package org.openurp.platform.api.cas;

import org.beangle.commons.bean.Initializing;
import org.beangle.commons.cache.Cache;
import org.beangle.commons.cache.CacheManager;
import org.beangle.commons.security.Request;
import org.beangle.security.authc.Account;
import org.beangle.security.authz.Authorizer;
import org.beangle.security.session.Session;
import org.openurp.platform.api.security.RemoteService$;
import org.openurp.platform.api.security.Resource;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.Tuple2;
import scala.collection.immutable.Set;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;

/* compiled from: RemoteAuthorizer.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005-a\u0001B\u0001\u0003\u00015\u0011\u0001CU3n_R,\u0017)\u001e;i_JL'0\u001a:\u000b\u0005\r!\u0011aA2bg*\u0011QAB\u0001\u0004CBL'BA\u0004\t\u0003!\u0001H.\u0019;g_Jl'BA\u0005\u000b\u0003\u001dy\u0007/\u001a8veBT\u0011aC\u0001\u0004_J<7\u0001A\n\u0005\u00019!b\u0004\u0005\u0002\u0010%5\t\u0001CC\u0001\u0012\u0003\u0015\u00198-\u00197b\u0013\t\u0019\u0002C\u0001\u0004B]f\u0014VM\u001a\t\u0003+qi\u0011A\u0006\u0006\u0003/a\tQ!Y;uQjT!!\u0007\u000e\u0002\u0011M,7-\u001e:jifT!a\u0007\u0006\u0002\u000f\t,\u0017M\\4mK&\u0011QD\u0006\u0002\u000b\u0003V$\bn\u001c:ju\u0016\u0014\bCA\u0010%\u001b\u0005\u0001#BA\u0011#\u0003\u0011\u0011W-\u00198\u000b\u0005\rR\u0012aB2p[6|gn]\u0005\u0003K\u0001\u0012A\"\u00138ji&\fG.\u001b>j]\u001eD\u0001b\n\u0001\u0003\u0002\u0003\u0006I\u0001K\u0001\rG\u0006\u001c\u0007.Z'b]\u0006<WM\u001d\t\u0003S1j\u0011A\u000b\u0006\u0003W\t\nQaY1dQ\u0016L!!\f\u0016\u0003\u0019\r\u000b7\r[3NC:\fw-\u001a:\t\u000b=\u0002A\u0011\u0001\u0019\u0002\rqJg.\u001b;?)\t\t4\u0007\u0005\u00023\u00015\t!\u0001C\u0003(]\u0001\u0007\u0001\u0006C\u00046\u0001\u0001\u0007I\u0011\u0001\u001c\u0002%Ut7N\\8x]&\u001b\bK]8uK\u000e$X\rZ\u000b\u0002oA\u0011q\u0002O\u0005\u0003sA\u0011qAQ8pY\u0016\fg\u000eC\u0004<\u0001\u0001\u0007I\u0011\u0001\u001f\u0002-Ut7N\\8x]&\u001b\bK]8uK\u000e$X\rZ0%KF$\"!\u0010!\u0011\u0005=q\u0014BA \u0011\u0005\u0011)f.\u001b;\t\u000f\u0005S\u0014\u0011!a\u0001o\u0005\u0019\u0001\u0010J\u0019\t\r\r\u0003\u0001\u0015)\u00038\u0003M)hn\u001b8po:L5\u000f\u0015:pi\u0016\u001cG/\u001a3!\u0011\u001d)\u0005A1A\u0005\u0002\u0019\u000b\u0011B]3t_V\u00148-Z:\u0016\u0003\u001d\u0003B!\u000b%K+&\u0011\u0011J\u000b\u0002\u0006\u0007\u0006\u001c\u0007.\u001a\t\u0003\u0017Js!\u0001\u0014)\u0011\u00055\u0003R\"\u0001(\u000b\u0005=c\u0011A\u0002\u001fs_>$h(\u0003\u0002R!\u00051\u0001K]3eK\u001aL!a\u0015+\u0003\rM#(/\u001b8h\u0015\t\t\u0006\u0003\u0005\u0002W16\tqK\u0003\u0002\u001a\t%\u0011\u0011l\u0016\u0002\t%\u0016\u001cx.\u001e:dK\"11\f\u0001Q\u0001\n\u001d\u000b!B]3t_V\u00148-Z:!\u0011%i\u0006\u00011AA\u0002\u0013\u0005a,A\u0003s_>$8/F\u0001`!\rY\u0005MS\u0005\u0003CR\u00131aU3u\u0011%\u0019\u0007\u00011AA\u0002\u0013\u0005A-A\u0005s_>$8o\u0018\u0013fcR\u0011Q(\u001a\u0005\b\u0003\n\f\t\u00111\u0001`\u0011\u00199\u0007\u0001)Q\u0005?\u00061!o\\8ug\u0002BQ!\u001b\u0001\u0005\u0002)\fA!\u001b8jiR\tQ\bC\u0003m\u0001\u0011\u0005S.A\u0006jgB+'/\\5ui\u0016$GcA\u001coq\")qn\u001ba\u0001a\u000691/Z:tS>t\u0007cA\brg&\u0011!\u000f\u0005\u0002\u0007\u001fB$\u0018n\u001c8\u0011\u0005Q4X\"A;\u000b\u0005=D\u0012BA<v\u0005\u001d\u0019Vm]:j_:DQ!_6A\u0002i\fqA]3rk\u0016\u001cH\u000f\u0005\u0002|{6\tAP\u0003\u0002\u001aE%\u0011a\u0010 \u0002\b%\u0016\fX/Z:u\u0011\u001d\t\t\u0001\u0001C\u0005\u0003\u0007\tA\"[:BkRDwN]5{K\u0012$RaNA\u0003\u0003\u000fAQa\\@A\u0002ADa!!\u0003��\u0001\u0004)\u0016a\u0001:fg\u0002")
/* loaded from: input_file:org/openurp/platform/api/cas/RemoteAuthorizer.class */
public class RemoteAuthorizer implements Authorizer, Initializing {
    private boolean unknownIsProtected = true;
    private final Cache<String, Resource> resources;
    private Set<String> roots;

