UserServiceImpl.java

package pwc.taxtech.atms.service.impl;

import static java.util.stream.Collectors.toList;

import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;

import org.apache.commons.lang3.BooleanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

import com.alibaba.fastjson.JSON;

import pwc.taxtech.atms.common.ApplicationException;
import pwc.taxtech.atms.common.AuthUserHelper;
import pwc.taxtech.atms.common.CheckState;
import pwc.taxtech.atms.common.CommonConstants;
import pwc.taxtech.atms.common.CommonUtils;
import pwc.taxtech.atms.common.OperateLogType;
import pwc.taxtech.atms.common.OperationAction;
import pwc.taxtech.atms.common.OperationModule;
import pwc.taxtech.atms.common.UserLoginType;
import pwc.taxtech.atms.common.UserStatus;
import pwc.taxtech.atms.common.message.UserMessage;
import pwc.taxtech.atms.constant.DimensionConstant;
import pwc.taxtech.atms.constant.PermissionCode;
import pwc.taxtech.atms.constant.PermissionUrl;
import pwc.taxtech.atms.dao.PermissionMapper;
import pwc.taxtech.atms.dao.RoleMapper;
import pwc.taxtech.atms.dao.RolePermissionMapper;
import pwc.taxtech.atms.dao.UserMapper;
import pwc.taxtech.atms.dao.UserOrganizationMapper;
import pwc.taxtech.atms.dao.UserRoleMapper;
import pwc.taxtech.atms.dto.AtmsTokenDto;
import pwc.taxtech.atms.dto.LogOnDto;
import pwc.taxtech.atms.dto.LoginInputDto;
import pwc.taxtech.atms.dto.LoginOutputDto;
import pwc.taxtech.atms.dto.OperationResultDto;
import pwc.taxtech.atms.dto.UpdateLogParams;
import pwc.taxtech.atms.dto.organization.DimensionRoleDto;
import pwc.taxtech.atms.dto.organization.OrgCustomDto;
import pwc.taxtech.atms.dto.organization.SimpleRoleDto;
import pwc.taxtech.atms.dto.permission.OrganizationPermissionDto;
import pwc.taxtech.atms.dto.permission.OrganizationPermissionKeyDto;
import pwc.taxtech.atms.dto.permission.PermissionDto;
import pwc.taxtech.atms.dto.permission.PermissionKeyDto;
import pwc.taxtech.atms.dto.permission.UserPermissionDto;
import pwc.taxtech.atms.dto.permission.UserPermissionKeyDto;
import pwc.taxtech.atms.dto.user.RoleInfo;
import pwc.taxtech.atms.dto.user.UserAndUserRoleSaveDto;
import pwc.taxtech.atms.dto.user.UserDto;
import pwc.taxtech.atms.dto.user.UserPasswordDto;
import pwc.taxtech.atms.dto.user.UserRoleDimensionValueDto;
import pwc.taxtech.atms.dto.user.UserRoleInfo;
import pwc.taxtech.atms.dto.user.VMUser;
import pwc.taxtech.atms.dto.user.WebUserDto;
import pwc.taxtech.atms.entitiy.Menu;
import pwc.taxtech.atms.entitiy.Permission;
import pwc.taxtech.atms.entitiy.PermissionExample;
import pwc.taxtech.atms.entitiy.Role;
import pwc.taxtech.atms.entitiy.RoleExample;
import pwc.taxtech.atms.entitiy.RolePermission;
import pwc.taxtech.atms.entitiy.RolePermissionExample;
import pwc.taxtech.atms.entitiy.User;
import pwc.taxtech.atms.entitiy.UserDimensionValue;
import pwc.taxtech.atms.entitiy.UserDimensionValueExample;
import pwc.taxtech.atms.entitiy.UserDimensionValueRole;
import pwc.taxtech.atms.entitiy.UserDimensionValueRoleExample;
import pwc.taxtech.atms.entitiy.UserExample;
import pwc.taxtech.atms.entitiy.UserOrganization;
import pwc.taxtech.atms.entitiy.UserOrganizationExample;
import pwc.taxtech.atms.entitiy.UserOrganizationRole;
import pwc.taxtech.atms.entitiy.UserOrganizationRoleExample;
import pwc.taxtech.atms.entitiy.UserRole;
import pwc.taxtech.atms.entitiy.UserRoleExample;
import pwc.taxtech.atms.entitiy.UserRoleExample.Criteria;
import pwc.taxtech.atms.security.AtmsPasswordEncoder;
import pwc.taxtech.atms.security.JwtUtil;
import pwc.taxtech.atms.security.LdapAuthenticationProvider;
import pwc.taxtech.atms.service.MenuService;
import pwc.taxtech.atms.service.OperationLogService;
import pwc.taxtech.atms.service.OrganizationService;
import pwc.taxtech.atms.service.RoleService;
import pwc.taxtech.atms.service.UserAccountService;
import pwc.taxtech.atms.service.UserRoleService;
import pwc.taxtech.atms.service.UserService;

/** @see PwC.Tax.Tech.Atms..Admin.Application\Services\Impl\UserService.cs */
@Service
public class UserServiceImpl extends AbstractService implements UserService {
    private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
    @Autowired
    private UserMapper userMapper;
    @Autowired
    private UserRoleMapper userRoleMapper;
    @Autowired
    private RolePermissionMapper rolePermissionMapper;
    @Autowired
    private PermissionMapper permissionMapper;
    @Autowired
    private AtmsPasswordEncoder atmsPasswordEncoder;
    @Autowired
    private JwtUtil jwtUtil;
    @Autowired
    private RoleService roleService;
    @Autowired
    private MenuService menuService;
    @Autowired
    private UserAccountService userAccountService;
    @Autowired
    private LdapAuthenticationProvider ldapAuthenticationProvider;
    @Autowired
    private AuthUserHelper authUserHelper;
    @Autowired
    private RoleMapper roleMapper;
    @Autowired
    private UserOrganizationMapper userOrganizationMapper;
    @Autowired
    private OperationLogService operationLogService;
    @Autowired
    private OrganizationService organizationService;
    @Autowired
    private UserRoleService userRoleService;

