security.dao.SecurityRoleDao;
import ru.infotech24.apk23main.security.dao.SecurityRoleRightsDao;
import ru.infotech24.apk23main.security.domain.SecurityFunction;
import ru.infotech24.apk23main.security.domain.SecurityRole;
import ru.infotech24.common.cd.GraphChange;
import ru.infotech24.common.cd.GraphChangeCollector;
import ru.infotech24.common.cd.JavaObjectDiffGraphChangeCollector;
import ru.infotech24.common.exceptions.BusinessLogicException;
import ru.infotech24.common.notification.NotificationMessage;
import ru.infotech24.common.types.Tuple2;

@Transactional
@Service
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/logic/ManageSecurityService.class */
public class ManageSecurityService {
    private final SecurityRoleDao securityRoleDao;
    private final SecurityRoleRightsDao securityRoleRightsDao;
    private final JournalBl journalBl;
    private final InstitutionEmployeeDao institutionEmployeeDao;
    GraphChangeCollector<SecurityRole> roleChangeCollector = JavaObjectDiffGraphChangeCollector.buildDefault();
    HashMap<String, SecurityFunction> securityFunctions = new HashMap<>();

    @Autowired
    public ManageSecurityService(SecurityRoleDao securityRoleDao, SecurityRoleRightsDao securityRoleRightsDao, JournalBl journalBl, InstitutionEmployeeDao institutionEmployeeDao) {
        this.securityRoleDao = securityRoleDao;
        this.securityRoleRightsDao = securityRoleRightsDao;
        this.journalBl = journalBl;
        this.institutionEmployeeDao = institutionEmployeeDao;
    }

    public List<SecurityRole> allRoles() {
        return this.securityRoleDao.all();
    }

    public SecurityRole readForEdit(Integer num) {
        SecurityRole orElseThrow = this.securityRoleDao.byId(num).orElseThrow(() -> {
            return new BusinessLogicException("Роль не найдена", null);
        });
        orElseThrow.setRights(this.securityRoleRightsDao.readByRoleId(num));
        return orElseThrow;
    }

    @CacheEvict(value = {AppCacheControl.CACHE_SECURITY_ROLE_FUNCTIONS}, key = "#role.id")
    public SecurityRole store(SecurityRole securityRole, List<NotificationMessage> list) {
        validate(securityRole);
        if (securityRole.getId() == null) {
            securityRole.setVersion(1);
            securityRole.setId(this.securityRoleDao.insert(securityRole).getId());
            this.journalBl.recordAddedToJournal(10, securityRole.getId(), null, null);
        } else {
            if (securityRole.getId().equals(1)) {
                throw new BusinessLogicException("Нельзя редактировать роль 'Системный администратор'", null);
            }
            SecurityRole orElseThrow = this.securityRoleDao.byId(securityRole.getId()).orElseThrow(() -> {
                return new BusinessLogicException("Роль не найдена", null);
            });
            if (!orElseThrow.getVersion().equals(securityRole.getVersion())) {
                throw new BusinessLogicException(null, "a18main.Common.optimisticLockViolation");
            }
            orElseThrow.setRights(this.securityRoleRightsDao.readByRoleId(securityRole.getId()));
            this.journalBl.recordModifiedToJournal(10, securityRole.getId(), null, GraphChange.toString(this.roleChangeCollector.getChanges(orElseThrow, securityRole)));
            orElseThrow.setVersion(Integer.valueOf(orElseThrow.getVersion().intValue() + 1));
            securityRole.setVersion(orElseThrow.getVersion());
            fillEditableFields(orElseThrow, securityRole);
            this.securityRoleDao.update(orElseThrow, orElseThrow.getId());
            this.securityRoleRightsDao.deleteByRoleId(orElseThrow.getId());
        }
        if (securityRole.getRights() != null && securityRole.getRights().size() > 0) {
            securityRole.getRights().forEach(securityRoleRights -> {
                if (Strings.isNullOrEmpty(getSecurityFunctions().get(securityRoleRights.getFunctionId()).getParentId())) {
                    securityRoleRights.setSecurityRoleId(securityRole.getId());
                    this.securityRoleRightsDao.insert(securityRoleRights);
                }
            });
        }
        return securityRole;
    }

    public LookupObject getUserForLookup(Integer num) {
        if (Objects.equals(num, 0)) {
            return new LookupObject(num, "<Система>");
        }
        InstitutionEmployee byUserId = this.institutionEmployeeDao.byUserId(num);
        if (byUserId == null) {
            return new LookupObject(num, "<Неизвестный пользователь>");
        }
        Object[] objArr = new Object[4];
        objArr[0] = byUserId.getLastName();
        objArr[1] = byUserId.getFirstName();
        objArr[2] = byUserId.getMiddleName() != null ? " " + byUserId.getMiddleName() : "";
        objArr[3] = byUserId.getInstitutionId();
        return new LookupObject(num, String.format("%s %s%s (#86-%d)", objArr));
    }

    private void validate(SecurityRole securityRole) {
        securityRole.getRights().forEach(securityRoleRights -> {
            if (securityRoleRights.getObjectsScope() == null) {
                throw new BusinessLogicException("У каждой функции должна быть указана область действия", null);
            }
            if (getSecurityFunctions().get(securityRoleRights.getFunctionId()) == null) {
                throw new BusinessLogicException("Не указан или указан несуществующий Id функции - " + securityRoleRights.getFunctionId(), null);
            }
        });
    }

    private void fillEditableFields(SecurityRole securityRole, SecurityRole securityRole2) {
        securityRole.setCaption(securityRole2.getCaption());
        securityRole.setInstitutionTypeIds(securityRole2.getInstitutionTypeIds());
    }

