package cn.zsyy.admin;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import cn.sxt.db.Dao;


@WebFilter("/admin/*")
public class AdminFilter implements Filter {

    
    public AdminFilter() {
        // TODO Auto-generated constructor stub
    }
	
	@Override
	public void destroy() {
		
	}

	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 */
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		System.out.println("admin filter");
		//获取路径信息
		HttpServletRequest req=(HttpServletRequest) request;
		String servletPath=req.getServletPath();
		System.out.println(servletPath);
		
		//--通过路径匹配判断是否放行，除注册、登录页面外，其他页面都需要进行注册登录判断和权限判断
		if(servletPath.equals("/admin/login")||servletPath.equals("/admin/register")){
			chain.doFilter(request, response);
		}else {
			//获取session对象
			HttpSession session=req.getSession();
			//如果已登录就放行
			if(session.getAttribute("username")!=null){
				String username=(String) session.getAttribute("username");
				//查找此用户的用户类型
				String sqlStr="select * from user where username = ?";
				String[] params={username};
				ArrayList<HashMap<String, Object>> res=Dao.query(sqlStr, params);
				HashMap<String, Object> user=res.get(0);
				//根据访问权限进行判断，如果有直接访问，如果没有提示没有访问权限，并跳转到登录界面
				if(user.get("userType").equals("admin")){
					chain.doFilter(request, response);
				}else {
					req.setAttribute("httpUrl", "/admin/login");
					req.setAttribute("info", "您没有访问权限，请联系后台管理人员，即将跳转至登录界面！");
					req.setAttribute("title", "访问失败！");
					req.getRequestDispatcher("/admin/info.jsp").forward(req, response);
					
				}
			}else {
			//如果没有登录
				req.setAttribute("httpUrl", "/admin/login");
				req.setAttribute("info", "您尚未登录，即将跳转至登录界面！");
				req.setAttribute("title", "请登录！");
				req.getRequestDispatcher("/admin/info.jsp").forward(req, response);
			}
		}
		
	}

	/**
	 * @see Filter#init(FilterConfig)
	 */
	@Override
	public void init(FilterConfig fConfig) throws ServletException {
		
	}

}