package com.enation.app.javashop.core.security.admin;

import com.enation.app.javashop.framework.context.user.AdminUserContext;
import java.util.Collection;
import java.util.Iterator;
import java.util.regex.Pattern;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-impl-7.2.1-SNAPSHOT.jar:com/enation/app/javashop/core/security/admin/AdminAccessDecisionManager.class */
public class AdminAccessDecisionManager implements AccessDecisionManager {
    @Override // org.springframework.security.access.AccessDecisionManager
    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        String requestUrl = ((FilterInvocation) obj).getRequestUrl();
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        if (Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(antPathMatcher.match("/swagger-ui.html", requestUrl)).booleanValue() || antPathMatcher.match("/v2/api-docs**", requestUrl)).booleanValue() || antPathMatcher.match("/configuration/ui", requestUrl)).booleanValue() || antPathMatcher.match("/swagger-resources/**", requestUrl)).booleanValue() || antPathMatcher.match("/webjars/**", requestUrl)).booleanValue() || antPathMatcher.match("/configuration/security", requestUrl)).booleanValue() || antPathMatcher.match("/admin/self-service/**", requestUrl)).booleanValue()) {
            return;
        }
        if (Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(Boolean.valueOf(antPathMatcher.match("/admin/systems/admin-users/login**", requestUrl)).booleanValue() || antPathMatcher.match("/admin/systems/admin-users/token**", requestUrl)).booleanValue() || antPathMatcher.match("/admin/systems/admin-users/logout**", requestUrl)).booleanValue() || antPathMatcher.match("/admin/live-video/room/store**", requestUrl)).booleanValue()) {
            return;
        }
        if (AdminUserContext.getAdmin() == null || !adminRolesChecked(requestUrl)) {
            if (CollectionUtils.isEmpty(collection)) {
                throw new AccessDeniedException("not allow");
            }
            Iterator<ConfigAttribute> it = collection.iterator();
            while (it.hasNext()) {
                String attribute = it.next().getAttribute();
                for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
                    if ("ROLE_SUPER_ADMIN".equals(grantedAuthority.getAuthority()) || grantedAuthority.getAuthority().equals(attribute)) {
                        return;
                    }
                }
            }
            throw new AccessDeniedException("not allow");
        }
    }

    private boolean adminRolesChecked(String str) {
        if ("/admin/index/page".equals(str)) {
            return true;
        }
        return (((Pattern.matches("/admin/systems/roles/[1-9].*", str) || Pattern.matches("/regions/[1-9].*", str)) || Pattern.matches("/uploaders.*", str)) || Pattern.matches("/admin/stores.*", str)) || Pattern.matches("/admin/index/page.*", str);
    }

    @Override // org.springframework.security.access.AccessDecisionManager
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionManager
    public boolean supports(Class<?> cls) {
        return true;
    }
}