    @Override
    public UserPermissionDto getUserPermission(String userName) {
        User user = userMapper.selectByUserNameIgnoreCase(userName);
        if (user == null) {
            return new UserPermissionDto();
        }
        UserPermissionDto userPermission = new UserPermissionDto();
        userPermission.setID(user.getID());
        userPermission.setIsAdmin(user.getIsAdmin());
        userPermission.setIsSuperAdmin(user.getIsSuperAdmin());
        userPermission.setUserName(userName);

        List<OrganizationPermissionDto> organizationPermissionDtos = new ArrayList<>();
        userPermission.setOrganizationPermissionList(organizationPermissionDtos);
        List<PermissionDto> permissionDtos = new ArrayList<>();
        userPermission.setPermissionList(permissionDtos);

        List<UserRole> urList = findUserRolesByUserId(user.getID());
        List<RolePermission> rolePermissionList = findAllRolePermissions();
        List<Permission> permissionList = findPermissionsByIsActive(CommonConstants.ACTIVE_STATUS);

        List<RolePermission> newRolePermissions = new ArrayList<>();
        List<Permission> newPermissions = new ArrayList<>();
        for (UserRole userRole : urList) {
            if (userRole.getRoleID() == null) {
                continue;
            }
            for (RolePermission rolePermission : rolePermissionList) {
                if (rolePermission.getRoleID() != null && rolePermission.getRoleID().equals(userRole.getRoleID())) {
                    newRolePermissions.add(rolePermission);
                }
            }
        }
        for (RolePermission rolePermission : newRolePermissions) {
            if (rolePermission.getPermissionID() == null) {
                continue;
            }
            for (Permission permission : permissionList) {
                if (permission.getID().equals(rolePermission.getPermissionID())) {
                    newPermissions.add(permission);
                }
            }
        }
        // 把原始的角色信息加上
        List<PermissionDto> userRoleList = newPermissions.stream().map(this::rotatePermissionToPermissionDto).distinct()
                .collect(Collectors.toList());

        // 获取机构权限列表
        userPermission
                .setOrganizationPermissionList(getOrganizationPermissionList(user, rolePermissionList, permissionList));

        List<String> menuIDList = userRoleList.stream()
                .filter(oneUserRole -> StringUtils.hasText(oneUserRole.getMenuID()))
                .map(oneUserRole -> oneUserRole.getMenuID()).collect(Collectors.toList());

        List<Menu> menuList = menuService.findByIsActive(CommonConstants.ACTIVE_STATUS);
        userPermission.setPermissionList(userRoleList);
        List<String> urls = new ArrayList<>();
        for (String item : menuIDList) {
            List<String> temp = getNavigationUrl(item, menuList);
            urls.addAll(temp);
        }

        if (!urls.isEmpty()) {
            // 把Admin首页地址加上
            urls.add(CommonConstants.AdminHomePage);
        }
        userPermission.setNavigationUrlList(urls);

        // 查看用户
        if (userRoleList.stream().anyMatch(oneUserRole -> PermissionCode.QueryUserCode.equals(oneUserRole.getCode()))) {
            userPermission.getNavigationUrlList().addAll(PermissionUrl.ExtraQueryUseList);
        }

        // 查看机构
        if (userRoleList.stream()
                .anyMatch(oneUserRole -> PermissionCode.QueryOranizationCode.equals(oneUserRole.getCode()))) {
            userPermission.getNavigationUrlList().addAll(PermissionUrl.ExtraQueryOranizationList);
        }

        // 查看事业部、区域、机构、自定义维度dashboard 特殊处理
        if (userRoleList.stream()
                .anyMatch(oneUserRole -> PermissionCode.DimensionPermissionCodeList.contains(oneUserRole.getCode()))) {
            userPermission.getNavigationUrlList().addAll(PermissionUrl.ExtraQueryBusinessUnit);
        }

        userPermission.setNavigationUrlList(
                userPermission.getNavigationUrlList().stream().distinct().collect(Collectors.toList()));
        return userPermission;
    }

    private List<String> getNavigationUrl(String menuID, List<Menu> menuList) {
        List<String> retlist = new ArrayList<>();
        List<Menu> findMenus = menuList.stream().filter(oneMenu -> menuID.equals(oneMenu.getID()))
                .collect(Collectors.toList());
        if (findMenus.isEmpty()) {
            return retlist;
        }
        Menu findMenu = findMenus.get(0);
        if (StringUtils.hasText(findMenu.getParentID())) {
            List<String> tempList = getNavigationUrl(findMenu.getParentID(), menuList);
            retlist.addAll(tempList);
        }
        if (StringUtils.hasText(findMenu.getNavigationUrl())) {
            if (CommonConstants.BasicDataManageMenu.equals(findMenu.getID())) {
                return retlist;
            }
            retlist.add(findMenu.getNavigationUrl());
            return retlist;
        }
        return retlist;
    }

