package com.diboot.iam.annotation.process;

import com.diboot.core.util.AnnotationUtils;
import com.diboot.core.util.V;
import com.diboot.core.vo.Status;
import com.diboot.iam.annotation.BindPermission;
import com.diboot.iam.cache.IamPermissionCacheManager;
import com.diboot.iam.config.IamProperties;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.exception.PermissionException;
import com.diboot.iam.util.IamSecurityUtils;
import lombok.Generated;
import org.apache.shiro.authz.UnauthenticatedException;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:com/diboot/iam/annotation/process/BindPermissionAspect.class */
public class BindPermissionAspect {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(BindPermissionAspect.class);

    @Autowired
    private IamProperties iamProperties;

    @Pointcut("@annotation(com.diboot.iam.annotation.BindPermission)")
    public void pointCut() {
    }

    @Before("pointCut()")
    public void before(JoinPoint joinPoint) {
        if (!this.iamProperties.isEnablePermissionCheck()) {
            log.debug("BindPermission权限检查已停用，如需启用请删除配置项: diboot.iam.enable-permission-check=false");
            return;
        }
        if (IamSecurityUtils.isSuperAdmin()) {
            return;
        }
        String code = ((BindPermission) AnnotationUtils.getAnnotation(joinPoint.getSignature().getMethod(), BindPermission.class)).code();
        ApiPermissionWrapper permissionCodeWrapper = IamPermissionCacheManager.getPermissionCodeWrapper(joinPoint.getTarget().getClass());
        if (V.notEmpty(permissionCodeWrapper.getCode())) {
            code = permissionCodeWrapper.getCode() + ":" + code;
        }
        try {
            IamSecurityUtils.getSubject().checkPermission(code);
        } catch (Exception e) {
            BaseLoginUser baseLoginUser = (BaseLoginUser) IamSecurityUtils.getCurrentUser();
            log.warn("用户 {} 无 {} 的访问权限", baseLoginUser != null ? baseLoginUser.getDisplayName() : null, code);
            throw new PermissionException(Status.FAIL_NO_PERMISSION, e);
        } catch (UnauthenticatedException e2) {
            throw new PermissionException(Status.FAIL_INVALID_TOKEN, (Throwable) e2);
        }
    }
}
