package datart.security.manager.shiro;

import datart.core.entity.RelRoleResource;
import datart.core.entity.Role;
import datart.core.entity.User;
import datart.core.mappers.ext.RelRoleResourceMapperExt;
import datart.core.mappers.ext.RoleMapperExt;
import datart.core.mappers.ext.UserMapperExt;
import datart.security.base.RoleType;
import datart.security.manager.PermissionDataCache;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:datart/security/manager/shiro/DatartRealm.class */
public class DatartRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger(DatartRealm.class);
    private final UserMapperExt userMapper;
    private final RoleMapperExt roleMapper;
    private final RelRoleResourceMapperExt rrrMapper;
    private final PermissionDataCache permissionDataCache;
    private final PasswordCredentialsMatcher passwordCredentialsMatcher;

    public DatartRealm(UserMapperExt userMapperExt, RoleMapperExt roleMapperExt, RelRoleResourceMapperExt relRoleResourceMapperExt, PermissionDataCache permissionDataCache, PasswordCredentialsMatcher passwordCredentialsMatcher) {
        this.userMapper = userMapperExt;
        this.roleMapper = roleMapperExt;
        this.rrrMapper = relRoleResourceMapperExt;
        this.permissionDataCache = permissionDataCache;
        this.passwordCredentialsMatcher = passwordCredentialsMatcher;
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return true;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo authorizationInfo = this.permissionDataCache.getAuthorizationInfo();
        if (authorizationInfo != null) {
            return authorizationInfo;
        }
        String id = ((User) principalCollection.getPrimaryPrincipal()).getId();
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        for (Role role : this.roleMapper.selectByOrgAndUser(this.permissionDataCache.getCurrentOrg(), id)) {
            if (role.getType().equals(RoleType.ORG_OWNER.name())) {
                addOrgOwnerRoleAndPermission(simpleAuthorizationInfo, role);
            }
        }
        for (RelRoleResource relRoleResource : this.rrrMapper.listByOrgAndUser(this.permissionDataCache.getCurrentOrg(), id)) {
            simpleAuthorizationInfo.addStringPermissions(ShiroSecurityManager.toShiroPermissionString(relRoleResource.getOrgId(), relRoleResource.getRoleId(), relRoleResource.getResourceType(), relRoleResource.getResourceId(), relRoleResource.getPermission().intValue()));
        }
        this.permissionDataCache.setAuthorizationInfo(simpleAuthorizationInfo);
        return simpleAuthorizationInfo;
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        SimpleAuthenticationInfo authenticationInfo = this.permissionDataCache.getAuthenticationInfo();
        if (authenticationInfo != null) {
            return authenticationInfo;
        }
        User selectByNameOrEmail = this.userMapper.selectByNameOrEmail(((UsernamePasswordToken) authenticationToken).getUsername());
        if (selectByNameOrEmail == null) {
            return null;
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(selectByNameOrEmail, selectByNameOrEmail.getPassword(), getName());
        this.permissionDataCache.setAuthenticationInfo(simpleAuthenticationInfo);
        return simpleAuthenticationInfo;
    }

    public CredentialsMatcher getCredentialsMatcher() {
        return this.passwordCredentialsMatcher;
    }

    private void addOrgOwnerRoleAndPermission(SimpleAuthorizationInfo simpleAuthorizationInfo, Role role) {
        simpleAuthorizationInfo.addRole(ShiroSecurityManager.toShiroRoleString(role.getType(), role.getOrgId()));
        simpleAuthorizationInfo.addStringPermission(ShiroSecurityManager.toShiroPermissionString(role.getOrgId(), "*", "*", "*"));
    }
}
