package team.sailboat.ms.ac.controller;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import jakarta.validation.Validator;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import team.sailboat.commons.fan.collection.XC;
import team.sailboat.commons.fan.lang.Assert;
import team.sailboat.commons.fan.text.ChineseComparator;
import team.sailboat.commons.fan.text.XString;
import team.sailboat.commons.ms.ac.InnerProtectedApi;
import team.sailboat.commons.ms.bean.TreeBean;
import team.sailboat.commons.ms.bean.UserBrief;
import team.sailboat.commons.ms.valid.ValidateUtils;
import team.sailboat.ms.ac.AppConsts;
import team.sailboat.ms.ac.IAppAuths;
import team.sailboat.ms.ac.bean.ClientAppBrief;
import team.sailboat.ms.ac.bean.OrgUnitExt;
import team.sailboat.ms.ac.bean.TreeNode_OrgUnit;
import team.sailboat.ms.ac.bean.User_OrgUnit;
import team.sailboat.ms.ac.dbean.Api;
import team.sailboat.ms.ac.dbean.Authority;
import team.sailboat.ms.ac.dbean.ClientApp;
import team.sailboat.ms.ac.dbean.OrgUnit;
import team.sailboat.ms.ac.dbean.ResSpace;
import team.sailboat.ms.ac.dbean.User;
import team.sailboat.ms.ac.server.IAuthCenterDataManager;
import team.sailboat.ms.ac.server.IClientAppDataManager;
import team.sailboat.ms.ac.server.ResourceManageServer;
import team.sailboat.ms.ac.utils.SecurityUtils;

@RestController
/* loaded from: input_file:team/sailboat/ms/ac/controller/AuthCenterDataController.class */
public class AuthCenterDataController {
    final Logger mLogger = LoggerFactory.getLogger(getClass());
    static final GrantedAuthority sGA_CDU_ClientAppData = Authority.toSimple_defaultGlobal(IAppAuths.sAC_CDU_ClientAppData);
    static final GrantedAuthority sGA_View_AllClientAppData = Authority.toSimple_defaultGlobal(IAppAuths.sAC_View_AllClientAppData);
    static final GrantedAuthority sGA_View_AllUser = Authority.toSimple_defaultGlobal(IAppAuths.sAC_View_AllUsers);
    static final GrantedAuthority sGA_CDU_UserData = Authority.toSimple_defaultGlobal(IAppAuths.sAC_CDU_UserData);
    static final GrantedAuthority sGA_View_OrgUnitAndUsers = Authority.toSimple_defaultGlobal(IAppAuths.sAC_View_OrgUnitAndUsers);
    static final GrantedAuthority sGA_Manage_Special_CanVisitUser = Authority.toSimple_defaultGlobal(IAppAuths.sACP_Manage_Special_CanVisitUser);

    @Autowired
    ResourceManageServer mResMngServer;

    @Autowired
    Validator mValidator;

    @GetMapping(value = {"/api/all"}, produces = {"application/json"})
    @Operation(description = "取得认证中心给ClientApp调用的接口声明")
    @PreAuthorize(IAppAuths.sHasAuthority_View_Apis)
    public List<Api.BApi> getAllApis() {
        return XC.extractAsArrayList(this.mResMngServer.getAuthCenterDataMng().getAllApis(), (v0) -> {
            return v0.asBean();
        });
    }

    @Operation(description = "取得指定组织单元的下一层组织单元。如果不指定上一层组织单元，则表示获取最顶层的组织单元")
    @PreAuthorize("hasAuthority('CDU_OrgUnit') or hasAuthority('View_OrgUnitAndUsers')")
    @Parameter(name = "parentId", description = "上一层组织单元id")
    @GetMapping(value = {"/orgUnit/child/all"}, produces = {"application/json"})
    public List<OrgUnitExt> getChildOrgUnits(@RequestParam(name = "parentId", required = false) String str) {
        IAuthCenterDataManager authCenterDataMng = this.mResMngServer.getAuthCenterDataMng();
        return XC.sort(XC.extractAsArrayList(authCenterDataMng.getChildOrgUnit(str), orgUnit -> {
            OrgUnitExt orgUnitExt = new OrgUnitExt();
            orgUnit.initBean(orgUnitExt);
            orgUnitExt.setHasChildren(authCenterDataMng.getChildOrgUnitAmount(orgUnit.getId()) > 0);
            return orgUnitExt;
        }), (orgUnitExt, orgUnitExt2) -> {
            return ChineseComparator.comparePingYin(orgUnitExt.getName(), orgUnitExt2.getName());
        });
    }