    private List<Permission> findPermissionsByIsActive(Boolean isActive) {
        PermissionExample permissionExample = new PermissionExample();
        permissionExample.createCriteria().andIsActiveEqualTo(isActive);
        return permissionMapper.selectByExample(permissionExample);
    }

    private List<UserRole> findUserRolesByUserId(String userId) {
        UserRoleExample userRoleExample = new UserRoleExample();
        userRoleExample.createCriteria().andUserIDEqualTo(userId);
        return userRoleMapper.selectByExample(userRoleExample);
    }

    private List<RolePermission> findAllRolePermissions() {
        return rolePermissionMapper.selectByExample(new RolePermissionExample());
    }

    private PermissionDto rotatePermissionToPermissionDto(Permission permission) {
        PermissionDto permissionDto = new PermissionDto();
        permissionDto.setCode(permission.getCode());
        permissionDto.setID(permission.getID());
        permissionDto.setName(permission.getName());
        permissionDto.setParentID(permission.getParentID());
        permissionDto.setMenuID(permission.getMenuID());
        return permissionDto;
    }

    private PermissionKeyDto rotatePermissionToPermissionKeyDto(Permission permission) {
        PermissionKeyDto permissionKeyDto = new PermissionKeyDto();
        CommonUtils.copyProperties(permission, permissionKeyDto);
        return permissionKeyDto;
    }

    private List<OrganizationPermissionDto> getOrganizationPermissionList(User user,
            List<RolePermission> rolePermissionList, List<Permission> permissionList) {
        VMUser vmUser = new VMUser();
        vmUser.setID(user.getID());
        vmUser.setEmail(user.getEmail());
        vmUser.setIsAdmin(CommonConstants.ADMIN_STATUS.equals(user.getIsAdmin()));
        vmUser.setOrganizationID(user.getOrganizationID());
        List<OrganizationPermissionDto> retList = new ArrayList<>();
        if (user.getIsSuperAdmin()) {
            return retList;
        }
        List<UserRoleInfo> result = roleService.getUserRoleByUser(vmUser);
        if (result != null && !result.isEmpty()) {
            for (UserRoleInfo org : result) {
                OrganizationPermissionDto orgPermission = new OrganizationPermissionDto();
                orgPermission.setID(org.getOrganizationID());
                orgPermission.setName(org.getOrganizationName());
                List<PermissionDto> permissionDtos = new ArrayList<>();
                orgPermission.setPermissionList(permissionDtos);

                List<RolePermission> rolePermissions = new ArrayList<>();
                for (RoleInfo roleInfo : org.getRoleInfoList()) {
                    for (RolePermission rolePermission : rolePermissionList) {
                        if (roleInfo.getID().equals(rolePermission.getRoleID())) {
                            rolePermissions.add(rolePermission);
                        }
                    }
                }

                List<Permission> permissions = new ArrayList<>();
                for (RolePermission rolePermission : rolePermissions) {
                    if (rolePermission.getPermissionID() == null) {
                        continue;
                    }
                    for (Permission permission : permissionList) {
                        if (rolePermission.getPermissionID().equals(permission.getID())) {
                            permissions.add(permission);
                        }
                    }
                }
                List<PermissionDto> permissionDtoList = permissions.stream().map(this::rotatePermissionToPermissionDto)
                        .distinct().collect(Collectors.toList());
                orgPermission.setPermissionList(permissionDtoList);
                retList.add(orgPermission);
            }
        }
        return retList;
    }

    private List<OrganizationPermissionKeyDto> getOrganizationPermissionKeyList(User user,
            List<RolePermission> rolePermissionList, List<Permission> permissionList) {
        VMUser vmUser = new VMUser();
        vmUser.setID(user.getID());
        vmUser.setEmail(user.getEmail());
        vmUser.setIsAdmin(CommonConstants.ADMIN_STATUS.equals(user.getIsAdmin()));
        vmUser.setOrganizationID(user.getOrganizationID());
        List<OrganizationPermissionKeyDto> retList = new ArrayList<>();
        if (CommonConstants.ADMIN_STATUS.equals(user.getIsAdmin())) {
            // 如果是admin，则拥有所有权限
            return retList;
        }
        List<UserRoleInfo> result = roleService.getUserRoleByUser(vmUser);
        if (result != null && !result.isEmpty()) {
            for (UserRoleInfo org : result) {
                OrganizationPermissionKeyDto orgPermission = new OrganizationPermissionKeyDto();
                orgPermission.setID(org.getOrganizationID());
                orgPermission.setName(org.getOrganizationName());
                List<PermissionKeyDto> permissionDtos = new ArrayList<>();
                orgPermission.setPermissionList(permissionDtos);

                List<RolePermission> rolePermissions = new ArrayList<>();
                for (RoleInfo roleInfo : org.getRoleInfoList()) {
                    for (RolePermission rolePermission : rolePermissionList) {
                        if (roleInfo.getID().equals(rolePermission.getRoleID())) {
                            rolePermissions.add(rolePermission);
                        }
                    }
                }

                List<Permission> permissions = new ArrayList<>();
                for (RolePermission rolePermission : rolePermissions) {
                    if (rolePermission.getPermissionID() == null) {
                        continue;
                    }
                    for (Permission permission : permissionList) {
                        if (rolePermission.getPermissionID().equals(permission.getID())) {
                            permissions.add(permission);
                        }
                    }
                }
                List<PermissionKeyDto> permissionDtoList = permissions.stream()
                        .map(this::rotatePermissionToPermissionKeyDto).distinct().collect(Collectors.toList());
                orgPermission.setPermissionList(permissionDtoList);
                retList.add(orgPermission);
            }
        }
        return retList;
    }

    private OrganizationPermissionDto rotateUserRoleInfoToOrganizationPermissionDto(UserRoleInfo userRoleInfo) {
        OrganizationPermissionDto organizationPermissionDto = new OrganizationPermissionDto();
        organizationPermissionDto.setID(userRoleInfo.getOrganizationID());
        organizationPermissionDto.setName(userRoleInfo.getOrganizationName());
        List<PermissionDto> permissionDtos = new ArrayList<>();
        organizationPermissionDto.setPermissionList(permissionDtos);
        return organizationPermissionDto;
    }

