package cn.omisheep.authz.core.interceptor.mybatis;

import cn.omisheep.authz.core.AuthzContext;
import cn.omisheep.authz.core.auth.rpd.DataPermRolesMeta;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.cache.library.L2RefreshCacheSupport;
import cn.omisheep.authz.core.interceptor.DataFinderSecurityInterceptor;
import cn.omisheep.authz.core.util.LogUtils;
import cn.omisheep.commons.util.ReflectUtils;
import java.sql.Connection;
import java.util.Collection;
import java.util.List;
import org.apache.ibatis.cache.CacheKey;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.executor.statement.StatementHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.ResultMap;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Signature;
import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class}), @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class}), @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class})})
/* loaded from: input_file:cn/omisheep/authz/core/interceptor/mybatis/DataSecurityInterceptorForMybatis.class */
public class DataSecurityInterceptorForMybatis implements Interceptor {
    private static final Logger log = LoggerFactory.getLogger(DataSecurityInterceptorForMybatis.class);
    private final ThreadLocal<ResultMap> resultMapThreadLocal = ThreadLocal.withInitial(() -> {
        return null;
    });
    private final DataFinderSecurityInterceptor dataFinderSecurityInterceptor;

    public DataSecurityInterceptorForMybatis(DataFinderSecurityInterceptor dataFinderSecurityInterceptor) {
        this.dataFinderSecurityInterceptor = dataFinderSecurityInterceptor;
    }

    public Object intercept(Invocation invocation) throws Throwable {
        if (L2RefreshCacheSupport.isLibrary()) {
            return invocation.proceed();
        }
        Object target = invocation.getTarget();
        Object[] args = invocation.getArgs();
        if (target instanceof Executor) {
            this.resultMapThreadLocal.set((ResultMap) ((MappedStatement) args[0]).getResultMaps().get(0));
        } else {
            try {
                ResultMap resultMap = this.resultMapThreadLocal.get();
                if (resultMap == null) {
                    return invocation.proceed();
                }
                BoundSql boundSql = ((StatementHandler) target).getBoundSql();
                Class<?> type = resultMap.getType();
                if (PermissionDict.getDataPermission() == null) {
                    return invocation.proceed();
                }
                List<DataPermRolesMeta> list = PermissionDict.getDataPermission().get(type.getTypeName());
                if (list == null || list.isEmpty()) {
                    return invocation.proceed();
                }
                ReflectUtils.setFieldValue(boundSql, "sql", this.dataFinderSecurityInterceptor.sqlChange(AuthzContext.getCurrentHttpMeta(), list, type, boundSql.getSql()));
            } catch (Exception e) {
                LogUtils.error(e);
                return invocation.proceed();
            }
        }
        Object proceed = invocation.proceed();
        if (PermissionDict.getFieldsData() == null || proceed == null) {
            return proceed;
        }
        try {
            if (this.resultMapThreadLocal.get() != null) {
                Class<?> type2 = this.resultMapThreadLocal.get().getType();
                if (type2.equals(proceed.getClass()) || (proceed instanceof Collection)) {
                    if ((proceed instanceof Collection) && ((Collection) proceed).size() == 0) {
                        return proceed;
                    }
                    proceed = this.dataFinderSecurityInterceptor.dataTrim(AuthzContext.getCurrentHttpMeta(), PermissionDict.getFieldsData().get(type2.getTypeName()), type2, proceed);
                    return proceed;
                }
            }
        } catch (Exception e2) {
            LogUtils.error(e2);
        }
        return proceed;
    }
}
