package org.sonar.server.permission;

import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.config.MapSettings;
import org.sonar.api.config.Settings;
import org.sonar.api.utils.System2;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.permission.template.PermissionTemplateDbTester;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.GroupTesting;
import org.sonar.db.user.UserDto;
import org.sonar.server.computation.task.projectanalysis.issue.DefaultAssigneeTest;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.permission.index.PermissionIndexer;
import org.sonar.server.tester.UserSessionRule;

/* loaded from: input_file:org/sonar/server/permission/PermissionTemplateServiceTest.class */
public class PermissionTemplateServiceTest {
    private static final String DEFAULT_TEMPLATE = "default_20130101_010203";
    private static final ComponentDto PROJECT = ComponentTesting.newProjectDto().setId(123L).setUuid("THE_PROJECT_UUID");
    private static final long NOW = 123456789;

    @Rule
    public ExpectedException throwable = ExpectedException.none();
    private System2 system2 = (System2) Mockito.mock(System2.class);

    @Rule
    public DbTester dbTester = DbTester.create(this.system2);
    private UserSessionRule userSession = UserSessionRule.standalone();
    private PermissionTemplateDbTester templateDb = this.dbTester.permissionTemplates();
    private DbSession session = this.dbTester.getSession();
    private Settings settings = new MapSettings();
    private PermissionIndexer permissionIndexer = (PermissionIndexer) Mockito.mock(PermissionIndexer.class);
    private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(this.dbTester);
    private PermissionTemplateService underTest = new PermissionTemplateService(this.dbTester.getDbClient(), this.settings, this.permissionIndexer, this.userSession, this.defaultOrganizationProvider);

    @Before
    public void setUp() {
        Mockito.when(Long.valueOf(this.system2.now())).thenReturn(Long.valueOf(NOW));
    }

    @Test
    public void apply_permission_template() {
        this.dbTester.prepareDbUnit(getClass(), new String[]{"should_apply_permission_template.xml"});
        Assertions.assertThat(selectProjectPermissionsOfGroup("org1", 100L, PROJECT)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfGroup("org1", 101L, PROJECT)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfGroup("org1", null, PROJECT)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfUser(200L, PROJECT)).isEmpty();
        this.underTest.apply(this.session, this.dbTester.getDbClient().permissionTemplateDao().selectByUuid(this.session, DEFAULT_TEMPLATE), Collections.singletonList(PROJECT));
        Assertions.assertThat(selectProjectPermissionsOfGroup("org1", 100L, PROJECT)).containsOnly(new String[]{"admin", "issueadmin"});
        Assertions.assertThat(selectProjectPermissionsOfGroup("org1", 101L, PROJECT)).containsOnly(new String[]{"user", "codeviewer"});
        Assertions.assertThat(selectProjectPermissionsOfGroup("org1", null, PROJECT)).containsOnly(new String[]{"user", "codeviewer"});
        Assertions.assertThat(selectProjectPermissionsOfUser(200L, PROJECT)).containsOnly(new String[]{"admin"});
        checkAuthorizationUpdatedAtIsUpdated();
    }

    private List<String> selectProjectPermissionsOfGroup(String str, @Nullable Long l, ComponentDto componentDto) {
        return this.dbTester.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(this.session, str, l != null ? l : null, componentDto.getId().longValue());
    }

    private List<String> selectProjectPermissionsOfUser(long j, ComponentDto componentDto) {
        return this.dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(this.session, j, componentDto.getId().longValue());
    }

    @Test
    public void applyDefaultPermissionTemplate_from_component_key() {
        this.dbTester.prepareDbUnit(getClass(), new String[]{"apply_default_permission_template_by_component_id.xml"});
        this.userSession.setGlobalPermissions("provisioning");
        this.settings.setProperty("sonar.permission.template.default", DEFAULT_TEMPLATE);
        this.underTest.applyDefaultPermissionTemplate("org.struts:struts");
        this.session.commit();
        this.dbTester.assertDbUnitTable(getClass(), "apply_default_permission_template_by_component_id-result.xml", "user_roles", new String[]{"user_id", "resource_id", "role"});
    }

    @Test
    public void would_user_have_permission_with_default_permission_template() {
        UserDto insertUser = this.dbTester.users().insertUser();
        GroupDto insertGroup = this.dbTester.users().insertGroup(GroupTesting.newGroupDto());
        this.dbTester.users().insertMember(insertGroup, insertUser);
        PermissionTemplateDto insertTemplate = this.templateDb.insertTemplate();
        setDefaultTemplateUuid(insertTemplate.getUuid());
        this.templateDb.addProjectCreatorToTemplate(insertTemplate.getId().longValue(), "scan");
        this.templateDb.addUserToTemplate(insertTemplate.getId().longValue(), insertUser.getId().longValue(), "user");
        this.templateDb.addGroupToTemplate(insertTemplate.getId().longValue(), insertGroup.getId(), "codeviewer");
        this.templateDb.addGroupToTemplate(insertTemplate.getId().longValue(), (Long) null, "issueadmin");
        checkWouldUserHavePermission(insertUser.getId(), "admin", false);
        checkWouldUserHavePermission(insertUser.getId(), "scan", true);
        checkWouldUserHavePermission(insertUser.getId(), "user", true);
        checkWouldUserHavePermission(insertUser.getId(), "codeviewer", true);
        checkWouldUserHavePermission(insertUser.getId(), "issueadmin", true);
        checkWouldUserHavePermission(null, "admin", false);
        checkWouldUserHavePermission(null, "scan", false);
        checkWouldUserHavePermission(null, "user", false);
        checkWouldUserHavePermission(null, "codeviewer", false);
        checkWouldUserHavePermission(null, "issueadmin", true);
    }

    @Test
    public void would_user_have_permission_with_unknown_default_permission_template() {
        setDefaultTemplateUuid("UNKNOWN_TEMPLATE_UUID");
        checkWouldUserHavePermission(null, "admin", false);
    }

    @Test
    public void would_user_have_permission_with_empty_template() {
        setDefaultTemplateUuid(this.templateDb.insertTemplate().getUuid());
        checkWouldUserHavePermission(null, "admin", false);
    }

    private void checkWouldUserHavePermission(@Nullable Long l, String str, boolean z) {
        Assertions.assertThat(this.underTest.wouldUserHavePermissionWithDefaultTemplate(this.session, l, str, (String) null, DefaultAssigneeTest.PROJECT_KEY, "TRK")).isEqualTo(z);
    }

    private void checkAuthorizationUpdatedAtIsUpdated() {
        Assertions.assertThat(this.dbTester.getDbClient().resourceDao().selectResource(PROJECT.getId().longValue(), this.session).getAuthorizationUpdatedAt()).isEqualTo(NOW);
    }

    private void setDefaultTemplateUuid(String str) {
        this.settings.setProperty("sonar.permission.template.default", str);
    }
}
