package org.openurp.app.security.service;

import java.util.Map;
import java.util.Set;
import org.beangle.commons.bean.Initializing;
import org.beangle.commons.collection.CollectUtils;
import org.beangle.commons.dao.impl.BaseServiceImpl;
import org.beangle.commons.lang.Strings;
import org.beangle.commons.security.Request;
import org.beangle.security.access.AuthorityManager;
import org.beangle.security.core.context.SecurityContext;
import org.beangle.security.core.userdetail.DefaultAccount;
import org.openurp.app.security.FuncResource;

/* loaded from: input_file:org/openurp/app/security/service/CacheableAuthorityManager.class */
public class CacheableAuthorityManager extends BaseServiceImpl implements AuthorityManager, Initializing {
    protected Set<String> publicResources;
    protected Set<?> protectedResources;
    protected Set<String> roots;
    protected RemoteAuthorityService authorityService;
    protected Map<String, Set<?>> authorities = CollectUtils.newHashMap();
    protected Set<String> ignores = CollectUtils.newHashSet();

    public boolean isAuthorized(SecurityContext securityContext) {
        return isAuthorized(securityContext, securityContext.getRequest());
    }

    public boolean isAuthorized(SecurityContext securityContext, Request request) {
        String obj = request.getResource().toString();
        if (this.ignores.contains(obj) || this.publicResources.contains(obj)) {
            return true;
        }
        if (securityContext.getSession() == null) {
            return false;
        }
        if (this.protectedResources.contains(obj)) {
            return true;
        }
        DefaultAccount principal = securityContext.getSession().getPrincipal();
        if (securityContext.isRoot()) {
            return true;
        }
        for (String str : Strings.split(principal.getAuthorities())) {
            if (isAuthorizedByRole(str, obj)) {
                return true;
            }
        }
        return false;
    }

    private boolean isAuthorizedByRole(String str, Object obj) {
        Set<?> set = this.authorities.get(str);
        if (set == null) {
            set = refreshRolePermissions(str);
        }
        return set.contains(obj);
    }

    public Set<?> refreshRolePermissions(String str) {
        Set<String> resourceNamesByRole = this.authorityService.getResourceNamesByRole(str);
        this.authorities.put(str, resourceNamesByRole);
        this.logger.debug("Refresh role:{}'s permissions:{}", str, resourceNamesByRole);
        return resourceNamesByRole;
    }

    public void refreshCache() {
        this.publicResources = this.authorityService.getResourceNamesByScope(FuncResource.Scope.Public);
        this.protectedResources = this.authorityService.getResourceNamesByScope(FuncResource.Scope.Protected);
        this.roots = this.authorityService.getRoots();
    }

    public void init() throws Exception {
        refreshCache();
    }

    public void setAuthorityService(RemoteAuthorityService remoteAuthorityService) {
        this.authorityService = remoteAuthorityService;
    }

    public boolean isRoot(String str) {
        return this.roots.contains(str);
    }

    public void setIgnores(Set<String> set) {
        this.ignores = set;
    }
}
