package org.sonar.server.permission.ws;

import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.component.ResourceTypesRule;
import org.sonar.db.permission.PermissionDbTester;
import org.sonar.db.user.UserDbTester;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserPermissionDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.component.ComponentFinder;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.usergroups.ws.UserGroupFinder;
import org.sonar.server.ws.WsActionTester;
import org.sonar.test.JsonAssert;

/* loaded from: input_file:org/sonar/server/permission/ws/UsersActionTest.class */
public class UsersActionTest {
    WsActionTester ws;
    UsersAction underTest;

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);
    DbClient dbClient = this.db.getDbClient();
    DbSession dbSession = this.db.getSession();
    UserDbTester userDb = new UserDbTester(this.db);
    PermissionDbTester permissionDb = new PermissionDbTester(this.db);
    ComponentDbTester componentDbTester = new ComponentDbTester(this.db);
    ResourceTypesRule resourceTypes = new ResourceTypesRule().setRootQualifiers(new String[]{"TRK", "VW", "DEV"});

    @Before
    public void setUp() {
        this.underTest = new UsersAction(this.dbClient, this.userSession, new PermissionDependenciesFinder(this.dbClient, new ComponentFinder(this.dbClient), new UserGroupFinder(this.dbClient), this.resourceTypes));
        this.ws = new WsActionTester(this.underTest);
        this.userSession.login("login").setGlobalPermissions("admin");
    }

    @Test
    public void search_for_users_with_response_example() {
        UserDto insertUser = this.userDb.insertUser(new UserDto().setLogin("george.orwell").setName("George Orwell").setEmail("george.orwell@1984.net"));
        UserDto insertUser2 = this.userDb.insertUser(new UserDto().setLogin("admin").setName("Administrator").setEmail("admin@admin.com"));
        this.permissionDb.addGlobalPermissionToUser("scan", insertUser.getId().longValue());
        this.permissionDb.addGlobalPermissionToUser("admin", insertUser2.getId().longValue());
        this.permissionDb.addGlobalPermissionToUser("gateadmin", insertUser2.getId().longValue());
        this.permissionDb.addGlobalPermissionToUser("profileadmin", insertUser2.getId().longValue());
        JsonAssert.assertJson(this.ws.newRequest().execute().getInput()).withStrictArrayOrder().isSimilarTo(getClass().getResource("users-example.json"));
    }

    @Test
    public void search_for_users_with_one_permission() {
        insertUsersHavingGlobalPermissions();
        JsonAssert.assertJson(this.ws.newRequest().setParam("permission", "scan").execute().getInput()).withStrictArrayOrder().isSimilarTo(getClass().getResource("UsersActionTest/users.json"));
    }

    @Test
    public void search_for_users_with_permission_on_project() {
        this.userSession.login().addProjectUuidPermissions("admin", "project-uuid");
        ComponentDto insertComponent = this.componentDbTester.insertComponent(ComponentTesting.newProjectDto("project-uuid").setKey("project-key"));
        UserDto insertUser = this.userDb.insertUser(UserTesting.newUserDto());
        insertUserRole(new UserPermissionDto().setPermission("issueadmin").setUserId(insertUser.getId()).setComponentId(insertComponent.getId()));
        ComponentDto insertComponent2 = this.componentDbTester.insertComponent(ComponentTesting.newProjectDto());
        UserDto insertUser2 = this.userDb.insertUser(UserTesting.newUserDto());
        insertUserRole(new UserPermissionDto().setPermission("issueadmin").setUserId(insertUser2.getId()).setComponentId(insertComponent2.getId()));
        UserDto insertUser3 = this.userDb.insertUser(UserTesting.newUserDto());
        this.dbSession.commit();
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "issueadmin").setParam("projectId", "project-uuid").execute().getInput()).contains(new CharSequence[]{insertUser.getLogin()}).doesNotContain(insertUser2.getLogin()).doesNotContain(insertUser3.getLogin());
    }

    @Test
    public void search_only_for_users_with_permission_when_no_search_query() {
        this.userSession.login().setGlobalPermissions("admin");
        ComponentDto insertComponent = this.componentDbTester.insertComponent(ComponentTesting.newProjectDto());
        UserDto insertUser = this.userDb.insertUser(UserTesting.newUserDto());
        insertUserRole(new UserPermissionDto().setPermission("issueadmin").setUserId(insertUser.getId()).setComponentId(insertComponent.getId()));
        UserDto insertUser2 = this.userDb.insertUser(UserTesting.newUserDto());
        this.dbSession.commit();
        Assertions.assertThat(this.ws.newRequest().setParam("projectId", insertComponent.uuid()).execute().getInput()).contains(new CharSequence[]{insertUser.getLogin()}).doesNotContain(insertUser2.getLogin());
    }

