package tech.powerjob.server.auth.service.impl;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import tech.powerjob.common.serialize.JsonUtils;
import tech.powerjob.server.auth.LoginUserHolder;
import tech.powerjob.server.auth.Permission;
import tech.powerjob.server.auth.PowerJobUser;
import tech.powerjob.server.auth.Role;
import tech.powerjob.server.auth.RoleScope;
import tech.powerjob.server.auth.common.AuthErrorCode;
import tech.powerjob.server.auth.common.PowerJobAuthException;
import tech.powerjob.server.auth.service.WebAuthService;
import tech.powerjob.server.auth.service.permission.PowerJobPermissionService;
import tech.powerjob.server.web.request.ComponentUserRoleInfo;

@Service
/* loaded from: input_file:BOOT-INF/classes/tech/powerjob/server/auth/service/impl/WebAuthServiceImpl.class */
public class WebAuthServiceImpl implements WebAuthService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) WebAuthServiceImpl.class);

    @Resource
    private PowerJobPermissionService powerJobPermissionService;

    @Override // tech.powerjob.server.auth.service.WebAuthService
    public void processPermissionOnSave(RoleScope roleScope, Long l, ComponentUserRoleInfo componentUserRoleInfo) {
        ComponentUserRoleInfo componentUserRoleInfo2 = (ComponentUserRoleInfo) Optional.ofNullable(componentUserRoleInfo).orElse(new ComponentUserRoleInfo());
        Map<Role, List<Long>> fetchUserWithPermissions = this.powerJobPermissionService.fetchUserWithPermissions(roleScope, l);
        diffGrant(roleScope, l, Role.OBSERVER, componentUserRoleInfo2.getObserver(), fetchUserWithPermissions);
        diffGrant(roleScope, l, Role.QA, componentUserRoleInfo2.getQa(), fetchUserWithPermissions);
        diffGrant(roleScope, l, Role.DEVELOPER, componentUserRoleInfo2.getDeveloper(), fetchUserWithPermissions);
        diffGrant(roleScope, l, Role.ADMIN, componentUserRoleInfo2.getAdmin(), fetchUserWithPermissions);
    }

    @Override // tech.powerjob.server.auth.service.WebAuthService
    public ComponentUserRoleInfo fetchComponentUserRoleInfo(RoleScope roleScope, Long l) {
        Map<Role, List<Long>> fetchUserWithPermissions = this.powerJobPermissionService.fetchUserWithPermissions(roleScope, l);
        return new ComponentUserRoleInfo().setObserver(fetchUserWithPermissions.getOrDefault(Role.OBSERVER, Collections.emptyList())).setQa(fetchUserWithPermissions.getOrDefault(Role.QA, Collections.emptyList())).setDeveloper(fetchUserWithPermissions.getOrDefault(Role.DEVELOPER, Collections.emptyList())).setAdmin(fetchUserWithPermissions.getOrDefault(Role.ADMIN, Collections.emptyList()));
    }

    @Override // tech.powerjob.server.auth.service.WebAuthService
    public boolean hasPermission(RoleScope roleScope, Long l, Permission permission) {
        PowerJobUser powerJobUser = LoginUserHolder.get();
        if (powerJobUser == null) {
            return false;
        }
        return this.powerJobPermissionService.hasPermission(powerJobUser.getId(), roleScope, l, permission);
    }

    @Override // tech.powerjob.server.auth.service.WebAuthService
    public Map<Role, List<Long>> fetchMyPermissionTargets(RoleScope roleScope) {
        PowerJobUser powerJobUser = LoginUserHolder.get();
        if (powerJobUser == null) {
            throw new PowerJobAuthException(AuthErrorCode.USER_NOT_LOGIN);
        }
        return this.powerJobPermissionService.fetchUserHadPermissionTargets(roleScope, powerJobUser.getId());
    }

    private void diffGrant(RoleScope roleScope, Long l, Role role, List<Long> list, Map<Role, List<Long>> map) {
        HashSet newHashSet = Sets.newHashSet((Iterable) Optional.ofNullable(map.get(role)).orElse(Collections.emptyList()));
        HashSet newHashSet2 = Sets.newHashSet((Iterable) Optional.ofNullable(list).orElse(Collections.emptyList()));
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("grantor", LoginUserHolder.getUserName());
        newHashMap.put("source", "diffGrant");
        String jSONString = JsonUtils.toJSONString(newHashMap);
        HashSet newHashSet3 = Sets.newHashSet(newHashSet);
        newHashSet3.addAll(newHashSet2);
        HashSet newHashSet4 = Sets.newHashSet(newHashSet3);
        newHashSet3.removeAll(newHashSet2);
        newHashSet3.forEach(l2 -> {
            this.powerJobPermissionService.retrieveRole(roleScope, l, l2, role);
            log.info("[WebAuthService] [diffGrant] cancelPermission: roleScope={},target={},uid={},role={}", roleScope, l, l2, role);
        });
        newHashSet4.removeAll(newHashSet);
        newHashSet4.forEach(l3 -> {
            this.powerJobPermissionService.grantRole(roleScope, l, l3, role, jSONString);
            log.info("[WebAuthService] [diffGrant] grantPermission: roleScope={},target={},uid={},role={},extra={}", roleScope, l, l3, role, jSONString);
        });
    }
}
