package cn.omisheep.authz.core.slot;

import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.auth.rpd.PermRolesMeta;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.util.LogUtils;
import cn.omisheep.commons.util.CollectionUtils;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.springframework.web.method.HandlerMethod;

@Order(300)
/* loaded from: input_file:cn/omisheep/authz/core/slot/APIPermSlot.class */
public class APIPermSlot implements Slot {
    private final PermLibrary permLibrary;

    public APIPermSlot(PermLibrary permLibrary) {
        this.permLibrary = permLibrary;
    }

    @Override // cn.omisheep.authz.core.slot.Slot
    public void chain(HttpMeta httpMeta, HandlerMethod handlerMethod, Error error) {
        if (httpMeta.isHasApiAuth() && check(PermissionDict.getControllerRolePermission().get(httpMeta.getController()), error, httpMeta)) {
            Map<String, PermRolesMeta> map = PermissionDict.getRolePermission().get(httpMeta.getApi());
            if (map == null || check(map.get(httpMeta.getMethod()), error, httpMeta)) {
                LogUtils.logs("Success: API", httpMeta);
            }
        }
    }

    private boolean check(PermRolesMeta permRolesMeta, Error error, HttpMeta httpMeta) {
        if (permRolesMeta == null || permRolesMeta.non()) {
            return true;
        }
        if (!CollectionUtils.isEmpty(permRolesMeta.getRequireRoles()) || !CollectionUtils.isEmpty(permRolesMeta.getExcludeRoles())) {
            Set<String> roles = httpMeta.getRoles();
            if (!CollectionUtils.containsSub(permRolesMeta.getRequireRoles(), roles) || CollectionUtils.containsSub(permRolesMeta.getExcludeRoles(), roles)) {
                LogUtils.logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                error.error(ExceptionStatus.PERM_EXCEPTION);
                return false;
            }
        }
        if (CollectionUtils.isEmpty(permRolesMeta.getRequirePermissions()) && CollectionUtils.isEmpty(permRolesMeta.getExcludePermissions())) {
            return true;
        }
        HashSet hashSet = new HashSet();
        Iterator it = ((Set) Optional.ofNullable(httpMeta.getRoles()).orElse(new HashSet())).iterator();
        while (it.hasNext()) {
            Collection<String> permissionsByRole = this.permLibrary.getPermissionsByRole((String) it.next());
            if (permissionsByRole != null) {
                hashSet.addAll(permissionsByRole);
            }
            if (CollectionUtils.containsSub(permRolesMeta.getExcludePermissions(), permissionsByRole)) {
                LogUtils.logs("Forbid : permissions exception", httpMeta, permRolesMeta);
                error.error(ExceptionStatus.PERM_EXCEPTION);
                return false;
            }
        }
        if (CollectionUtils.containsSub(permRolesMeta.getRequirePermissions(), hashSet)) {
            httpMeta.setPermissions(hashSet);
            return true;
        }
        LogUtils.logs("Forbid : permissions exception", httpMeta, permRolesMeta);
        error.error(ExceptionStatus.PERM_EXCEPTION);
        return false;
    }
}
