package com.baijia.cas.client.controller;

import com.baijia.cas.ac.dto.AccountDto;
import com.baijia.cas.ac.dto.AppDto;
import com.baijia.cas.ac.dto.AuthenticationDto;
import com.baijia.cas.ac.dto.PermissionDto;
import com.baijia.cas.ac.dto.RoleDto;
import com.baijia.cas.client.ac.AccessControl;
import com.baijia.cas.client.ac.AccessControlImpl;
import com.baijia.cas.client.api.error.CasException;
import com.baijia.cas.client.api.facade.AccountApiFacade;
import com.baijia.cas.client.autentication.AuthenticationFilter;
import com.baijia.cas.client.filter.AccessControlContextInitFilter;
import com.baijia.cas.client.util.AccessControlContext;
import com.baijia.cas.client.util.CommonUtils;
import com.baijia.cas.client.util.EnvProperties;
import com.baijia.cas.client.util.JacksonUtil;
import com.baijia.cas.client.web.AcRequest;
import com.baijia.cas.client.web.ManageMapRequest;
import com.baijia.cas.client.web.ModAcRequest;
import com.baijia.cas.client.web.ModRoleRequest;
import com.baijia.cas.client.web.Response;
import com.baijia.cas.client.web.SearchAcRequest;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping({"/ac"})
@Controller
/* loaded from: input_file:com/baijia/cas/client/controller/AccessControlController.class */
public class AccessControlController {

    @Autowired
    private AccountApiFacade accountApi;
    private String sessionCookieId;
    private AccessControl accessControl = AccessControlImpl.getInstance();

    public String getSessionCookieId() {
        return StringUtils.isNotBlank(this.sessionCookieId) ? this.sessionCookieId : "JSESSIONID";
    }

    public void setSessionCookieId(String str) {
        this.sessionCookieId = str;
    }

    @RequestMapping({"/getAuth"})
    @ResponseBody
    public Response getAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Response response = new Response();
        response.setData(getAuthDto());
        return response;
    }

    @RequestMapping({"/getEnv"})
    @ResponseBody
    public Response getEnv(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Response response = new Response();
        response.setData(EnvProperties.getAll());
        return response;
    }

    @RequestMapping({"/isAccountExist"})
    @ResponseBody
    public Response isAccountExist(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Response response = new Response();
        response.setData(Boolean.valueOf(this.accountApi.isAccountExist(httpServletRequest.getParameter("accountName"))));
        return response;
    }

    @RequestMapping({"/addRole"})
    @ResponseBody
    public Response addRole(HttpServletResponse httpServletResponse, @RequestBody ModAcRequest modAcRequest) {
        Response response = new Response();
        try {
            AccountDto addRole = this.accountApi.addRole(modAcRequest.getCredentials(), modAcRequest.getParentOpenRoleUid(), modAcRequest.getAccountName(), modAcRequest.getRoleNickNames(), modAcRequest.getManageMaps(), modAcRequest.getExAddPermissionTags(), modAcRequest.getExRemovedPermissionTags(), modAcRequest.getRoleTag());
            Iterator it = addRole.getHasRoles().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RoleDto roleDto = (RoleDto) it.next();
                if (roleDto.getTag().equals(modAcRequest.getRoleTag())) {
                    addRole.setCurrentRole(roleDto);
                    break;
                }
            }
            response.setData(addRole);
        } catch (CasException e) {
            response.setStatus(Response.STATUS_ERROR);
            response.setError(new Response.ResponseError(e.getMessage()));
        }
        return response;
    }

    @RequestMapping({"/modRole"})
    @ResponseBody
    public Response modRole(HttpServletResponse httpServletResponse, @RequestBody ModRoleRequest modRoleRequest) {
        Response response = new Response();
        try {
            response.setData(this.accountApi.modRole(modRoleRequest.getCredentials(), modRoleRequest.getOpenRoleUid().intValue(), modRoleRequest.getRoleNickName(), modRoleRequest.getExAddPermissionTags(), modRoleRequest.getExRemovedPermissionTags()));
        } catch (CasException e) {
            response.setStatus(Response.STATUS_ERROR);
            response.setError(new Response.ResponseError(e.getMessage()));
        }
        return response;
    }

