package org.hswebframework.web.authorization.basic.handler;

import org.hswebframework.web.authorization.Authentication;
import org.hswebframework.web.authorization.Permission;
import org.hswebframework.web.authorization.access.DataAccessController;
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.authorization.define.HandleType;
import org.hswebframework.web.authorization.events.AuthorizingHandleBeforeEvent;
import org.hswebframework.web.authorization.exception.AccessDenyException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;

/* loaded from: input_file:org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.class */
public class DefaultAuthorizingHandler implements AuthorizingHandler {
    private static final Logger log = LoggerFactory.getLogger(DefaultAuthorizingHandler.class);
    private DataAccessController dataAccessController;
    private ApplicationEventPublisher eventPublisher;

    public DefaultAuthorizingHandler(DataAccessController dataAccessController) {
        this.dataAccessController = dataAccessController;
    }

    public DefaultAuthorizingHandler() {
    }

    public void setDataAccessController(DataAccessController dataAccessController) {
        this.dataAccessController = dataAccessController;
    }

    @Autowired
    public void setEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    @Override // org.hswebframework.web.authorization.basic.handler.AuthorizingHandler
    public void handRBAC(AuthorizingContext authorizingContext) {
        if (handleEvent(authorizingContext, HandleType.RBAC)) {
            return;
        }
        handleRBAC(authorizingContext.getAuthentication(), authorizingContext.getDefinition());
    }

    private boolean handleEvent(AuthorizingContext authorizingContext, HandleType handleType) {
        if (null == this.eventPublisher) {
            return false;
        }
        AuthorizingHandleBeforeEvent authorizingHandleBeforeEvent = new AuthorizingHandleBeforeEvent(authorizingContext, handleType);
        this.eventPublisher.publishEvent(authorizingHandleBeforeEvent);
        if (authorizingHandleBeforeEvent.isExecute()) {
            return false;
        }
        if (authorizingHandleBeforeEvent.isAllow()) {
            return true;
        }
        throw new AccessDenyException(authorizingHandleBeforeEvent.getMessage());
    }

    @Override // org.hswebframework.web.authorization.basic.handler.AuthorizingHandler
    public void handleDataAccess(AuthorizingContext authorizingContext) {
        if (this.dataAccessController == null) {
            log.warn("dataAccessController is null,skip result access control!");
            return;
        }
        if (authorizingContext.getDefinition().getResources() == null || handleEvent(authorizingContext, HandleType.DATA)) {
            return;
        }
        DataAccessController dataAccessController = this.dataAccessController;
        Authentication authentication = authorizingContext.getAuthentication();
        if (!authorizingContext.getDefinition().getResources().getDataAccessResources().stream().allMatch(resourceDefinition -> {
            Permission permission = (Permission) authentication.getPermission(resourceDefinition.getId()).orElseThrow(AccessDenyException::new);
            return resourceDefinition.getDataAccessAction().stream().allMatch(resourceActionDefinition -> {
                return permission.getDataAccesses(resourceActionDefinition.getId()).stream().allMatch(dataAccessConfig -> {
                    return dataAccessController.doAccess(dataAccessConfig, authorizingContext);
                });
            });
        })) {
            throw new AccessDenyException(authorizingContext.getDefinition().getMessage());
        }
    }

    protected void handleRBAC(Authentication authentication, AuthorizeDefinition authorizeDefinition) {
        if (!authorizeDefinition.getResources().hasPermission(authentication)) {
            throw new AccessDenyException(authorizeDefinition.getMessage(), authorizeDefinition.getDescription());
        }
    }
}