    @Override
    public User getUser(String id) {
        return userMapper.selectByPrimaryKey(id);
    }

    @Override
    public OperationResultDto<LoginOutputDto> login(LoginInputDto input) {
        // return dummyLogin(input);
        return doLogin(input);
    }

    private OperationResultDto<LoginOutputDto> doLogin(LoginInputDto input) {
        logger.debug("doLogin start");
        Assert.notNull(input, "Null input");
        final String inputLoginName = input.getEmail();
        Assert.hasText(inputLoginName, "empty email");
        Assert.hasText(input.getPassword(), "empty password");
        logger.debug("ready to call userMapper.selectByUserNameIgnoreCase");
        // 查找用户时需要忽略大小写
        User tempUser = userMapper.selectByUserNameIgnoreCase(inputLoginName);
        logger.debug("print tempUser is null?:{}", tempUser == null);

        // 判断用户是否是正常状态
        final OperationResultDto<LoginOutputDto> loginResult = activeCheck(tempUser);
        final LoginOutputDto loginOutputDto = loginResult.getData();
        if (loginResult.getResult() != null && !loginResult.getResult()) {
            logger.debug(
                    "return loginResult after activeCheck due to loginResult.getResult():{}, loginOutputDto.getCheckState():{}",
                    loginResult.getResult(), loginOutputDto.getCheckState());
            return loginResult;
        }
        Assert.notNull(tempUser, "Null tempUser after calling activeCheck()");
        final boolean isExternalUser = UserLoginType.ExternalUser.equals(tempUser.getLoginType());
        logger.debug("print tempUser.getLoginType():{}", tempUser.getLoginType());
        loginOutputDto.setIsExternalUser(isExternalUser);
        logger.debug("print tempUser.getID():{}", tempUser.getID());
        loginOutputDto.setUserID(tempUser.getID());

        // 根据用户的登录类型选择不同的登录验证方式
        OperationResultDto<LoginOutputDto> newloginResult = null;
        if (isExternalUser) {
            newloginResult = externalUserLogin(tempUser, inputLoginName, input.getPassword());
        } else {
            newloginResult = internalUserLogin(tempUser, inputLoginName, input.getPassword());
        }

        final LoginOutputDto newloginOutputDto = newloginResult.getData();
        // 如果登录失败，则根据失败的次数增加尝试登录次数以及修改用户状态
        if (newloginResult.getResult() != null && !newloginResult.getResult()) {
            if (newloginOutputDto != null
                    && CheckState.WrongPassword.value().equals(newloginOutputDto.getCheckState())) {
                logger.debug("如果登录失败，则根据失败的次数增加尝试登录次数以及修改用户状态");
                userAccountService.dealWithWrongPassword(tempUser);
            }
            return newloginResult;
        }
        newloginOutputDto.setUserID(tempUser.getID());

        // 如果用户登录成功，且尝试登录次数不为0，则重置登录次数
        if (tempUser.getAttemptTimes() != null && tempUser.getAttemptTimes() > 0) {
            logger.debug("如果用户登录成功，且尝试登录次数不为0，则重置登录次数");
            userAccountService.resetAttemptTimes(tempUser);
        } else {
            logger.debug("如果用户登录成功，跳过重置登录次数");
        }

        // 原注释“如果用户为外部用户，且账户状态正常，则需要修改密码”
        // 但是以下的场景不可能发生，InActive的用户会被activeCheck方法拒绝登录
        if (isExternalUser && UserStatus.InActive.value().equals(tempUser.getStatus())) {
            needChangePassword(tempUser, newloginResult);
        }

        if (newloginResult.getResult() != null && newloginResult.getResult()) {
            newloginResult.getData().setMessage("Login success.");
            logger.debug("创建AtmsTokenDto");
            AtmsTokenDto token = new AtmsTokenDto();
            newloginResult.getData().setToken(token);
            String accessToken = jwtUtil.generateToken(inputLoginName, tempUser.getUserName(), tempUser.getID());
            token.setAccess_token(accessToken);
            token.setToken_type("bearer");
            token.setExpires_in(86400000L);
            // api_host可以由atms-web端来赋值
            token.setApi_host("NA");
            token.setVat_api_host("https://cnshaappuwv023:30005");
            token.setTp_url("https://cnshaappuwv023:35001");
            token.setVersion("1.0" + ".0.0");
            token.setUser_name(inputLoginName);
            token.setLocal_name(inputLoginName);
            token.setNeed_change_password(false);
            token.setIs_external_user(isExternalUser);
            token.setUser_id(tempUser.getID());
            logger.debug("创建UserDto");

