package io.mosaicboot.core.permission.aspect;

import io.mosaicboot.core.auth.MosaicAuthenticatedToken;
import io.mosaicboot.core.permission.annotation.RequirePermission;
import io.mosaicboot.core.permission.aspect.AuthorizationContext;
import io.mosaicboot.core.permission.exception.PermissionDeniedException;
import io.mosaicboot.core.permission.service.PermissionService;
import java.util.Map;
import java.util.Set;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.reflect.MethodSignature;
import org.jetbrains.annotations.NotNull;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.servlet.HandlerMapping;

/* compiled from: PermissionInterceptor.kt */
@Aspect
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��&\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0017\u0018�� \u000b2\u00020\u0001:\u0001\u000bB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0017J\n\u0010\t\u001a\u0004\u0018\u00010\nH\u0012R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006\f"}, d2 = {"Lio/mosaicboot/core/permission/aspect/PermissionInterceptor;", "", "permissionService", "Lio/mosaicboot/core/permission/service/PermissionService;", "(Lio/mosaicboot/core/permission/service/PermissionService;)V", "checkPermission", "", "joinPoint", "Lorg/aspectj/lang/ProceedingJoinPoint;", "extractTenantId", "", "Companion", "mosaic-boot-core"})
@Component
/* loaded from: input_file:io/mosaicboot/core/permission/aspect/PermissionInterceptor.class */
public class PermissionInterceptor {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final PermissionService permissionService;

    /* compiled from: PermissionInterceptor.kt */
    @Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0006\u0010\u0003\u001a\u00020\u0004¨\u0006\u0005"}, d2 = {"Lio/mosaicboot/core/permission/aspect/PermissionInterceptor$Companion;", "", "()V", "mustAuthorized", "", "mosaic-boot-core"})
    /* loaded from: input_file:io/mosaicboot/core/permission/aspect/PermissionInterceptor$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public final void mustAuthorized() {
            AuthorizationContext find = AuthorizationContext.Companion.find();
            if (!(find != null ? find.getAuthorized() : false)) {
                throw new PermissionDeniedException("no authorized");
            }
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public PermissionInterceptor(@NotNull PermissionService permissionService) {
        Intrinsics.checkNotNullParameter(permissionService, "permissionService");
        this.permissionService = permissionService;
    }

    @Before("@annotation(io.mosaicboot.core.permission.annotation.RequirePermission)")
    public void checkPermission(@NotNull ProceedingJoinPoint proceedingJoinPoint) {
        String str;
        Intrinsics.checkNotNullParameter(proceedingJoinPoint, "joinPoint");
        MethodSignature signature = proceedingJoinPoint.getSignature();
        Intrinsics.checkNotNull(signature, "null cannot be cast to non-null type org.aspectj.lang.reflect.MethodSignature");
        Set<RequirePermission> mergedRepeatableAnnotations = AnnotatedElementUtils.getMergedRepeatableAnnotations(signature.getMethod(), RequirePermission.class);
        if (mergedRepeatableAnnotations.isEmpty()) {
            throw new IllegalStateException("RequirePermission annotation not found");
        }
        AuthorizationContext authorizationContext = AuthorizationContext.Companion.get();
        MosaicAuthenticatedToken authentication = authorizationContext.getAuthentication();
        boolean z = false;
        for (RequirePermission requirePermission : mergedRepeatableAnnotations) {
            if (requirePermission.tenantSpecific()) {
                str = extractTenantId();
                if (str == null) {
                    throw new PermissionDeniedException("could not find tenantId");
                }
            } else {
                str = null;
            }
            String str2 = str;
            AuthorizationContext.AuthorizeCache authorizeCache = new AuthorizationContext.AuthorizeCache(requirePermission.permission(), requirePermission.tenantSpecific(), str2);
            if (authorizationContext.getAuthorizeCache().contains(authorizeCache)) {
                return;
            }
            boolean checkPermission = this.permissionService.checkPermission(authentication, requirePermission.permission(), str2);
            if (checkPermission) {
                authorizationContext.getAuthorizeCache().add(authorizeCache);
            }
            z = z || checkPermission;
        }
        if (!z) {
            throw new PermissionDeniedException("permission denied");
        }
    }

    private String extractTenantId() {
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        Object attribute = requestAttributes != null ? requestAttributes.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE, 0) : null;
        Map map = attribute instanceof Map ? (Map) attribute : null;
        if (map != null) {
            return (String) map.get("tenantId");
        }
        return null;
    }
}