    @RequestMapping({"/addRoles"})
    @ResponseBody
    public Response addRoles(HttpServletResponse httpServletResponse, @RequestBody ModAcRequest modAcRequest) {
        Response response = new Response();
        try {
            response.setData(this.accountApi.addRole(modAcRequest.getCredentials(), modAcRequest.getParentOpenRoleUid(), modAcRequest.getAccountName(), modAcRequest.getRoleNickNames(), modAcRequest.getManageMaps(), modAcRequest.getExAddPermissionTags(), modAcRequest.getExRemovedPermissionTags(), (String[]) modAcRequest.getRoleTags().toArray(new String[0])));
        } catch (CasException e) {
            response.setStatus(Response.STATUS_ERROR);
            response.setError(new Response.ResponseError(e.getMessage()));
        }
        return response;
    }

    @RequestMapping({"/delRole"})
    @ResponseBody
    public Response delRole(HttpServletResponse httpServletResponse, @RequestBody ModAcRequest modAcRequest) {
        Response response = new Response();
        try {
            response.setData(modAcRequest.getOpenRoleUid() != null ? this.accountApi.delRole(modAcRequest.getOpenRoleUid().intValue(), modAcRequest.getManagedOpenRoleUids()) : this.accountApi.delRole(modAcRequest.getAccountName(), modAcRequest.getManageMaps(), modAcRequest.getRoleTag()));
        } catch (CasException e) {
            response.setStatus(Response.STATUS_ERROR);
            response.setError(new Response.ResponseError(e.getMessage()));
        }
        return response;
    }

    @RequestMapping({"/delRoles"})
    @ResponseBody
    public Response delRoles(HttpServletResponse httpServletResponse, @RequestBody ModAcRequest modAcRequest) {
        Response response = new Response();
        try {
            response.setData(this.accountApi.delRole(modAcRequest.getAccountName(), modAcRequest.getManageMaps(), (String[]) modAcRequest.getRoleTags().toArray(new String[0])));
        } catch (CasException e) {
            response.setStatus(Response.STATUS_ERROR);
            response.setError(new Response.ResponseError(e.getMessage()));
        }
        return response;
    }

    @RequestMapping({"/getRole"})
    @ResponseBody
    public Response getRole(@RequestBody SearchAcRequest searchAcRequest, HttpServletResponse httpServletResponse) {
        Response response = new Response();
        if (StringUtils.isNotBlank(searchAcRequest.getRoleTag())) {
            response.setData(this.accountApi.getRole(searchAcRequest.getRoleTag()));
        }
        return response;
    }

    @RequestMapping({"/getSubRole"})
    @ResponseBody
    public Response getSubRole(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Response response = new Response();
        response.setData(this.accountApi.getSubRole());
        return response;
    }

    @RequestMapping({"/getSubRoles"})
    @ResponseBody
    public Response getSubRole(@RequestBody SearchAcRequest searchAcRequest, HttpServletResponse httpServletResponse) {
        Response response = new Response();
        List<RoleDto> list = Collections.EMPTY_LIST;
        Integer roleId = searchAcRequest.getRoleId();
        if (roleId != null && roleId.intValue() >= 0) {
            list = this.accountApi.getSubRole(roleId.intValue(), 10, true, true);
        }
        response.setData(list);
        return response;
    }

