package cn.com.pc.rbac.client;

import cn.com.pc.rbac.client.annotation.NeedOperation;
import cn.com.pc.rbac.client.annotation.NeedResource;
import cn.com.pc.rbac.client.annotation.NeedRole;
import cn.com.pc.rbac.client.annotation.Rbac;
import cn.com.pc.rbac.client.model.Operator;
import cn.com.pc.rbac.client.model.Permission;
import cn.com.pc.rbac.client.model.Role;
import java.lang.reflect.Method;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.BooleanUtils;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:cn/com/pc/rbac/client/RbacInterceptor.class */
public class RbacInterceptor implements HandlerInterceptor {
    private final RbacService rbacService;

    public RbacInterceptor(RbacService rbacService) {
        this.rbacService = rbacService;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        RbacContext loadRbacContext = loadRbacContext((Long) httpServletRequest.getAttribute("aaa-identity-id"));
        Class beanType = handlerMethod.getBeanType();
        checkRole(loadRbacContext, (NeedRole) beanType.getDeclaredAnnotation(NeedRole.class));
        NeedResource needResource = (NeedResource) beanType.getDeclaredAnnotation(NeedResource.class);
        checkResource(loadRbacContext, needResource);
        checkRbac(loadRbacContext, (Rbac) beanType.getDeclaredAnnotation(Rbac.class));
        Method method = handlerMethod.getMethod();
        Rbac rbac = (Rbac) method.getDeclaredAnnotation(Rbac.class);
        checkRole(loadRbacContext, (NeedRole) method.getDeclaredAnnotation(NeedRole.class));
        NeedResource needResource2 = (NeedResource) method.getDeclaredAnnotation(NeedResource.class);
        checkOperation(loadRbacContext, needResource2 == null ? needResource : needResource2, (NeedOperation) method.getDeclaredAnnotation(NeedOperation.class));
        checkRbac(loadRbacContext, rbac);
        return true;
    }

    protected RbacContext loadRbacContext(Long l) {
        final Operator findOperator = this.rbacService.findOperator(l);
        final List<Role> listRolesOf = this.rbacService.listRolesOf(l);
        final List<Permission> listPermissionsOfOperator = this.rbacService.listPermissionsOfOperator(l);
        return new RbacContext() { // from class: cn.com.pc.rbac.client.RbacInterceptor.1
            @Override // cn.com.pc.rbac.client.RbacContext
            public Operator operator() {
                return findOperator;
            }

            @Override // cn.com.pc.rbac.client.RbacContext
            public List<Role> roles() {
                return listRolesOf;
            }

            @Override // cn.com.pc.rbac.client.RbacContext
            public List<Permission> permissions() {
                return listPermissionsOfOperator;
            }
        };
    }

    protected void checkRole(RbacContext rbacContext, NeedRole needRole) throws RbacException {
        if (needRole != null && !rbacContext.hasRole(needRole.value())) {
            throw new RbacException("权限不足");
        }
    }

    protected void checkResource(RbacContext rbacContext, NeedResource needResource) throws RbacException {
        if (needResource != null && !rbacContext.hasResource(needResource.value())) {
            throw new RbacException("权限不足");
        }
    }

    protected void checkRbac(RbacContext rbacContext, Rbac rbac) throws RbacException {
        if (rbac != null) {
            try {
                Object value = new SpelExpressionParser().parseExpression(rbac.value()).getValue(rbacContext);
                if (!(value instanceof Boolean) || BooleanUtils.isNotTrue((Boolean) value)) {
                    throw new RbacException("权限不足");
                }
            } catch (Exception e) {
                throw new RbacException(e.getMessage());
            }
        }
    }

    protected void checkOperation(RbacContext rbacContext, NeedResource needResource, NeedOperation needOperation) throws RbacException {
        if (needOperation == null) {
            checkResource(rbacContext, needResource);
        } else {
            if (needResource == null) {
                throw new RbacException("权限不足");
            }
            if (!rbacContext.can(needResource.value(), needOperation.value())) {
                throw new RbacException("权限不足");
            }
        }
    }
}