            /// @see PwC.Tax.Tech.Atms.Web\Controllers\AccountController.cs
            /// C#代码：User = new UserDto { UniqueID = Guid.NewGuid().ToString(), LoginName =
            /// userName, Password = password },
            WebUserDto userDto = new WebUserDto();
            newloginResult.getData().setUser(userDto);
            userDto.setUniqueId(CommonUtils.getUUID());
            userDto.setLoginName(inputLoginName);
            // 参照C#代码设置password
            userDto.setPassword(input.getPassword());
            userDto.setHasValidPeriod(false);
        } else {
            logger.error("状态异常");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("print return json:{}", JSON.toJSONString(newloginResult, true));
        }
        return newloginResult;
    }

    private void needChangePassword(User tempUser, OperationResultDto<LoginOutputDto> newloginResult) {
        // 这不可能发生，InActive的用户会被activeCheck方法拒绝登录
        throw new ApplicationException("Not happens");
    }

    private OperationResultDto<LoginOutputDto> internalUserLogin(User tempUser, String username, String password) {
        if (UserLoginType.ADUser.equals(tempUser.getLoginType())) {
            return adLoginCheck(username, password);
        } else {
            return passwordLoginCheck(tempUser, password);
        }
    }

    public OperationResultDto<LoginOutputDto> adLoginCheck(String username, String password) {
        boolean authenticated = ldapAuthenticationProvider.authenticate(username, password);
        if (authenticated) {
            logger.debug("LDAP server return true");
            OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
            result.setResult(true);
            LoginOutputDto data = new LoginOutputDto();
            data.setCheckState(CheckState.Success.value());
            result.setData(data);
            return result;
        } else {
            logger.debug("LDAP server return false");
            OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
            result.setResult(false);
            LoginOutputDto data = new LoginOutputDto();
            data.setCheckState(CheckState.WrongPassword.value());
            result.setData(data);
            return result;
        }

    }

    @Override
    public OperationResultDto<LoginOutputDto> externalUserLogin(User tempUser, String email, String password) {
        return passwordLoginCheck(tempUser, password);
    }

    private OperationResultDto<LoginOutputDto> passwordLoginCheck(User tempUser, String password) {
        logger.debug("externalUserLogin start");
        boolean passwordMatch = atmsPasswordEncoder.matches(password, tempUser.getPassword());
        if (!passwordMatch) {
            logger.debug("密码错误");
            OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
            result.setResult(false);
            LoginOutputDto data = new LoginOutputDto();
            data.setCheckState(CheckState.WrongPassword.value());
            result.setData(data);
            return result;
        }
        logger.debug("密码校验成功");
        OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
        result.setResult(true);
        LoginOutputDto data = new LoginOutputDto();
        data.setCheckState(CheckState.Success.value());
        result.setData(data);
        return result;
    }

    @Override
    public OperationResultDto<LoginOutputDto> activeCheck(User tempUser) {
        if (tempUser == null) {
            OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
            result.setResult(false);
            LoginOutputDto data = new LoginOutputDto();
            data.setCheckState(CheckState.UserNameNotExist.value());
            result.setData(data);
            return result;
        }
        boolean inactive = tempUser.getStatus() != null && tempUser.getStatus().equals(UserStatus.InActive.value());
        boolean locked = tempUser.getStatus() != null && tempUser.getStatus().equals(UserStatus.Locked.value());
        if (inactive || locked) {
            OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
            result.setResult(false);
            LoginOutputDto data = new LoginOutputDto();
            data.setCheckState(CheckState.Inactive.value());
            result.setData(data);
            return result;
        }

        OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
        result.setResult(true);
        LoginOutputDto data = new LoginOutputDto();
        data.setCheckState(CheckState.Success.value());
        result.setData(data);
        return result;
    }

    private OperationResultDto<LoginOutputDto> dummyLogin() {
        OperationResultDto<LoginOutputDto> operationResultDto = new OperationResultDto<>();
        operationResultDto.setResult(true);
        operationResultDto.setResultMsg("OK");
        operationResultDto.setReturnCode(200);
        LoginOutputDto loginOutputDto = new LoginOutputDto();
        operationResultDto.setData(loginOutputDto);
        loginOutputDto.setApiHost("apihost1");
        loginOutputDto.setCheckState(4);
        loginOutputDto.setToken(new AtmsTokenDto());
        return operationResultDto;
    }

    @Override
    public OperationResultDto<LogOnDto> changeExternalUserPassword(UserPasswordDto userPasswordDto) {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    public UserPermissionKeyDto getUserPermissionKey(String userName) {
        User user = userMapper.selectByUserNameIgnoreCase(userName);
        if (user == null) {
            return new UserPermissionKeyDto();
        }
        UserPermissionKeyDto userPermission = new UserPermissionKeyDto();
        userPermission.setID(user.getID());
        userPermission.setIsAdmin(user.getIsAdmin());
        userPermission.setIsSuperAdmin(user.getIsSuperAdmin());
        userPermission.setUserName(userName);

        List<OrganizationPermissionKeyDto> organizationPermissionDtos = new ArrayList<>();
        userPermission.setOrganizationPermissionList(organizationPermissionDtos);
        List<PermissionKeyDto> permissionDtos = new ArrayList<>();
        userPermission.setPermissionList(permissionDtos);

        List<UserRole> urList = findUserRolesByUserId(user.getID());
        List<RolePermission> rolePermissionList = findAllRolePermissions();
        List<Permission> permissionList = findPermissionsByIsActive(CommonConstants.ACTIVE_STATUS);

        List<RolePermission> newRolePermissions = new ArrayList<>();
        List<Permission> newPermissions = new ArrayList<>();
        for (UserRole userRole : urList) {
            if (userRole.getRoleID() == null) {
                continue;
            }
            for (RolePermission rolePermission : rolePermissionList) {
                if (rolePermission.getRoleID() != null && rolePermission.getRoleID().equals(userRole.getRoleID())) {
                    newRolePermissions.add(rolePermission);
                }
            }
        }
        for (RolePermission rolePermission : newRolePermissions) {
            if (rolePermission.getPermissionID() == null) {
                continue;
            }
            for (Permission permission : permissionList) {
                if (permission.getID().equals(rolePermission.getPermissionID())) {
                    newPermissions.add(permission);
                }
            }
        }
        // 把原始的角色信息加上
        List<PermissionKeyDto> userRoleList = newPermissions.stream().map(this::rotatePermissionToPermissionKeyDto)
                .distinct().collect(Collectors.toList());

