package kd.bos.nocode.utils;

import com.alibaba.fastjson.JSONObject;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.nocode.constant.StrConstants;
import kd.bos.nocode.constant.WfConsts;
import kd.bos.nocode.restapi.common.constant.RestApiErrorCode;
import kd.bos.nocode.restapi.common.exception.RestApiException;
import kd.bos.nocode.restapi.common.util.Maps;
import kd.bos.orm.query.QFilter;
import kd.bos.permission.nocode.model.AppManageTypeEnum;
import kd.bos.permission.nocode.model.AppUseTypeEnum;
import kd.bos.permission.nocode.model.PermItemEnum;
import kd.bos.permission.nocode.model.Role;
import kd.bos.permission.nocode.model.RolePerm;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.bos.servicehelper.QueryServiceHelper;
import kd.bos.servicehelper.permission.PermissionServiceHelper;
import kd.bos.servicehelper.permission.nocode.NoCodePermissionServiceHelper;
import kd.bos.threads.ThreadPools;
import kd.bos.util.StringUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:kd/bos/nocode/utils/NoCodePermHelper.class */
public class NoCodePermHelper {
    private static final String ROLE_NAME_SPLIT_REG = "\\$";
    private static final String ROLE_NAME_SPLIT = "$";
    private static final String ID = "id";
    private static final String BOS_DEVPN_FORMMETA = "bos_devpn_formmeta";
    private static final String BIZ_APPID = "bizappid";
    protected static ExecutorService pool = ThreadPools.newExecutorService("NoCode-Perm-Query-Thread", 3);
    private static final Log logger = LogFactory.getLog(NoCodePermHelper.class);

    private NoCodePermHelper() {
        throw new IllegalStateException("NoCodePermHelper class");
    }

    public static void verifyPlatManage() {
        long currUserId = RequestContext.get().getCurrUserId();
        if (PermissionServiceHelper.isAdminUser(currUserId)) {
            return;
        }
        verifyManage(Long.valueOf(currUserId), "2HGKTA7HH43C");
    }

    public static void verifyManage(String str) {
        verifyManage(Long.valueOf(RequestContext.get().getCurrUserId()), str);
    }

    public static void verifyManage(Long l, String str) {
        if (!checkUserAppManageInNoCode(l, str)) {
            throw new RestApiException("权限不足");
        }
    }

    public static void verifyUsePermPassTemp(String str) {
        if (NcEntityTypeUtil.queryTemplateAppIds().contains(str)) {
            return;
        }
        verifyUsePerm(str);
    }

    public static void verifyUsePerm(String str) {
        verifyUsePerm(Long.valueOf(RequestContext.get().getCurrUserId()), str);
    }

    public static void verifyUsePerm(Long l, String str) {
        if (!checkUserAppUseInNoCode(l, str)) {
            throw new RestApiException("权限不足");
        }
    }

    public static boolean isShare(String str, String str2, String str3) {
        DynamicObject loadSingle;
        if (!StringUtils.isNotEmpty(str3) || (loadSingle = BusinessDataServiceHelper.loadSingle(str3.split(StrConstants.UNDERLINE)[0], "bos_svc_share")) == null) {
            return false;
        }
        if (System.currentTimeMillis() > loadSingle.getDate("expiretime").getTime()) {
            return false;
        }
        String string = loadSingle.getString("sharecontext_tag");
        if (StringUtils.isEmpty(string)) {
            return false;
        }
        JSONObject parseObject = JSONObject.parseObject(string);
        if (StringUtils.isNotEmpty(str) && parseObject.containsKey("appId") && !str.equals(parseObject.getString("appId"))) {
            return false;
        }
        return (StringUtils.isNotEmpty(str2) && parseObject.containsKey(WfConsts.FORM_ID) && !str2.equals(parseObject.getString(WfConsts.FORM_ID))) ? false : true;
    }

