package org.sonar.server.user;

import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.user.GroupRoleDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserPermissionDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.exceptions.ForbiddenException;

/* loaded from: input_file:org/sonar/server/user/ServerUserSessionTest.class */
public class ServerUserSessionTest {
    static final String LOGIN = "marius";
    static final String PROJECT_UUID = "ABCD";
    static final String FILE_KEY = "com.foo:Bar:BarFile.xoo";
    static final String FILE_UUID = "BCDE";

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    ComponentDbTester componentDbTester = new ComponentDbTester(this.dbTester);
    DbClient dbClient = this.dbTester.getDbClient();
    DbSession dbSession = this.dbTester.getSession();
    UserDto userDto = UserTesting.newUserDto().setLogin(LOGIN);
    ComponentDto project;
    ComponentDto file;

    @Before
    public void setUp() throws Exception {
        this.project = this.componentDbTester.insertComponent(ComponentTesting.newProjectDto("ABCD"));
        this.file = this.componentDbTester.insertComponent(ComponentTesting.newFileDto(this.project, "BCDE").setKey(FILE_KEY));
        this.dbClient.userDao().insert(this.dbSession, this.userDto);
        this.dbSession.commit();
    }

    @Test
    public void has_global_permission() {
        addGlobalPermissions("admin", "profileadmin");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasPermission("profileadmin")).isTrue();
        Assertions.assertThat(newUserSession.hasPermission("admin")).isTrue();
        Assertions.assertThat(newUserSession.hasPermission("shareDashboard")).isFalse();
    }

    @Test
    public void check_global_Permission_ok() {
        addGlobalPermissions("admin", "profileadmin");
        newUserSession(this.userDto).checkPermission("profileadmin");
    }

    @Test
    public void check_global_Permission_ko() {
        addGlobalPermissions("admin", "profileadmin");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        this.expectedException.expect(ForbiddenException.class);
        newUserSession.checkPermission("shareDashboard");
    }

    @Test
    public void has_component_permission() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentPermission("user", FILE_KEY)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentPermission("codeviewer", FILE_KEY)).isFalse();
        Assertions.assertThat(newUserSession.hasComponentPermission("admin", FILE_KEY)).isFalse();
    }

    @Test
    public void has_component_uuid_permission() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("user", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("codeviewer", "BCDE")).isFalse();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("admin", "BCDE")).isFalse();
    }

    @Test
    public void has_component_permission_with_only_global_permission() {
        addGlobalPermissions("user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentPermission("user", FILE_KEY)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentPermission("codeviewer", FILE_KEY)).isFalse();
        Assertions.assertThat(newUserSession.hasComponentPermission("admin", FILE_KEY)).isFalse();
    }

    @Test
    public void has_component_uuid_permission_with_only_global_permission() {
        addGlobalPermissions("user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("user", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("codeviewer", "BCDE")).isFalse();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("admin", "BCDE")).isFalse();
    }

    @Test
    public void check_component_key_permission_ok() {
        addProjectPermissions(this.project, "user");
        newUserSession(this.userDto).checkComponentPermission("user", FILE_KEY);
    }

    @Test
    public void check_component_key_permission_with_only_global_permission_ok() {
        addGlobalPermissions("user");
        newUserSession(this.userDto).checkComponentPermission("user", FILE_KEY);
    }

    @Test
    public void check_component_key_permission_ko() {
        ComponentDto insertComponent = this.componentDbTester.insertComponent(ComponentTesting.newFileDto(this.componentDbTester.insertComponent(ComponentTesting.newProjectDto())));
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        this.expectedException.expect(ForbiddenException.class);
        newUserSession.checkComponentPermission("user", insertComponent.getKey());
    }

    @Test
    public void check_component_uuid_permission_ok() {
        addProjectPermissions(this.project, "user");
        newUserSession(this.userDto).checkComponentUuidPermission("user", "BCDE");
    }