        // 获取机构权限列表
        userPermission.setOrganizationPermissionList(
                getOrganizationPermissionKeyList(user, rolePermissionList, permissionList));

        List<String> menuIDList = userRoleList.stream()
                .filter(oneUserRole -> StringUtils.hasText(oneUserRole.getMenuID()))
                .map(oneUserRole -> oneUserRole.getMenuID()).collect(Collectors.toList());

        List<Menu> menuList = menuService.findByIsActive(CommonConstants.ACTIVE_STATUS);
        userPermission.setPermissionList(userRoleList);
        List<String> urls = new ArrayList<>();
        for (String item : menuIDList) {
            List<String> temp = getNavigationUrl(item, menuList);
            urls.addAll(temp);
        }

        if (!urls.isEmpty()) {
            // 把Admin首页地址加上
            urls.add(CommonConstants.AdminHomePage);
        }
        userPermission.setNavigationUrlList(urls);

        // 查看用户
        if (userRoleList.stream().anyMatch(oneUserRole -> PermissionCode.QueryUserCode.equals(oneUserRole.getCode()))) {
            userPermission.getNavigationUrlList().addAll(PermissionUrl.ExtraQueryUseList);
        }

        // 查看机构
        if (userRoleList.stream()
                .anyMatch(oneUserRole -> PermissionCode.QueryOranizationCode.equals(oneUserRole.getCode()))) {
            userPermission.getNavigationUrlList().addAll(PermissionUrl.ExtraQueryOranizationList);
        }

        userPermission.setNavigationUrlList(
                userPermission.getNavigationUrlList().stream().distinct().collect(Collectors.toList()));
        return userPermission;
    }

    @Override
    public List<User> findAllUsers() {
        UserExample userExample = new UserExample();
        return userMapper.selectByExample(userExample);
    }

    @Override
    public UserDto getUserByID(String userId) {
        List<UserDto> userDtos = userMapper.selectUserWithOrgInfoByID(userId);
        if (userDtos != null && !userDtos.isEmpty()) {
            return userDtos.get(0);
        }
        return null;
    }

    @Override
    public OperationResultDto<User> updateUser(UserAndUserRoleSaveDto userDto) {
        OperationResultDto<User> result = checkUserExist(userDto.getUserName(), userDto.getID());
        OperationResultDto<User> operationResultDto = new OperationResultDto<>();
        if (result != null && !BooleanUtils.isTrue(result.getResult())) {
            return result;
        }

        result = checkEmailExist(userDto.getEmail(), userDto.getID());
        if (result != null && !BooleanUtils.isTrue(result.getResult())) {
            return result;
        }
        User user = userMapper.selectByPrimaryKey(userDto.getID());
        Assert.notNull(user, "Null user");
        if (!Objects.equals(userDto.getIsAdmin(), BooleanUtils.isTrue(user.getIsAdmin()))) {
            String userName = authUserHelper.getCurrentAuditor();
            User operateUser = userMapper.selectByUserNameIgnoreCase(userName);
            if (operateUser != null && BooleanUtils.isFalse(operateUser.getIsAdmin())) {
                operationResultDto.setResult(false);
                operationResultDto.setResultMsg(UserMessage.HasNoPermission);
                return operationResultDto;
            }
        }

        if (userDto.getRoleIDs() == null) {
            userDto.setRoleIDs(new ArrayList<>());
        }
        User userOriginal = CommonUtils.copyProperties(user, new User());
        user.setUserName(userDto.getUserName());
        user.setEmail(userDto.getEmail());
        user.setIsAdmin(BooleanUtils.isTrue(userDto.getIsAdmin()));
        user.setOrganizationID(userDto.getOrganizationID());
        user.setUpdateTime(new Date());
        List<UserRole> oldUserRoleList = findUserRoleByUserIDWithoutProjectID(user.getID());
        List<UserRole> userRoleList = new ArrayList<>();
        List<UserRole> needDeleteList = oldUserRoleList.stream()
                .filter(p -> userDto.getRoleIDs().stream().noneMatch(sa -> Objects.equals(sa, p.getRoleID())))
                .collect(Collectors.toList());
        for (UserRole userRole : needDeleteList) {
            logger.debug("Start to delete userRole [ {} ]", userRole.getID());
            userRoleMapper.deleteByPrimaryKey(userRole.getID());
        }
        List<Role> roleQuery = roleMapper.selectByExample(new RoleExample());
        for (String role : userDto.getRoleIDs()) {
            if (oldUserRoleList.stream().anyMatch(sa -> Objects.equals(sa.getRoleID(), role))) {
                continue;
            }
            Role r = roleQuery.stream().filter(p -> Objects.equals(p.getID(), role)).findFirst().orElse(null);
            UserRole userRole = new UserRole();
            userRole.setID(CommonUtils.getUUID());
            userRole.setUserID(user.getID());
            userRole.setRoleID(role);
            userRole.setServiceTypeID(r != null ? r.getServiceTypeID() : "");
            userRoleList.add(userRole);
            logger.debug("Start to insert user role [ {} ] with roleID [ {} ]", userRole.getID(), role);
            userRoleMapper.insertSelective(userRole);
        }
        // 添加所属机构的访问权限
        UserOrganization userOrganization = findUserOrganizationByUserIDAndOrganizationID(user.getID(),
                user.getOrganizationID()).stream().findFirst().orElse(null);
        if (userOrganization == null) {
            userOrganization = new UserOrganization();
            userOrganization.setOrganizationID(user.getOrganizationID());
            userOrganization.setUserID(user.getID());
            userOrganization.setIsAccessible(CommonConstants.IsAccessible);
            userOrganization.setID(CommonUtils.getUUID());
            userOrganization.setHasOriginalRole(CommonConstants.HasOriginalRole);
            userOrganizationMapper.insert(userOrganization);
        } else if (BooleanUtils.isFalse(userOrganization.getHasOriginalRole())) {
            userOrganization.setHasOriginalRole(CommonConstants.HasOriginalRole);
            userOrganizationMapper.updateByPrimaryKey(userOrganization);
        }