    @Test
    public void search_also_for_users_without_permission_when_search_query() {
        this.userSession.login().setGlobalPermissions("admin");
        ComponentDto insertComponent = this.componentDbTester.insertComponent(ComponentTesting.newProjectDto());
        UserDto insertUser = this.userDb.insertUser(UserTesting.newUserDto("with-permission", "with-permission", (String) null));
        insertUserRole(new UserPermissionDto().setPermission("issueadmin").setUserId(insertUser.getId()).setComponentId(insertComponent.getId()));
        UserDto insertUser2 = this.userDb.insertUser(UserTesting.newUserDto("without-permission", "without-permission", (String) null));
        UserDto insertUser3 = this.userDb.insertUser(UserTesting.newUserDto("another-user", "another-user", (String) null));
        this.dbSession.commit();
        Assertions.assertThat(this.ws.newRequest().setParam("projectId", insertComponent.uuid()).setParam("q", "with").execute().getInput()).contains(new CharSequence[]{insertUser.getLogin()}).contains(new CharSequence[]{insertUser2.getLogin()}).doesNotContain(insertUser3.getLogin());
    }

    @Test
    public void search_for_users_with_query_as_a_parameter() {
        insertUsersHavingGlobalPermissions();
        Assertions.assertThat(this.ws.newRequest().setParam("permission", "scan").setParam("q", "ame-1").execute().getInput()).contains(new CharSequence[]{"login-1"}).doesNotContain("login-2").doesNotContain("login-3");
    }

    @Test
    public void search_for_users_with_select_as_a_parameter() {
        insertUsersHavingGlobalPermissions();
        Assertions.assertThat(this.ws.newRequest().execute().getInput()).contains(new CharSequence[]{"login-1", "login-2", "login-3"});
    }

    @Test
    public void fail_if_project_permission_without_project() {
        this.expectedException.expect(BadRequestException.class);
        this.ws.newRequest().setParam("permission", "issueadmin").setParam("selected", WebService.SelectionMode.ALL.value()).execute();
    }

    @Test
    public void fail_if_insufficient_privileges() {
        this.expectedException.expect(ForbiddenException.class);
        this.userSession.login("login");
        this.ws.newRequest().setParam("permission", "admin").execute();
    }

    @Test
    public void fail_if_not_logged_in() {
        this.expectedException.expect(UnauthorizedException.class);
        this.userSession.anonymous();
        this.ws.newRequest().setParam("permission", "admin").execute();
    }

    @Test
    public void fail_if_project_uuid_and_project_key_are_provided() {
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Project id or project key can be provided, not both.");
        this.dbClient.componentDao().insert(this.dbSession, ComponentTesting.newProjectDto("project-uuid").setKey("project-key"));
        this.dbSession.commit();
        this.ws.newRequest().setParam("permission", "admin").setParam("projectId", "project-uuid").setParam("projectKey", "project-key").execute();
    }

    @Test
    public void fail_if_search_query_is_too_short() {
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("The 'q' parameter must have at least 3 characters");
        this.ws.newRequest().setParam("q", "ab").execute();
    }

    private UserDto insertUser(UserDto userDto) {
        UserDto insert = this.dbClient.userDao().insert(this.dbSession, userDto.setActive(true));
        this.dbSession.commit();
        return insert;
    }

    private void insertUserRole(UserPermissionDto userPermissionDto) {
        this.dbClient.roleDao().insertUserRole(this.dbSession, userPermissionDto);
        this.dbSession.commit();
    }

    private void insertUsersHavingGlobalPermissions() {
        UserDto insertUser = insertUser(new UserDto().setLogin("login-3").setName("name-3").setEmail("email-3"));
        UserDto insertUser2 = insertUser(new UserDto().setLogin("login-2").setName("name-2").setEmail("email-2"));
        insertUserRole(new UserPermissionDto().setPermission("scan").setUserId(insertUser(new UserDto().setLogin("login-1").setName("name-1").setEmail("email-1")).getId()));
        insertUserRole(new UserPermissionDto().setPermission("admin").setUserId(insertUser.getId()));
        insertUserRole(new UserPermissionDto().setPermission("scan").setUserId(insertUser2.getId()));
        this.dbSession.commit();
    }
}
