package com.vortex.jiangyin.security;

import com.vortex.jiangyin.commons.exception.IllegalAccessOperationException;
import com.vortex.jiangyin.user.service.ResourceService;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Aspect
/* loaded from: input_file:com/vortex/jiangyin/security/AnnotationSecuredOperationAspect.class */
public class AnnotationSecuredOperationAspect implements InitializingBean {
    private ResourceService resourceService;
    private Map<Method, String> methodCodes = new HashMap();

    @Pointcut("@annotation(com.vortex.jiangyin.security.SecuredResource)")
    public void pointCut() {
    }

    @Before("pointCut()")
    public void securityOperationCheck(JoinPoint joinPoint) throws Throwable {
        MethodSignature signature = joinPoint.getSignature();
        if (signature instanceof MethodSignature) {
            Method method = signature.getMethod();
            ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
            if (requestAttributes instanceof ServletRequestAttributes) {
                String header = requestAttributes.getRequest().getHeader("X-UserId");
                if (StringUtils.hasText(header)) {
                    Long valueOf = Long.valueOf(Long.parseLong(header));
                    String code = ((SecuredResource) method.getAnnotation(SecuredResource.class)).code();
                    if (!this.resourceService.hasAuthority(valueOf, code)) {
                        throw new IllegalAccessOperationException(String.format("用户（id：%d）无操作资源（code：%s）权限", valueOf, code));
                    }
                }
            }
        }
    }

    public void setResourceService(ResourceService resourceService) {
        this.resourceService = resourceService;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.resourceService == null) {
            throw new IllegalArgumentException("resourceService required");
        }
    }
}
