package org.sonar.server.permission.ws.template;

import com.google.common.base.Function;
import com.google.common.collect.FluentIterable;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.GroupWithPermissionDto;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.PermissionTemplateDto;
import org.sonar.db.permission.PermissionTemplateTesting;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.GroupTesting;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.permission.ws.PermissionDependenciesFinder;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.usergroups.ws.UserGroupFinder;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.WsActionTester;
import org.sonar.test.DbTests;

@Category({DbTests.class})
/* loaded from: input_file:org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest.class */
public class AddGroupToTemplateActionTest {
    private static final String GROUP_NAME = "group-name";

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();
    ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(new String[]{"TRK", "VW", "DEV"});
    WsActionTester ws;
    DbClient dbClient;
    DbSession dbSession;
    GroupDto group;
    PermissionTemplateDto permissionTemplate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/server/permission/ws/template/AddGroupToTemplateActionTest$GroupWithPermissionToGroupName.class */
    public enum GroupWithPermissionToGroupName implements Function<GroupWithPermissionDto, String> {
        INSTANCE;

        public String apply(@Nonnull GroupWithPermissionDto groupWithPermissionDto) {
            return groupWithPermissionDto.getName();
        }
    }

    @Before
    public void setUp() {
        this.dbClient = this.db.getDbClient();
        this.dbSession = this.db.getSession();
        this.userSession.login().setGlobalPermissions("admin");
        this.ws = new WsActionTester(new AddGroupToTemplateAction(this.dbClient, new PermissionDependenciesFinder(this.dbClient, new ComponentFinder(this.dbClient), new UserGroupFinder(this.dbClient), this.resourceTypes), this.userSession));
        this.group = insertGroup(GroupTesting.newGroupDto().setName(GROUP_NAME));
        this.permissionTemplate = insertPermissionTemplate(PermissionTemplateTesting.newPermissionTemplateDto());
        commit();
    }

    @Test
    public void add_group_to_template() {
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), "codeviewer");
        Assertions.assertThat(getGroupNamesInTemplateAndPermission(this.permissionTemplate.getId().longValue(), "codeviewer")).containsExactly(new String[]{GROUP_NAME});
    }

    @Test
    public void add_group_to_template_by_name() {
        this.ws.newRequest().setParam("groupName", GROUP_NAME).setParam("permission", "codeviewer").setParam("templateName", this.permissionTemplate.getName().toUpperCase()).execute();
        commit();
        Assertions.assertThat(getGroupNamesInTemplateAndPermission(this.permissionTemplate.getId().longValue(), "codeviewer")).containsExactly(new String[]{GROUP_NAME});
    }

    @Test
    public void add_with_group_id() {
        this.ws.newRequest().setParam("templateId", this.permissionTemplate.getUuid()).setParam("permission", "codeviewer").setParam("groupId", String.valueOf(this.group.getId())).execute();
        Assertions.assertThat(getGroupNamesInTemplateAndPermission(this.permissionTemplate.getId().longValue(), "codeviewer")).containsExactly(new String[]{GROUP_NAME});
    }

    @Test
    public void does_not_add_a_group_twice() {
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), "issueadmin");
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), "issueadmin");
        Assertions.assertThat(getGroupNamesInTemplateAndPermission(this.permissionTemplate.getId().longValue(), "issueadmin")).containsExactly(new String[]{GROUP_NAME});
    }

    @Test
    public void add_anyone_group_to_template() {
        newRequest("Anyone", this.permissionTemplate.getUuid(), "codeviewer");
        Assertions.assertThat(getGroupNamesInTemplateAndPermission(this.permissionTemplate.getId().longValue(), "codeviewer")).containsExactly(new String[]{"Anyone"});
    }

    @Test
    public void fail_if_add_anyone_group_to_admin_permission() {
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage(String.format("It is not possible to add the '%s' permission to the '%s' group.", "admin", "Anyone"));
        newRequest("Anyone", this.permissionTemplate.getUuid(), "admin");
    }

    @Test
    public void fail_if_not_a_project_permission() {
        this.expectedException.expect(BadRequestException.class);
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), "provisioning");
    }

    @Test
    public void fail_if_insufficient_privileges() {
        this.expectedException.expect(ForbiddenException.class);
        this.userSession.setGlobalPermissions("profileadmin");
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), "codeviewer");
    }

    @Test
    public void fail_if_not_logged_in() {
        this.expectedException.expect(UnauthorizedException.class);
        this.userSession.anonymous();
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), "codeviewer");
    }

    @Test
    public void fail_if_group_params_missing() {
        this.expectedException.expect(BadRequestException.class);
        newRequest(null, this.permissionTemplate.getUuid(), "codeviewer");
    }

    @Test
    public void fail_if_permission_missing() {
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest(GROUP_NAME, this.permissionTemplate.getUuid(), null);
    }

    @Test
    public void fail_if_template_uuid_and_name_missing() {
        this.expectedException.expect(BadRequestException.class);
        newRequest(GROUP_NAME, null, "codeviewer");
    }

    @Test
    public void fail_if_group_does_not_exist() {
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Group with name 'unknown-group-name' is not found");
        newRequest("unknown-group-name", this.permissionTemplate.getUuid(), "codeviewer");
    }

    @Test
    public void fail_if_template_key_does_not_exist() {
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
        newRequest(GROUP_NAME, "unknown-key", "codeviewer");
    }

    private void newRequest(@Nullable String str, @Nullable String str2, @Nullable String str3) {
        TestRequest newRequest = this.ws.newRequest();
        if (str != null) {
            newRequest.setParam("groupName", str);
        }
        if (str2 != null) {
            newRequest.setParam("templateId", str2);
        }
        if (str3 != null) {
            newRequest.setParam("permission", str3);
        }
        newRequest.execute();
    }

    private void commit() {
        this.dbSession.commit();
    }

    private GroupDto insertGroup(GroupDto groupDto) {
        return this.dbClient.groupDao().insert(this.dbSession, groupDto);
    }

    private PermissionTemplateDto insertPermissionTemplate(PermissionTemplateDto permissionTemplateDto) {
        return this.dbClient.permissionTemplateDao().insert(this.dbSession, permissionTemplateDto);
    }

    private List<String> getGroupNamesInTemplateAndPermission(long j, String str) {
        return FluentIterable.from(this.dbClient.permissionTemplateDao().selectGroups(this.dbSession, PermissionQuery.builder().permission(str).membership("IN").build(), Long.valueOf(j))).transform(GroupWithPermissionToGroupName.INSTANCE).toList();
    }
}
