package cn.sparrowmini.pem.service.impl;

import cn.sparrowmini.common.BaseOpLog;
import cn.sparrowmini.pem.model.ModelAttribute;
import cn.sparrowmini.pem.model.ModelAttributeRule;
import cn.sparrowmini.pem.model.ModelRule;
import cn.sparrowmini.pem.model.constant.PermissionEnum;
import cn.sparrowmini.pem.model.constant.PermissionTypeEnum;
import cn.sparrowmini.pem.model.relation.SysroleModel;
import cn.sparrowmini.pem.model.relation.SysroleModelAttribute;
import cn.sparrowmini.pem.model.relation.UserSysrole;
import cn.sparrowmini.pem.service.ModelPermissionService;
import cn.sparrowmini.pem.service.exception.DenyPermissionException;
import cn.sparrowmini.pem.service.exception.NoPermissionException;
import cn.sparrowmini.pem.service.repository.ModelAttributeRuleRepository;
import cn.sparrowmini.pem.service.repository.ModelRuleRepository;
import cn.sparrowmini.pem.service.repository.SysroleModelAttributeRepository;
import cn.sparrowmini.pem.service.repository.SysroleModelRepository;
import cn.sparrowmini.pem.service.repository.UserSysroleRepository;
import java.util.List;
import java.util.stream.Collectors;
import org.jeasy.rules.api.Facts;
import org.jeasy.rules.api.Rule;
import org.jeasy.rules.api.RuleListener;
import org.jeasy.rules.api.Rules;
import org.jeasy.rules.core.AbstractRulesEngine;
import org.jeasy.rules.core.DefaultRulesEngine;
import org.jeasy.rules.mvel.MVELRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/sparrowmini/pem/service/impl/ModelPermissionServiceImpl.class */
public class ModelPermissionServiceImpl implements ModelPermissionService {
    private static final Logger log = LoggerFactory.getLogger(ModelPermissionServiceImpl.class);

    @Autowired
    private SysroleModelRepository sysroleModelRepository;

    @Autowired
    private SysroleModelAttributeRepository sysroleModelAttributeRepository;

    @Autowired
    private UserSysroleRepository userSysroleRepository;

    @Autowired
    private ModelRuleRepository modelRuleRepository;

    @Autowired
    private ModelAttributeRuleRepository modelAttributeRuleRepository;

    @Override // cn.sparrowmini.pem.service.ModelPermissionService
    public boolean hasPermission(String str, PermissionEnum permissionEnum, String str2) {
        if (str2.equalsIgnoreCase("SUPER_SYSADMIN") || SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equalsIgnoreCase("SUPER_SYSADMIN");
        })) {
            return true;
        }
        boolean z = false;
        for (UserSysrole userSysrole : this.userSysroleRepository.findByIdUsername(str2)) {
            log.debug("sysrole: {}", userSysrole.getSysrole());
            if (((SysroleModel) this.sysroleModelRepository.findById(new SysroleModel.SysroleModelId(str, userSysrole.getId().getSysroleId(), PermissionTypeEnum.DENY, permissionEnum)).orElse(null)) != null) {
                throw new DenyPermissionException(String.join(" ", "拒绝权限", str, permissionEnum.name(), userSysrole.getSysrole().getName()));
            }
            if (((SysroleModel) this.sysroleModelRepository.findById(new SysroleModel.SysroleModelId(str, userSysrole.getId().getSysroleId(), PermissionTypeEnum.ALLOW, permissionEnum)).orElse(null)) != null) {
                z = true;
            }
        }
        if (this.sysroleModelRepository.countByIdModelIdAndIdPermissionAndIdPermissionType(str, permissionEnum, PermissionTypeEnum.ALLOW) == 0) {
            z = true;
        }
        if (z) {
            return true;
        }
        throw new NoPermissionException(String.join(" ", "没有权限", str, permissionEnum.name(), str2));
    }

