package team.sailboat.ms.ac.controller;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import jakarta.annotation.PostConstruct;
import jakarta.validation.Validator;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import team.sailboat.commons.fan.app.AppContext;
import team.sailboat.commons.fan.collection.PropertiesEx;
import team.sailboat.commons.fan.collection.XC;
import team.sailboat.commons.fan.gadget.RSAUtils;
import team.sailboat.commons.fan.lang.Assert;
import team.sailboat.commons.fan.lang.JCommon;
import team.sailboat.commons.fan.struct.Tuples;
import team.sailboat.commons.fan.text.ChineseComparator;
import team.sailboat.commons.fan.text.XString;
import team.sailboat.commons.ms.valid.ValidateUtils;
import team.sailboat.commons.web.ac.ResId;
import team.sailboat.ms.ac.AppConsts;
import team.sailboat.ms.ac.IAppAuths;
import team.sailboat.ms.ac.bean.Authority_Role;
import team.sailboat.ms.ac.bean.ClientAppBrief;
import team.sailboat.ms.ac.bean.Role_ResSpace;
import team.sailboat.ms.ac.bean.UserBrief_Role;
import team.sailboat.ms.ac.dbean.Api;
import team.sailboat.ms.ac.dbean.Authority;
import team.sailboat.ms.ac.dbean.ClientApp;
import team.sailboat.ms.ac.dbean.R_User_ResSpace_Role;
import team.sailboat.ms.ac.dbean.ResSpace;
import team.sailboat.ms.ac.dbean.Role;
import team.sailboat.ms.ac.dbean.User;
import team.sailboat.ms.ac.server.IClientAppDataManager;
import team.sailboat.ms.ac.server.ResourceManageServer;

@RestController
/* loaded from: input_file:team/sailboat/ms/ac/controller/ClientAppDataController.class */
public class ClientAppDataController {
    final Logger mLogger = LoggerFactory.getLogger(getClass());

    @Autowired
    ResourceManageServer mResMngServer;

    @Autowired
    Validator mValidator;

    @PostConstruct
    void _init() {
        AppContext.set(AppConsts.sResIdGetter_getClientAppIdFromBClientApp, obj -> {
            return ((ClientApp.BClientApp) obj).getId();
        });
        AppContext.set(AppConsts.sResIdGetter_getClientAppIdFromIdOfR_User_ResSpace_Role, obj2 -> {
            R_User_ResSpace_Role r_User_ResSpace_Role = this.mResMngServer.getClientAppDataMng().getR_User_ResSpace_Role((String) obj2);
            if (r_User_ResSpace_Role != null) {
                return ResSpace.getClientAppIdFrom(r_User_ResSpace_Role.getResSpaceId());
            }
            return null;
        });
        AppContext.set(AppConsts.sResIdGetter_getClientAppIdFromResSpaceId, obj3 -> {
            return ResSpace.getClientAppIdFrom((String) obj3);
        });
        AppContext.set(AppConsts.sResIdGetter_getClientAppIdFromBRole_clientAppId, obj4 -> {
            return ((Role.BRole) obj4).getClientAppId();
        });
        AppContext.set(AppConsts.sResIdGetter_getClientAppIdFromBRole_id, obj5 -> {
            Role role = this.mResMngServer.getClientAppDataMng().getRole(((Role.BRole) obj5).getId());
            if (role == null) {
                return null;
            }
            return role.getClientAppId();
        });
        AppContext.set(AppConsts.sResIdGetter_getClientAppIdFromRoleId, obj6 -> {
            Role role = this.mResMngServer.getClientAppDataMng().getRole((String) obj6);
            if (role == null) {
                return null;
            }
            return role.getClientAppId();
        });
    }

    @GetMapping(value = {"/clientApp/brief/all"}, produces = {"application/json"})
    @Operation(description = "取得所有ClientApp的简要信息")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData')")
    public List<ClientAppBrief> getClientAppBriefs() {
        return XC.extractAsArrayList(this.mResMngServer.getClientAppDataMng().getClientApps(), ClientAppBrief::of);
    }

