package kd.bos.service.operation.validate;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.entity.AppInfo;
import kd.bos.entity.AppMetadataCache;
import kd.bos.entity.EntityMetadataCache;
import kd.bos.entity.EntityType;
import kd.bos.entity.EntryType;
import kd.bos.entity.ExtendedDataEntity;
import kd.bos.entity.MainEntityType;
import kd.bos.entity.SubEntryType;
import kd.bos.entity.formula.BOSExpression;
import kd.bos.entity.formula.CalcExprParser;
import kd.bos.entity.formula.RowDataModel;
import kd.bos.entity.plugin.support.util.CollectionUtils;
import kd.bos.entity.validate.AbstractValidator;
import kd.bos.entity.validate.ValidateExpressionContext;
import kd.bos.exception.ErrorCode;
import kd.bos.exception.KDBizException;
import kd.bos.exception.KDException;
import kd.bos.log.api.AppLogInfo;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.orm.query.QFilter;
import kd.bos.permission.api.PermissionService;
import kd.bos.permission.model.CheckDimObjParam;
import kd.bos.service.ServiceFactory;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.bos.servicehelper.TimeServiceHelper;
import kd.bos.servicehelper.permission.PermissionServiceHelper;
import kd.bos.utils.LogPrintUtil;
import kd.bos.utils.SecurityTypeEnum;

/* loaded from: input_file:kd/bos/service/operation/validate/FunctionPermValidator.class */
public class FunctionPermValidator extends AbstractValidator {
    private static Log log = LogFactory.getLog(FunctionPermValidator.class);
    public static final String CUSTOMPARAM_DATARULE_EXTDATAENTSET = "DataRule_CustParam_ExtendDataEntitySet";
    private static final String ERRCODE_DATARULE_NOTSUPPORT_NOTVIEW_MULBD = "ERR_DATARULE_NOT_SUPPORTED_NOTVIEW_MULBD";
    private boolean skipCheckDataPerm = false;
    private boolean hasEnableOldDataRule = false;
    private long userId = 0;
    private String bizAppId = null;
    private String displayName = null;
    private String entityNum = null;
    private String dataRulePermItemId = null;
    private List<ExtendedDataEntity> scriptCheckList = new ArrayList(8);
    private List<Object> pkIds = new ArrayList(8);
    private Map<Object, ExtendedDataEntity> pkIdAndDyObjMap = new HashMap(8);
    private String dataRuleScript = null;
    private String express = null;
    private BOSExpression expr = null;
    private boolean needCalcExpr = true;
    private boolean subEntityEmptyData = false;
    private ExtendedDataEntity[] mainDataEntities = null;
    private boolean existMulPropDataRuleAtNotViewPerm = false;
    private String notSupportMsg_notViewPerm_mulBdDataRule = "";

    public Set<String> preparePropertys() {
        Set<String> preparePropertys = super.preparePropertys();
        this.needCalcExpr = false;
        boolean parseBoolean = Boolean.parseBoolean(getOption().getVariableValue("ishasright", String.valueOf(false)));
        if (!parseBoolean && StringUtils.isNotBlank(this.validateContext.getDimFldKey())) {
            preparePropertys.add(this.validateContext.getDimFldKey());
        }
        if (!parseBoolean && StringUtils.isNotBlank(this.validateContext.getDimAssistFldKey())) {
            preparePropertys.add(this.validateContext.getDimAssistFldKey());
        }
        return preparePropertys;
    }