    public static boolean isValidShareId(String str) {
        if (StringUtils.isNotEmpty(str)) {
            return QueryServiceHelper.exists("bos_svc_share", str.split(StrConstants.UNDERLINE)[0]);
        }
        return false;
    }

    public static boolean isViewShare(String str) {
        DynamicObject loadSingle;
        if (!StringUtils.isNotEmpty(str) || (loadSingle = BusinessDataServiceHelper.loadSingle(str.split(StrConstants.UNDERLINE)[0], "bos_svc_share")) == null) {
            return false;
        }
        String string = loadSingle.getString("sharecontext_tag");
        if (string.contains("?")) {
            string = string.substring(0, string.indexOf(63));
        }
        JSONObject parseObject = JSONObject.parseObject(string);
        return parseObject.containsKey("type") && parseObject.getString("type").equals("view");
    }

    public static boolean isAddShare(String str) {
        DynamicObject loadSingle;
        if (!StringUtils.isNotEmpty(str) || (loadSingle = BusinessDataServiceHelper.loadSingle(str.split(StrConstants.UNDERLINE)[0], "bos_svc_share")) == null) {
            return false;
        }
        String string = loadSingle.getString("sharecontext_tag");
        if (string.contains("?")) {
            string = string.substring(0, string.indexOf(63));
        }
        JSONObject parseObject = JSONObject.parseObject(string);
        return parseObject.containsKey("type") && parseObject.getString("type").equals("addNew");
    }

    public static ShareInputMode getAddShareMode(String str) {
        DynamicObject loadSingle;
        if (!StringUtils.isNotEmpty(str) || (loadSingle = BusinessDataServiceHelper.loadSingle(str.split(StrConstants.UNDERLINE)[0], "bos_svc_share")) == null) {
            return ShareInputMode.ALWAYS;
        }
        String string = loadSingle.getString("sharecontext_tag");
        if (string.contains("?")) {
            string = string.substring(0, string.indexOf(63));
        }
        String string2 = JSONObject.parseObject(string).getString("inputMode");
        return StringUtils.isEmpty(string2) ? ShareInputMode.ALWAYS : ShareInputMode.find(string2);
    }

    public static boolean checkDataPermInNoCode(String str, Object obj) {
        return checkDataPermInNoCode(str, obj, PermItemEnum.of(FuncPermItemEnum.view.getId()));
    }

    public static boolean checkDataEditPermInNoCode(String str, Object obj) {
        return checkDataPermInNoCode(str, obj, PermItemEnum.of(FuncPermItemEnum.edit.getId()));
    }

    public static boolean checkDataDelPermInNoCode(String str, Object obj) {
        return checkDataPermInNoCode(str, obj, PermItemEnum.of(FuncPermItemEnum.delete.getId()));
    }

