package com.tcbj.tangsales.common.auth;

import com.tcbj.framework.dto.Operator;
import com.tcbj.framework.dto.Response;
import com.tcbj.framework.exception.exception.Thrower;
import com.tcbj.tangsales.auth.api.contract.request.UserResourceQuery;
import com.tcbj.tangsales.auth.api.rpc.AuthorizationApi;
import com.tcbj.tangsales.common.operator.OperatorUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/tcbj/tangsales/common/auth/AuthInterceptor.class */
public class AuthInterceptor extends HandlerInterceptorAdapter {
    private static Logger logger = LoggerFactory.getLogger(AuthInterceptor.class);
    private AuthorizationApi authorizationApi;

    public AuthInterceptor(AuthorizationApi authorizationApi) {
        this.authorizationApi = authorizationApi;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        handlePermission(httpServletRequest, obj);
        return true;
    }

    private void handlePermission(HttpServletRequest httpServletRequest, Object obj) {
        Auth auth;
        if ((obj instanceof HandlerMethod) && (auth = (Auth) ((HandlerMethod) obj).getMethod().getAnnotation(Auth.class)) != null && auth.required() == Boolean.TRUE.booleanValue()) {
            checkPermission(auth.requireFunctions(), getFunctions());
        }
    }

    private static String getParameter(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter(str);
        if (StringUtils.isEmpty(parameter)) {
            parameter = httpServletRequest.getHeader(str);
        }
        return parameter;
    }

    public List<String> getFunctions() {
        Operator operator = OperatorUtils.getOperator();
        UserResourceQuery userResourceQuery = new UserResourceQuery();
        userResourceQuery.setPersonId(operator.getPersonId());
        userResourceQuery.setOrgId(operator.getOrgId());
        Response userResource = this.authorizationApi.getUserResource(userResourceQuery);
        if (!userResource.isSuccess()) {
            Thrower.throwAppException(Response.StatusCode.AUTH_ERROR.getValue(), "获取权限失败");
        }
        return (List) userResource.getData();
    }

    private void checkPermission(String[] strArr, List<String> list) {
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        if (list == null || list.size() <= 0) {
            Thrower.throwAppException(Response.StatusCode.ACCESS_DENIED.getValue(), "Access Denied");
            return;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        arrayList.retainAll(list);
        if (arrayList.size() == 0) {
            Thrower.throwAppException(Response.StatusCode.ACCESS_DENIED.getValue(), "Access Denied");
        }
    }
}