        userMapper.updateByPrimaryKey(user);
        // 删除以前的用户角色数据日志
        List<UpdateLogParams> oldUserRoleLogs = new ArrayList<>();
        for (UserRole oldUserRole : oldUserRoleList) {
            Role role = roleQuery.stream().filter(sa -> Objects.equals(sa.getID(), oldUserRole.getRoleID())).findFirst()
                    .orElse(null);
            oldUserRoleLogs.add(generateUpdateLogParams(OperateLogType.OperationLogUser.value(),
                    role == null ? "" : role.getName(), userOriginal.getUserName(), OperationAction.Delete.value(),
                    OperationModule.UserRole.value()));
        }
        operationLogService.addOrDeleteDataAddLog(oldUserRoleLogs);
        // 新增新的用户角色数据日志
        List<UpdateLogParams> userRoleLogs = new ArrayList<>();
        for (UserRole userRole : userRoleList) {
            Role role = roleQuery.stream().filter(sa -> Objects.equals(sa.getID(), userRole.getRoleID())).findFirst()
                    .orElse(null);
            userRoleLogs.add(
                    generateUpdateLogParams(OperateLogType.OperationLogUser.value(), role == null ? "" : role.getName(),
                            userOriginal.getUserName(), OperationAction.New.value(), OperationModule.UserRole.value()));
        }
        operationLogService.addOrDeleteDataAddLog(userRoleLogs);
        // 更新用户信息日志
        UpdateLogParams updateLogParams = generateUpdateLogParams(OperateLogType.OperationLogUser.value(), "",
                userOriginal.getUserName(), OperationAction.Update.value(), OperationModule.User.value());
        updateLogParams.setComment("");
        updateLogParams.setUpdateState(user);
        updateLogParams.setOriginalState(userOriginal);
        operationLogService.updateDataAddLog(updateLogParams);
        operationResultDto.setResult(true);
        return operationResultDto;
    }

    private UpdateLogParams generateUpdateLogParams(Integer logType, String operationContent, String operationObject,
            Integer action, Integer module) {
        UpdateLogParams updateLogParams = new UpdateLogParams();
        updateLogParams.setOperateLogType(logType);
        updateLogParams.setOperationContent(operationContent);
        updateLogParams.setOperationObject(operationObject);
        updateLogParams.setOperationAction(action);
        updateLogParams.setOperationModule(module);
        return updateLogParams;
    }

    @Override
    public List<UserOrganization> findUserOrganizationByUserIDAndOrganizationID(String userID, String organizationID) {
        UserOrganizationExample userOrganizationExample = new UserOrganizationExample();
        pwc.taxtech.atms.entitiy.UserOrganizationExample.Criteria criteria = userOrganizationExample.createCriteria();
        criteria.andUserIDEqualTo(userID);
        criteria.andOrganizationIDEqualTo(organizationID);
        return userOrganizationMapper.selectByExample(userOrganizationExample);
    }

    private List<UserRole> findUserRoleByUserIDWithoutProjectID(String userID) {
        UserRoleExample userRoleExample = new UserRoleExample();
        Criteria criteria = userRoleExample.createCriteria();
        criteria.andUserIDEqualTo(userID);
        criteria.andProjectIDIsNull();
        return userRoleMapper.selectByExample(userRoleExample);
    }

    @Override
    public OperationResultDto<User> checkUserExist(String userName, String userID) {
        User user = null;
        OperationResultDto<User> operationResultDto = new OperationResultDto<>();
        if (CommonConstants.EMPTY_UUID.equals(userID)) {
            user = userMapper.selectByUserNameIgnoreCase(userName);
        } else {
            UserDto userDto = new UserDto();
            userDto.setID(userID);
            userDto.setUserName(userName);
            user = userMapper.selectUserWithSameUserName(userDto);
        }
        if (user != null && user.getID() != null) {
            operationResultDto.setResult(false);
            operationResultDto.setResultMsg(UserMessage.UserExistsInfo);
            return operationResultDto;
        }
        operationResultDto.setResult(true);
        return operationResultDto;
    }

    @Override
    public OperationResultDto<User> checkEmailExist(String email, String userID) {
        User user = null;
        OperationResultDto<User> operationResultDto = new OperationResultDto<>();
        if (CommonConstants.EMPTY_UUID.equals(userID)) {
            user = userMapper.selectByEmailIgnoreCase(email);
        } else {
            UserDto userDto = new UserDto();
            userDto.setID(userID);
            userDto.setEmail(email);
            user = userMapper.selectUserWithSameEmail(userDto);
        }
        if (user != null && user.getID() != null) {
            operationResultDto.setResult(false);
            operationResultDto.setResultMsg(UserMessage.EmailRegisted);
            return operationResultDto;
        }
        operationResultDto.setResult(true);
        return operationResultDto;
    }

