package io.leopard.security.admin.version2;

import io.leopard.burrow.util.ListUtil;
import io.leopard.core.exception.other.NotLoginException;
import io.leopard.security.admin.annotion.Role;
import io.leopard.security.admin.menu.RoleForbiddenException;
import io.leopard.web.servlet.RegisterHandlerInterceptor;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;

@Component
@Order(9)
/* loaded from: input_file:io/leopard/security/admin/version2/RoleInterceptor.class */
public class RoleInterceptor extends RegisterHandlerInterceptor {
    protected Log logger = LogFactory.getLog(getClass());

    @Autowired
    private AdminBiz adminBiz;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        Role role;
        if (!(obj instanceof HandlerMethod) || (role = (Role) ((HandlerMethod) obj).getMethodAnnotation(Role.class)) == null) {
            return true;
        }
        check(role, httpServletRequest);
        return true;
    }

    protected void check(Role role, HttpServletRequest httpServletRequest) throws AdminNotFoundException, RoleForbiddenException {
        String[] value = role.value();
        if (value.length == 0) {
            return;
        }
        Number number = (Number) httpServletRequest.getSession().getAttribute("sessAdminId");
        if (number == null) {
            throw new NotLoginException("您未登录后台.");
        }
        long longValue = number.longValue();
        AdminVO adminVO = this.adminBiz.get(longValue);
        if (adminVO == null) {
            throw new AdminNotFoundException(longValue);
        }
        List<String> roleList = adminVO.getRoleList();
        if (ListUtil.isEmpty(roleList)) {
            throw new RoleForbiddenException("您[" + longValue + "]什么角色也没有，不能访问该接口.");
        }
        for (String str : value) {
            if (roleList.contains(str)) {
                return;
            }
        }
        throw new RoleForbiddenException("您[" + longValue + "]没有权限访问该接口.");
    }
}