    @Override // cn.sparrowmini.pem.service.ModelPermissionService
    public boolean hasPermission(ModelAttribute.ModelAttributePK modelAttributePK, PermissionEnum permissionEnum, String str) {
        if (str.equalsIgnoreCase("SUPER_SYSADMIN") || SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equalsIgnoreCase("SUPER_SYSADMIN");
        })) {
            return true;
        }
        boolean z = false;
        for (UserSysrole userSysrole : this.userSysroleRepository.findByIdUsername(str)) {
            log.debug("sysrole: {}", userSysrole.getSysrole());
            if (((SysroleModelAttribute) this.sysroleModelAttributeRepository.findById(new SysroleModelAttribute.SysroleModelAttributeId(modelAttributePK, userSysrole.getId().getSysroleId(), PermissionTypeEnum.DENY, permissionEnum)).orElse(null)) != null) {
                throw new DenyPermissionException(String.join(" ", "拒绝权限", modelAttributePK.getModelId(), modelAttributePK.getAttributeId(), permissionEnum.name(), userSysrole.getSysrole().getName()));
            }
            if (this.sysroleModelAttributeRepository.countByIdAttributeIdAndIdPermissionAndIdPermissionType(modelAttributePK, permissionEnum, PermissionTypeEnum.ALLOW) > 0 && ((SysroleModelAttribute) this.sysroleModelAttributeRepository.findById(new SysroleModelAttribute.SysroleModelAttributeId(modelAttributePK, userSysrole.getId().getSysroleId(), PermissionTypeEnum.ALLOW, permissionEnum)).orElse(null)) != null) {
                z = true;
            }
        }
        if (z) {
            return true;
        }
        throw new NoPermissionException(String.join(" ", "没有权限", modelAttributePK.getAttributeId(), permissionEnum.name(), str));
    }

    @Override // cn.sparrowmini.pem.service.ModelPermissionService
    public boolean hasPermission(String str, PermissionEnum permissionEnum, String str2, Object obj) {
        if (str2.equalsIgnoreCase("SUPER_SYSADMIN") || SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equalsIgnoreCase("SUPER_SYSADMIN");
        })) {
            return true;
        }
        boolean z = false;
        for (UserSysrole userSysrole : this.userSysroleRepository.findByIdUsername(str2)) {
            log.debug("sysrole: {}", userSysrole.getSysrole());
            if (((SysroleModel) this.sysroleModelRepository.findById(new SysroleModel.SysroleModelId(str, userSysrole.getId().getSysroleId(), PermissionTypeEnum.DENY, permissionEnum)).orElse(null)) != null) {
                throw new DenyPermissionException(String.join(" ", "拒绝权限", str, permissionEnum.name(), userSysrole.getSysrole().getName()));
            }
            if (((SysroleModel) this.sysroleModelRepository.findById(new SysroleModel.SysroleModelId(str, userSysrole.getId().getSysroleId(), PermissionTypeEnum.ALLOW, permissionEnum)).orElse(null)) != null) {
                z = true;
            }
        }
        List<ModelRule> findByPermission = this.modelRuleRepository.findByPermission(str, PermissionTypeEnum.DENY, permissionEnum);
        if (findByPermission.size() > 0 && !z) {
            Facts facts = new Facts();
            facts.put("entity", obj);
            Rules rules = new Rules(new Rule[0]);
            rules.register(new Object[]{(List) findByPermission.stream().map(modelRule -> {
                return new MVELRule().name(modelRule.getRule().getName().isBlank() ? "" : modelRule.getRule().getName()).description(modelRule.getRule().getDescription().isBlank() ? "" : modelRule.getRule().getDescription()).when(modelRule.getRule().getCondition()).then("facts.put(\"result\", true);");
            }).collect(Collectors.toList())});
            AbstractRulesEngine defaultRulesEngine = new DefaultRulesEngine();
            defaultRulesEngine.registerRuleListener(new RuleListener() { // from class: cn.sparrowmini.pem.service.impl.ModelPermissionServiceImpl.1
                public void beforeExecute(Rule rule, Facts facts2) {
                    facts2.put("facts", facts2);
                }

                public void onSuccess(Rule rule, Facts facts2) {
                    facts2.remove("facts");
                }