    @Test
    public void check_component_uuid_permission_ko() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        this.expectedException.expect(ForbiddenException.class);
        newUserSession.checkComponentUuidPermission("user", "another-uuid");
    }

    @Test
    public void check_component_key_permission_when_project_not_found() {
        ComponentDto insertComponent = this.componentDbTester.insertComponent(ComponentTesting.newFileDto(this.componentDbTester.insertComponent(ComponentTesting.newProjectDto())).setProjectUuid("INVALID"));
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        this.expectedException.expect(ForbiddenException.class);
        newUserSession.checkComponentPermission("user", insertComponent.getKey());
    }

    @Test
    public void check_component_dto_permission_ko() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        this.expectedException.expect(ForbiddenException.class);
        newUserSession.checkComponentPermission("user", "another");
    }

    @Test
    public void deprecated_has_global_permission() throws Exception {
        addGlobalPermissions("profileadmin", "admin");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasGlobalPermission("profileadmin")).isTrue();
        Assertions.assertThat(newUserSession.hasGlobalPermission("admin")).isTrue();
        Assertions.assertThat(newUserSession.hasGlobalPermission("shareDashboard")).isFalse();
    }

    @Test
    public void deprecated_check_global_permission() throws Exception {
        addGlobalPermissions("profileadmin", "admin");
        newUserSession(this.userDto).checkGlobalPermission("profileadmin");
    }

    @Test
    public void fail_if_user_dto_is_null() throws Exception {
        this.expectedException.expect(NullPointerException.class);
        newUserSession(null);
    }

    @Test
    public void anonymous_user() throws Exception {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.getLogin()).isNull();
        Assertions.assertThat(newAnonymousSession.isLoggedIn()).isFalse();
    }

    @Test
    public void has_global_permission_for_anonymous() throws Exception {
        addAnonymousPermissions(null, "profileadmin", "admin");
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.getLogin()).isNull();
        Assertions.assertThat(newAnonymousSession.isLoggedIn()).isFalse();
        Assertions.assertThat(newAnonymousSession.hasPermission("profileadmin")).isTrue();
        Assertions.assertThat(newAnonymousSession.hasPermission("admin")).isTrue();
        Assertions.assertThat(newAnonymousSession.hasPermission("shareDashboard")).isFalse();
    }

    @Test
    public void has_project_permission_for_anonymous() throws Exception {
        addAnonymousPermissions(this.project, "user");
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.hasComponentPermission("user", FILE_KEY)).isTrue();
        Assertions.assertThat(newAnonymousSession.hasComponentPermission("codeviewer", FILE_KEY)).isFalse();
        Assertions.assertThat(newAnonymousSession.hasComponentPermission("admin", FILE_KEY)).isFalse();
    }

    private ServerUserSession newUserSession(UserDto userDto) {
        return ServerUserSession.createForUser(this.dbClient, userDto);
    }

    private ServerUserSession newAnonymousSession() {
        return ServerUserSession.createForAnonymous(this.dbClient);
    }

    private void addGlobalPermissions(String... strArr) {
        addPermissions(null, strArr);
    }

    private void addProjectPermissions(ComponentDto componentDto, String... strArr) {
        addPermissions(componentDto, strArr);
    }

    private void addPermissions(@Nullable ComponentDto componentDto, String... strArr) {
        for (String str : strArr) {
            this.dbClient.roleDao().insertUserRole(this.dbSession, new UserPermissionDto().setPermission(str).setComponentId(componentDto == null ? null : componentDto.getId()).setUserId(this.userDto.getId()));
        }
        this.dbSession.commit();
    }

    private void addAnonymousPermissions(@Nullable ComponentDto componentDto, String... strArr) {
        for (String str : strArr) {
            this.dbClient.roleDao().insertGroupRole(this.dbSession, new GroupRoleDto().setRole(str).setResourceId(componentDto == null ? null : componentDto.getId()));
        }
        this.dbSession.commit();
    }
}
