package com.yutou.tools.AuthConfig;

import com.alibaba.fastjson.JSONArray;
import com.yutou.tools.mybatis.dao.PermissionDao;
import com.yutou.tools.mybatis.dao.UKeyDao;
import com.yutou.tools.mybatis.model.Permission;
import com.yutou.tools.mybatis.model.PermissionExample;
import com.yutou.tools.mybatis.model.UKey;
import com.yutou.tools.mybatis.model.UKeyExample;
import com.yutou.tools.utils.RedisTools;
import com.yutou.tools.utils.Tools;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.stereotype.Component;

import java.util.Collection;
import java.util.List;

@Component
public class RoleAccessDecisionManager implements AccessDecisionManager {
    UKeyDao keyDao;
    PermissionDao permissionDao;

    @Autowired
    public RoleAccessDecisionManager(UKeyDao keyDao, PermissionDao permissionDao) {
        this.keyDao = keyDao;
        this.permissionDao = permissionDao;
    }


    @Override
    public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        String url= ((FilterInvocation) o).getHttpRequest().getRequestURI();
        String token=((FilterInvocation) o).getHttpRequest().getParameter("token");
        String musicShare=((FilterInvocation) o).getHttpRequest().getParameter("share");

        switch (url){
            case "/login/sendCaptcha.do":
            case "/login/check.do":
                return;
        }
        if(url.startsWith("/public/")){
            return;
        }
       if(!Tools.isAdminLogin()){
           String redis=RedisTools.get(musicShare);
           if(redis!=null&&!"-999".equals(redis)){
               authentication.setAuthenticated(true);
               return;
           }
           if(token==null){
               error();
               return;
           }
           try {
               url = url.split(url.split("/")[url.split("/").length - 1])[0];
           } catch (Exception e) {
               error();
               return;
           }
           UKeyExample example = new UKeyExample();
           example.createCriteria().andKeyEqualTo(token);
           List<UKey> list = keyDao.selectByExample(example);
           if(list.isEmpty()){
               error();
               return;
           }
           UKey key = list.get(0);
           JSONArray powers = JSONArray.parseArray(key.getPower());
           if(powers.toJavaList(String.class).contains("-1")){
              return;
           }
           PermissionExample pExample = new PermissionExample();
           pExample.createCriteria().andUrlEqualTo(url);
           List<Permission> permissions = permissionDao.selectByExample(pExample);
           if (!permissions.isEmpty()) {
               if (!powers.toJavaList(String.class).contains(permissions.get(0).getId()+"")) {
                   error();
               }else{
                   authentication.setAuthenticated(true);
               }
           }else{
               error();
           }
       }
    }

    private void error() {
        System.out.println("无权限跳转");
        throw new AccessDeniedException("/");
    }

    @Override
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return true;
    }
}