    public boolean unknownIsProtected() {
        return this.unknownIsProtected;
    }

    public void unknownIsProtected_$eq(boolean z) {
        this.unknownIsProtected = z;
    }

    public Cache<String, Resource> resources() {
        return this.resources;
    }

    public Set<String> roots() {
        return this.roots;
    }

    public void roots_$eq(Set<String> set) {
        this.roots = set;
    }

    public void init() {
        RemoteService$.MODULE$.resources().foreach(tuple2 -> {
            org$openurp$platform$api$cas$RemoteAuthorizer$$$anonfun$1(tuple2);
            return BoxedUnit.UNIT;
        });
        roots_$eq(RemoteService$.MODULE$.roots());
    }

    public boolean isPermitted(Option<Session> option, Request request) {
        boolean isAuthorized;
        boolean isAuthorized2;
        String obj = request.resource().toString();
        Some some = resources().get(obj);
        if (None$.MODULE$.equals(some)) {
            Some resource = RemoteService$.MODULE$.getResource(obj);
            if (None$.MODULE$.equals(resource)) {
                isAuthorized2 = unknownIsProtected() ? !None$.MODULE$.equals(option) : false;
            } else {
                if (!(resource instanceof Some)) {
                    throw new MatchError(resource);
                }
                Resource resource2 = (Resource) resource.x();
                resources().put(obj, resource2);
                isAuthorized2 = isAuthorized(option, resource2);
            }
            isAuthorized = isAuthorized2;
        } else {
            if (!(some instanceof Some)) {
                throw new MatchError(some);
            }
            isAuthorized = isAuthorized(option, (Resource) some.x());
        }
        return isAuthorized;
    }

    private boolean isAuthorized(Option<Session> option, Resource resource) {
        switch (resource.scope()) {
            case 0:
                return true;
            case 1:
                return !None$.MODULE$.equals(option);
            default:
                if (None$.MODULE$.equals(option)) {
                    return false;
                }
                Account principal = ((Session) option.get()).principal();
                return resource.matches((Set) principal.authorities()) || roots().contains(principal.getName());
        }
    }

    public final /* synthetic */ void org$openurp$platform$api$cas$RemoteAuthorizer$$$anonfun$1(Tuple2 tuple2) {
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        resources().put((String) tuple2._1(), (Resource) tuple2._2());
        BoxedUnit boxedUnit = BoxedUnit.UNIT;
    }

    public RemoteAuthorizer(CacheManager cacheManager) {
        this.resources = cacheManager.getCache("security-resources", String.class, Resource.class);
    }
}
