package org.sonar.server.usergroups.ws;

import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.db.DbTester;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserMembershipQuery;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;

/* loaded from: input_file:org/sonar/server/usergroups/ws/AddUserActionTest.class */
public class AddUserActionTest {

    @Rule
    public DbTester db = DbTester.create(new AlwaysIncreasingSystem2());

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(this.db);
    private WsTester ws;

    @Before
    public void setUp() {
        this.ws = new WsTester(new UserGroupsWs(new UserGroupsWsAction[]{new AddUserAction(this.db.getDbClient(), this.userSession, newGroupWsSupport(), this.defaultOrganizationProvider)}));
    }

    @Test
    public void add_user_to_group_referenced_by_its_id() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup();
        UserDto insertUser = this.db.users().insertUser();
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void add_user_to_group_referenced_by_its_name() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup();
        UserDto insertUser = this.db.users().insertUser();
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("name", insertGroup.getName()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void add_user_to_group_referenced_by_its_name_and_organization() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert, "a-group");
        UserDto insertUser = this.db.users().insertUser("user_login");
        loginAsAdmin(insert);
        newRequest().setParam("organization", insert.getKey()).setParam("name", insertGroup.getName()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void add_user_to_another_group() throws Exception {
        OrganizationDto defaultOrganization = this.db.getDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(defaultOrganization, "admins");
        GroupDto insertGroup2 = this.db.users().insertGroup(defaultOrganization, "users");
        UserDto insertUser = this.db.users().insertUser("my-admin");
        this.db.users().insertMember(insertGroup2, insertUser);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId(), insertGroup2.getId()});
    }

    @Test
    public void do_not_fail_if_user_is_already_member_of_group() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup();
        UserDto insertUser = this.db.users().insertUser();
        this.db.users().insertMember(insertGroup, insertUser);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).hasSize(1).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void group_has_multiple_members() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup();
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        this.db.users().insertMember(insertGroup, insertUser);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser2.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser2)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void fail_if_group_does_not_exist() throws Exception {
        UserDto insertUser = this.db.users().insertUser();
        loginAsAdminOnDefaultOrganization();
        this.expectedException.expect(NotFoundException.class);
        newRequest().setParam("id", "42").setParam("login", insertUser.getLogin()).execute();
    }

    @Test
    public void fail_if_user_does_not_exist() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "admins");
        loginAsAdminOnDefaultOrganization();
        this.expectedException.expect(NotFoundException.class);
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", "my-admin").execute();
    }

    @Test
    public void fail_if_not_administrator() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup();
        UserDto insertUser = this.db.users().insertUser();
        this.expectedException.expect(UnauthorizedException.class);
        executeRequest(insertGroup, insertUser);
    }

    @Test
    public void set_root_flag_to_true_when_adding_user_to_group_of_default_organization_with_admin_permission() throws Exception {
        GroupDto insertAdminGroup = this.db.users().insertAdminGroup();
        UserDto makeRoot = this.db.users().makeRoot(this.db.users().insertUser("falselyRootUser"));
        UserDto insertUser = this.db.users().insertUser("notRootUser");
        loginAsAdminOnDefaultOrganization();
        executeRequest(insertAdminGroup, makeRoot);
        verifyUserInGroup(makeRoot, insertAdminGroup);
        this.db.rootFlag().verify(makeRoot, true);
        verifyUserNotInGroup(insertUser, insertAdminGroup);
        this.db.rootFlag().verifyUnchanged(insertUser);
        executeRequest(insertAdminGroup, insertUser);
        verifyUserInGroup(makeRoot, insertAdminGroup);
        this.db.rootFlag().verify(makeRoot, true);
        verifyUserInGroup(insertUser, insertAdminGroup);
        this.db.rootFlag().verify(insertUser, true);
    }

    @Test
    public void does_not_set_root_flag_to_true_when_adding_user_to_group_of_other_organization_with_admin_permission() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertAdminGroup = this.db.users().insertAdminGroup(insert);
        UserDto makeRoot = this.db.users().makeRoot(this.db.users().insertUser("falselyRootUser"));
        UserDto insertUser = this.db.users().insertUser("notRootUser");
        loginAsAdmin(insert);
        executeRequest(insertAdminGroup, makeRoot);
        verifyUserInGroup(makeRoot, insertAdminGroup);
        this.db.rootFlag().verify(makeRoot, false);
        verifyUserNotInGroup(insertUser, insertAdminGroup);
        this.db.rootFlag().verifyUnchanged(insertUser);
        executeRequest(insertAdminGroup, insertUser);
        verifyUserInGroup(makeRoot, insertAdminGroup);
        this.db.rootFlag().verify(makeRoot, false);
        verifyUserInGroup(insertUser, insertAdminGroup);
        this.db.rootFlag().verify(insertUser, false);
    }

    private void executeRequest(GroupDto groupDto, UserDto userDto) throws Exception {
        newRequest().setParam("id", groupDto.getId().toString()).setParam("login", userDto.getLogin()).execute();
    }

    @Test
    public void fail_if_administrator_of_another_organization() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert, "a-group");
        UserDto insertUser = this.db.users().insertUser("user_login");
        loginAsAdmin(this.db.organizations().insert());
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("organization", insert.getKey()).setParam("name", insertGroup.getName()).setParam("login", insertUser.getLogin()).execute();
    }

    private WsTester.TestRequest newRequest() {
        return this.ws.newPostRequest("api/user_groups", "add_user");
    }

    private void loginAsAdminOnDefaultOrganization() {
        loginAsAdmin(this.db.getDefaultOrganization());
    }

    private void loginAsAdmin(OrganizationDto organizationDto) {
        this.userSession.login().addOrganizationPermission(organizationDto.getUuid(), "admin");
    }

    private GroupWsSupport newGroupWsSupport() {
        return new GroupWsSupport(this.db.getDbClient(), this.defaultOrganizationProvider);
    }

    private void verifyUserInGroup(UserDto userDto, GroupDto groupDto) {
        Assertions.assertThat(isUserInGroup(userDto, groupDto)).as("user '%s' is a member of group '%s' of organization '%s'", new Object[]{userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()}).isTrue();
    }

    private void verifyUserNotInGroup(UserDto userDto, GroupDto groupDto) {
        Assertions.assertThat(isUserInGroup(userDto, groupDto)).as("user '%s' is not a member of group '%s' of organization '%s'", new Object[]{userDto.getLogin(), groupDto.getName(), groupDto.getOrganizationUuid()}).isFalse();
    }

    private boolean isUserInGroup(UserDto userDto, GroupDto groupDto) {
        return this.db.getDbClient().groupMembershipDao().selectMembers(this.db.getSession(), UserMembershipQuery.builder().groupId(groupDto.getId()).membership("IN").build(), 0, Integer.MAX_VALUE).stream().anyMatch(userMembershipDto -> {
            return userMembershipDto.getLogin().equals(userDto.getLogin());
        });
    }
}