    @Operation(description = "取得指定id的ClientApp的详情。AppSecret不会返回，需要另外专门获取")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "clientAppId", description = "ClientApp的id")
    @GetMapping(value = {"/clientApp/one"}, produces = {"application/json"})
    public ClientApp.BClientApp getClientApp(@RequestParam("clientAppId") @ResId String str) {
        ClientApp clientApp = this.mResMngServer.getClientAppDataMng().getClientApp(str);
        if (clientApp == null) {
            return null;
        }
        ClientApp.BClientApp asBean = clientApp.asBean();
        asBean.setAppSecret(null);
        return asBean;
    }

    @PostMapping(value = {"/clientApp/one/appSecret"}, produces = {"text/plain"})
    @Operation(description = "查询ClientApp的AppSecret")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "publicKey", description = "浏览器端生成的RSA秘钥对的公钥。将用公钥加密后发送给客户端")})
    @PreAuthorize("hasAuthority('View_AllClientAppSecret') or hasAuthority('View_Special_ClientAppSecret:' + #_resId_) or hasAuthority('Reset_AllClientAppSecret') or hasAuthority('Reset_Special_ClientAppSecret' + #_resId_)")
    public String getAppSecret(@RequestParam("clientAppId") @ResId String str, @RequestParam("publicKey") String str2) throws Exception {
        return RSAUtils.encrypt(RSAUtils.getPublicKey(URLDecoder.decode(str2, "UTF-8"), Base64.getDecoder()), this.mResMngServer.getClientAppDataMng().getClientApp(str).getAppSecret());
    }

    @PostMapping(value = {"/clientApp/one/appSecret/_asPropertySecret"}, produces = {"text/plain"})
    @Operation(description = "以Property加密秘文的形式返回AppSecret")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "publicKey", description = "浏览器端生成的RSA秘钥对的公钥。将用公钥加密后发送给客户端")})
    @PreAuthorize("hasAuthority('View_AllClientAppSecret') or hasAuthority('View_Special_ClientAppSecret:' + #_resId_)")
    public String getAppSecretAsPropertySecret(@RequestParam("clientAppId") @ResId String str, @RequestParam("publicKey") String str2) throws Exception {
        return RSAUtils.encrypt(RSAUtils.getPublicKey(URLDecoder.decode(str2, "UTF-8"), Base64.getDecoder()), PropertiesEx.asSecret(this.mResMngServer.getClientAppDataMng().getClientApp(str).getAppSecret()));
    }

    @PostMapping(value = {"/clientApp/one"}, produces = {"application/json"})
    @Operation(description = "创建一个ClientApp")
    @PreAuthorize(IAppAuths.sHasAuthority_CDU_ClientAppData)
    @RequestBody(description = "ClientApp的信息")
    public ClientApp.BClientApp createClientApp(@org.springframework.web.bind.annotation.RequestBody ClientApp.BClientApp bClientApp) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        ClientApp.BClientApp asBean = clientAppDataMng.createClientApp(bClientApp, true, user.getId()).asBean();
        asBean.setAppSecret(null);
        ResSpace.BResSpace bResSpace = new ResSpace.BResSpace();
        bResSpace.setClientAppId(this.mResMngServer.getClientAppId_SailAC());
        bResSpace.setResId(asBean.getId());
        bResSpace.setResName(asBean.getName());
        bResSpace.setType(AppConsts.sResSpaceType_ClientApp);
        clientAppDataMng.createOrUpdateResSpace(bResSpace, user.getId());
        return asBean;
    }

    @PutMapping(value = {"/clientApp/one"}, produces = {"application/json"})
    @Operation(description = "更新ClientApp的信息。不包括AppKey和AppSecret")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @RequestBody(description = "ClientApp的信息")
    public ClientApp.BClientApp updateClientApp(@ResId("getClientAppIdFromBClientApp") @org.springframework.web.bind.annotation.RequestBody ClientApp.BClientApp bClientApp) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        ClientApp.BClientApp asBean = clientAppDataMng.updateClientApp(bClientApp, user.getId()).asBean();
        asBean.setAppSecret(null);
        ResSpace resSpace = clientAppDataMng.getResSpace(ResSpace.spliceResSpaceId(this.mResMngServer.getClientAppId_SailAC(), asBean.getId()));
        if (resSpace != null && JCommon.unequals(asBean.getName(), resSpace.getResName())) {
            resSpace.setResName(asBean.getName());
        }
        return asBean;
    }