                public void onFailure(Rule rule, Facts facts2, Exception exc) {
                    facts2.remove("facts");
                }
            });
            defaultRulesEngine.fire(rules, facts);
            if (facts.get("result") != null && ((Boolean) facts.get("result")).booleanValue()) {
                throw new DenyPermissionException(String.join(" ", "拒绝权限", str, permissionEnum.name(), str2));
            }
        }
        List<ModelRule> findByPermission2 = this.modelRuleRepository.findByPermission(str, PermissionTypeEnum.ALLOW, permissionEnum);
        if (findByPermission2.size() > 0 && !z) {
            Facts facts2 = new Facts();
            facts2.put("entity", obj);
            Rules rules2 = new Rules(new Rule[0]);
            rules2.register(new Object[]{(List) findByPermission2.stream().map(modelRule2 -> {
                return new MVELRule().name(modelRule2.getRule().getName().isBlank() ? "" : modelRule2.getRule().getName()).description(modelRule2.getRule().getDescription().isBlank() ? "" : modelRule2.getRule().getDescription()).when(modelRule2.getRule().getCondition()).then("facts.put(\"result\", true);");
            }).collect(Collectors.toList())});
            AbstractRulesEngine defaultRulesEngine2 = new DefaultRulesEngine();
            defaultRulesEngine2.registerRuleListener(new RuleListener() { // from class: cn.sparrowmini.pem.service.impl.ModelPermissionServiceImpl.2
                public void beforeExecute(Rule rule, Facts facts3) {
                    facts3.put("facts", facts3);
                }

                public void onSuccess(Rule rule, Facts facts3) {
                    facts3.remove("facts");
                }

                public void onFailure(Rule rule, Facts facts3, Exception exc) {
                    facts3.remove("facts");
                }
            });
            defaultRulesEngine2.fire(rules2, facts2);
            if (facts2.get("result") != null && ((Boolean) facts2.get("result")).booleanValue()) {
                z = true;
            }
        }
        if (findByPermission2.size() == 0 && this.sysroleModelRepository.countByIdModelIdAndIdPermissionAndIdPermissionType(str, permissionEnum, PermissionTypeEnum.ALLOW) == 0 && ((BaseOpLog) obj).getCreatedBy().equals(str2)) {
            z = true;
        }
        if (z) {
            return true;
        }
        throw new NoPermissionException(String.join(" ", "没有权限", str, permissionEnum.name(), str2));
    }

    @Override // cn.sparrowmini.pem.service.ModelPermissionService
    public boolean hasPermission(ModelAttribute.ModelAttributePK modelAttributePK, PermissionEnum permissionEnum, String str, Object obj) {
        if (str.equalsIgnoreCase("SUPER_SYSADMIN") || SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equalsIgnoreCase("SUPER_SYSADMIN");
        })) {
            return true;
        }
        boolean z = false;
        int i = 0;
        for (UserSysrole userSysrole : this.userSysroleRepository.findByIdUsername(str)) {
            log.debug("sysrole: {}", userSysrole.getSysrole());
            if (((SysroleModelAttribute) this.sysroleModelAttributeRepository.findById(new SysroleModelAttribute.SysroleModelAttributeId(modelAttributePK, userSysrole.getId().getSysroleId(), PermissionTypeEnum.DENY, permissionEnum)).orElse(null)) != null) {
                throw new DenyPermissionException(String.join(" ", "拒绝权限", modelAttributePK.getModelId(), modelAttributePK.getAttributeId(), permissionEnum.name(), userSysrole.getSysrole().getName()));
            }
            int countByIdAttributeIdAndIdPermissionAndIdPermissionType = this.sysroleModelAttributeRepository.countByIdAttributeIdAndIdPermissionAndIdPermissionType(modelAttributePK, permissionEnum, PermissionTypeEnum.ALLOW);
            i += countByIdAttributeIdAndIdPermissionAndIdPermissionType;
            if (countByIdAttributeIdAndIdPermissionAndIdPermissionType > 0 && ((SysroleModelAttribute) this.sysroleModelAttributeRepository.findById(new SysroleModelAttribute.SysroleModelAttributeId(modelAttributePK, userSysrole.getId().getSysroleId(), PermissionTypeEnum.ALLOW, permissionEnum)).orElse(null)) != null) {
                z = true;
            }
        }
        List<ModelAttributeRule> findByPermission = this.modelAttributeRuleRepository.findByPermission(modelAttributePK.getModelId(), modelAttributePK.getAttributeId(), PermissionTypeEnum.DENY, permissionEnum);
        int size = i + findByPermission.size();
        if (findByPermission.size() > 0 && !z) {
            Facts facts = new Facts();
            facts.put("entity", obj);
            Rules rules = new Rules(new Rule[0]);
            rules.register(new Object[]{(List) findByPermission.stream().map(modelAttributeRule -> {
                return new MVELRule().name(modelAttributeRule.getRule().getName().isBlank() ? "" : modelAttributeRule.getRule().getName()).description(modelAttributeRule.getRule().getDescription().isBlank() ? "" : modelAttributeRule.getRule().getDescription()).when(modelAttributeRule.getRule().getCondition()).then("facts.put(\"result\", true);");
            }).collect(Collectors.toList())});
            AbstractRulesEngine defaultRulesEngine = new DefaultRulesEngine();
            defaultRulesEngine.registerRuleListener(new RuleListener() { // from class: cn.sparrowmini.pem.service.impl.ModelPermissionServiceImpl.3
                public void beforeExecute(Rule rule, Facts facts2) {
                    facts2.put("facts", facts2);
                }

