package com.lc.ibps.auth.shiro.filter;

import com.lc.ibps.api.base.model.User;
import com.lc.ibps.auth.common.utils.SubSystemUtil;
import com.lc.ibps.auth.shiro.authz.AuthorizationInfoUtil;
import com.lc.ibps.auth.shiro.authz.ShiroAuthorizationInfo;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.web.context.ContextUtil;
import com.lc.ibps.base.web.util.RegMatchers;
import com.lc.ibps.base.web.util.ReqMappingUtil;
import com.lc.ibps.base.web.util.RequestViewUtil;
import com.lc.ibps.org.auth.persistence.entity.ResourcesPo;
import com.lc.ibps.org.auth.persistence.entity.SubSystemPo;
import com.lc.ibps.org.auth.repository.ResourcesRepository;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyRolePo;
import com.lc.ibps.org.party.repository.DefaultPartyRoleRepository;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:com/lc/ibps/auth/shiro/filter/PermissionsFilter.class */
public class PermissionsFilter extends BaseFilter {
    private String redirectUrl;
    private String errorUrl;
    private RegMatchers matchers;

    public void setRedirectUrl(String str) {
        this.redirectUrl = str;
    }

    @Override // com.lc.ibps.auth.shiro.filter.BaseFilter
    public void setErrorUrl(String str) {
        this.errorUrl = str;
    }

    public void setMatchers(RegMatchers regMatchers) {
        this.matchers = regMatchers;
    }

    @Override // com.lc.ibps.auth.shiro.filter.BaseFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        boolean z = false;
        String pathWithinApplication = getPathWithinApplication(servletRequest);
        logger.debug("permissions filter >>> url => {}", pathWithinApplication);
        if (StringUtil.isNotBlank(servletRequest.getParameter("phoneWsId"))) {
            logger.debug(" >>> special ignore.", pathWithinApplication);
            return true;
        }
        if ("/".equals(pathWithinApplication) || this.matchers.isContainUrl(pathWithinApplication)) {
            logger.debug(" >>> normal ignore.", pathWithinApplication);
            return true;
        }
        User currentUser = ContextUtil.getCurrentUser();
        if (BeanUtils.isEmpty(currentUser)) {
            return false;
        }
        if (!(currentUser instanceof ShiroAuthorizationInfo)) {
            AuthorizationInfoUtil.set(AuthorizationInfoUtil.get(currentUser.getAccount()));
        }
        ShiroAuthorizationInfo currentUser2 = ContextUtil.getCurrentUser();
        if (BeanUtils.isEmpty(currentUser2)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.redirectUrl);
            return false;
        }
        if (currentUser2.isSuper()) {
            return true;
        }
        boolean hasMapping = ReqMappingUtil.hasMapping(pathWithinApplication);
        boolean hasJsp = ReqMappingUtil.hasJsp(RequestViewUtil.transfer(pathWithinApplication));
        if (hasMapping || hasJsp) {
            z = true;
        }
        SubSystemPo currentSystem = SubSystemUtil.getCurrentSystem((HttpServletRequest) servletRequest);
        if (BeanUtils.isEmpty(currentSystem)) {
            return false;
        }
        ResourcesRepository resourcesRepository = (ResourcesRepository) AppUtil.getBean(ResourcesRepository.class);
        List<ResourcesPo> findByUrl = resourcesRepository.findByUrl(pathWithinApplication);
        if (BeanUtils.isEmpty(findByUrl)) {
            findByUrl = resourcesRepository.findByUrl(ReqMappingUtil.getUrl(pathWithinApplication, (HttpServletRequest) servletRequest));
        }
        if (BeanUtils.isNotEmpty(findByUrl)) {
            boolean z2 = false;
            List findRolesByResourceIds = ((DefaultPartyRoleRepository) AppUtil.getBean(DefaultPartyRoleRepository.class)).findRolesByResourceIds(filter(currentSystem, findByUrl));
            Set<String> m3getRoles = currentUser2.m3getRoles();
            if (BeanUtils.isNotEmpty(m3getRoles) && BeanUtils.isNotEmpty(findRolesByResourceIds)) {
                Iterator it = findRolesByResourceIds.iterator();
                while (it.hasNext()) {
                    if (m3getRoles.contains(((DefaultPartyRolePo) it.next()).getAlias())) {
                        z2 = true;
                    }
                }
            }
            z = z2;
        }
        if (!z) {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.errorUrl);
        }
        return z;
    }

    private List<String> filter(SubSystemPo subSystemPo, List<ResourcesPo> list) {
        ArrayList arrayList = new ArrayList();
        for (ResourcesPo resourcesPo : list) {
            if (subSystemPo.getId().equals(resourcesPo.getSystemId())) {
                arrayList.add(resourcesPo.getId());
            }
        }
        return arrayList;
    }
}
