package com.mindskip.xzs.configuration.spring.security;


import com.mindskip.xzs.context.WebContext;
import com.mindskip.xzs.domain.Department;
import com.mindskip.xzs.domain.enums.DeptAdminEnum;
import com.mindskip.xzs.domain.enums.RoleEnum;
import com.mindskip.xzs.domain.enums.UserStatusEnum;
import com.mindskip.xzs.domain.vo.CascaderDataVO;
import com.mindskip.xzs.repository.DepartmentMapper;
import com.mindskip.xzs.service.AuthenticationService;
import com.mindskip.xzs.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;


/**
 * @version 3.5.0
 * @description: 登录用户名密码验证
 * Copyright (C), 2020-2021, 武汉思维跳跃科技有限公司
 * @date 2021/12/25 9:45
 */
@Component
@RequiredArgsConstructor
public class RestAuthenticationProvider implements AuthenticationProvider {

    private final AuthenticationService authenticationService;
    private final UserService userService;
    private final WebContext webContext;
    private final DepartmentMapper departmentMapper;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();
        String password = (String) authentication.getCredentials();

        com.mindskip.xzs.domain.User user = userService.getUserByUserName(username);
        if (user == null) {
            throw new UsernameNotFoundException("用户名或密码错误");
        }

        boolean result = authenticationService.authUser(user, username, password);
        if (!result) {
            throw new BadCredentialsException("用户名或密码错误");
        }

        UserStatusEnum userStatusEnum = UserStatusEnum.fromCode(user.getStatus());
        if (UserStatusEnum.Disable == userStatusEnum) {
            throw new LockedException("用户被禁用");
        }

        ArrayList<GrantedAuthority> grantedAuthorities = new ArrayList<>();
        // 赋予部门管理员角色
        if (new Integer(-1).equals(user.getRole())) {
            grantedAuthorities.add(new SimpleGrantedAuthority(RoleEnum.DEPT_ADMIN.getRoleName()));
        }
        grantedAuthorities.add(new SimpleGrantedAuthority(RoleEnum.fromCode(user.getRole()).getRoleName()));
        // 获取该用户管理部门及其下级deptAdminIds
        List<Department> deptList = userService.getDeptAdminIdAndInfo(user.getId());
        List<Integer> deptIds = deptList.stream().map(dept -> dept.getId()).collect(Collectors.toList());
        if (! CollectionUtils.isEmpty(deptIds)) {
            deptIds = departmentMapper.getChilds(deptIds); // 查询子部门
            // 如果该部门还被赋予了管理三级单位的的权限，则查出来
            if (deptList.stream().anyMatch(dept -> Objects.nonNull(dept.getSpecial()) && dept.getSpecial())) {
                List<CascaderDataVO> levelDeptList = departmentMapper.getLevelDeptList(3);
                List<Integer> level3DeptIds = levelDeptList.stream().map(CascaderDataVO::getValue).collect(Collectors.toList());
                deptIds.addAll(level3DeptIds);
            }
        }
         else if (CollectionUtils.isEmpty(deptIds)) {
            // 如果是普通学员，查出所在部门
            deptIds = userService.getDeptIds(user.getId());
        }
        MyUser authUser = new MyUser(user.getUserName(), user.getPassword(), grantedAuthorities, user.getRole(), deptIds);
        return new UsernamePasswordAuthenticationToken(authUser, authUser.getPassword(), authUser.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return true;
    }
}