    @Operation(description = "删除指定的ClientApp")
    @PreAuthorize(IAppAuths.sHasAuthority_CDU_ClientAppData)
    @DeleteMapping({"/clientApp/one"})
    @Parameter(name = "clientAppId", description = "ClientApp的id")
    public void deleteClientApp(@RequestParam("clientAppId") String str) {
        this.mResMngServer.getClientAppDataMng().deleteClientApp(str);
    }

    @Operation(description = "取得可以访问指定资源空间的用户简要信息和角色")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "resSpaceId", description = "资源空间id")
    @GetMapping(value = {"/clientApp/resSpace/user/all/ofCanVisit"}, produces = {"application/json"})
    public List<UserBrief_Role> getUsersOfCanVisitResSpace(@RequestParam("resSpaceId") @ResId("getClientAppIdFromResSpaceId") String str) {
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        List<Tuples.T2<User, List<Role>>> usersOfCanVisitResSpace = clientAppDataMng.getUsersOfCanVisitResSpace(str);
        ArrayList arrayList = XC.arrayList();
        ResSpace resSpace = clientAppDataMng.getResSpace(str);
        String resName = resSpace.getResName();
        String str2 = XString.isEmpty(resName) ? "" : resName + ".";
        for (Tuples.T2<User, List<Role>> t2 : usersOfCanVisitResSpace) {
            User user = (User) t2.getEle_1();
            UserBrief_Role userBrief_Role = new UserBrief_Role();
            userBrief_Role.setId(user.getId());
            userBrief_Role.setRealName(user.getRealName());
            userBrief_Role.setDepartment(user.getDepartment());
            Role_ResSpace[] role_ResSpaceArr = (Role_ResSpace[]) XC.extract((Collection) t2.getEle_2(), role -> {
                return Role_ResSpace.builder().resSpaceId(resSpace.getId()).resSpaceType(resSpace.getType()).roleFullName(str2 + role.getName()).roleId(role.getId()).build();
            }, Role_ResSpace.class);
            Arrays.sort(role_ResSpaceArr, (role_ResSpace, role_ResSpace2) -> {
                return ChineseComparator.getInstance().compare(role_ResSpace.getRoleFullName(), role_ResSpace2.getRoleFullName());
            });
            userBrief_Role.setRoleResSpaces(role_ResSpaceArr);
            arrayList.add(userBrief_Role);
        }
        return arrayList;
    }

    @Operation(description = "删除指定用户访问指定ClientApp的权利。删除在这个应用下的所有授权")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "userIds", description = "用户的id，多个之间用“,”分隔")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Manage_Special_CanVisitUser:' + #_resId_)")
    @DeleteMapping({"/clientApp/user/many/ofCanVisit"})
    public void deleteRightOfVisitClientApp(@RequestParam("clientAppId") @ResId String str, @RequestParam("userIds") String[] strArr) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        for (String str2 : strArr) {
            clientAppDataMng.ungrantClientAppToUser(str, str2, user.getId());
        }
    }