    public void initializeConfiguration() {
        ExtendedDataEntity[] FindByEntityKey;
        super.initializeConfiguration();
        MainEntityType subEntityType = this.validateContext.getSubEntityType();
        if (skipAnonymousValidate(subEntityType)) {
            return;
        }
        this.userId = RequestContext.get().getCurrUserId();
        this.bizAppId = getOption().getVariableValue("currbizappid", (String) null);
        this.displayName = subEntityType.getDisplayName().getLocaleValue();
        this.displayName = StringUtils.isBlank(this.displayName) ? subEntityType.getName() : this.displayName;
        this.entityNum = subEntityType.getName();
        this.mainDataEntities = getExtendedDataEntitySet().FindByEntityKey(this.entityNum);
        this.skipCheckDataPerm = false;
        if (getOption().containsVariable("skipCheckDataPermission")) {
            this.skipCheckDataPerm = Boolean.parseBoolean(getOption().getVariableValue("skipCheckDataPermission"));
        }
        this.hasEnableOldDataRule = hasEnableOldDataRule();
        if (this.skipCheckDataPerm || this.hasEnableOldDataRule || (FindByEntityKey = getExtendedDataEntitySet().FindByEntityKey(this.entityNum)) == null || FindByEntityKey.length == 0) {
            return;
        }
        for (ExtendedDataEntity extendedDataEntity : FindByEntityKey) {
            Object billPkId = extendedDataEntity.getBillPkId();
            boolean z = false;
            if (billPkId instanceof Long) {
                z = (billPkId == null || ((Long) billPkId).longValue() == 0) ? false : true;
            } else if (billPkId instanceof String) {
                z = billPkId != null && StringUtils.isNotBlank((String) billPkId);
            }
            if (this.needCalcExpr || !z) {
                this.scriptCheckList.add(extendedDataEntity);
            } else {
                this.pkIds.add(billPkId);
                this.pkIdAndDyObjMap.put(billPkId, extendedDataEntity);
            }
        }
        ExtendedDataEntity extendedDataEntity2 = FindByEntityKey[0];
        String operatePermItemId = getOperatePermItemId();
        this.dataRulePermItemId = operatePermItemId;
        if ("save".equals(getOperateKey()) && StringUtils.isEmpty(operatePermItemId)) {
            if (extendedDataEntity2.getDataEntity().getDataEntityState().getFromDatabase()) {
                this.dataRulePermItemId = "4715a0df000000ac";
            } else {
                this.dataRulePermItemId = "47156aff000000ac";
            }
        }
        if (CollectionUtils.isEmpty(this.scriptCheckList)) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(CUSTOMPARAM_DATARULE_EXTDATAENTSET, getExtendedDataEntitySet());
        hashMap.putAll(getOption().getVariables());
        try {
            this.dataRuleScript = ((PermissionService) ServiceFactory.getService(PermissionService.class)).getDataRuleScript(Long.valueOf(this.userId), this.bizAppId, this.entityNum, this.dataRulePermItemId, hashMap);
        } catch (KDException e) {
            ErrorCode errorCode = e.getErrorCode();
            if (errorCode != null && ERRCODE_DATARULE_NOTSUPPORT_NOTVIEW_MULBD.equals(errorCode.getCode())) {
                this.existMulPropDataRuleAtNotViewPerm = true;
                this.notSupportMsg_notViewPerm_mulBdDataRule = errorCode.getMessage();
            }
            if (!this.existMulPropDataRuleAtNotViewPerm) {
                throw e;
            }
        }
        if (this.expr == null) {
            this.express = this.dataRuleScript;
            this.expr = new BOSExpression(this.express);
            if (this.expr.isError()) {
                throw new KDBizException(buildSyntaxErrMessage(this.expr.getErrMessage()));
            }
        }
        FieldChecker fieldChecker = new FieldChecker(getValidateContext().getSubEntityType());
        fieldChecker.check(this.expr.getVars());
        if (fieldChecker.isNotExistsFields()) {
            throw new KDBizException(buildSyntaxErrMessage(String.format(ResManager.loadKDString("字段%s不存在", "FunctionPermValidator_10", "bos-mservice-operation", new Object[0]), StringUtils.join(fieldChecker.getNotExistsFields().toArray(), ","))));
        }
        if (fieldChecker.isOverEntry()) {
            throw new KDBizException(buildSyntaxErrMessage(String.format(ResManager.loadKDString("字段不允许来自于多个单据体(%s)", "FunctionPermValidator_11", "bos-mservice-operation", new Object[0]), fieldChecker.getOverEntryNames("+"))));
        }
        Set subEntrys = fieldChecker.getSubEntrys();
        Set entrys = fieldChecker.getEntrys();
        if (subEntrys.isEmpty()) {
            if (entrys.isEmpty()) {
                this.entityKey = subEntityType.getName();
                return;
            }
            this.entityKey = ((EntryType) entrys.iterator().next()).getName();
            ExtendedDataEntity[] FindByEntityKey2 = getExtendedDataEntitySet().FindByEntityKey(this.entityKey);
            if (FindByEntityKey2 == null || FindByEntityKey2.length == 0) {
                this.subEntityEmptyData = true;
                this.entityKey = subEntityType.getName();
                return;
            }
            return;
        }
        this.entityKey = ((SubEntryType) subEntrys.iterator().next()).getName();
        ExtendedDataEntity[] FindByEntityKey3 = getExtendedDataEntitySet().FindByEntityKey(this.entityKey);
        if (FindByEntityKey3 == null || FindByEntityKey3.length == 0) {
            this.subEntityEmptyData = true;
            if (entrys.isEmpty()) {
                return;
            }
            this.entityKey = ((EntryType) entrys.iterator().next()).getName();
            ExtendedDataEntity[] FindByEntityKey4 = getExtendedDataEntitySet().FindByEntityKey(this.entityKey);
            if (FindByEntityKey4 == null || FindByEntityKey4.length == 0) {
                this.entityKey = subEntityType.getName();
            }
        }
    }