    public static boolean checkDataPermInNoCode(String str, Object obj, PermItemEnum permItemEnum) {
        if (obj == null) {
            return false;
        }
        if (!isNoCodeForm(str)) {
            return true;
        }
        try {
            QFilter dataRuleFilter = NoCodePermissionServiceHelper.getDataRuleFilter(RequestContext.get().getCurrUserId(), str, permItemEnum);
            if (dataRuleFilter == null) {
                return true;
            }
            return BusinessDataServiceHelper.load(str, "id", new QFilter[]{new QFilter("id", "=", Long.valueOf(Long.parseLong(obj.toString()))), dataRuleFilter}).length > 0;
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static Map<String, Boolean> checkAllDataPermInNoCode(String str, Object obj) {
        if (obj == null) {
            return Collections.emptyMap();
        }
        if (!isNoCodeForm(str)) {
            return Maps.of(FuncPermItemEnum.view.getId(), true, FuncPermItemEnum.edit.getId(), true, FuncPermItemEnum.delete.getId(), true);
        }
        long currUserId = RequestContext.get().getCurrUserId();
        ArrayList newArrayList = Lists.newArrayList(new String[]{FuncPermItemEnum.view.getId(), FuncPermItemEnum.edit.getId(), FuncPermItemEnum.delete.getId()});
        try {
            Map dataRuleFilters = NoCodePermissionServiceHelper.getDataRuleFilters(currUserId, str, newArrayList);
            HashMap hashMap = new HashMap();
            QFilter qFilter = new QFilter("id", "=", Long.valueOf(Long.parseLong(obj.toString())));
            Iterator it = newArrayList.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                QFilter qFilter2 = (QFilter) dataRuleFilters.get(str2);
                if (qFilter2 == null) {
                    hashMap.put(str2, true);
                } else {
                    hashMap.put(str2, Boolean.valueOf(BusinessDataServiceHelper.load(str, "id", new QFilter[]{qFilter, qFilter2}).length > 0));
                }
            }
            return hashMap;
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static Set<String> getNoViewFieldPermSet(String str) {
        if (!isNoCodeForm(str)) {
            return Collections.emptySet();
        }
        try {
            return (Set) NoCodePermissionServiceHelper.getNoPermProperties(RequestContext.get().getCurrUserId(), str).getOrDefault(FuncPermItemEnum.view.getId(), Collections.emptySet());
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static Set<String> getNoEditFieldPermSet(String str) {
        if (!isNoCodeForm(str)) {
            return Collections.emptySet();
        }
        try {
            return (Set) NoCodePermissionServiceHelper.getNoPermProperties(RequestContext.get().getCurrUserId(), str).getOrDefault(FuncPermItemEnum.edit.getId(), Collections.emptySet());
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static Set<String> getNoInputFieldPermSet(String str) {
        if (!isNoCodeForm(str)) {
            return Collections.emptySet();
        }
        try {
            return (Set) NoCodePermissionServiceHelper.getNoPermProperties(RequestContext.get().getCurrUserId(), str).getOrDefault(FuncPermItemEnum.input.getId(), Collections.emptySet());
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static boolean checkFuncPermInNoCode(FuncPermItemEnum funcPermItemEnum, String str) {
        return checkFuncPerm(funcPermItemEnum, str);
    }

    public static boolean checkFuncPerm(FuncPermItemEnum funcPermItemEnum, String str) {
        return checkFuncPerm(funcPermItemEnum, str, RequestContext.get().getCurrUserId());
    }

    public static boolean checkFuncPerm(FuncPermItemEnum funcPermItemEnum, String str, long j) {
        if (!isNoCodeForm(str)) {
            return true;
        }
        try {
            return NoCodePermissionServiceHelper.getPermItems(j, str).contains(funcPermItemEnum.getId());
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    private static boolean isNoCodeForm(String str) {
        if ("bos_user".equals(str) || NcEntityTypeUtil.BOS_USER_ID.equals(str) || "bos_adminorg".equals(str) || NcEntityTypeUtil.BOS_ADMIN_ORG_ID.equals(str)) {
            return false;
        }
        return StringUtils.isNumeric(str);
    }

    public static void verifyFuncPermPassTemp(FuncPermItemEnum funcPermItemEnum, String str, String str2) {
        if (!isNoCodeForm(str2)) {
            if (!PermissionServiceHelper.checkPermission(Long.valueOf(RequestContext.get().getCurrUserId()), (String) null, str2, funcPermItemEnum.getId())) {
                throw new RestApiException("权限不足");
            }
        } else {
            if (NcEntityTypeUtil.queryTemplateAppIds().contains(str)) {
                return;
            }
            verifyFuncPerm(Long.valueOf(RequestContext.get().getCurrUserId()), funcPermItemEnum, str2);
        }
    }

    public static void verifyFuncPerm(FuncPermItemEnum funcPermItemEnum, String str) {
        verifyFuncPerm(Long.valueOf(RequestContext.get().getCurrUserId()), funcPermItemEnum, str);
    }

    public static void verifyFuncPerm(Long l, FuncPermItemEnum funcPermItemEnum, String str) {
        if (!checkFuncPerm(funcPermItemEnum, str, l.longValue())) {
            throw new RestApiException("权限不足");
        }
    }

