package systemuser.internal;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

import org.apache.commons.collections.CollectionUtils;
import org.springframework.security.providers.encoding.PasswordEncoder;

import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import kernel.web.ApplicationUtil;
import project.Constants;
import project.user.googleauth.GoogleAuthService;
import security.Resource;
import security.ResourceService;
import security.Role;
import security.RoleService;
import security.SecUser;
import security.internal.SecUserService;
import systemuser.AdminRoleAuthorityService;
import systemuser.ResourceMappingService;
import systemuser.model.ResourceMapping;

@SuppressWarnings({"unchecked","rawtypes"})
public class AdminRoleAuthorityServiceImpl implements AdminRoleAuthorityService{

	private RoleService roleService;
	
	private SecUserService secUserService;
	
	private PasswordEncoder passwordEncoder;
	
	private ResourceService resourceService;
	
	private GoogleAuthService googleAuthService;
	
	private ResourceMappingService resourceMappingService;
	
	/**
	 * 角色列表
	 * @return
	 */
	public List<Map<String,Object>> getAllRole(){
		ArrayList<String> roles = new ArrayList<String>(Constants.ROLE_MAP.keySet());
		roles.remove(Constants.SECURITY_ROLE_FINANCE);
		roles.remove(Constants.SECURITY_ROLE_CUSTOMER);
		roles.remove(Constants.SECURITY_ROLE_MAINTAINER);
		roles.remove(Constants.SECURITY_ROLE_AGENT);
		roles.remove(Constants.SECURITY_ROLE_C2C);
		String inSubStatement=roles.stream().map(roleName->"'"+roleName+"'").collect(Collectors.joining(",","(",") GROUP BY role.UUID"));
		
		StringBuilder sqlBuilder=new StringBuilder("SELECT role.UUID id,role.ROLE_NAME roleName,GROUP_CONCAT(DISTINCT r_name.NAME separator ' , ') names ");
		sqlBuilder.append("FROM SCT_ROLE role LEFT JOIN SCT_ROLE_RESOURCE role_resource ON role_resource.ROLE_UUID=role.UUID ");
		sqlBuilder.append("LEFT JOIN SCT_RESOURCE_MAPPING resource_mapping ON resource_mapping.RESOURCE_UUID=role_resource.RESOURCE_UUID ");
		sqlBuilder.append("LEFT JOIN SCT_RESOURCE_SET_NAME r_name ON r_name.UUID=resource_mapping.SET_UUID ");
		sqlBuilder.append("WHERE ROLE_NAME NOT IN");
		sqlBuilder.append(inSubStatement);
		
		List<Map> list=ApplicationUtil.executeDQL(sqlBuilder.toString(),Map.class);
		if(null==list || list.isEmpty()) return new ArrayList<Map<String,Object>>();
		
		return list.stream().map(map->(Map<String,Object>)map).collect(Collectors.toList());
	}
	
	/**
	 * 获取角色所有的映射id
	 * @param roleId
	 * @return
	 */
	public List<String> getRoleResourceMappingIdById(String roleId){
		Role role = roleService.get(roleId);
		if(null==role) throw new BusinessException("角色不存在");
		
		Set<Resource> resources = role.getResources();
		if(CollectionUtils.isEmpty(resources)) return new ArrayList<String>();
		
		List<Map<String, Object>> list=getResourceName(getOPResourceIdByResources(resources));
		return list.stream().map(map->map.get("set_id").toString()).collect(Collectors.toList());
	}
	
	/**
	 * 根据资源获取操作权限id
	 * @param resources
	 * @return
	 */
	private List<String> getOPResourceIdByResources(Collection<Resource> resources){
		return resources.stream().filter(r->Resource.RESOURCE_TYPE_OPERATION.equals(r.getResType())).map(r->r.getId().toString()).collect(Collectors.toList());
	}
	
	/**
	 * 根据资源id列表 获取到映射的名字和id
	 * @param resourcesIds
	 * @return
	 */
	public List<Map<String, Object>> getResourceName(List<String> resourcesIds){
		if(null!=resourcesIds && resourcesIds.size()==0) return new ArrayList<Map<String, Object>>();
		
		StringBuilder sqlBuilder=new StringBuilder("SELECT r_map.SET_UUID set_id,r_name.NAME name,GROUP_CONCAT(r_map.RESOURCE_UUID separator ',') resources ");
		sqlBuilder.append("FROM SCT_RESOURCE_MAPPING r_map LEFT JOIN SCT_RESOURCE_SET_NAME r_name ON r_name.UUID=r_map.SET_UUID WHERE 1=1 ");
		if(resourcesIds!=null) {
			sqlBuilder.append("AND r_map.RESOURCE_UUID IN").append(resourcesIds.stream().filter(id->null!=id && !id.isEmpty()).map(rid->"'"+rid+"'").collect(Collectors.joining(",","(",") ")));
		}
		sqlBuilder.append("GROUP BY r_map.SET_UUID");
		
		List<Map> list=ApplicationUtil.executeDQL(sqlBuilder.toString(),Map.class);
		if(null==list || list.isEmpty()) return new ArrayList<Map<String,Object>>();
		
		return list.stream().map(map->(Map<String,Object>)map).collect(Collectors.toList());
	}
	