    public void validate() {
        String format;
        MainEntityType subEntityType = this.validateContext.getSubEntityType();
        if (skipAnonymousValidate(subEntityType)) {
            return;
        }
        String operatePermItemId = getOperatePermItemId();
        if (Boolean.parseBoolean(getOption().getVariableValue("ishasright", String.valueOf(false))) || !subEntityType.getPermissionControlType().isControlFunction()) {
            checkDataRulePermission();
            return;
        }
        if (StringUtils.isEmpty(operatePermItemId)) {
            return;
        }
        if ((StringUtils.isBlank(this.validateContext.getDimFldKey()) || subEntityType.findProperty(this.validateContext.getDimFldKey()) == null) && (StringUtils.isBlank(this.validateContext.getDimAssistFldKey()) || subEntityType.findProperty(this.validateContext.getDimAssistFldKey()) == null)) {
            if (PermissionServiceHelper.checkPermission(this.userId, "DIM_ORG", 0L, this.bizAppId, subEntityType.getName(), operatePermItemId) == 1) {
                checkDataRulePermission();
                return;
            }
            String loadKDString = ResManager.loadKDString("无“%1$s”的“%2$s”权限，请联系管理员。", "FunctionPermValidator_8", "bos-mservice-operation", new Object[0]);
            Object[] objArr = new Object[2];
            objArr[0] = this.displayName == null ? "" : this.displayName;
            objArr[1] = getOperationName() == null ? "" : getOperationName();
            String format2 = String.format(loadKDString, objArr);
            for (ExtendedDataEntity extendedDataEntity : this.mainDataEntities) {
                addFatalErrorMessage(extendedDataEntity, format2);
            }
            LogPrintUtil.writeLog(SecurityTypeEnum.OVERPERMISSION, buildLogInfo(format2, subEntityType));
            return;
        }
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap(16);
        for (ExtendedDataEntity extendedDataEntity2 : this.mainDataEntities) {
            hashMap.put(extendedDataEntity2.getBillPkId().toString(), extendedDataEntity2);
            CheckDimObjParam checkDimObjParam = new CheckDimObjParam();
            if (StringUtils.isNotBlank(this.validateContext.getDimFldKey())) {
                DynamicObject dynamicObject = (DynamicObject) extendedDataEntity2.getDataEntity().get(this.validateContext.getDimFldKey());
                Long valueOf = Long.valueOf(dynamicObject == null ? -1L : Long.parseLong(dynamicObject.getPkValue().toString()));
                if (valueOf.longValue() != -1) {
                    checkDimObjParam.setDimensionOrg(valueOf.longValue());
                    checkDimObjParam.setId(extendedDataEntity2.getBillPkId());
                    arrayList.add(checkDimObjParam);
                }
            }
            if (StringUtils.isNotBlank(this.validateContext.getDimAssistFldKey())) {
                DynamicObject dynamicObject2 = (DynamicObject) extendedDataEntity2.getDataEntity().get(this.validateContext.getDimAssistFldKey());
                Long valueOf2 = Long.valueOf(dynamicObject2 == null ? -1L : Long.parseLong(dynamicObject2.getPkValue().toString()));
                if (valueOf2.longValue() != -1) {
                    checkDimObjParam.setAssistDimensionOrg(valueOf2.longValue());
                }
            }
        }
        List<CheckDimObjParam> checkPermissionBatch = ((PermissionService) ServiceFactory.getService(PermissionService.class)).checkPermissionBatch(Long.valueOf(this.userId), this.bizAppId, subEntityType.getName(), operatePermItemId, arrayList);
        if (checkPermissionBatch == null) {
            String loadKDString2 = ResManager.loadKDString("无“%1$s”的“%2$s”权限，请联系管理员。", "FunctionPermValidator_8", "bos-mservice-operation", new Object[0]);
            Object[] objArr2 = new Object[2];
            objArr2[0] = this.displayName == null ? "" : this.displayName;
            objArr2[1] = getOperationName() == null ? "" : getOperationName();
            String format3 = String.format(loadKDString2, objArr2);
            for (ExtendedDataEntity extendedDataEntity3 : this.mainDataEntities) {
                addFatalErrorMessage(extendedDataEntity3, format3);
            }
            LogPrintUtil.writeLog(SecurityTypeEnum.OVERPERMISSION, buildLogInfo(format3, subEntityType));
            return;
        }
        for (CheckDimObjParam checkDimObjParam2 : checkPermissionBatch) {
            String str = null;
            try {
                str = ResManager.loadKDString("无“%1$s”的“%2$s”权限，请联系管理员。", "FunctionPermValidator_8", "bos-mservice-operation", new Object[0]);
                Object[] objArr3 = new Object[2];
                objArr3[0] = this.displayName == null ? "" : this.displayName;
                objArr3[1] = getOperationName() == null ? "" : getOperationName();
                format = String.format(str, objArr3);
                LogPrintUtil.writeLog(SecurityTypeEnum.OVERPERMISSION, buildLogInfo(format, subEntityType));
            } catch (Exception e) {
                log.error(str);
                String loadKDString3 = ResManager.loadKDString("无“%1$s”的“%2$s”权限，请联系管理员。", "FunctionPermValidator_8", "bos-mservice-operation", new Object[0]);
                Object[] objArr4 = new Object[2];
                objArr4[0] = this.displayName == null ? "" : this.displayName;
                objArr4[1] = getOperationName() == null ? "" : getOperationName();
                format = String.format(loadKDString3, objArr4);
            }
            addFatalErrorMessage((ExtendedDataEntity) hashMap.get(checkDimObjParam2.getId().toString()), format);
        }
        if (checkPermissionBatch == null || !checkPermissionBatch.isEmpty()) {
            return;
        }
        checkDataRulePermission();
    }