    @RequestMapping({"/getSubAccounts"})
    @ResponseBody
    public Response getSubAccounts(HttpServletResponse httpServletResponse, @RequestBody SearchAcRequest searchAcRequest) {
        Response response = new Response();
        response.setPageDto(searchAcRequest.getPageDto());
        response.setData(searchAcRequest.getOpenRoleUid() != null ? this.accountApi.getSubAccounts(searchAcRequest.getOpenRoleUid().intValue(), searchAcRequest.getSearchKey(), searchAcRequest.getRoleTag(), searchAcRequest.getSearchLevel().intValue(), searchAcRequest.getReturnRoles().booleanValue(), searchAcRequest.getReturnAllOnSearhPath().booleanValue(), searchAcRequest.getStatus().intValue(), searchAcRequest.getPageDto()) : (searchAcRequest.getAccountId() == null || searchAcRequest.getRoleId() == null) ? this.accountApi.getSubAccounts(AccessControlContext.getCurrentRole().getOpenRoleUid(), searchAcRequest.getSearchKey(), searchAcRequest.getRoleTag(), searchAcRequest.getSearchLevel().intValue(), searchAcRequest.getReturnRoles().booleanValue(), searchAcRequest.getReturnAllOnSearhPath().booleanValue(), searchAcRequest.getStatus().intValue(), searchAcRequest.getPageDto()) : this.accountApi.getSubAccounts(searchAcRequest.getAccountId().intValue(), searchAcRequest.getRoleId().intValue(), searchAcRequest.getSearchKey(), searchAcRequest.getRoleTag(), searchAcRequest.getSearchLevel().intValue(), searchAcRequest.getReturnRoles().booleanValue(), searchAcRequest.getReturnAllOnSearhPath().booleanValue(), searchAcRequest.getStatus().intValue(), searchAcRequest.getPageDto()));
        return response;
    }

    @RequestMapping({"/getAccount"})
    @ResponseBody
    public Response getAccount(HttpServletResponse httpServletResponse, @RequestBody SearchAcRequest searchAcRequest) {
        Response response = new Response();
        response.setData(StringUtils.isNotBlank(searchAcRequest.getAccountName()) ? StringUtils.isNotBlank(searchAcRequest.getRoleTag()) ? this.accountApi.getAccount(searchAcRequest.getAccountName(), searchAcRequest.getRoleTag()) : this.accountApi.getAccount(searchAcRequest.getAccountName()) : (searchAcRequest.getOpenRoleUid() == null || searchAcRequest.getOpenRoleUid().intValue() <= 0) ? this.accountApi.getAccount(searchAcRequest.getAccountId().intValue(), searchAcRequest.getRoleId().intValue()) : this.accountApi.getAccountByOpenRoleUid(searchAcRequest.getOpenRoleUid().intValue()));
        return response;
    }

    @RequestMapping({"/getAccounts"})
    @ResponseBody
    public Response getAccounts(HttpServletResponse httpServletResponse, @RequestBody SearchAcRequest searchAcRequest) {
        Response response = new Response();
        response.setData(this.accountApi.findAccounts(searchAcRequest.getSearchKey(), searchAcRequest.getRoleTag(), false));
        return response;
    }

    @RequestMapping({"/queryAccounts"})
    @ResponseBody
    public Response queryAccounts(HttpServletResponse httpServletResponse, @RequestBody SearchAcRequest searchAcRequest) {
        Response response = new Response();
        response.setData(this.accountApi.queryAccount(searchAcRequest.getSearchKey()));
        return response;
    }

    @RequestMapping({"/queryDepartments"})
    @ResponseBody
    public Response queryDepartments(HttpServletResponse httpServletResponse, @RequestBody SearchAcRequest searchAcRequest) {
        Response response = new Response();
        response.setData(this.accountApi.queryDepartment(searchAcRequest.getSearchKey()));
        return response;
    }

    @RequestMapping({"/queryManageMap"})
    @ResponseBody
    public Response queryManageMap(HttpServletResponse httpServletResponse, @RequestBody ManageMapRequest manageMapRequest) {
        Response response = new Response();
        response.setPageDto(manageMapRequest.getPageDto());
        response.setData(this.accountApi.getManageMap(manageMapRequest.getAuthorizerId(), manageMapRequest.getManagerId(), manageMapRequest.getTargetId(), manageMapRequest.getSearchKey(), manageMapRequest.getPageDto()));
        return response;
    }

