package coo.core.security.service;

import coo.base.model.BitCode;
import coo.base.model.Page;
import coo.base.util.BeanUtils;
import coo.base.util.StringUtils;
import coo.core.hibernate.dao.Dao;
import coo.core.hibernate.search.FullTextCriteria;
import coo.core.message.MessageSource;
import coo.core.model.SearchModel;
import coo.core.security.annotations.AutoFillIn;
import coo.core.security.annotations.DetailLog;
import coo.core.security.annotations.SimpleLog;
import coo.core.security.constants.AdminIds;
import coo.core.security.entity.ActorEntity;
import coo.core.security.entity.BnLogEntity;
import coo.core.security.entity.OrganEntity;
import coo.core.security.entity.RoleEntity;
import coo.core.security.entity.UserEntity;
import coo.core.security.entity.UserSettingsEntity;
import coo.core.security.permission.AdminPermission;
import coo.core.security.permission.PermissionConfig;
import java.util.List;
import javax.annotation.Resource;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.BooleanClause;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.search.SortField;
import org.apache.lucene.search.TermQuery;
import org.apache.lucene.search.WildcardQuery;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthenticatedException;
import org.hibernate.Criteria;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:coo/core/security/service/AbstractSecurityService.class */
public abstract class AbstractSecurityService<O extends OrganEntity<O, U, A>, U extends UserEntity<U, A, S>, R extends RoleEntity<U, A>, A extends ActorEntity<O, U, R>, S extends UserSettingsEntity<A>> {

    @Resource
    protected Dao<O> organDao;

    @Resource
    protected Dao<U> userDao;

    @Resource
    protected Dao<R> roleDao;

    @Resource
    protected Dao<A> actorDao;

    @Resource
    protected Dao<S> userSettingsDao;

    @Resource
    protected LoginRealm loginRealm;

    @Resource
    protected PermissionConfig permissionConfig;

    @Resource
    protected MessageSource messageSource;

    @Autowired(required = false)
    @Qualifier("bnLogger")
    protected AbstractBnLogger<? extends BnLogEntity> bnLogger;

    @SimpleLog(code = "user.logon.log", vars = {"ip"})
    public void signIn(String str, String str2, String str3) {
        try {
            SecurityUtils.getSubject().login(new UsernamePasswordToken(str, str2));
            this.loginRealm.clearCache();
        } catch (AuthenticationException e) {
            this.messageSource.thrown(e, "login.failed", new Object[0]);
        } catch (IncorrectCredentialsException e2) {
            this.messageSource.thrown(e2, "password.wrong", new Object[0]);
        } catch (UnknownAccountException e3) {
            this.messageSource.thrown(e3, "user.not.exist", new Object[0]);
        } catch (DisabledAccountException e4) {
            this.messageSource.thrown(e4, "user.disabled", new Object[0]);
        }
    }

    public void signOut() {
        this.loginRealm.clearCache();
        SecurityUtils.getSubject().logout();
    }

    @Transactional(readOnly = true)
    public O getOrgan(String str) {
        return (O) this.organDao.get(str);
    }

    @Transactional
    @SimpleLog(code = "organ.add.log", vars = {"organ.name"})
    @AutoFillIn
    public void createOrgan(O o) {
        if (o.getParent() == null) {
            this.messageSource.thrown("organ.add.no.parent", new Object[0]);
        }
        this.organDao.save(o);
    }

    @Transactional
    @AutoFillIn
    @DetailLog(target = "organ", code = "organ.edit.log", vars = {"organ.name"}, type = DetailLog.LogType.ALL)
    public void updateOrgan(O o) {
        BeanUtils.copyFields(o, getOrgan(o.getId()), "ordinal", (String) null);
    }

    @Transactional
    @DetailLog(target = "organ", code = "organ.delete.log", vars = {"organ.name"}, type = DetailLog.LogType.ORIG)
    public void deleteOrgan(O o) {
        this.organDao.remove(o);
    }

    @Transactional(readOnly = true)
    public R getRole(String str) {
        return (R) this.roleDao.get(str);
    }

    @Transactional(readOnly = true)
    public List<R> getAllRole() {
        Criteria createCriteria = this.roleDao.createCriteria(new Criterion[0]);
        createCriteria.addOrder(Order.asc("createDate"));
        return createCriteria.list();
    }