                public void onSuccess(Rule rule, Facts facts2) {
                    facts2.remove("facts");
                }

                public void onFailure(Rule rule, Facts facts2, Exception exc) {
                    facts2.remove("facts");
                }
            });
            defaultRulesEngine.fire(rules, facts);
            if (facts.get("result") != null && ((Boolean) facts.get("result")).booleanValue()) {
                throw new DenyPermissionException(String.join(" ", "拒绝权限", modelAttributePK.getModelId(), modelAttributePK.getAttributeId(), permissionEnum.name(), str));
            }
        }
        List<ModelAttributeRule> findByPermission2 = this.modelAttributeRuleRepository.findByPermission(modelAttributePK.getModelId(), modelAttributePK.getAttributeId(), PermissionTypeEnum.ALLOW, permissionEnum);
        if (findByPermission2.size() > 0 && !z) {
            Facts facts2 = new Facts();
            facts2.put("entity", obj);
            Rules rules2 = new Rules(new Rule[0]);
            rules2.register(new Object[]{(List) findByPermission2.stream().map(modelAttributeRule2 -> {
                return new MVELRule().name(modelAttributeRule2.getRule().getName().isBlank() ? "" : modelAttributeRule2.getRule().getName()).description(modelAttributeRule2.getRule().getDescription().isBlank() ? "" : modelAttributeRule2.getRule().getDescription()).when(modelAttributeRule2.getRule().getCondition()).then("facts.put(\"result\", true);");
            }).collect(Collectors.toList())});
            AbstractRulesEngine defaultRulesEngine2 = new DefaultRulesEngine();
            defaultRulesEngine2.registerRuleListener(new RuleListener() { // from class: cn.sparrowmini.pem.service.impl.ModelPermissionServiceImpl.4
                public void beforeExecute(Rule rule, Facts facts3) {
                    facts3.put("facts", facts3);
                }

                public void onSuccess(Rule rule, Facts facts3) {
                    facts3.remove("facts");
                }

                public void onFailure(Rule rule, Facts facts3, Exception exc) {
                    facts3.remove("facts");
                }
            });
            defaultRulesEngine2.fire(rules2, facts2);
            if (facts2.get("result") != null && ((Boolean) facts2.get("result")).booleanValue()) {
                z = true;
            }
        }
        if (z || size <= 0) {
            return true;
        }
        throw new NoPermissionException(String.join(" ", "没有权限", modelAttributePK.getAttributeId(), permissionEnum.name(), str));
    }
}