    @NotNull
    public static List<QFilter> getDataPermFilters(String str) {
        ArrayList arrayList = new ArrayList();
        if (!isNoCodeForm(str)) {
            return arrayList;
        }
        try {
            arrayList.add(NoCodePermissionServiceHelper.getDataRuleFilter(RequestContext.get().getCurrUserId(), str, PermItemEnum.of(FuncPermItemEnum.view.getId())));
            return arrayList;
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static void queryManagePerm(String str, HashMap<String, Object> hashMap) {
        long currUserId = RequestContext.get().getCurrUserId();
        CompletableFuture supplyAsync = CompletableFuture.supplyAsync(() -> {
            return Boolean.valueOf(checkUserAppManageInNoCode(Long.valueOf(currUserId), str));
        }, pool);
        CompletableFuture supplyAsync2 = CompletableFuture.supplyAsync(() -> {
            return Boolean.valueOf(checkUserAppUseInNoCode(Long.valueOf(currUserId), str));
        }, pool);
        CompletableFuture.allOf(supplyAsync, supplyAsync2).join();
        try {
            hashMap.put("manage", supplyAsync.get());
            hashMap.put("use", supplyAsync2.get());
        } catch (Exception e) {
            throw new RestApiException(e);
        }
    }

    public static boolean checkUserAppCreateInNoCode() {
        return checkUserPlatManageInNoCode() || checkUserAppUseInNoCode(Long.valueOf(RequestContext.get().getCurrUserId()), "2HGKTA7HH43C");
    }

    public static boolean checkUserPlatManageInNoCode() {
        long currUserId = RequestContext.get().getCurrUserId();
        return PermissionServiceHelper.isAdminUser(currUserId) || checkUserAppManageInNoCode(Long.valueOf(currUserId), "2HGKTA7HH43C");
    }

    public static boolean checkUserAppManageInNoCode(Long l, String str) {
        try {
            return NoCodePermissionServiceHelper.getManageAppIds(l.longValue()).contains(str);
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static boolean checkUserAppUseInNoCode(Long l, String str) {
        try {
            return NoCodePermissionServiceHelper.getUsableAppIds(l.longValue()).contains(str);
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static void queryFuncPermItems(String str, HashMap<String, Object> hashMap) {
        try {
            NoCodePermissionServiceHelper.getPermItems(RequestContext.get().getCurrUserId(), str).stream().filter(str2 -> {
                return FuncPermItemEnum.getById(str2) != null;
            }).forEach(str3 -> {
                hashMap.put(FuncPermItemEnum.getById(str3).getNumber(), true);
            });
            Arrays.stream(FuncPermItemEnum.values()).filter(funcPermItemEnum -> {
                return !hashMap.containsKey(funcPermItemEnum.getNumber());
            }).forEach(funcPermItemEnum2 -> {
                hashMap.put(funcPermItemEnum2.getNumber(), false);
            });
        } catch (Exception e) {
            throw new RestApiException(RestApiErrorCode.ERROR, e.getMessage(), e);
        }
    }

    public static void changeAdminRole(String str, long j, long j2) {
        RolePerm rolePerm = NoCodePermissionServiceHelper.getRolePerm(((Role) NoCodePermissionServiceHelper.getRoleByAppId(str).stream().filter((v0) -> {
            return v0.isSystem();
        }).findFirst().get()).getId());
        rolePerm.getAssignUserIds().remove(Long.valueOf(j2));
        if (rolePerm.getAssignUserIds().add(Long.valueOf(j))) {
            NoCodePermissionServiceHelper.saveRolePerm(rolePerm);
            if (rolePerm.getErrors().isEmpty()) {
                return;
            }
            logger.debug("生成应用管理员失败:\n" + JSONObject.toJSONString(rolePerm.getErrors()));
            throw new RestApiException("生成应用管理员失败:" + JSONObject.toJSONString(rolePerm.getErrors()));
        }
    }

