package org.sonar.server.permission.ws;

import com.google.common.io.Resources;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.GroupRoleDto;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.computation.step.ExtractReportStepTest;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.permission.PermissionFinder;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.usergroups.ws.UserGroupFinder;
import org.sonar.server.ws.WsActionTester;
import org.sonar.test.DbTests;
import org.sonar.test.JsonAssert;

@Category({DbTests.class})
/* loaded from: input_file:org/sonar/server/permission/ws/GroupsActionTest.class */
public class GroupsActionTest {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);
    ComponentDbTester componentDb = new ComponentDbTester(this.db);
    ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(new String[]{"TRK", "VW", "DEV"});
    DbClient dbClient;
    DbSession dbSession;
    WsActionTester ws;
    GroupsAction underTest;

    @Before
    public void setUp() {
        this.dbClient = this.db.getDbClient();
        this.dbSession = this.db.getSession();
        this.underTest = new GroupsAction(this.dbClient, this.userSession, new PermissionFinder(this.dbClient), new PermissionDependenciesFinder(this.dbClient, new ComponentFinder(this.dbClient), new UserGroupFinder(this.dbClient), this.resourceTypes));
        this.ws = new WsActionTester(this.underTest);
        this.userSession.login("login").setGlobalPermissions("admin");
        GroupDto insertGroup = insertGroup(new GroupDto().setName("group-1-name").setDescription("group-1-description"));
        GroupDto insertGroup2 = insertGroup(new GroupDto().setName("group-2-name").setDescription("group-2-description"));
        GroupDto insertGroup3 = insertGroup(new GroupDto().setName("group-3-name").setDescription("group-3-description"));
        insertGroupRole(new GroupRoleDto().setGroupId(insertGroup.getId()).setRole("scan"));
        insertGroupRole(new GroupRoleDto().setGroupId(insertGroup2.getId()).setRole("scan"));
        insertGroupRole(new GroupRoleDto().setGroupId(insertGroup3.getId()).setRole("admin"));
    }

    @Test
    public void search_for_groups_with_one_permission() {
        JsonAssert.assertJson(this.ws.newRequest().setParam("permission", "scan").execute().getInput()).isSimilarTo(Resources.getResource(getClass(), "GroupsActionTest/groups.json"));
    }

    @Test
    public void search_with_selection() {
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "scan").setParam("selected", WebService.SelectionMode.ALL.value()).execute().getInput()).containsSequence(new CharSequence[]{"Anyone", "group-1", "group-2", "group-3"});
    }

    @Test
    public void search_with_admin_does_not_return_anyone() {
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "admin").setParam("selected", WebService.SelectionMode.ALL.value()).execute().getInput()).containsSequence(new CharSequence[]{"group-1", "group-2", "group-3"}).doesNotContain("Anyone");
    }

    @Test
    public void search_groups_with_pagination() {
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "scan").setParam("ps", ExtractReportStepTest.TASK_UUID).setParam("p", "2").execute().getInput()).contains(new CharSequence[]{"group-2"}).doesNotContain("group-1").doesNotContain("group-3");
    }

    @Test
    public void search_groups_with_query() {
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "scan").setParam("q", "group-").execute().getInput()).contains(new CharSequence[]{"group-1", "group-2"}).doesNotContain("Anyone");
    }

    @Test
    public void search_groups_with_project_permissions() {
        this.dbClient.componentDao().insert(this.dbSession, ComponentTesting.newProjectDto("project-uuid").setKey("project-key"));
        insertGroupRole(new GroupRoleDto().setGroupId(insertGroup(new GroupDto().setName("project-group-name")).getId()).setRole("issueadmin").setResourceId(this.dbClient.componentDao().selectOrFailByUuid(this.dbSession, "project-uuid").getId()));
        this.userSession.login().addProjectUuidPermissions("admin", "project-uuid");
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "issueadmin").setParam("projectId", "project-uuid").execute().getInput()).contains(new CharSequence[]{"project-group-name"}).doesNotContain("group-1").doesNotContain("group-2").doesNotContain("group-3");
    }

    @Test
    public void search_groups_on_views() {
        insertGroupRole(new GroupRoleDto().setGroupId(insertGroup(new GroupDto().setName("project-group-name")).getId()).setRole("issueadmin").setResourceId(this.componentDb.insertComponent(ComponentTesting.newView("view-uuid").setKey("view-key")).getId()));
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "issueadmin").setParam("projectId", "view-uuid").execute().getInput()).contains(new CharSequence[]{"project-group-name"}).doesNotContain("group-1").doesNotContain("group-2").doesNotContain("group-3");
    }

    @Test
    public void fail_if_project_permission_without_project() {
        this.expectedException.expect(BadRequestException.class);
        this.ws.newRequest().setParam("permission", "issueadmin").execute();
    }

    @Test
    public void fail_if_not_logged_in() {
        this.expectedException.expect(UnauthorizedException.class);
        this.userSession.anonymous();
        this.ws.newRequest().setParam("permission", "scan").execute();
    }

    @Test
    public void fail_if_insufficient_privileges() {
        this.expectedException.expect(ForbiddenException.class);
        this.userSession.login("login");
        this.ws.newRequest().setParam("permission", "scan").execute();
    }

    @Test
    public void fail_if_permission_is_not_specified() {
        this.expectedException.expect(IllegalArgumentException.class);
        this.ws.newRequest().execute();
    }

    @Test
    public void fail_if_project_uuid_and_project_key_are_provided() {
        this.expectedException.expect(BadRequestException.class);
        this.dbClient.componentDao().insert(this.dbSession, ComponentTesting.newProjectDto("project-uuid").setKey("project-key"));
        this.ws.newRequest().setParam("permission", "scan").setParam("projectId", "project-uuid").setParam("projectKey", "project-key").execute();
    }

    private GroupDto insertGroup(GroupDto groupDto) {
        GroupDto insert = this.dbClient.groupDao().insert(this.dbSession, groupDto);
        commit();
        return insert;
    }

    private void insertGroupRole(GroupRoleDto groupRoleDto) {
        this.dbClient.roleDao().insertGroupRole(this.dbSession, groupRoleDto);
        commit();
    }

    private void commit() {
        this.dbSession.commit();
    }
}
