package org.eweb4j.solidbase.user.web.inter;

import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.eweb4j.component.dwz.DWZ;
import org.eweb4j.component.dwz.DWZCons;
import org.eweb4j.config.Log;
import org.eweb4j.config.LogFactory;
import org.eweb4j.ioc.IOC;
import org.eweb4j.mvc.Context;
import org.eweb4j.mvc.config.bean.ActionConfigBean;
import org.eweb4j.mvc.interceptor.Interceptor;
import org.eweb4j.mvc.interceptor.Uri;
import org.eweb4j.solidbase.permission.model.Permission;
import org.eweb4j.solidbase.permission.model.PermissionCons;
import org.eweb4j.solidbase.permission.model.PermissionService;
import org.eweb4j.solidbase.role.model.Role;
import org.eweb4j.solidbase.role.model.RoleCons;
import org.eweb4j.solidbase.role.model.RoleService;
import org.eweb4j.solidbase.user.model.User;
import org.eweb4j.solidbase.user.model.UserActivityLog;
import org.eweb4j.solidbase.user.model.UserActivityLogCons;
import org.eweb4j.solidbase.user.model.UserActivityLogService;
import org.eweb4j.util.StringUtil;

@Interceptor(priority = 2, method = "check", uri = {@Uri(type = "*")}, except = {"users/captcha.jsp"})
/* loaded from: input_file:org/eweb4j/solidbase/user/web/inter/PermissionVerifyFilter.class */
public class PermissionVerifyFilter {
    HttpSession session;
    private User loginUser;
    private List<Role> roles;
    private boolean isSuccess;
    private Log log = LogFactory.getMVCLogger(getClass());
    private RoleService roleService = (RoleService) IOC.getBean(RoleCons.IOC_SERVICE_BEAN_ID());
    private PermissionService permService = (PermissionService) IOC.getBean(PermissionCons.IOC_SERVICE_BEAN_ID());
    private DWZ dwz = (DWZ) IOC.getBean(DWZCons.IOC_DWZ_BEAN_ID());
    private String permName = "";
    private UserActivityLogService logService = (UserActivityLogService) IOC.getBean(UserActivityLogCons.IOC_SERVICE_BEAN_ID());
    private UserActivityLog ual = new UserActivityLog();
    private String mess = null;

    public String check(Context context) {
        Permission findByURIAndHttpMethod;
        ActionConfigBean actionConfigBean;
        this.isSuccess = false;
        String uri = context.getUri();
        if (uri.length() == 0) {
            uri = " ";
        }
        if (uri.endsWith("/")) {
            uri = uri.substring(0, uri.length() - 1);
        }
        this.log.info("uri -> " + uri);
        this.session = context.getRequest().getSession(true);
        this.loginUser = (User) this.session.getAttribute("loginUser");
        if (this.loginUser == null) {
            return null;
        }
        this.log.info("loginUser -> " + this.loginUser.getAccount());
        if ("yes".equals(this.loginUser.getSuperPower())) {
            return null;
        }
        this.roles = this.loginUser.getRoles();
        if (this.roles == null) {
            this.session.invalidate();
            return "out:<script>alert('当前登录的账户没有任何权限');</script>";
        }
        this.log.info("roles -> " + this.roles);
        this.permName = uri;
        try {
            String httpMethod = context.getHttpMethod();
            findByURIAndHttpMethod = this.permService.findByURIAndHttpMethod(uri, httpMethod);
            if (findByURIAndHttpMethod != null) {
                this.log.info("first find perm -> " + findByURIAndHttpMethod.getPermId() + "|" + findByURIAndHttpMethod.getName());
            }
            if (findByURIAndHttpMethod == null && (actionConfigBean = context.getActionConfigBean()) != null) {
                String uriMapping = actionConfigBean.getUriMapping();
                this.log.info("action -> " + uriMapping + "@" + httpMethod);
                findByURIAndHttpMethod = this.permService.findByURIAndHttpMethod(uriMapping, httpMethod);
                if (findByURIAndHttpMethod != null) {
                    this.log.info("first find perm -> " + findByURIAndHttpMethod.getPermId() + "|" + findByURIAndHttpMethod.getName());
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
            this.mess = "系统出现异常：" + e.toString();
            this.isSuccess = false;
        }
        if (findByURIAndHttpMethod == null) {
            return null;
        }
        this.permName = findByURIAndHttpMethod.getName();
        this.ual.setUser(this.loginUser);
        this.ual.setUserAccount(this.loginUser.getAccount());
        this.ual.setUserName(this.loginUser.getTrueName());
        this.ual.setTime(StringUtil.getNowTime());
        Iterator<Role> it = this.roles.iterator();
        loop0: while (true) {
            if (!it.hasNext()) {
                break;
            }
            Role next = it.next();
            Role findPermissionByRoleId = this.roleService.findPermissionByRoleId(next.getRoleId());
            List<Permission> permissions = findPermissionByRoleId.getPermissions();
            if (permissions == null || permissions.size() == 0) {
                this.isSuccess = false;
            } else {
                this.log.info(next.getRoleId() + "|" + findPermissionByRoleId.getRoleId() + "======== role-perms -> " + permissions);
                for (Permission permission : permissions) {
                    if (findByURIAndHttpMethod != null && findByURIAndHttpMethod.getPermId() == permission.getPermId()) {
                        this.isSuccess = true;
                        this.log.info("perm verify success");
                        break loop0;
                    }
                    this.isSuccess = false;
                }
            }
        }
        this.log.info("isSuccess --> " + this.isSuccess);
        if (!this.isSuccess) {
            this.mess = String.format("用户权限不足, 无法执行[%s]功能", this.permName);
        }
        this.log.info("mess -> " + this.mess);
        this.ual.setActivity(this.permName);
        if (this.isSuccess) {
            this.ual.setResult("success");
        } else {
            this.ual.setResult("false");
            this.ual.setFailureCause(this.mess);
        }
        try {
            this.logService.createLogInfo(this.ual);
            if (this.isSuccess) {
                return null;
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            this.mess = e2.toString();
        }
        return this.dwz.getFailedJson(this.mess).toString();
    }
}