    @RequestMapping({"/logout"})
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        logoutLocal(httpServletRequest, httpServletResponse);
        logoutCas(httpServletRequest, httpServletResponse);
    }

    @RequestMapping({"/setAccount"})
    @ResponseBody
    public Response setAccount(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestBody SearchAcRequest searchAcRequest) {
        AccountDto accountDto = null;
        if (StringUtils.isNotBlank(searchAcRequest.getAccountName())) {
            accountDto = this.accountApi.getAccount(searchAcRequest.getAccountName());
        } else if (searchAcRequest.getAccountId() != null && searchAcRequest.getAccountId().intValue() > 0) {
            accountDto = this.accountApi.getAccount(searchAcRequest.getAccountId().intValue());
        } else if (searchAcRequest.getOpenRoleUid() != null && searchAcRequest.getOpenRoleUid().intValue() > 0) {
            accountDto = this.accountApi.getAccountByOpenRoleUid(searchAcRequest.getOpenRoleUid().intValue());
        }
        if (accountDto == null) {
            throw new RuntimeException("输入的账号参数错误");
        }
        RoleDto roleDto = null;
        if (StringUtils.isNotBlank(searchAcRequest.getRoleTag())) {
            roleDto = CommonUtils.roleInAccount(accountDto, searchAcRequest.getRoleTag());
        } else if (searchAcRequest.getRoleId() != null && searchAcRequest.getRoleId().intValue() > 0) {
            roleDto = CommonUtils.roleInAccount(accountDto, searchAcRequest.getRoleId().intValue());
        } else if (searchAcRequest.getOpenRoleUid() != null && searchAcRequest.getOpenRoleUid().intValue() > 0) {
            roleDto = CommonUtils.currentRoleInAccount(accountDto, searchAcRequest.getOpenRoleUid().intValue());
        }
        if (roleDto == null) {
            throw new RuntimeException("输入的角色参数错误");
        }
        if (!this.accountApi.canVisitAccount(accountDto, roleDto)) {
            throw new CasException("没有权限");
        }
        AccessControlContext.setAccount(httpServletRequest, httpServletResponse, accountDto, roleDto);
        Response response = new Response();
        response.setData(true);
        return response;
    }

    @RequestMapping({"/sa"})
    public void setAccount(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AccountDto accountDto = null;
        String parameter = httpServletRequest.getParameter("a");
        if (StringUtils.isNotBlank(parameter)) {
            accountDto = this.accountApi.getAccount(parameter);
        }
        if (accountDto == null) {
            throw new RuntimeException("输入的账号参数错误");
        }
        String parameter2 = httpServletRequest.getParameter("r");
        RoleDto roleDto = null;
        if (StringUtils.isNotBlank(parameter2)) {
            roleDto = CommonUtils.roleInAccount(accountDto, parameter2);
        }
        if (roleDto == null) {
            throw new RuntimeException("输入的角色参数错误");
        }
        if (!this.accountApi.canVisitAccount(accountDto, roleDto)) {
            throw new CasException("没有权限");
        }
        AccessControlContext.setAccount(httpServletRequest, httpServletResponse, accountDto, roleDto);
    }

    private void logoutLocal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationFilter.clearSession(httpServletRequest, httpServletResponse);
        AccessControlContextInitFilter.clearSession(httpServletRequest, httpServletResponse);
    }

    private void logoutCas(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.sendRedirect(constructCasLogoutUrl());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    protected String constructCasLogoutUrl() {
        String str = EnvProperties.get("cas.server.logout", "https://cas.genshuixue.com/cas/logout");
        String str2 = EnvProperties.get("cas.app.index");
        if (StringUtils.isNotBlank(str2)) {
            String str3 = -1 != str2.indexOf("?") ? String.valueOf(str2) + "&v=" + System.currentTimeMillis() : String.valueOf(str2) + "?v=" + System.currentTimeMillis();
            str = -1 != str.indexOf("?") ? String.valueOf(str) + "&service=" + URLEncoder.encode(str3) : String.valueOf(str) + "?service=" + URLEncoder.encode(str3);
        }
        return str;
    }

