package org.jeecgframework.core.interceptors;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.jeecgframework.core.constant.Globals;
import org.jeecgframework.core.util.ContextHolderUtils;
import org.jeecgframework.core.util.ResourceUtil;
import org.jeecgframework.core.util.SqlJsonConvert;
import org.jeecgframework.core.util.oConvertUtils;
import org.jeecgframework.web.system.manager.ClientManager;
import org.jeecgframework.web.system.pojo.base.Client;
import org.jeecgframework.web.system.pojo.base.TSDataRule;
import org.jeecgframework.web.system.pojo.base.TSFunction;
import org.jeecgframework.web.system.pojo.base.TSOperation;
import org.jeecgframework.web.system.pojo.base.TSUser;
import org.jeecgframework.web.system.service.SystemService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

/* loaded from: input_file:org/jeecgframework/core/interceptors/AuthInterceptor.class */
public class AuthInterceptor implements HandlerInterceptor {
    private SystemService systemService;
    private List<String> excludeUrls;
    private static List<TSFunction> functionList;
    private static final Logger logger = Logger.getLogger(AuthInterceptor.class);
    private static List<TSDataRule> MENU_DATA_AUTHOR_RULES = new ArrayList();
    private static String MENU_DATA_AUTHOR_RULE_SQL = "";

    public List<String> getExcludeUrls() {
        return this.excludeUrls;
    }

    public void setExcludeUrls(List<String> list) {
        this.excludeUrls = list;
    }

    public SystemService getSystemService() {
        return this.systemService;
    }

    @Autowired
    public void setSystemService(SystemService systemService) {
        this.systemService = systemService;
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String requestPath = ResourceUtil.getRequestPath(httpServletRequest);
        Client client = ClientManager.getInstance().getClient(ContextHolderUtils.getSession().getId());
        if (client == null) {
            client = ClientManager.getInstance().getClient(httpServletRequest.getParameter("sessionId"));
        }
        if (this.excludeUrls.contains(requestPath)) {
            return true;
        }
        if (client == null || client.getUser() == null) {
            forward(httpServletRequest, httpServletResponse);
            return false;
        }
        if (!hasMenuAuth(httpServletRequest)) {
            httpServletResponse.sendRedirect("loginController.do?noAuth");
            return false;
        }
        List findByProperty = this.systemService.findByProperty(TSFunction.class, "functionUrl", requestPath);
        String id = findByProperty.size() > 0 ? ((TSFunction) findByProperty.get(0)).getId() : "";
        if (!oConvertUtils.isEmpty(id)) {
            httpServletRequest.setAttribute(Globals.OPERATIONCODES, this.systemService.getOperationCodesByUserIdAndFunctionId(client.getUser().getId(), id));
        }
        if (oConvertUtils.isEmpty(id)) {
            return true;
        }
        List findByProperty2 = this.systemService.findByProperty(TSOperation.class, "TSFunction.id", id);
        ArrayList arrayList = new ArrayList();
        if (findByProperty2.size() > 0) {
            Iterator it = findByProperty2.iterator();
            while (it.hasNext()) {
                arrayList.add((TSOperation) it.next());
            }
            Iterator it2 = this.systemService.findListbySql("SELECT operation FROM t_s_role_function fun, t_s_role_user role WHERE  fun.functionid='" + id + "' AND fun.operation!=''  AND fun.roleid=role.roleid AND role.userid='" + client.getUser().getId() + "' ").iterator();
            while (it2.hasNext()) {
                for (String str : ((String) it2.next()).split(",")) {
                    String replaceAll = str.replaceAll(" ", "");
                    TSOperation tSOperation = new TSOperation();
                    tSOperation.setId(replaceAll);
                    arrayList.remove(tSOperation);
                }
            }
        }
        httpServletRequest.setAttribute(Globals.NOAUTO_OPERATIONCODES, arrayList);
        Set<String> operationCodesByUserIdAndDataId = this.systemService.getOperationCodesByUserIdAndDataId(client.getUser().getId(), id);
        httpServletRequest.setAttribute("dataRulecodes", operationCodesByUserIdAndDataId);
        Iterator<String> it3 = operationCodesByUserIdAndDataId.iterator();
        while (it3.hasNext()) {
            TSDataRule tSDataRule = (TSDataRule) this.systemService.getEntity(TSDataRule.class, it3.next());
            MENU_DATA_AUTHOR_RULES.add(tSDataRule);
            MENU_DATA_AUTHOR_RULE_SQL += SqlJsonConvert.setSqlModel(tSDataRule);
        }
        httpServletRequest.setAttribute("MENU_DATA_AUTHOR_RULES", MENU_DATA_AUTHOR_RULES);
        httpServletRequest.setAttribute("MENU_DATA_AUTHOR_RULE_SQL", MENU_DATA_AUTHOR_RULE_SQL);
        return true;
    }

    private boolean hasMenuAuth(HttpServletRequest httpServletRequest) {
        String requestPath = ResourceUtil.getRequestPath(httpServletRequest);
        boolean z = false;
        if (functionList == null) {
            functionList = this.systemService.loadAll(TSFunction.class);
        }
        Iterator<TSFunction> it = functionList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TSFunction next = it.next();
            if (next.getFunctionUrl() != null && next.getFunctionUrl().startsWith(requestPath)) {
                z = true;
                break;
            }
        }
        if (!z) {
            return true;
        }
        String string = oConvertUtils.getString(httpServletRequest.getParameter("clickFunctionId"));
        if (!z && (requestPath.indexOf("loginController.do") != -1 || string.length() == 0)) {
            return true;
        }
        TSUser user = ClientManager.getInstance().getClient(ContextHolderUtils.getSession().getId()).getUser();
        if (this.systemService.findListbySql("SELECT DISTINCT f.id FROM t_s_function f,t_s_role_function  rf,t_s_role_user ru  WHERE f.id=rf.functionid AND rf.roleid=ru.roleid AND ru.userid='" + user.getId() + "' AND f.functionurl like '" + requestPath + "%'").size() == 0) {
            return this.systemService.findListbySql(new StringBuilder().append("SELECT DISTINCT f.id from t_s_function f, t_s_role_function rf, t_s_role_org ro  WHERE f.ID=rf.functionid AND rf.roleid=ro.role_id AND ro.org_id='").append(user.getCurrentDepart().getId()).append("' AND f.functionurl like '").append(requestPath).append("%'").toString()).size() > 0;
        }
        return true;
    }

    @RequestMapping(params = {"forword"})
    public ModelAndView forword(HttpServletRequest httpServletRequest) {
        return new ModelAndView(new RedirectView("loginController.do?login"));
    }

    private void forward(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.getRequestDispatcher("webpage/login/timeout.jsp").forward(httpServletRequest, httpServletResponse);
    }
}