    @Override
    public void deleteUserDimensionValue(DimensionRoleDto dto, String userID) {
        if (dto == null || userID == null) {
            throw new ApplicationException(CommonConstants.JSONNULLOBJECT);
        }
        UserDimensionValueExample userDimensionValueExample = new UserDimensionValueExample();
        userDimensionValueExample.createCriteria().andUserIDEqualTo(userID).andDimensionIDEqualTo(dto.getDimensionID())
                .andDimensionValueIDEqualTo(dto.getDimensionValueID());
        UserDimensionValue userDimensionValue = userDimensionValueMapper.selectByExample(userDimensionValueExample)
                .stream().findFirst().orElse(null);
        if (userDimensionValue != null) {
            List<String> roleIdList = dto.getRoleList().stream().map(SimpleRoleDto::getRoleID).collect(toList());
            UserDimensionValueRoleExample userDimensionValueRoleExample = new UserDimensionValueRoleExample();
            userDimensionValueRoleExample.createCriteria().andUserDimensionValueIDEqualTo(userDimensionValue.getID())
                    .andRoleIDIn(roleIdList);
            List<UserDimensionValueRole> items = userDimensionValueRoleMapper
                    .selectByExample(userDimensionValueRoleExample);
            userDimensionValueMapper.deleteByPrimaryKey(userDimensionValue.getID());
            for (UserDimensionValueRole item : items) {
                logger.debug("Start to delete UserDimensionValueRole [ {} ]", item.getID());
                userDimensionValueRoleMapper.deleteByPrimaryKey(item.getID());
            }
        }
    }

    /**
     * 机构用户界面，弹框权限编辑卡片，做删除 如果是维度上的，修改可以继承，还是不可继承 删除，如果是附加原始角色，修改标记Hasorignialrole to
     * 0 删除，如果是附加附加角色，则删除
     */
    @SuppressWarnings("rawtypes")
    @Override
    public OperationResultDto deleteUserOrg(List<UserRoleDimensionValueDto> userRoleList) {
        if (userRoleList == null) {
            throw new ApplicationException(CommonConstants.JSONNULLOBJECT);
        }
        for (UserRoleDimensionValueDto r : userRoleList) {
            // OrgCustomDto dimension =
            // organizationService.getDimensionValueName(r.getDimensionID(),
            // r.getDimensionValueID());
            // String dimensionName = dimension.getDimensionName();
            // String dimensionValueName = dimension.getDimensionValueName();

            String operateUserName = userRoleService.getUserDtoByID(r.getUserID()).getUserName();
            String orgName = userRoleService.getOrgDtoByID(r.getOrganizationID()).getName();
            // 如果角色是附加的，附加有附加原始，和附加额外的
            if (DimensionConstant.ExtraOrgDimensionID.equals(r.getDimensionID())) {
                UserOrganization userOrg = findUserOrganizationByUserIDAndOrganizationID(r.getUserID(),
                        r.getOrganizationID()).stream().findFirst().orElse(null);
                // 附加额外角色,删除
                if (DimensionConstant.ExtraOrgDimensionValueID.equals(r.getDimensionValueID()) && userOrg != null) {
                    UserOrganizationRoleExample userOrganizationRoleExample = new UserOrganizationRoleExample();
                    userOrganizationRoleExample.createCriteria().andUserOrganizationIDEqualTo(userOrg.getID());
                    List<UserOrganizationRole> target = userOrganizationRoleMapper
                            .selectByExample(userOrganizationRoleExample);
                    for (UserOrganizationRole oneTarget : target) {
                        logger.debug("Start to delete UserOrganizationRole [ {} ]", oneTarget.getID());
                        userOrganizationRoleMapper.deleteByPrimaryKey(oneTarget.getID());
                        // 添加日志
                        Role role = roleMapper.selectByPrimaryKey(oneTarget.getRoleID());
                        String roleName = role == null ? "" : role.getName();
                        operationLogService
                                .addOrDeleteDataAddLog(generateUpdateLogParams(OperateLogType.OperationLogUser.value(),
                                        orgName + CommonConstants.DashSignSeparator + operateUserName
                                                + CommonConstants.DashSignSeparator + roleName,
                                        operateUserName, OperationAction.Delete.value(),
                                        OperationModule.UserOrganizationRole.value()));
                    }
                }
                // 删除，附加原始角色 设置为不继承原始
                if (DimensionConstant.OriginalRoleDimensionValueID.equals(r.getDimensionValueID()) && userOrg != null) {
                    // UserOrganization old = CommonUtils.copyProperties(userOrg, new
                    // UserOrganization());
                    // 设置为不可继承原始角色
                    userOrg.setHasOriginalRole(CommonConstants.DEACTIVE_STATUS);
                    userOrganizationMapper.updateByPrimaryKey(userOrg);
                    // 添加日志
                    operationLogService
                            .updateDataAddLog(generateUpdateLogParams(OperateLogType.OperationLogUser.value(),
                                    orgName + CommonConstants.DashSignSeparator + operateUserName, operateUserName,
                                    OperationAction.Update.value(), OperationModule.UserOrganization.value()));
                }
            } else {
                // 机构在维度上的，设置可继承或者不可继承
                userRoleService.updateUserDimensionNonAccess(r);
            }
        }
        OperationResultDto operationResultDto = new OperationResultDto<>();
        operationResultDto.setResult(true);
        return operationResultDto;
    }

}