package com.gtis.fileCenter.web;

import com.gtis.config.AppConfig;
import com.gtis.fileCenter.Constants;
import com.gtis.fileCenter.ex.NoPermissionException;
import com.gtis.fileCenter.ex.NodeNotFoundException;
import com.gtis.fileCenter.model.Space;
import com.gtis.fileCenter.service.NodeService;
import com.gtis.generic.security.Helper;
import com.gtis.generic.security.User;
import com.gtis.generic.util.SessionUtils;
import java.util.ArrayList;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:WEB-INF/classes/com/gtis/fileCenter/web/NodePermissionInterceptor.class */
public class NodePermissionInterceptor extends HandlerInterceptorAdapter {
    private static final String[] CHECK_ID_NAMES = {Constants.NODE_ID, Constants.SRC_NODE_ID, Constants.DEST_NODE_ID, Constants.PARENT_NODE_ID};

    @Autowired
    private NodeService nodeService;

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (AppConfig.getBooleanProperty("token.permission.close", false)) {
            return true;
        }
        String parameter = httpServletRequest.getParameter(Constants.TOKEN);
        User currentUser = Helper.getCurrentUser();
        ArrayList arrayList = new ArrayList();
        for (String str : CHECK_ID_NAMES) {
            String[] parameterValues = httpServletRequest.getParameterValues(str);
            if (parameterValues != null && parameterValues.length > 0) {
                for (String str2 : parameterValues) {
                    try {
                        if (StringUtils.isNotBlank(str2)) {
                            arrayList.add(Integer.valueOf(str2));
                        }
                    } catch (NumberFormatException e) {
                        throw new NodeNotFoundException(str2);
                    }
                }
            }
        }
        if (arrayList.size() == 0) {
            return true;
        }
        if (parameter != null) {
            SecurityContextHolder.clearContext();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                Integer num = (Integer) it.next();
                if (!this.nodeService.hasPermission(parameter, num)) {
                    throw new NoPermissionException(num);
                }
            }
            return true;
        }
        if (currentUser == null) {
            throw new NoPermissionException("no permission to access node:" + arrayList);
        }
        if (currentUser.isAdmin()) {
            return true;
        }
        Space space = (Space) SessionUtils.get(httpServletRequest, Constants.PERSONAL_SPACE);
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            Integer num2 = (Integer) it2.next();
            if (!this.nodeService.isChildNode(space.getId(), num2) && !space.getId().equals(num2)) {
                throw new NoPermissionException(num2);
            }
        }
        return true;
    }
}
