package io.nerv.core.auth.security.provider;

import cn.hutool.core.collection.CollUtil;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Collection;
import java.util.Map;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Component;
import org.springframework.web.util.UrlPathHelper;

@Component
/* loaded from: input_file:io/nerv/core/auth/security/provider/DynamiclAccessDecisionManager.class */
public final class DynamiclAccessDecisionManager implements AuthorizationManager<RequestAuthorizationContext> {
    private static final Logger log = LoggerFactory.getLogger(DynamiclAccessDecisionManager.class);
    private final SecurityMetadataSource securityMetadataSource;

    public AuthorizationDecision check(Supplier<Authentication> supplier, RequestAuthorizationContext requestAuthorizationContext) {
        try {
            Collection authorities = supplier.get().getAuthorities();
            Map variables = requestAuthorizationContext.getVariables();
            HttpServletRequest request = requestAuthorizationContext.getRequest();
            String pathWithinApplication = new UrlPathHelper().getPathWithinApplication(request);
            log.info(" ：：权限决策 ：：");
            log.info(" 请求地址: [{}] , 当前权限： [{}] , 携带参数: [{}] ", new Object[]{pathWithinApplication, authorities, variables});
            if (!request.getMethod().equals(HttpMethod.OPTIONS) && !CollUtil.isNotEmpty(this.securityMetadataSource.getAttributes(requestAuthorizationContext))) {
                return new AuthorizationDecision(false);
            }
            return new AuthorizationDecision(true);
        } catch (AccessDeniedException e) {
            return new AuthorizationDecision(false);
        }
    }

    public DynamiclAccessDecisionManager(SecurityMetadataSource securityMetadataSource) {
        this.securityMetadataSource = securityMetadataSource;
    }

    public /* bridge */ /* synthetic */ AuthorizationDecision check(Supplier supplier, Object obj) {
        return check((Supplier<Authentication>) supplier, (RequestAuthorizationContext) obj);
    }
}