    @Transactional
    @SimpleLog(code = "role.add.log", vars = {"role.name"})
    @AutoFillIn
    public void createRole(R r) {
        if (!this.roleDao.isUnique(r, "name").booleanValue()) {
            this.messageSource.thrown("role.name.exist", new Object[]{r.getName()});
        }
        this.roleDao.save(r);
    }

    @Transactional
    @AutoFillIn
    @DetailLog(target = "role", code = "role.edit.log", vars = {"role.name"}, type = DetailLog.LogType.ALL)
    public void updateRole(R r) {
        if (!this.roleDao.isUnique(r, "name").booleanValue()) {
            this.messageSource.thrown("role.name.exist", new Object[]{r.getName()});
        }
        BeanUtils.copyFields(r, getRole(r.getId()));
    }

    @Transactional(readOnly = true)
    public U getCurrentUser() {
        try {
            return (U) this.userDao.get((String) SecurityUtils.getSubject().getPrincipal());
        } catch (Exception e) {
            throw new UnauthenticatedException("获取当前登录用户时发生异常。", e);
        }
    }

    @Transactional(readOnly = true)
    public U getDefaultOperator() {
        try {
            return (U) this.userDao.get((String) SecurityUtils.getSubject().getPrincipal());
        } catch (Exception e) {
            return getAdminUser();
        }
    }

    @Transactional(readOnly = true)
    public O getCurrentOrgan() {
        return (O) getCurrentUser().getSettings().getDefaultActor().getOrgan();
    }

    @Transactional(readOnly = true)
    public Page<U> searchUser(SearchModel searchModel) {
        FullTextCriteria createFullTextCriteria = this.userDao.createFullTextCriteria();
        createFullTextCriteria.setKeyword(searchModel.getKeyword());
        createFullTextCriteria.addSortDesc("createDate", SortField.Type.LONG);
        BooleanQuery booleanQuery = new BooleanQuery();
        booleanQuery.add(new TermQuery(new Term("id", AdminIds.USER_ID)), BooleanClause.Occur.MUST_NOT);
        booleanQuery.add(new WildcardQuery(new Term("id", "*")), BooleanClause.Occur.MUST);
        createFullTextCriteria.addLuceneQuery(booleanQuery, BooleanClause.Occur.MUST);
        return this.userDao.searchPage(createFullTextCriteria, searchModel.getPageNo(), searchModel.getPageSize());
    }

    @Transactional(readOnly = true)
    public U getUser(String str) {
        return (U) this.userDao.get(str);
    }

    @Transactional(readOnly = true)
    public U getUserByUsername(String str) {
        return (U) this.userDao.findUnique("username", str);
    }

    @Transactional
    @SimpleLog(code = "user.add.log", vars = {"user.name"})
    @AutoFillIn
    public void createUser(U u) {
        if (!this.userDao.isUnique(u, "username").booleanValue()) {
            this.messageSource.thrown("username.exist", new Object[]{u.getUsername()});
        }
        if (StringUtils.isEmpty(u.getPassword()).booleanValue()) {
            u.setPassword(this.loginRealm.encryptPassword(AdminPermission.DEFAULT_PASSWORD));
        }
        this.userDao.save(u);
        UserSettingsEntity settings = u.getSettings();
        ActorEntity defaultActor = settings.getDefaultActor();
        defaultActor.setUser(u);
        defaultActor.autoFillIn();
        this.actorDao.save(defaultActor);
        settings.setId(u.getId());
        this.userSettingsDao.save(settings);
    }

    @Transactional
    @AutoFillIn
    @DetailLog(target = "user", code = "user.edit.log", vars = {"user.name"}, type = DetailLog.LogType.ALL)
    public void updateUser(U u) {
        if (!this.userDao.isUnique(u, "username").booleanValue()) {
            this.messageSource.thrown("username.exist", new Object[]{u.getUsername()});
        }
        U user = getUser(u.getId());
        BeanUtils.copyFields(u, user, "enabled,settings");
        if (u.getSettings() != null) {
            BeanUtils.copyFields(u.getSettings(), user.getSettings());
        }
    }

