package com.objecteye.service.impl;

import com.objecteye.pojo.SpecialAuthenticationUrlConfig;
import com.objecteye.pojo.UserDetailsMsg;
import com.objecteye.pojo.UserGroup;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

@Component("accessConfirmService")
public class AccessConfirmServiceImpl {

    @Autowired
    private MongoTemplate mongoTemplate;

    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    public boolean hasPermission(HttpServletRequest request, Authentication auth) {
        // 不需要权限的接口
        List<String> permitAll = new ArrayList<>();
        permitAll.add("/login");
        permitAll.add("/vehicle/user/addUser");

        String requestUri = request.getRequestURI();
        if (permitAll.contains(requestUri)) {
            return true;
        }

        // 匿名token不允许访问所有的接口
        if (auth instanceof AnonymousAuthenticationToken) {
            return false;
        }

        UserDetails user = (UserDetails) auth.getPrincipal();
        Map<String, Boolean> specialUrlAccessMap = queryUrlByUserName(user.getUsername());
        for (Map.Entry<String, Boolean> entry : specialUrlAccessMap.entrySet()) {
            if (antPathMatcher.match(entry.getKey(), requestUri)) {
                return entry.getValue();
            }
        }
        return true;
    }

    /**
     * 查询用户权限
     *
     * @param userName 用户名
     * @return key: 需要权限的url; value: 是否可以访问
     */
    private Map<String, Boolean> queryUrlByUserName(String userName) {
        List<UserDetailsMsg> userDetailsMsgList = mongoTemplate.find(Query.query(Criteria.where("userName").is(userName)), UserDetailsMsg.class);
        Map<String, Boolean> specialUrlLevelMap = new HashMap<>();
        if (userDetailsMsgList.size() > 0) {
            List<String> levelList = new ArrayList<>();
            UserDetailsMsg userDetailsMsg = userDetailsMsgList.get(0);
            levelList.add(userDetailsMsg.getUserRole());
            List<UserGroup> userGroups = mongoTemplate.find(Query.query(Criteria.where("grouoId").is(userDetailsMsg.getGroup())), UserGroup.class);
            if (userGroups.size() > 0) {
                levelList.add(userGroups.get(0).getGroupLevel());
            }
            // 保存的是所有的需要特殊权限才能访问的
            List<SpecialAuthenticationUrlConfig> specialUrlList = mongoTemplate.find(new Query(), SpecialAuthenticationUrlConfig.class);
            if (specialUrlList.size() > 0) {
                for (SpecialAuthenticationUrlConfig specialUrlConfig : specialUrlList) {
                    String url = specialUrlConfig.getUrl();
                    Integer level = specialUrlConfig.getLevel();
                    if (specialUrlLevelMap.containsKey(url)) {
                        // 历史数据不允许访问, 当前数据允许访问则刷新是否可以访问的状态
                        if (!specialUrlLevelMap.get(url) && levelList.contains(level)) {
                            specialUrlLevelMap.put(url, true);
                        }
                    } else {
                        specialUrlLevelMap.put(url, levelList.contains(level));
                    }
                }
            }
        }
        return specialUrlLevelMap;
    }
}