package com.diboot.iam.data;

import com.diboot.core.config.Cons;
import com.diboot.core.data.access.DataScopeManager;
import com.diboot.core.vo.LabelValue;
import com.diboot.iam.config.Cons;
import com.diboot.iam.entity.IamUser;
import com.diboot.iam.util.IamSecurityUtils;
import com.diboot.iam.vo.PositionDataScope;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/diboot/iam/data/UserOrgDataAccessScopeManager.class */
public class UserOrgDataAccessScopeManager implements DataScopeManager {
    private static final Logger log = LoggerFactory.getLogger(UserOrgDataAccessScopeManager.class);

    public List<? extends Serializable> getAccessibleIds(String str, String str2) {
        try {
            IamUser iamUser = (IamUser) IamSecurityUtils.getCurrentUser();
            if (iamUser == null) {
                log.warn("无法获取当前用户");
                return Collections.emptyList();
            }
            LabelValue extensionObj = iamUser.getExtensionObj();
            if (extensionObj == null || extensionObj.getExt() == null) {
                if (isOrgFieldName(str, str2)) {
                    return buildOrgIdsScope(iamUser);
                }
                if (isUserFieldName(str, str2)) {
                    return buildUserIdsScope(iamUser);
                }
                log.warn("数据权限未能识别该字段类型: {}", str2);
                return Collections.emptyList();
            }
            PositionDataScope positionDataScope = (PositionDataScope) extensionObj.getExt();
            if (Cons.DICTCODE_DATA_PERMISSION_TYPE.ALL.name().equalsIgnoreCase(positionDataScope.getDataPermissionType())) {
                return null;
            }
            if (Cons.DICTCODE_DATA_PERMISSION_TYPE.SELF.name().equalsIgnoreCase(positionDataScope.getDataPermissionType())) {
                if (isUserFieldName(str, str2)) {
                    return buildUserIdsScope(iamUser);
                }
                return null;
            }
            if (Cons.DICTCODE_DATA_PERMISSION_TYPE.SELF_AND_SUB.name().equalsIgnoreCase(positionDataScope.getDataPermissionType())) {
                if (isUserFieldName(str, str2)) {
                    return positionDataScope.getAccessibleUserIds();
                }
                return null;
            }
            if (Cons.DICTCODE_DATA_PERMISSION_TYPE.DEPT.name().equalsIgnoreCase(positionDataScope.getDataPermissionType())) {
                if (isOrgFieldName(str, str2)) {
                    return Arrays.asList(positionDataScope.getOrgId());
                }
                return null;
            }
            if (!Cons.DICTCODE_DATA_PERMISSION_TYPE.DEPT_AND_SUB.name().equalsIgnoreCase(positionDataScope.getDataPermissionType())) {
                log.warn("未知的数据权限类型: {}", positionDataScope.getDataPermissionType());
                return Collections.emptyList();
            }
            if (isOrgFieldName(str, str2)) {
                return positionDataScope.getAccessibleOrgIds();
            }
            return null;
        } catch (Exception e) {
            log.warn("获取数据权限可访问ids异常: ", e);
            return Collections.emptyList();
        }
    }

    protected List<? extends Serializable> buildUserIdsScope(IamUser iamUser) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(iamUser.getId());
        return arrayList;
    }

    protected List<? extends Serializable> buildOrgIdsScope(IamUser iamUser) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(iamUser.getOrgId());
        return arrayList;
    }

    protected boolean isUserFieldName(String str, String str2) {
        return Cons.FieldName.userId.name().equals(str2) || Cons.FieldName.createBy.name().equals(str2);
    }

    protected boolean isOrgFieldName(String str, String str2) {
        return Cons.FieldName.orgId.name().equals(str2);
    }
}