    @Operation(description = "取得可以访问指定应用的用户简要信息和角色")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "clientAppId", description = "ClientApp的id")
    @GetMapping(value = {"/clientApp/user/all/ofCanVisit"}, produces = {"application/json"})
    public List<UserBrief_Role> getUsersOfCanVisitClientApp(@RequestParam("clientAppId") @ResId String str) {
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        Collection<User> usersOfCanVisitClientApp = clientAppDataMng.getUsersOfCanVisitClientApp(str);
        ArrayList arrayList = XC.arrayList();
        for (User user : usersOfCanVisitClientApp) {
            UserBrief_Role userBrief_Role = new UserBrief_Role();
            userBrief_Role.setId(user.getId());
            userBrief_Role.setRealName(user.getRealName());
            userBrief_Role.setDepartment(user.getDepartment());
            R_User_ResSpace_Role[] r_User_ResSpace_RoleOfUserInApp = clientAppDataMng.getR_User_ResSpace_RoleOfUserInApp(userBrief_Role.getId(), str);
            ArrayList arrayList2 = XC.arrayList();
            for (R_User_ResSpace_Role r_User_ResSpace_Role : r_User_ResSpace_RoleOfUserInApp) {
                ResSpace resSpace = clientAppDataMng.getResSpace(r_User_ResSpace_Role.getResSpaceId());
                String resName = resSpace.getResName();
                arrayList2.add(Role_ResSpace.builder().resSpaceId(r_User_ResSpace_Role.getResSpaceId()).resSpaceType(resSpace.getType()).roleFullName((XString.isEmpty(resName) ? "" : resName + ".") + clientAppDataMng.getRole(r_User_ResSpace_Role.getRoleId()).getName()).roleId(r_User_ResSpace_Role.getRoleId()).build());
            }
            arrayList2.sort((role_ResSpace, role_ResSpace2) -> {
                return ChineseComparator.getInstance().compare(role_ResSpace.getRoleFullName(), role_ResSpace2.getRoleFullName());
            });
            userBrief_Role.setRoleResSpaces((Role_ResSpace[]) arrayList2.toArray(new Role_ResSpace[0]));
            arrayList.add(userBrief_Role);
        }
        return arrayList;
    }

    @PostMapping(value = {"/clientApp/resSpace/role/user"}, produces = {"application/json"})
    @Operation(description = "给指定用户授予角色。返回授权关系id")
    @Parameters({@Parameter(name = "resSpaceId", description = "资源空间id"), @Parameter(name = "roleId", description = "角色id。这角色必须适用于指定资源空间"), @Parameter(name = "userId", description = "用户id")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Manage_Special_CanVisitUser:' + #_resId_)")
    public String grantRoleToUser(@RequestParam("resSpaceId") String str, @RequestParam("roleId") String str2, @RequestParam("userId") String str3) {
        return this.mResMngServer.getClientAppDataMng().grantRoleToUser(str, str2, str3, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @Operation(description = "取消给指定用户授予予角色。")
    @Parameters({@Parameter(name = "resSpaceId", description = "资源空间id"), @Parameter(name = "roleId", description = "角色id。这角色必须适用于指定资源空间"), @Parameter(name = "userId", description = "用户id")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Manage_Special_CanVisitUser:' + #_resId_)")
    @DeleteMapping({"/clientApp/resSpace/role/user"})
    public void ungrantRoleToUser(@RequestParam("resSpaceId") @ResId String str, @RequestParam("roleId") String str2, @RequestParam("userId") String str3) {
        this.mResMngServer.getClientAppDataMng().ungrantRoleToUser(str, str2, str3, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @Operation(description = "取消给指定用户授予予角色。")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Manage_Special_CanVisitUser:' + #_resId_)")
    @DeleteMapping({"/clientApp/resSpace/role/user/byId"})
    @Parameter(name = "id", description = "授权关系id")
    public void ungrantRoleToUserById(@RequestParam("id") @ResId("getClientAppIdFromIdOfR_User_ResSpace_Role") String str) {
        this.mResMngServer.getClientAppDataMng().ungrantRoleToUser(str, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @Operation(description = "查看指定应用下适用于指定资源空间类型的权限和角色信息")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "resSpaceType", description = "资源空间类型")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_) or hasAuthority('Manage_Special_CanVisitUser:' + #_resId_)")
    @GetMapping(value = {"/clientApp/resSpace/authority_Role/all"}, produces = {"application/json"})
    public List<Authority_Role> getAuthoritesInResSpace(@RequestParam("clientAppId") @ResId String str, @RequestParam("resSpaceType") String str2) {
        return this.mResMngServer.getClientAppDataMng().getAuthoritesForResSpaceType(str, str2);
    }

