package org.seedstack.seed.security.internal.authorization;

import java.util.Arrays;
import java.util.Optional;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.seedstack.seed.core.internal.guice.ProxyUtils;
import org.seedstack.seed.security.AuthorizationException;
import org.seedstack.seed.security.Logical;
import org.seedstack.seed.security.RequiresRoles;

/* loaded from: input_file:org/seedstack/seed/security/internal/authorization/RequiresRolesInterceptor.class */
public class RequiresRolesInterceptor extends AbstractInterceptor implements MethodInterceptor {
    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        Optional<RequiresRoles> findAnnotation = findAnnotation(methodInvocation);
        if (findAnnotation.isPresent()) {
            RequiresRoles requiresRoles = findAnnotation.get();
            String[] value = requiresRoles.value();
            if (value.length == 1) {
                checkRole(value[0]);
            } else if (!hasRoles(value, requiresRoles.logical())) {
                if (Logical.OR.equals(requiresRoles.logical())) {
                    throw new AuthorizationException("User does not have any of the roles to access method " + methodInvocation.getMethod().toString());
                }
                throw new AuthorizationException("Subject doesn't have roles " + Arrays.toString(value));
            }
        }
        return methodInvocation.proceed();
    }

    private Optional<RequiresRoles> findAnnotation(MethodInvocation methodInvocation) {
        RequiresRoles annotation = methodInvocation.getMethod().getAnnotation(RequiresRoles.class);
        if (annotation == null) {
            annotation = (RequiresRoles) ProxyUtils.cleanProxy(methodInvocation.getThis().getClass()).getAnnotation(RequiresRoles.class);
        }
        return Optional.ofNullable(annotation);
    }
}