    protected boolean containsRole(List<RoleDto> list, String str) {
        Iterator<RoleDto> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getTag().equals(str)) {
                return true;
            }
        }
        return false;
    }

    protected AccountDto getAccounDto() {
        AccountDto accountDto = new AccountDto();
        AccountDto account = AccessControlContext.getAccount();
        accountDto.setId(account.getId());
        accountDto.setName(account.getName());
        accountDto.setDisplayName(account.getDisplayName());
        accountDto.setHasRoles(AccessControlContext.rolesInApp());
        accountDto.setCurrentRole(AccessControlContext.getCurrentRole());
        return accountDto;
    }

    protected AuthenticationDto getAuthDto() {
        AuthenticationDto authenticationDto = new AuthenticationDto();
        AccountDto account = AccessControlContext.getAccount();
        authenticationDto.setId(account.getId());
        authenticationDto.setName(account.getName());
        authenticationDto.setMobile(account.getMobile());
        authenticationDto.setDisplayName(account.getDisplayName());
        authenticationDto.setType(account.getType());
        authenticationDto.setDepartment(account.getDepartment());
        authenticationDto.setHasRoles(AccessControlContext.rolesInApp());
        authenticationDto.setCurrentRole(AccessControlContext.getCurrentRole());
        authenticationDto.setCompany(account.getCompany());
        authenticationDto.setManager(account.getManager());
        authenticationDto.setManagerId(account.getManagerId());
        authenticationDto.setTitle(account.getTitle());
        if (AccessControlContext.getLoginAccount().getId() != account.getId()) {
            AccountDto clone = AccessControlContext.getLoginAccount().clone();
            clone.setCurrentRole(AccessControlContext.getLoginAccountCurrentRole());
            authenticationDto.setLoginAccount(clone);
        }
        return authenticationDto;
    }

    public static void main(String[] strArr) {
        Response response = new Response();
        AccountDto accountDto = new AccountDto();
        accountDto.setId(1);
        accountDto.setName("test");
        accountDto.setDisplayName("测试");
        AppDto appDto = new AppDto();
        appDto.setId(3);
        appDto.setName("客服系统");
        appDto.setDomain("kefu.genshuixue.com");
        appDto.setDescription("客服系统");
        RoleDto roleDto = new RoleDto();
        roleDto.setId(1);
        roleDto.setOpenRoleUid(1);
        roleDto.setAppId(3);
        roleDto.setName("客服专员");
        roleDto.setNickName("武汉客服专员");
        roleDto.setParentAccountId(0);
        roleDto.setParentAccountRoleId(0);
        roleDto.setTag("yunying_kefu_zhuanyuan");
        PermissionDto permissionDto = new PermissionDto();
        permissionDto.setTag("yunying_kefu_trans_teacher");
        roleDto.setHasPermissions(Arrays.asList(permissionDto));
        accountDto.setAllowedApps(Arrays.asList(appDto));
        accountDto.setHasRoles(Arrays.asList(roleDto));
        response.setData(accountDto);
        System.out.println(JacksonUtil.safeObj2Str(response));
        response.setData(EnvProperties.getAll());
        System.out.println(JacksonUtil.safeObj2Str(response));
        response.setData(true);
        System.out.println(JacksonUtil.safeObj2Str(response));
        AcRequest acRequest = new AcRequest();
        acRequest.setAccountName("test");
        HashMap hashMap = new HashMap();
        hashMap.put("yunying_kefu_zhuguan", "optional");
        acRequest.setRoleNickNames(hashMap);
        acRequest.setRoleTag("yunying_kefu_zhuguan");
        System.out.println(JacksonUtil.safeObj2Str(acRequest));
        response.setData(Arrays.asList(roleDto));
        System.out.println(JacksonUtil.safeObj2Str(response));
        response.setData(Arrays.asList(accountDto));
        System.out.println(JacksonUtil.safeObj2Str(response));
    }
}