    @Operation(description = "取得指定ClientApp能够调用的API")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "clientAppId", description = "ClientApp的id")
    @GetMapping(value = {"/clientApp/api/all"}, produces = {"application/json"})
    public List<Api.BApi> getApisOfClientAppCanInvoke(@RequestParam("clientAppId") @ResId String str) {
        return (List) this.mResMngServer.getClientAppDataMng().getApisOfClientAppCanInvoke(str).stream().map((v0) -> {
            return v0.asBean();
        }).collect(Collectors.toList());
    }

    @PostMapping(value = {"/clientApp/api/one"}, produces = {"text/plain"})
    @Operation(description = "将指定的API授权给指定的ClientApp调用")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "apiId", description = "API的id")})
    @PreAuthorize(IAppAuths.sHasAuthority_CDU_ClientAppData)
    public String grantApiToClientApp(@RequestParam("clientAppId") String str, @RequestParam("apiId") String str2) {
        return this.mResMngServer.getClientAppDataMng().grantApiToClientApp(str, str2, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @Operation(description = "取消将指定的API授权给指定的ClientApp调用")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "apiId", description = "API的id")})
    @PreAuthorize(IAppAuths.sHasAuthority_CDU_ClientAppData)
    @DeleteMapping({"/clientApp/api/one"})
    public void ungrantApiToClientApp(@RequestParam("clientAppId") String str, @RequestParam("apiId") String str2) {
        this.mResMngServer.getClientAppDataMng().ungrantApiToClientApp(str, str2, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @PostMapping(value = {"/clientApp/role/one"}, produces = {"application/json"})
    @Operation(description = "创建角色")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @RequestBody(description = "角色信息")
    public Role.BRole createRole(@ResId("getClientAppIdFromBRole_clientAppId") @org.springframework.web.bind.annotation.RequestBody Role.BRole bRole) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        ValidateUtils.validateAndThrow(this.mValidator, bRole);
        return this.mResMngServer.getClientAppDataMng().createRole(bRole, user.getId()).asBean();
    }

    @Operation(description = "删除指定的角色")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @DeleteMapping({"/clientApp/role/one"})
    @Parameter(name = "roleId", description = "角色id")
    public void deleteRole(@RequestParam("roleId") @ResId("getClientAppIdFromRoleId") String str) {
        this.mResMngServer.getClientAppDataMng().deleteRole(str, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @PutMapping(value = {"/clientApp/role/one"}, produces = {"application/json"})
    @Operation(description = "更新角色信息。包括name、customDescription、资源空间类型。如果要修改资源空间类型，那么这个角色不能被授予任何人,即没有相关的R_User_ResSpace_Role数据")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @RequestBody(description = "角色信息")
    public Role.BRole updateRole(@ResId("getClientAppIdFromBRole_id") @org.springframework.web.bind.annotation.RequestBody Role.BRole bRole) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        Role role = this.mResMngServer.getClientAppDataMng().getRole(bRole.getId());
        Assert.notNull(role, "无效的角色id：%s", new Object[]{bRole.getId()});
        bRole.setDescription(role.getDescription());
        return this.mResMngServer.getClientAppDataMng().updateRole(bRole, user.getId()).asBean();
    }

    @Operation(description = "取得与指定角色相关的权限")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('Manage_Special_CanVisitUser:' + #_resId_) or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "roleId", description = "角色id")
    @GetMapping(value = {"/clientApp/role/authority/all"}, produces = {"application/json"})
    public List<Authority.BAuthority> getAuthoritiesOfRole(@RequestParam("roleId") @ResId("getClientAppIdFromRoleId") String str) {
        return XC.extractAsArrayList(this.mResMngServer.getClientAppDataMng().getAuthoritiesOfRole(str), (v0) -> {
            return v0.asBean();
        });
    }

