package tech.powerjob.server.auth.service.permission;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import tech.powerjob.server.auth.Permission;
import tech.powerjob.server.auth.Role;
import tech.powerjob.server.auth.RoleScope;
import tech.powerjob.server.persistence.remote.model.AppInfoDO;
import tech.powerjob.server.persistence.remote.model.UserRoleDO;
import tech.powerjob.server.persistence.remote.repository.AppInfoRepository;
import tech.powerjob.server.persistence.remote.repository.UserRoleRepository;

@Service
/* loaded from: input_file:tech/powerjob/server/auth/service/permission/PowerJobPermissionServiceImpl.class */
public class PowerJobPermissionServiceImpl implements PowerJobPermissionService {
    private static final Logger log = LoggerFactory.getLogger(PowerJobPermissionServiceImpl.class);

    @Resource
    private AppInfoRepository appInfoRepository;

    @Resource
    private UserRoleRepository userRoleRepository;

    @Override // tech.powerjob.server.auth.service.permission.PowerJobPermissionService
    public boolean hasPermission(Long l, RoleScope roleScope, Long l2, Permission permission) {
        List<UserRoleDO> list = (List) Optional.ofNullable(this.userRoleRepository.findAllByUserId(l)).orElse(Collections.emptyList());
        ArrayListMultimap create = ArrayListMultimap.create();
        ArrayListMultimap create2 = ArrayListMultimap.create();
        ArrayList newArrayList = Lists.newArrayList();
        for (UserRoleDO userRoleDO : list) {
            Role of = Role.of(userRoleDO.getRole().intValue());
            if (RoleScope.GLOBAL.getV() == userRoleDO.getScope().intValue()) {
                if (Role.ADMIN.equals(of)) {
                    return true;
                }
                newArrayList.add(of);
            }
            if (RoleScope.NAMESPACE.getV() == userRoleDO.getScope().intValue()) {
                create2.put(userRoleDO.getTarget(), of);
            }
            if (RoleScope.APP.getV() == userRoleDO.getScope().intValue()) {
                create.put(userRoleDO.getTarget(), of);
            }
        }
        if (permission == Permission.NONE) {
            return true;
        }
        Iterator it = newArrayList.iterator();
        while (it.hasNext()) {
            if (((Role) it.next()).getPermissions().contains(permission)) {
                return true;
            }
        }
        if (RoleScope.APP.equals(roleScope)) {
            return checkAppPermission(l2, permission, create, create2);
        }
        if (RoleScope.NAMESPACE.equals(roleScope)) {
            return checkNamespacePermission(l2, permission, create2);
        }
        return false;
    }

    @Override // tech.powerjob.server.auth.service.permission.PowerJobPermissionService
    public void grantRole(RoleScope roleScope, Long l, Long l2, Role role, String str) {
        UserRoleDO userRoleDO = new UserRoleDO();
        userRoleDO.setGmtCreate(new Date());
        userRoleDO.setGmtModified(new Date());
        userRoleDO.setExtra(str);
        userRoleDO.setScope(Integer.valueOf(roleScope.getV()));
        userRoleDO.setTarget(l);
        userRoleDO.setUserId(l2);
        userRoleDO.setRole(Integer.valueOf(role.getV()));
        this.userRoleRepository.saveAndFlush(userRoleDO);
        log.info("[PowerJobPermissionService] [grantPermission] saveAndFlush userRole successfully: {}", userRoleDO);
    }

    @Override // tech.powerjob.server.auth.service.permission.PowerJobPermissionService
    public void retrieveRole(RoleScope roleScope, Long l, Long l2, Role role) {
        List findAllByScopeAndTargetAndRoleAndUserId = this.userRoleRepository.findAllByScopeAndTargetAndRoleAndUserId(Integer.valueOf(roleScope.getV()), l, Integer.valueOf(role.getV()), l2);
        log.info("[PowerJobPermissionService] [retrievePermission] origin rule: {}", findAllByScopeAndTargetAndRoleAndUserId);
        ((List) Optional.ofNullable(findAllByScopeAndTargetAndRoleAndUserId).orElse(Collections.emptyList())).forEach(userRoleDO -> {
            this.userRoleRepository.deleteById(userRoleDO.getId());
            log.info("[PowerJobPermissionService] [retrievePermission] delete UserRole: {}", userRoleDO);
        });
    }

    @Override // tech.powerjob.server.auth.service.permission.PowerJobPermissionService
    public Map<Role, Set<Long>> fetchUserWithPermissions(RoleScope roleScope, Long l) {
        List findAllByScopeAndTarget = this.userRoleRepository.findAllByScopeAndTarget(Integer.valueOf(roleScope.getV()), l);
        HashMap newHashMap = Maps.newHashMap();
        ((List) Optional.ofNullable(findAllByScopeAndTarget).orElse(Collections.emptyList())).forEach(userRoleDO -> {
            ((Set) newHashMap.computeIfAbsent(Role.of(userRoleDO.getRole().intValue()), role -> {
                return Sets.newHashSet();
            })).add(userRoleDO.getUserId());
        });
        return newHashMap;
    }

    @Override // tech.powerjob.server.auth.service.permission.PowerJobPermissionService
    public Map<Role, List<Long>> fetchUserHadPermissionTargets(RoleScope roleScope, Long l) {
        HashMap newHashMap = Maps.newHashMap();
        ((List) Optional.ofNullable(this.userRoleRepository.findAllByUserIdAndScope(l, Integer.valueOf(roleScope.getV()))).orElse(Collections.emptyList())).forEach(userRoleDO -> {
            ((List) newHashMap.computeIfAbsent(Role.of(userRoleDO.getRole().intValue()), role -> {
                return Lists.newArrayList();
            })).add(userRoleDO.getTarget());
        });
        return newHashMap;
    }

    private boolean checkAppPermission(Long l, Permission permission, Multimap<Long, Role> multimap, Multimap<Long, Role> multimap2) {
        Iterator it = multimap.get(l).iterator();
        while (it.hasNext()) {
            if (((Role) it.next()).getPermissions().contains(permission)) {
                return true;
            }
        }
        Optional findById = this.appInfoRepository.findById(l);
        if (!findById.isPresent()) {
            throw new IllegalArgumentException("can't find appInfo by appId in permission check: " + l);
        }
        Iterator it2 = multimap2.get((Long) Optional.ofNullable(((AppInfoDO) findById.get()).getNamespaceId()).orElse(-1L)).iterator();
        while (it2.hasNext()) {
            if (((Role) it2.next()).getPermissions().contains(permission)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkNamespacePermission(Long l, Permission permission, Multimap<Long, Role> multimap) {
        Iterator it = multimap.get(l).iterator();
        while (it.hasNext()) {
            if (((Role) it.next()).getPermissions().contains(permission)) {
                return true;
            }
        }
        return false;
    }
}
