package cn.acyou.leo.framework.aspect;

import cn.acyou.leo.framework.annotation.authz.Logical;
import cn.acyou.leo.framework.annotation.authz.RequiresPermissions;
import cn.acyou.leo.framework.annotation.authz.RequiresRoles;
import cn.acyou.leo.framework.base.LoginUser;
import cn.acyou.leo.framework.constant.CommonErrorEnum;
import cn.acyou.leo.framework.context.AppContext;
import cn.acyou.leo.framework.exception.ServiceException;
import com.google.common.collect.Sets;
import java.util.Set;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;

@Aspect
@Component
/* loaded from: input_file:cn/acyou/leo/framework/aspect/PermissionsAspect.class */
public class PermissionsAspect {
    private static final Logger log = LoggerFactory.getLogger(PermissionsAspect.class);

    @Around("@annotation(cn.acyou.leo.framework.annotation.authz.RequiresRoles) || @annotation(cn.acyou.leo.framework.annotation.authz.RequiresPermissions)")
    public Object around(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        MethodSignature signature = proceedingJoinPoint.getSignature();
        RequiresRoles requiresRoles = (RequiresRoles) signature.getMethod().getAnnotation(RequiresRoles.class);
        RequiresPermissions requiresPermissions = (RequiresPermissions) signature.getMethod().getAnnotation(RequiresPermissions.class);
        if (requiresRoles != null) {
            LoginUser loginUser = AppContext.getLoginUser();
            if (loginUser == null) {
                throw new ServiceException(CommonErrorEnum.E_UNAUTHENTICATED);
            }
            Set<String> roleCodes = loginUser.getRoleCodes();
            Logical logical = requiresRoles.logical();
            String[] value = requiresRoles.value();
            if (logical.equals(Logical.AND) && !roleCodes.containsAll(Sets.newHashSet(value))) {
                throw new ServiceException(CommonErrorEnum.E_INSUFFICIENT_PERMISSIONS);
            }
            if (logical.equals(Logical.OR) && !CollectionUtils.containsAny(roleCodes, Sets.newHashSet(value))) {
                throw new ServiceException(CommonErrorEnum.E_INSUFFICIENT_PERMISSIONS);
            }
        }
        if (requiresPermissions != null) {
            LoginUser loginUser2 = AppContext.getLoginUser();
            if (loginUser2 == null) {
                throw new ServiceException(CommonErrorEnum.E_UNAUTHENTICATED);
            }
            Set<String> permsList = loginUser2.getPermsList();
            Logical logical2 = requiresPermissions.logical();
            String[] value2 = requiresPermissions.value();
            if (logical2.equals(Logical.AND) && !permsList.containsAll(Sets.newHashSet(value2))) {
                throw new ServiceException(CommonErrorEnum.E_INSUFFICIENT_PERMISSIONS);
            }
            if (logical2.equals(Logical.OR) && !CollectionUtils.containsAny(permsList, Sets.newHashSet(value2))) {
                throw new ServiceException(CommonErrorEnum.E_INSUFFICIENT_PERMISSIONS);
            }
        }
        return proceedingJoinPoint.proceed();
    }
}