    @PostMapping({"/clientApp/role/auhtority/one"})
    @Operation(description = "将指定权限和指定的角色绑定")
    @Parameters({@Parameter(name = "authorityId", description = "权限id"), @Parameter(name = "roleId", description = "角色id")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    public void bindAuthorityToRole(@RequestParam("authorityId") String str, @RequestParam("roleId") @ResId("getClientAppIdFromRoleId") String str2) {
        this.mResMngServer.getClientAppDataMng().bindAuthorityToRole(str, str2, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @Operation(description = "取消将指定权限和指定的角色绑定")
    @Parameters({@Parameter(name = "authorityId", description = "权限id"), @Parameter(name = "roleId", description = "角色id")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @DeleteMapping({"/clientApp/role/auhtority/one"})
    public void unbindAuthorityToRole(@RequestParam("authorityId") String str, @RequestParam("roleId") @ResId("getClientAppIdFromRoleId") String str2) {
        this.mResMngServer.getClientAppDataMng().unbindAuthorityToRole(str, str2, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @PostMapping(value = {"/api/auth/update"}, produces = {"application/json"})
    @Operation(description = "更新权限信息。这是给界面使用的，不能设置description，这是个程序自动化设置用的")
    public Authority.BAuthority updateAuthority(@org.springframework.web.bind.annotation.RequestBody Authority.BAuthority bAuthority) throws Exception {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        Authority authority = this.mResMngServer.getClientAppDataMng().getAuthority(bAuthority.getId());
        Assert.notNull(authority, "无效的权限id：%s", new Object[]{bAuthority.getId()});
        bAuthority.setDescription(authority.getDescription());
        return this.mResMngServer.getClientAppDataMng().updateAuthority(bAuthority, user.getId()).asBean();
    }

    @Operation(description = "取得指定ClientApp下的资源空间")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "clientAppId", description = "ClientApp的id")
    @GetMapping(value = {"/clientApp/resSpace/all/ofClientApp"}, produces = {"application/json"})
    public List<ResSpace.BResSpace> getResSpacesOfClientApp(@RequestParam("clientAppId") @ResId String str) {
        return XC.extractAsArrayList(this.mResMngServer.getClientAppDataMng().getResSpaceOfClientApp(str), (v0) -> {
            return v0.asBean();
        });
    }

    @Operation(description = "取得指定ClientApp的角色信息")
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @Parameter(name = "clientAppId", description = "ClientApp的id")
    @GetMapping(value = {"/clientApp/role/all"}, produces = {"application/json"})
    public List<Role.BRole> getRolesOfClientApp(@RequestParam("clientAppId") @ResId String str) {
        return XC.extractAsArrayList(this.mResMngServer.getClientAppDataMng().getRolesOfApp(str), (v0) -> {
            return v0.asBean();
        });
    }

    @Operation(description = "取得指定ClientApp声明的权限信息。如果没有指定资源空间类型，则返回所有。如果指定了，除了指定的资源空间类型之外，总是会返回缺省全局资源空间的")
    @Parameters({@Parameter(name = "clientAppId", description = "ClientApp的id"), @Parameter(name = "resSpaceType", description = "返回适用那种资源空间类型的全景"), @Parameter(name = "returnDefaultGlobal", description = "是否返回适用于缺省全局空间的权限")})
    @PreAuthorize("hasAuthority('CDU_ClientAppData') or hasAuthority('View_AllClientAppData') or hasAuthority('View_Special_ClientAppData:' + #_resId_) or hasAuthority('Update_Special_ClientAppData:' + #_resId_)")
    @GetMapping(value = {"/clientApp/authority/all"}, produces = {"application/json"})
    public List<Authority.BAuthority> getAuthoritiesOfClientApp(@RequestParam("clientAppId") @ResId String str, @RequestParam(name = "resSpaceType", required = false) String str2, @RequestParam(name = "returnDefaultGlobal", required = false, defaultValue = "true") boolean z) {
        return XC.extractAsArrayList(this.mResMngServer.getClientAppDataMng().getAuthoritiesOfClientApp(str, str2, z), (v0) -> {
            return v0.asBean();
        });
    }
}
