package restx.security;

import com.google.common.base.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import restx.RestxRequest;
import restx.WebException;
import restx.factory.Component;
import restx.http.HttpStatus;

@Component
/* loaded from: input_file:restx/security/StdRestxSecurityManager.class */
public class StdRestxSecurityManager implements RestxSecurityManager {
    private static final Logger logger = LoggerFactory.getLogger(StdRestxSecurityManager.class);

    @Override // restx.security.RestxSecurityManager
    public void check(RestxRequest restxRequest, Permission permission) {
        if (permission == Permissions.open()) {
            return;
        }
        Optional<? extends RestxPrincipal> principal = RestxSession.current().getPrincipal();
        if (!principal.isPresent()) {
            logger.debug("no principal found: request={}", restxRequest);
            throw new WebException(HttpStatus.UNAUTHORIZED);
        }
        Optional<? extends Permission> has = permission.has(principal.get(), restxRequest);
        if (has.isPresent()) {
            logger.debug("permission matched: request={} principal={} perm={}", restxRequest, principal.get(), has.get());
        } else {
            logger.debug("permission not matched: request={} principal={} permission={}", restxRequest, principal.get(), permission);
            throw new WebException(HttpStatus.FORBIDDEN);
        }
    }
}