    @InnerProtectedApi
    @Operation(description = "通过人姓名搜索用户。搜索范围受当前用户的权限限制。如果用户拥有查看所有用户的权限，那么搜索范围将不局限于指定的ClientApp")
    @Parameters({@Parameter(name = "searchText", description = "搜索文本。包含这个文本"), @Parameter(name = "clientAppId", description = "应用id")})
    @GetMapping(value = {"/user/_search"}, produces = {"application/json"})
    public List<UserBrief> searchUsersByRealName(@RequestParam("searchText") String str, @RequestParam(name = "clientAppId", required = false) String str2) {
        Collection<? extends GrantedAuthority> authorities = SecurityUtils.checkUser().getAuthorities();
        boolean isNotEmpty = XString.isNotEmpty(str);
        ArrayList arrayList = XC.arrayList();
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        if (XC.containsAny(authorities, new Object[]{sGA_View_AllUser, sGA_CDU_UserData, sGA_View_OrgUnitAndUsers})) {
            this.mResMngServer.getUserDataMng().forEachUser(user -> {
                if (isNotEmpty && !user.getRealName().contains(str)) {
                    return true;
                }
                arrayList.add(user.toBrief());
                return arrayList.size() <= 50;
            });
        } else if (XString.isNotEmpty(str2) && authorities.contains(new SimpleGrantedAuthority("Manage_Special_CanVisitUser:" + str2))) {
            for (User user2 : clientAppDataMng.getUsersOfCanVisitClientApp(str2)) {
                if (!isNotEmpty || user2.getRealName().contains(str)) {
                    arrayList.add(user2.toBrief());
                    if (arrayList.size() >= 50) {
                        break;
                    }
                }
            }
        }
        return arrayList;
    }

    @Operation(description = "通过名字搜索orgUnit")
    @PreAuthorize("hasAuthority('CDU_OrgUnit') or hasAuthority('View_OrgUnitAndUsers')")
    @Parameter(name = "searchText", description = "搜索文本。包含这个文本")
    @GetMapping(value = {"/orgUnit/tree/_search"}, produces = {"application/json"})
    public TreeBean<TreeNode_OrgUnit> searchOrgUnitByName(@RequestParam("searchText") String str) {
        IAuthCenterDataManager authCenterDataMng = this.mResMngServer.getAuthCenterDataMng();
        TreeBean<TreeNode_OrgUnit> treeBean = new TreeBean<>(str2 -> {
            OrgUnit orgUnit = authCenterDataMng.getOrgUnit(str2);
            if (orgUnit == null) {
                return null;
            }
            TreeNode_OrgUnit treeNode_OrgUnit = new TreeNode_OrgUnit();
            orgUnit.initBean(treeNode_OrgUnit);
            return treeNode_OrgUnit;
        });
        authCenterDataMng.forEachOrgUnit(orgUnit -> {
            if (orgUnit.getName().contains(str)) {
                TreeNode_OrgUnit treeNode_OrgUnit = new TreeNode_OrgUnit();
                orgUnit.initBean(treeNode_OrgUnit);
                treeBean.addNode(treeNode_OrgUnit);
            }
        });
        return treeBean;
    }

    @PostMapping(value = {"/orgUnit/one"}, produces = {"application/json"})
    @Operation(description = "创建一个组织单元")
    @PreAuthorize(IAppAuths.sHasAuthority_CDU_OrgUnit)
    @RequestBody(description = "组织单元信息")
    public OrgUnit.BOrgUnit createOrgUnit(@org.springframework.web.bind.annotation.RequestBody OrgUnit.BOrgUnit bOrgUnit) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        ValidateUtils.validateAndThrow(this.mValidator, bOrgUnit);
        return this.mResMngServer.getAuthCenterDataMng().createOrgUnit(bOrgUnit, user.getId()).asBean();
    }

    @PutMapping(value = {"/orgUnit/one"}, produces = {"application/json"})
    @Operation(description = "更新一个组织单元")
    @PreAuthorize(IAppAuths.sHasAuthority_CDU_OrgUnit)
    @RequestBody(description = "组织单元信息")
    public OrgUnit.BOrgUnit updateOrgUnit(@org.springframework.web.bind.annotation.RequestBody OrgUnit.BOrgUnit bOrgUnit) {
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        ValidateUtils.validateAndThrow(this.mValidator, bOrgUnit);
        return this.mResMngServer.getAuthCenterDataMng().updateOrgUnit(bOrgUnit, user.getId()).asBean();
    }