    @Transactional
    public void updateUserSettings(S s) {
        BeanUtils.copyFields(s, (UserSettingsEntity) this.userSettingsDao.get(s.getId()));
    }

    @Transactional
    @DetailLog(target = "user", code = "user.delete.log", vars = {"user.name"}, type = DetailLog.LogType.ORIG)
    public void deleteUser(U u) {
        this.userDao.remove(u);
    }

    @Transactional
    @SimpleLog(code = "user.enable.log", vars = {"user.name"})
    public void enableUser(U u) {
        u.setEnabled(true);
    }

    @Transactional
    @SimpleLog(code = "user.disable.log", vars = {"user.name"})
    public void disableUser(U u) {
        u.setEnabled(false);
    }

    @Transactional
    @SimpleLog(code = "user.reset.password.log", vars = {"user.name"})
    public void resetPassword(String str, U u) {
        if (!this.loginRealm.checkPassword(str, getCurrentUser().getPassword()).booleanValue()) {
            this.messageSource.thrown("admin.password.wrong", new Object[0]);
        }
        u.setPassword(this.loginRealm.encryptPassword(AdminPermission.DEFAULT_PASSWORD));
    }

    @Transactional
    @SimpleLog(code = "user.change.password.log")
    public void changePassword(String str, String str2) {
        U currentUser = getCurrentUser();
        if (!this.loginRealm.checkPassword(str, currentUser.getPassword()).booleanValue()) {
            this.messageSource.thrown("old.password.wrong", new Object[0]);
        }
        currentUser.setPassword(this.loginRealm.encryptPassword(str2));
    }

    @Transactional(readOnly = true)
    public A getActor(String str) {
        return (A) this.actorDao.get(str);
    }

    @Transactional
    @SimpleLog(code = "actor.add.log", vars = {"actor.user.name", "actor.name"})
    @AutoFillIn
    public void createActor(A a) {
        this.actorDao.save(a);
    }

    @Transactional
    @AutoFillIn
    @DetailLog(target = "actor", code = "actor.edit.log", vars = {"actor.user.name", "actor.name"}, type = DetailLog.LogType.ALL)
    public void updateActor(A a) {
        BeanUtils.copyFields(a, getActor(a.getId()));
    }

    @Transactional
    @SimpleLog(code = "actor.delete.log", vars = {"actor.user.name", "actor.name"})
    public void deleteActor(A a) {
        if (a.isDefaultActor().booleanValue()) {
            this.messageSource.thrown("default.actor.not.allow.delete", new Object[0]);
        }
        this.actorDao.remove(a);
    }

    @Transactional
    public void changeActor(String str) {
        U currentUser = getCurrentUser();
        A actor = getActor(str);
        if (!currentUser.getActors().contains(actor)) {
            this.messageSource.thrown("actor.change.not.allow", new Object[0]);
        }
        currentUser.getSettings().setDefaultActor(actor);
        this.loginRealm.clearCache();
    }

    @Transactional(readOnly = true)
    public List<U> findUserByPermission(String str) {
        return findUserByPermissions(new String[]{str}, new String[0]);
    }

    @Transactional(readOnly = true)
    public List<U> findUserByPermissions(String[] strArr) {
        return findUserByPermissions(strArr, new String[0]);
    }

    @Transactional(readOnly = true)
    public List<U> findUserByPermissions(String[] strArr, String[] strArr2) {
        BitCode queryBitCode = new BitCode().getQueryBitCode((Integer[]) this.permissionConfig.getPermissionIds(strArr).toArray(new Integer[0]), (Integer[]) this.permissionConfig.getPermissionIds(strArr2).toArray(new Integer[0]));
        Criteria createCriteria = this.userDao.createCriteria(new Criterion[0]);
        createCriteria.createAlias("actors", "actors");
        createCriteria.createAlias("actors.role", "role");
        createCriteria.add(Restrictions.like("role.permissions", queryBitCode.toString()));
        createCriteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY);
        return createCriteria.list();
    }

    public O getRootOrgan() {
        return (O) this.organDao.get(AdminIds.ORGAN_ID);
    }

    public U getAdminUser() {
        return (U) this.userDao.get(AdminIds.USER_ID);
    }

    public R getAdminRole() {
        return (R) this.roleDao.get(AdminIds.ROLE_ID);
    }
}