    private void checkDataRulePermission() {
        DynamicObject dynamicObject;
        boolean booleanValue;
        if (this.skipCheckDataPerm || this.hasEnableOldDataRule) {
            return;
        }
        if (!CollectionUtils.isEmpty(this.scriptCheckList)) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            for (ExtendedDataEntity extendedDataEntity : this.dataEntities) {
                if (this.existMulPropDataRuleAtNotViewPerm) {
                    addFatalErrorMessage(extendedDataEntity, this.notSupportMsg_notViewPerm_mulBdDataRule);
                } else {
                    EntityType dataEntityType = extendedDataEntity.getDataEntity().getDataEntityType();
                    EntityType entityType = dataEntityType;
                    DynamicObject dataEntity = extendedDataEntity.getDataEntity();
                    while (true) {
                        dynamicObject = dataEntity;
                        if (entityType.getParent() == null) {
                            break;
                        }
                        entityType = (EntityType) entityType.getParent();
                        dataEntity = (DynamicObject) dynamicObject.getParent();
                    }
                    if (StringUtils.isEmpty(this.dataRuleScript)) {
                        booleanValue = true;
                    } else if ("1=1".equals(this.dataRuleScript)) {
                        booleanValue = true;
                    } else if ("1!=1".equals(this.dataRuleScript)) {
                        booleanValue = false;
                    } else {
                        ValidateExpressionContext validateExpressionContext = new ValidateExpressionContext(new RowDataModel(dataEntityType.getName(), (MainEntityType) entityType), getValidateContext());
                        validateExpressionContext.getRowDataModel().setRowContext(extendedDataEntity.getDataEntity(), extendedDataEntity.getRowIndex());
                        Object expressionValue = (this.subEntityEmptyData && entityType.getName().equals(this.entityNum)) ? Boolean.FALSE : CalcExprParser.getExpressionValue(this.expr, validateExpressionContext, getValidateContext().getFuncLib());
                        booleanValue = expressionValue != null ? ((Boolean) expressionValue).booleanValue() : false;
                    }
                    if (booleanValue) {
                        hashSet2.add(dynamicObject);
                        hashSet.remove(dynamicObject);
                    } else if (!hashSet2.contains(dynamicObject)) {
                        hashSet.add(dynamicObject);
                    }
                }
            }
            String permItemName = getPermItemName();
            for (ExtendedDataEntity extendedDataEntity2 : getExtendedDataEntitySet().FindByEntityKey(this.entityNum)) {
                if (hashSet.contains(extendedDataEntity2.getDataEntity())) {
                    addFatalErrorMessage(extendedDataEntity2, String.format(ResManager.loadKDString("不能%1$s。您没有【%2$s】【%3$s】的数据规则权限，请联系管理员。", "MODIFY_NOE_DRPERM", "bos-mservice-operation", new Object[0]), getOperationName(), this.displayName, permItemName));
                }
            }
        }
        if (CollectionUtils.isEmpty(this.pkIds)) {
            return;
        }
        Map map = null;
        try {
            map = ((PermissionService) ServiceFactory.getService(PermissionService.class)).matchDataRule(this.userId, this.bizAppId, this.entityNum, this.dataRulePermItemId, new QFilter[]{new QFilter("id", "in", this.pkIds)}, new HashMap(8));
        } catch (KDException e) {
            ErrorCode errorCode = e.getErrorCode();
            if (errorCode != null && ERRCODE_DATARULE_NOTSUPPORT_NOTVIEW_MULBD.equals(errorCode.getCode())) {
                this.existMulPropDataRuleAtNotViewPerm = true;
                this.notSupportMsg_notViewPerm_mulBdDataRule = errorCode.getMessage();
            }
            if (!this.existMulPropDataRuleAtNotViewPerm) {
                throw e;
            }
        }
        String permItemName2 = getPermItemName();
        for (Object obj : this.pkIds) {
            ExtendedDataEntity extendedDataEntity3 = this.pkIdAndDyObjMap.get(obj);
            if (this.existMulPropDataRuleAtNotViewPerm) {
                addFatalErrorMessage(extendedDataEntity3, this.notSupportMsg_notViewPerm_mulBdDataRule);
            } else if (map != null && Boolean.FALSE.equals((Boolean) map.get(obj))) {
                addFatalErrorMessage(extendedDataEntity3, String.format(ResManager.loadKDString("不能%1$s。您没有【%2$s】【%3$s】的数据规则权限，请联系管理员。", "MODIFY_NOE_DRPERM", "bos-mservice-operation", new Object[0]), getOperationName(), this.displayName, permItemName2));
            }
        }
    }

