package cn.omisheep.authz.core.slot;

import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.auth.rpd.AuthzDefender;
import cn.omisheep.authz.core.auth.rpd.PermRolesMeta;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.tk.Token;
import cn.omisheep.commons.util.CollectionUtils;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import org.springframework.web.method.HandlerMethod;

@Order(300)
/* loaded from: input_file:cn/omisheep/authz/core/slot/APIPermSlot.class */
public class APIPermSlot implements Slot {
    private final PermissionDict permissionDict;
    private final PermLibrary permLibrary;

    public APIPermSlot(PermissionDict permissionDict, PermLibrary permLibrary) {
        this.permissionDict = permissionDict;
        this.permLibrary = permLibrary;
    }

    @Override // cn.omisheep.authz.core.slot.Slot
    public boolean chain(HttpMeta httpMeta, HandlerMethod handlerMethod) {
        if (!httpMeta.isRequireProtect()) {
            return true;
        }
        PermRolesMeta permRolesMeta = this.permissionDict.getRolePermission().get(httpMeta.getMethod()).get(httpMeta.getApi());
        if (permRolesMeta.non()) {
            return true;
        }
        Token token = httpMeta.getToken();
        Set<String> set = null;
        boolean isEmpty = CollectionUtils.isEmpty(permRolesMeta.getRequireRoles());
        boolean isEmpty2 = CollectionUtils.isEmpty(permRolesMeta.getExcludeRoles());
        if (!isEmpty || !isEmpty2) {
            set = this.permLibrary.getRolesByUserId(token.getUserId());
            httpMeta.setRoles(set);
            if ((!isEmpty && !CollectionUtils.containsSub(permRolesMeta.getRequireRoles(), set)) || (!isEmpty2 && CollectionUtils.containsSub(permRolesMeta.getExcludeRoles(), set))) {
                AuthzDefender.logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                httpMeta.error(ExceptionStatus.PERM_EXCEPTION);
                return false;
            }
        }
        boolean isEmpty3 = CollectionUtils.isEmpty(permRolesMeta.getRequirePermissions());
        boolean isEmpty4 = CollectionUtils.isEmpty(permRolesMeta.getExcludePermissions());
        if (!isEmpty3 || !isEmpty4) {
            if (isEmpty && isEmpty2) {
                set = this.permLibrary.getRolesByUserId(token.getUserId());
                httpMeta.setRoles(set);
            }
            HashSet hashSet = new HashSet();
            Iterator it = ((Set) Optional.ofNullable(set).orElse(new HashSet())).iterator();
            while (it.hasNext()) {
                Set<String> permissionsByRole = this.permLibrary.getPermissionsByRole((String) it.next());
                hashSet.addAll(permissionsByRole);
                if (!isEmpty4 && CollectionUtils.containsSub(permRolesMeta.getExcludePermissions(), permissionsByRole)) {
                    AuthzDefender.logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                    httpMeta.error(ExceptionStatus.PERM_EXCEPTION);
                    return false;
                }
            }
            if (!isEmpty3 && !CollectionUtils.containsSub(permRolesMeta.getRequirePermissions(), hashSet)) {
                AuthzDefender.logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                httpMeta.error(ExceptionStatus.PERM_EXCEPTION);
                return false;
            }
            httpMeta.setPermissions(hashSet);
        }
        AuthzDefender.logs("Success", httpMeta, permRolesMeta);
        return true;
    }
}
