package com.manydesigns.portofino.dispatcher.security;

import java.util.Collections;
import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.aop.PermissionAnnotationMethodInterceptor;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/manydesigns/portofino/dispatcher/security/ResourceMethodInterceptor.class */
public class ResourceMethodInterceptor extends PermissionAnnotationMethodInterceptor {
    protected static final Logger logger = LoggerFactory.getLogger(PermissionAnnotationMethodInterceptor.class);

    public void assertAuthorized(MethodInvocation methodInvocation) throws AuthorizationException {
        if (!(methodInvocation.getThis() instanceof SecureResource)) {
            super.assertAuthorized(methodInvocation);
            return;
        }
        RequiresPermissions annotation = getAnnotation(methodInvocation);
        String[] value = annotation.value();
        boolean z = annotation.logical() == Logical.AND || value.length == 0;
        ResourcePermissions permissions = ((SecureResource) methodInvocation.getThis()).getPermissions();
        for (String str : value) {
            OperationPermission permission = permissions.getPermission(new WildcardPermission(str));
            if (annotation.logical() != Logical.AND) {
                z |= isPermitted(permission);
            } else if (!isPermitted(permission)) {
                notPermitted(methodInvocation);
            }
        }
        if (z) {
            return;
        }
        notPermitted(methodInvocation);
    }

    protected void notPermitted(MethodInvocation methodInvocation) {
        logger.debug("Subject not authorized according to resource and role permissions. Checking default permissions.");
        super.assertAuthorized(methodInvocation);
    }

    protected boolean isPermitted(OperationPermission operationPermission) {
        return getSubject().isAuthenticated() ? getSubject().isPermitted(operationPermission) : new RolesPermission(Collections.singleton("")).implies(operationPermission);
    }
}