    private String getPermItemName() {
        String str = "";
        if (StringUtils.isNotEmpty(this.dataRulePermItemId)) {
            DynamicObject loadSingleFromCache = BusinessDataServiceHelper.loadSingleFromCache(this.dataRulePermItemId, "perm_permitem");
            str = null == loadSingleFromCache ? this.dataRulePermItemId : loadSingleFromCache.getString("name");
        }
        return str;
    }

    private static boolean hasEnableOldDataRule() {
        DynamicObject loadSingleFromCache = BusinessDataServiceHelper.loadSingleFromCache(1L, "perm_olddataruleenable");
        if (loadSingleFromCache == null) {
            return true;
        }
        return loadSingleFromCache.getBoolean("enable_olddatarule");
    }

    private String getOperatePermItemId() {
        String variableValue = getOption().getVariableValue("permissionentityid", "");
        Map dataEntityOperate = EntityMetadataCache.getDataEntityOperate(StringUtils.isNotBlank(variableValue) ? variableValue : this.entityNum, getOperateKey());
        if (dataEntityOperate == null) {
            return null;
        }
        return (String) dataEntityOperate.get("permission");
    }

    private AppLogInfo buildLogInfo(String str, MainEntityType mainEntityType) {
        AppInfo appInfo;
        AppLogInfo appLogInfo = new AppLogInfo();
        appLogInfo.setUserID(Long.valueOf(RequestContext.get().getUserId()));
        String str2 = "";
        String variableValue = getOption().getVariableValue("appnumber", "");
        if (StringUtils.isBlank(variableValue)) {
            variableValue = mainEntityType.getAppId();
        }
        if (StringUtils.isNotBlank(variableValue) && !StringUtils.equalsIgnoreCase("bos", variableValue) && null != (appInfo = AppMetadataCache.getAppInfo(variableValue))) {
            str2 = appInfo.getId();
        }
        appLogInfo.setBizAppID(str2);
        appLogInfo.setBizObjID(mainEntityType.getName());
        appLogInfo.setOrgID(Long.valueOf(RequestContext.get().getOrgId()));
        appLogInfo.setOpTime(TimeServiceHelper.now());
        appLogInfo.setClientType(RequestContext.get().getClient());
        appLogInfo.setClientIP(RequestContext.get().getLoginIP());
        appLogInfo.setOpName(getOperationName());
        appLogInfo.setOpDescription(str);
        return appLogInfo;
    }

    private boolean skipAnonymousValidate(MainEntityType mainEntityType) {
        return mainEntityType.getPermissionControlType().isAnonymousUserControl() && RequestContext.get().getUserId().equalsIgnoreCase("-1");
    }

    private String buildSyntaxErrMessage(String str) {
        return String.format(ResManager.loadKDString("%1$s-%2$s，数据规则的表达式(%3$s)：%4$s", "FunctionPermValidator_1", "bos-mservice-operation", new Object[0]), getValidateContext().getBillEntityType().getDisplayName().toString(), getOperationName(), this.express, str);
    }
}
