package cn.ocoop.framework.safe.ann.handler;

import cn.ocoop.framework.safe.SessionManager;
import cn.ocoop.framework.safe.ann.Logical;
import cn.ocoop.framework.safe.ann.RequiresRoles;
import cn.ocoop.framework.safe.ex.authz.AuthorizingException;
import cn.ocoop.framework.safe.ex.authz.LackPermissionException;
import com.google.common.base.Joiner;
import java.lang.annotation.Annotation;
import org.aopalliance.intercept.MethodInvocation;

/* loaded from: input_file:cn/ocoop/framework/safe/ann/handler/RoleAnnotationMethodInterceptor.class */
public class RoleAnnotationMethodInterceptor extends AuthenticatedAnnotationMethodInterceptor {
    public RoleAnnotationMethodInterceptor() {
        super(RequiresRoles.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // cn.ocoop.framework.safe.ann.handler.AuthenticatedAnnotationMethodInterceptor, cn.ocoop.framework.safe.ann.handler.iface.AbstractAnnotationMethodInterceptor
    public void assertAuth(MethodInvocation methodInvocation, Annotation annotation) throws AuthorizingException {
        super.assertAuth(methodInvocation, annotation);
        RequiresRoles requiresRoles = (RequiresRoles) annotation;
        if (requiresRoles.logical() == Logical.AND) {
            if (!SessionManager.hasRole(requiresRoles.value())) {
                throw new LackPermissionException("无权限,需要" + Joiner.on(",").join(requiresRoles.value()));
            }
        } else if (!SessionManager.hasAnyRole(requiresRoles.value())) {
            throw new LackPermissionException("无权限,需要" + Joiner.on(",").join(requiresRoles.value()));
        }
    }
}