	/**
	 * 根据映射id 更新角色资源
	 * @param roleId
	 * @param resourceMapIds 映射id ("a,b,c"的形式)
	 */
	public void updateRoleResource(String roleId,String resourceMapIds,String operaterUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
		googleAuthService.checkSuperGoogleAuthCode(superGoogleAuthCode);
		checkLoginSafeword(operaterUsername,loginSafeword);
		
		Role role = roleService.get(roleId);
		if(null==role) throw new BusinessException("角色不存在");
		
		List<Map<String, Object>> beforeResourceMap = getResourceName(getOPResourceIdByResources(role.getResources()));
		resourceMapIds = checkResourceUserRecord(resourceMapIds, operaterUsername, beforeResourceMap);
		
		List<String> ids = new LinkedList<String>();
		if(StringUtils.isEmptyString(resourceMapIds)) {
			role.setResources(new HashSet<Resource>());
		}else {
			List<ResourceMapping> mappings = resourceMappingService.findBySetIds(Arrays.asList(resourceMapIds.replaceAll(" ", "").split(",")));
			for(ResourceMapping mapping:mappings) {
				ids.add(mapping.getResource_id());
				ids.add(Resource.RESOURCE_TYPE_URL+"_"+mapping.getResource_id());
			}
			List<Resource> list = resourceService.getByIds(ids);
			role.setResources(new HashSet<Resource>(list));
		}


		
		/*
		 * 如果客服默认添加客服中心权限，个人中心是属于客服默认权限，所以mapping映射表没有存在映射关系，不会因为修改而不添加
		 * 补充添加，不会因为修改了权限了导致消失
		 */
		if(Constants.SECURITY_ROLE_CUSTOMER.equals(role.getRoleName())) {
			Set<Resource> resources = role.getResources();
			resources.add(resourceService.get("OP_ADMIN_ONLINECHAT"));
			role.setResources(resources);
		}
		
		List<String> beforeResourceName = beforeResourceMap.stream()
				.filter(map->{Object name=map.get("name");return name!=null&&!name.toString().isEmpty();})
				.map(map->map.get("name").toString()).collect(Collectors.toList());
		
		List<Map<String, Object>> afterResourceMap = getResourceName(getOPResourceIdByResources(role.getResources()));
		List<String> afterResourceName = afterResourceMap.stream()
				.filter(map->{Object name=map.get("name");return name!=null&&!name.toString().isEmpty();})
				.map(map->map.get("name").toString()).collect(Collectors.toList());
		
		roleService.update(role,operaterUsername,String.join(",", beforeResourceName),String.join(",", afterResourceName),code,ip);
		
	}
	/**
	 * 假分核查权限检验处理
	 * @param resourceMapIds
	 * @param operaterUsername
	 * @param beforeResourceMap
	 */
	private String checkResourceUserRecord(String resourceMapIds,String operaterUsername,List<Map<String, Object>> beforeResourceMap) {
		if("root".equals(operaterUsername) || CollectionUtils.isEmpty(beforeResourceMap)) return resourceMapIds;
		
		boolean hasUR = false;
		for(Map<String, Object> data:beforeResourceMap) { //非root操作，有假分权限 且 新权限中无假分权限则加回
			if("SECURITY_USER_RECORD".equals(data.get("set_id").toString())
					&&(StringUtils.isEmptyString(resourceMapIds)||resourceMapIds.indexOf("SECURITY_USER_RECORD")==-1)) {
				resourceMapIds+=", SECURITY_USER_RECORD";
				hasUR = true;
				break;
			}
		}
		
		//非root操作，无假分权限则移除
		if(!hasUR && resourceMapIds.indexOf("SECURITY_USER_RECORD")!=-1) {
			resourceMapIds.replace("SECURITY_USER_RECORD", "");
		}
		
		return resourceMapIds;
	}

	/**
	 * 验证登录人资金密码
	 * @param operatorUsername
	 * @param loginSafeword
	 */
	private void checkLoginSafeword(String operatorUsername,String loginSafeword) {
		SecUser sec = secUserService.findUserByLoginName(operatorUsername);
		String safeword_md5 = passwordEncoder.encodePassword(loginSafeword, operatorUsername);
		if (!safeword_md5.equals(sec.getSafeword())) throw new BusinessException("登录人资金密码错误");
	}
	
	public void delete(String roleId,String operaterUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
		googleAuthService.checkSuperGoogleAuthCode(superGoogleAuthCode);
		checkLoginSafeword(operaterUsername,loginSafeword);
		
		Role role = roleService.get(roleId);
		if(null==role) throw new BusinessException("角色不存在");
		
		if(Constants.ROLE_MAP.containsKey(role.getRoleName())) throw new BusinessException("该权限无法删除");
		
		roleService.removeById(role.getId().toString(),operaterUsername,ip);
	}
	
	public void setRoleService(RoleService roleService) {
		this.roleService = roleService;
	}

	public void setResourceService(ResourceService resourceService) {
		this.resourceService = resourceService;
	}

	public void setResourceMappingService(ResourceMappingService resourceMappingService) {
		this.resourceMappingService = resourceMappingService;
	}
	
	public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
		this.passwordEncoder = passwordEncoder;
	}
	
	public void setSecUserService(SecUserService secUserService) {
		this.secUserService = secUserService;
	}
	
	public void setGoogleAuthService(GoogleAuthService googleAuthService) {
		this.googleAuthService = googleAuthService;
	}
}