package org.sonar.server.permission;

import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.organization.OrganizationTesting;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.organization.DefaultOrganizationProvider;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.permission.PermissionChange;

/* loaded from: input_file:org/sonar/server/permission/UserPermissionChangerTest.class */
public class UserPermissionChangerTest {

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private DefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(this.db);
    private UserPermissionChanger underTest = new UserPermissionChanger(this.db.getDbClient(), this.defaultOrganizationProvider);
    private OrganizationDto org1;
    private OrganizationDto org2;
    private UserDto user1;
    private UserDto user2;
    private ComponentDto project;

    @Before
    public void setUp() throws Exception {
        this.org1 = this.db.organizations().insert(OrganizationTesting.newOrganizationDto());
        this.org2 = this.db.organizations().insert(OrganizationTesting.newOrganizationDto());
        this.user1 = this.db.users().insertUser();
        this.user2 = this.db.users().insertUser();
        this.project = this.db.components().insertProject();
    }

    @Test
    public void add_global_permission_to_user() {
        apply(new UserPermissionChange(PermissionChange.Operation.ADD, this.org1.getUuid(), "scan", (ProjectId) null, UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org1)).containsOnly(new String[]{"scan"});
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org2)).isEmpty();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user1, this.project)).isEmpty();
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user2, this.org1)).isEmpty();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user2, this.project)).isEmpty();
    }

    @Test
    public void add_project_permission_to_user() {
        apply(new UserPermissionChange(PermissionChange.Operation.ADD, this.org1.getUuid(), "issueadmin", new ProjectId(this.project), UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org1)).isEmpty();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user1, this.project)).contains(new String[]{"issueadmin"});
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user2, this.org1)).isEmpty();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user2, this.project)).isEmpty();
    }

    @Test
    public void do_nothing_when_adding_global_permission_that_already_exists() {
        this.db.users().insertPermissionOnUser(this.org1, this.user1, "gateadmin");
        apply(new UserPermissionChange(PermissionChange.Operation.ADD, this.org1.getUuid(), "gateadmin", (ProjectId) null, UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org1)).hasSize(1).containsOnly(new String[]{"gateadmin"});
    }

    @Test
    public void fail_to_add_global_permission_on_project() {
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [admin, codeviewer, issueadmin, scan, user]");
        apply(new UserPermissionChange(PermissionChange.Operation.ADD, this.org1.getUuid(), "gateadmin", new ProjectId(this.project), UserId.from(this.user1)));
    }

    @Test
    public void fail_to_add_project_permission_on_organization() {
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]");
        apply(new UserPermissionChange(PermissionChange.Operation.ADD, this.org1.getUuid(), "issueadmin", (ProjectId) null, UserId.from(this.user1)));
    }

    @Test
    public void remove_global_permission_from_user() {
        this.db.users().insertPermissionOnUser(this.org1, this.user1, "gateadmin");
        this.db.users().insertPermissionOnUser(this.org1, this.user1, "scan");
        this.db.users().insertPermissionOnUser(this.org2, this.user1, "gateadmin");
        this.db.users().insertPermissionOnUser(this.org1, this.user2, "gateadmin");
        this.db.users().insertProjectPermissionOnUser(this.org1, this.user1, "issueadmin", this.project);
        apply(new UserPermissionChange(PermissionChange.Operation.REMOVE, this.org1.getUuid(), "gateadmin", (ProjectId) null, UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org1)).containsOnly(new String[]{"scan"});
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org2)).containsOnly(new String[]{"gateadmin"});
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user2, this.org1)).containsOnly(new String[]{"gateadmin"});
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user1, this.project)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void remove_project_permission_from_user() {
        ComponentDto insertProject = this.db.components().insertProject();
        this.db.users().insertPermissionOnUser(this.org1, this.user1, "gateadmin");
        this.db.users().insertProjectPermissionOnUser(this.org1, this.user1, "issueadmin", this.project);
        this.db.users().insertProjectPermissionOnUser(this.org1, this.user1, "user", this.project);
        this.db.users().insertProjectPermissionOnUser(this.org1, this.user2, "issueadmin", this.project);
        this.db.users().insertProjectPermissionOnUser(this.org1, this.user1, "issueadmin", insertProject);
        apply(new UserPermissionChange(PermissionChange.Operation.REMOVE, this.org1.getUuid(), "issueadmin", new ProjectId(this.project), UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user1, this.project)).containsOnly(new String[]{"user"});
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user2, this.project)).containsOnly(new String[]{"issueadmin"});
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user1, insertProject)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void do_not_fail_if_removing_a_global_permission_that_does_not_exist() {
        apply(new UserPermissionChange(PermissionChange.Operation.REMOVE, this.org1.getUuid(), "gateadmin", (ProjectId) null, UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org1)).isEmpty();
    }

    @Test
    public void do_not_fail_if_removing_a_project_permission_that_does_not_exist() {
        apply(new UserPermissionChange(PermissionChange.Operation.REMOVE, this.org1.getUuid(), "issueadmin", new ProjectId(this.project), UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user1, this.project)).isEmpty();
    }

    @Test
    public void fail_to_remove_admin_global_permission_if_no_more_admins() {
        this.db.users().insertPermissionOnUser(this.org1, this.user1, "admin");
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed.");
        this.underTest.apply(this.db.getSession(), new UserPermissionChange(PermissionChange.Operation.REMOVE, this.org1.getUuid(), "admin", (ProjectId) null, UserId.from(this.user1)));
    }

    @Test
    public void remove_admin_user_if_still_other_admins() {
        this.db.users().insertPermissionOnUser(this.org1, this.user1, "admin");
        GroupDto insertGroup = this.db.users().insertGroup(this.org1, "admins");
        this.db.users().insertMember(insertGroup, this.user2);
        this.db.users().insertPermissionOnGroup(insertGroup, "admin");
        this.underTest.apply(this.db.getSession(), new UserPermissionChange(PermissionChange.Operation.REMOVE, this.org1.getUuid(), "admin", (ProjectId) null, UserId.from(this.user1)));
        Assertions.assertThat(this.db.users().selectGlobalPermissionsOfUser(this.user1, this.org1)).isEmpty();
    }

    private void apply(UserPermissionChange userPermissionChange) {
        this.underTest.apply(this.db.getSession(), userPermissionChange);
        this.db.commit();
    }
}