    public static void genAdminRole(String str) {
        Optional findFirst = NoCodePermissionServiceHelper.getRoleByAppId(str).stream().filter((v0) -> {
            return v0.isSystem();
        }).findFirst();
        long currUserId = RequestContext.get().getCurrUserId();
        if (!findFirst.isPresent()) {
            genAdminRole(Long.valueOf(currUserId), str);
            return;
        }
        RolePerm rolePerm = NoCodePermissionServiceHelper.getRolePerm(((Role) findFirst.get()).getId());
        if (rolePerm.getAssignUserIds().add(Long.valueOf(currUserId))) {
            NoCodePermissionServiceHelper.saveRolePerm(rolePerm);
            if (rolePerm.getErrors().isEmpty()) {
                return;
            }
            logger.debug("生成应用管理员失败:\n" + JSONObject.toJSONString(rolePerm.getErrors()));
            throw new RestApiException("生成应用管理员失败:" + JSONObject.toJSONString(rolePerm.getErrors()));
        }
    }

    public static void genAdminRole(Long l, String str) {
        RolePerm rolePerm = new RolePerm();
        rolePerm.setAppId(str);
        rolePerm.setSortCode(0);
        rolePerm.setSystem(true);
        rolePerm.setAppUseType(AppUseTypeEnum.ALL);
        rolePerm.setAppManageType(AppManageTypeEnum.ALL);
        rolePerm.setName("管理员");
        rolePerm.setAssignUserIds(Collections.singleton(l));
        NoCodePermissionServiceHelper.saveRolePerm(rolePerm);
        if (rolePerm.getErrors().isEmpty()) {
            return;
        }
        logger.debug("生成应用管理员失败:\n" + JSONObject.toJSONString(rolePerm.getErrors()));
        throw new RestApiException("生成应用管理员失败:" + JSONObject.toJSONString(rolePerm.getErrors()));
    }

    public static void delAppRoles(String str) {
        pool.execute(() -> {
            NoCodePermissionServiceHelper.getRoleByAppId(str).forEach(NoCodePermissionServiceHelper::deleteRole);
        });
    }

    public static String getRoleName(String str) {
        return str.split(ROLE_NAME_SPLIT_REG)[0];
    }

    public static String setRoleName(String str, String str2) {
        return str + "$" + str2;
    }

    public static boolean checkPublishEnt(String str, String str2) {
        if (isCrossApp(str, str2)) {
            return ((Set) NoCodePermissionServiceHelper.getAppliedAppPerm(Collections.singletonList(str)).getOrDefault(str, Collections.emptySet())).contains(str2);
        }
        return true;
    }

    private static boolean isCrossApp(String str, String str2) {
        DynamicObject queryOne = QueryServiceHelper.queryOne(BOS_DEVPN_FORMMETA, BIZ_APPID, new QFilter[]{new QFilter("id", "=", str2)});
        return Objects.nonNull(queryOne) && !str.equalsIgnoreCase(queryOne.getString(BIZ_APPID));
    }

    public static QFilter[] combinePermFilter(String str, String str2, QFilter[] qFilterArr) {
        try {
            if (!NcEntityTypeUtil.queryTemplateAppIds().contains(str)) {
                List<QFilter> dataPermFilters = getDataPermFilters(str2);
                if (CollectionUtils.isNotEmpty(dataPermFilters)) {
                    qFilterArr = (QFilter[]) ArrayUtils.addAll(qFilterArr, dataPermFilters.toArray(new QFilter[0]));
                    logger.debug("权限过滤器filter={}", Arrays.toString(dataPermFilters.toArray()));
                }
            }
            return qFilterArr;
        } catch (Exception e) {
            logger.debug("combine perm filter error: {}", e.getMessage(), e);
            return qFilterArr;
        }
    }
}