    @CacheEvict({AppCacheControl.CACHE_SECURITY_ROLE_FUNCTIONS})
    public void deleteRole(Integer num) {
        if (num.equals(1)) {
            throw new BusinessLogicException("Нельзя удалять роль 'Системный администратор'", null);
        }
        this.securityRoleRightsDao.deleteByRoleId(num);
        this.securityRoleDao.delete(num);
        this.journalBl.recordDeletedToJournal(10, num, null);
    }

    public HashMap<String, SecurityFunction> getSecurityFunctions() {
        if (this.securityFunctions.size() == 0) {
            HashMap<String, SecurityFunction> hashMap = new HashMap<>();
            ClassPathScanningCandidateComponentProvider classPathScanningCandidateComponentProvider = new ClassPathScanningCandidateComponentProvider(false);
            classPathScanningCandidateComponentProvider.addIncludeFilter(new AnnotationTypeFilter(RestController.class));
            Iterator<BeanDefinition> it = classPathScanningCandidateComponentProvider.findCandidateComponents("ru.infotech24.apk23main").iterator();
            while (it.hasNext()) {
                Class<?> cls = Class.forName(it.next().getBeanClassName());
                String str = "";
                String str2 = "GET";
                RequestMapping requestMapping = (RequestMapping) cls.getAnnotation(RequestMapping.class);
                if (requestMapping != null) {
                    str = str + String.join("/", requestMapping.value());
                    if (requestMapping.method() != null && requestMapping.method().length > 0) {
                        str2 = requestMapping.method()[0].name();
                    }
                }
                for (Method method : cls.getMethods()) {
                    if (method.isAnnotationPresent(AppSecured.class)) {
                        AppSecured appSecured = (AppSecured) method.getAnnotation(AppSecured.class);
                        if (!appSecured.allowAnyAuthenticated()) {
                            Optional<Tuple2<String, String>> methodRequestPathAndName = getMethodRequestPathAndName(method);
                            String str3 = str;
                            String str4 = str2;
                            if (methodRequestPathAndName.isPresent()) {
                                str3 = str3 + methodRequestPathAndName.get().getA();
                                str4 = methodRequestPathAndName.get().getB();
                            }
                            hashMap.put(appSecured.methodId(), new SecurityFunction(appSecured.methodId(), appSecured.caption(), appSecured.groupCaption(), appSecured.appliesScopes(), appSecured.metaName1(), appSecured.metaName2(), appSecured.metaName3(), appSecured.parentMethodId(), appSecured.allowAnyAuthenticated(), str3, str4, new ArrayList()));
                        }
                    }
                }
            }
            hashMap.forEach((str5, securityFunction) -> {
                if (Strings.isNullOrEmpty(securityFunction.getParentId())) {
                    return;
                }
                ((SecurityFunction) hashMap.get(securityFunction.getParentId())).getChildIds().add(securityFunction.getId());
            });
            this.securityFunctions = hashMap;
        }
        return this.securityFunctions;
    }

    Optional<Tuple2<String, String>> getMethodRequestPathAndName(Method method) {
        Stream of = Stream.of((Object[]) new Class[]{GetMapping.class, PutMapping.class, PostMapping.class, PatchMapping.class, DeleteMapping.class, RequestMapping.class});
        method.getClass();
        return (Optional) of.filter(method::isAnnotationPresent).map(cls -> {
            return getMethodRequestPathAndName(method, cls);
        }).filter((v0) -> {
            return v0.isPresent();
        }).findFirst().orElse(Optional.empty());
    }

    /* JADX WARN: Multi-variable type inference failed */
    <T extends Annotation> Optional<Tuple2<String, String>> getMethodRequestPathAndName(Method method, Class<T> cls) {
        Annotation annotation = method.getAnnotation(cls);
        if (annotation == null) {
            return Optional.empty();
        }
        String[] methodAnnotationFieldValue = getMethodAnnotationFieldValue(cls, annotation, "value");
        String str = methodAnnotationFieldValue.length > 0 ? methodAnnotationFieldValue[0] : "";
        if (Strings.isNullOrEmpty(str)) {
            String[] methodAnnotationFieldValue2 = getMethodAnnotationFieldValue(cls, annotation, "path");
            str = methodAnnotationFieldValue2.length > 0 ? methodAnnotationFieldValue2[0] : "";
        }
        return Optional.of(new Tuple2(str, getHttpMethodByClass(annotation)));
    }

    private <T extends Annotation> String[] getMethodAnnotationFieldValue(Class<T> cls, T t, String str) {
        String[] strArr;
        try {
            strArr = (String[]) cls.getMethod(str, new Class[0]).invoke(t, new Object[0]);
        } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
            strArr = new String[0];
        }
        return strArr;
    }

    <T extends Annotation> String getHttpMethodByClass(T t) {
        RequestMethod[] requestMethodArr;
        if (t instanceof RequestMapping) {
            try {
                requestMethodArr = (RequestMethod[]) RequestMapping.class.getMethod("method", new Class[0]).invoke(t, new Object[0]);
            } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
                requestMethodArr = new RequestMethod[0];
            }
            return requestMethodArr.length > 0 ? requestMethodArr[0].name() : "GET";
        }
        String simpleName = t.annotationType().getSimpleName();
        int indexOf = simpleName.indexOf("Mapping");
        return indexOf > 0 ? simpleName.substring(0, indexOf).toUpperCase() : simpleName;
    }
}
