package com.zxkxc.cloud.extension.security;

import com.zxkxc.cloud.admin.entity.SysResources;
import com.zxkxc.cloud.admin.service.SysResourcesService;
import com.zxkxc.cloud.admin.service.SysRolesService;
import com.zxkxc.cloud.common.Constants;
import com.zxkxc.cloud.common.model.LoginUser;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Iterator;
import java.util.List;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

@Component
/* loaded from: input_file:com/zxkxc/cloud/extension/security/CustomUserAuthorizationManager.class */
public class CustomUserAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
    private static final Logger log = LoggerFactory.getLogger(CustomUserAuthorizationManager.class);
    private final SysResourcesService resourcesService;
    private final SysRolesService rolesService;
    private final AntPathMatcher matcher = new AntPathMatcher();

    public CustomUserAuthorizationManager(SysResourcesService sysResourcesService, SysRolesService sysRolesService) {
        this.resourcesService = sysResourcesService;
        this.rolesService = sysRolesService;
    }

    public void verify(Supplier<Authentication> supplier, RequestAuthorizationContext requestAuthorizationContext) {
        super.verify(supplier, requestAuthorizationContext);
    }

    public AuthorizationDecision check(Supplier<Authentication> supplier, RequestAuthorizationContext requestAuthorizationContext) {
        HttpServletRequest request = requestAuthorizationContext.getRequest();
        String servletPath = request.getServletPath();
        log.info("request-path: {}", servletPath);
        LoginUser loginUser = (LoginUser) request.getAttribute(Constants.REQUEST_USER_ATTRIBUTE);
        String userName = loginUser != null ? loginUser.getUserName() : supplier.get().getPrincipal().toString();
        List<String> userRoles = loginUser != null ? loginUser.getUserRoles() : supplier.get().getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).toList();
        log.info("request-user-roles: {} -> {}", userName, userRoles);
        boolean z = false;
        for (SysResources sysResources : this.resourcesService.listResources(Constants.GUID)) {
            if (this.matcher.matchStart(sysResources.getContent(), servletPath)) {
                List list = this.rolesService.listRolesByResId(sysResources.getResId()).stream().map((v0) -> {
                    return v0.getRoleCode();
                }).toList();
                log.info("request-auth-roles: {} -> {}", sysResources.getContent(), list);
                Iterator<String> it = userRoles.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (list.contains(it.next())) {
                        z = true;
                        break;
                    }
                }
            }
            if (z) {
                break;
            }
        }
        return new AuthorizationDecision(z);
    }

    public /* bridge */ /* synthetic */ AuthorizationDecision check(Supplier supplier, Object obj) {
        return check((Supplier<Authentication>) supplier, (RequestAuthorizationContext) obj);
    }

    public /* bridge */ /* synthetic */ void verify(Supplier supplier, Object obj) {
        verify((Supplier<Authentication>) supplier, (RequestAuthorizationContext) obj);
    }
}
