package com.baidu.disconf.web.service.roleres.service;

import com.baidu.disconf.web.service.roleres.constant.RoleResourceConstant;
import com.baidu.disconf.web.service.user.dto.Visitor;
import com.baidu.dsp.common.dao.DB;
import com.baidu.dsp.common.exception.AccessDeniedException;
import com.baidu.ub.common.commons.ThreadContext;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Aspect
/* loaded from: input_file:com/baidu/disconf/web/service/roleres/service/RoleResourceAspect.class */
public class RoleResourceAspect {
    protected static final Logger LOG = LoggerFactory.getLogger(RoleResourceAspect.class);

    @Autowired
    private RoleResourceMgr roleResMgr;
    private List<String> noAuthCheckUrl;

    @Pointcut("execution(public * *(..))")
    public void anyPublicMethod() {
    }

    @Around("anyPublicMethod() && @annotation(requestMapping) && !@annotation(com.baidu.dsp.common.annotation.NoAuth)")
    public Object decideAccess(ProceedingJoinPoint proceedingJoinPoint, RequestMapping requestMapping) throws Throwable {
        String[] value = requestMapping.value();
        String str = DB.DB_NAME;
        if (value.length != 0) {
            str = value[0];
        }
        String str2 = proceedingJoinPoint.getTarget().getClass().getAnnotation(RequestMapping.class).value()[0];
        if (!str2.endsWith(RoleResourceConstant.URL_SPLITOR) && !str.startsWith(RoleResourceConstant.URL_SPLITOR)) {
            str2 = str2 + RoleResourceConstant.URL_SPLITOR;
        }
        String str3 = str2 + str;
        if (!str3.endsWith(RoleResourceConstant.URL_SPLITOR)) {
            str3 = str3 + RoleResourceConstant.URL_SPLITOR;
        }
        if (this.noAuthCheckUrl == null || !this.noAuthCheckUrl.contains(str3)) {
            RequestMethod[] method = requestMapping.method();
            RequestMethod requestMethod = RequestMethod.GET;
            if (method.length != 0) {
                requestMethod = method[0];
            }
            String str4 = str3 + ", method:" + requestMethod.toString();
            Visitor visitor = (Visitor) ThreadContext.getSessionVisitor();
            if (visitor == null) {
                LOG.warn("No session visitor!");
                throw new AccessDeniedException("No session visitor! " + str4);
            }
            Integer valueOf = Integer.valueOf(visitor.getRoleId());
            String str5 = ", UserId:" + visitor.getId() + ", RoleId:" + valueOf;
            Boolean bool = true;
            if (!isMethodAccessible(str3, requestMethod, valueOf)) {
                throw new AccessDeniedException("Access Denied: " + str4 + str5);
            }
            LOG.info("Accessing URL:" + str4 + str5 + ", Is priviledged:" + bool.toString());
        } else {
            LOG.info("don't need to check this url: " + str3);
        }
        try {
            return proceedingJoinPoint.proceed();
        } catch (Throwable th) {
            LOG.info(th.getMessage());
            throw th;
        }
    }

    private boolean isMethodAccessible(String str, RequestMethod requestMethod, Integer num) {
        boolean z = false;
        if (getPriviledgedRoles(str, requestMethod).contains(num)) {
            z = true;
        }
        return z;
    }

    private List<Integer> getPriviledgedRoles(String str, RequestMethod requestMethod) {
        Map<RequestMethod, List<Integer>> map = this.roleResMgr.getAllAsMap().get(str);
        if (map == null) {
            return new ArrayList();
        }
        List<Integer> list = map.get(requestMethod);
        if (list == null) {
            list = new ArrayList();
        }
        return list;
    }

    public List<String> getNoAuthCheckUrl() {
        return this.noAuthCheckUrl;
    }

    public void setNoAuthCheckUrl(List<String> list) {
        this.noAuthCheckUrl = list;
    }
}