    @DeleteMapping({"/orgUnit/one"})
    @Parameter(name = "orgUnitId", description = "组织单元id")
    @Operation(description = "删除指定的组织单元。如果指定的组织单元下面有子节点或有人员都不能删除")
    public void deleteOrgUnit(@RequestParam("orgUnitId") String str) {
        this.mResMngServer.getAuthCenterDataMng().deleteOrgUnit(str, SecurityUtils.checkUser().getId());
    }

    @PostMapping({"/orgUnit/user/one"})
    @Operation(description = "将用户挂到指定的组织单元上，并且设定或更新用户在这个组织单元中的职位")
    @Parameters({@Parameter(name = "orgUnitId", description = "组织单元id"), @Parameter(name = "userId", description = "用户id"), @Parameter(name = "job", description = "职位")})
    public void hookUserToOrgUnit(@RequestParam("orgUnitId") String str, @RequestParam("userId") String str2, @RequestParam(name = "job", required = false) String str3) {
        this.mResMngServer.getAuthCenterDataMng().hookUserToOrgUnit(str, str2, str3, SecurityUtils.checkUser().getId());
    }

    @PostMapping({"/orgUnit/user/many"})
    @Operation(description = "将用户挂到指定的组织单元上，并且设定或更新用户在这个组织单元中的职位")
    @Parameters({@Parameter(name = "orgUnitId", description = "组织单元id"), @Parameter(name = "userId", description = "用户id"), @Parameter(name = "job", description = "职位")})
    public void hookUsersToOrgUnit(@RequestParam("orgUnitId") String str, @RequestParam("userIds") String[] strArr) {
        User checkUser = SecurityUtils.checkUser();
        IAuthCenterDataManager authCenterDataMng = this.mResMngServer.getAuthCenterDataMng();
        for (String str2 : strArr) {
            authCenterDataMng.hookUserToOrgUnit(str, str2, checkUser.getId());
        }
    }

    @DeleteMapping({"/orgUnit/user/one"})
    @Operation(description = "解除用户挂接到指定的组织单元")
    @Parameters({@Parameter(name = "orgUnitId", description = "组织单元id"), @Parameter(name = "userId", description = "用户id")})
    public void unhookOrgUnitToUser(@RequestParam("orgUnitId") String str, @RequestParam("userId") String str2) {
        this.mResMngServer.getAuthCenterDataMng().unhookUserToOrgUnit(str, str2, ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getId());
    }

    @Parameter(name = "orgUnitId", description = "组织单元id")
    @GetMapping(value = {"/orgUnit/child/user/all"}, produces = {"application/json"})
    @Operation(description = "取得指定组织单元下面的用户")
    List<User_OrgUnit> getChildUsers(@RequestParam("orgUnitId") String str) {
        return this.mResMngServer.getAuthCenterDataMng().getChildUsers(str);
    }

    @InnerProtectedApi
    @GetMapping(value = {"/clientApp/brief/ofCanView"}, produces = {"application/json"})
    @Operation(description = "取得当前会话用户可以在认证中心查看或管理的应用的简要信息")
    public List<ClientAppBrief> getClientAppBriefsOfSelfCanView() {
        ClientApp clientApp;
        User checkUser = SecurityUtils.checkUser();
        Assert.notNull(checkUser, "无法取得当前的登录用户！", new Object[0]);
        String id = checkUser.getId();
        IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
        ArrayList arrayList = XC.arrayList();
        List<ResSpace> asList = XC.containsAny(checkUser.getAuthorities(), new Object[]{sGA_CDU_ClientAppData, sGA_View_AllClientAppData}) ? Arrays.asList(clientAppDataMng.getResSpaceOfClientApp(this.mResMngServer.getClientAppId_SailAC())) : clientAppDataMng.getResSpaceOfUserInClientApp(id, this.mResMngServer.getClientAppId_SailAC());
        if (asList.size() > 0) {
            for (ResSpace resSpace : asList) {
                if (AppConsts.sResSpaceType_ClientApp.equals(resSpace.getType()) && (clientApp = clientAppDataMng.getClientApp(resSpace.getResId())) != null) {
                    arrayList.add(ClientAppBrief.of(clientApp));
                }
            }
        }
        arrayList.sort(ClientAppBrief.sDefaultComp);
        return arrayList;
    }
}
