package org.sonar.server.user;

import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.exceptions.ForbiddenException;

/* loaded from: input_file:org/sonar/server/user/ServerUserSessionTest.class */
public class ServerUserSessionTest {
    private static final String LOGIN = "marius";
    private static final String PROJECT_UUID = "ABCD";
    private static final String FILE_KEY = "com.foo:Bar:BarFile.xoo";
    private static final String FILE_UUID = "BCDE";
    private static final UserDto ROOT_USER_DTO = new UserDto() { // from class: org.sonar.server.user.ServerUserSessionTest.1
        {
            setRoot(true);
        }
    }.setLogin("root_user");
    private static final UserDto NON_ROOT_USER_DTO = new UserDto() { // from class: org.sonar.server.user.ServerUserSessionTest.2
        {
            setRoot(false);
        }
    }.setLogin("regular_user");

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private DbClient dbClient = this.db.getDbClient();
    private UserDto userDto = UserTesting.newUserDto().setLogin(LOGIN);
    private ComponentDto project;

    @Before
    public void setUp() throws Exception {
        this.project = this.db.components().insertComponent(ComponentTesting.newProjectDto("ABCD"));
        this.db.components().insertComponent(ComponentTesting.newFileDto(this.project, (ComponentDto) null, "BCDE").setKey(FILE_KEY));
        this.db.users().insertUser(this.userDto);
    }

    @Test
    public void isRoot_is_false_is_flag_root_is_false_on_UserDto() {
        Assertions.assertThat(newUserSession(ROOT_USER_DTO).isRoot()).isTrue();
        Assertions.assertThat(newUserSession(NON_ROOT_USER_DTO).isRoot()).isFalse();
    }

    @Test
    public void checkIsRoot_fails_with_ForbiddenException_when_flag_is_false_on_UserDto() {
        expectInsufficientPrivilegesForbiddenException();
        newUserSession(NON_ROOT_USER_DTO).checkIsRoot();
    }

    @Test
    public void checkIsRoot_does_not_fails_when_flag_is_true_on_UserDto() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.checkIsRoot()).isSameAs(newUserSession);
    }

    @Test
    public void hasPermission_permission() {
        addGlobalPermissions("admin", "profileadmin");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasPermission("profileadmin")).isTrue();
        Assertions.assertThat(newUserSession.hasPermission("admin")).isTrue();
        Assertions.assertThat(newUserSession.hasPermission("gateadmin")).isFalse();
    }

    @Test
    public void hasPermission_returns_true_when_flag_is_true_on_UserDto_no_matter_actual_global_permissions() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.hasPermission("profileadmin")).isTrue();
        Assertions.assertThat(newUserSession.hasPermission("admin")).isTrue();
        Assertions.assertThat(newUserSession.hasPermission("whatever!")).isTrue();
    }

    @Test
    public void checkPermission_succeeds_if_user_has_global_permission_in_db() {
        addGlobalPermissions("admin", "profileadmin");
        newUserSession(this.userDto).checkPermission("profileadmin");
    }

    @Test
    public void checkPermission_fails_with_FE_if_user_has_not_global_permission_in_db() {
        addGlobalPermissions("admin", "profileadmin");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkPermission("gateadmin");
    }

    @Test
    public void checkPermission_succeeds_when_flag_is_true_on_UserDto_no_matter_actual_global_permissions() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.checkPermission("profileadmin")).isSameAs(newUserSession);
        Assertions.assertThat(newUserSession.checkPermission("admin")).isSameAs(newUserSession);
        Assertions.assertThat(newUserSession.checkPermission("whatever!")).isSameAs(newUserSession);
    }

    @Test
    public void has_component_permission() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentPermission("user", FILE_KEY)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentPermission("codeviewer", FILE_KEY)).isFalse();
        Assertions.assertThat(newUserSession.hasComponentPermission("admin", FILE_KEY)).isFalse();
    }

    @Test
    public void hasComponentUuidPermission_returns_true_if_user_has_project_permission_for_given_uuid_in_db() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("user", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("codeviewer", "BCDE")).isFalse();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("admin", "BCDE")).isFalse();
    }

    @Test
    public void hasComponentUuidPermission_returns_true_when_flag_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("user", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("codeviewer", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("admin", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("whatever", "who cares?")).isTrue();
    }

    @Test
    public void hasComponentPermission_returns_true_if_user_has_global_permission_in_db() {
        addGlobalPermissions("user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentPermission("user", FILE_KEY)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentPermission("codeviewer", FILE_KEY)).isFalse();
        Assertions.assertThat(newUserSession.hasComponentPermission("admin", FILE_KEY)).isFalse();
    }

    @Test
    public void has_component_uuid_permission_with_only_global_permission() {
        addGlobalPermissions("user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("user", "BCDE")).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("codeviewer", "BCDE")).isFalse();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("admin", "BCDE")).isFalse();
    }

    @Test
    public void checkComponentPermission_succeeds_if_user_has_permission_for_specified_key_in_db() {
        addProjectPermissions(this.project, "user");
        newUserSession(this.userDto).checkComponentPermission("user", FILE_KEY);
    }

    @Test
    public void checkComponentPermission_succeeds_if_user_has_global_permission_in_db() {
        addGlobalPermissions("user");
        newUserSession(this.userDto).checkComponentPermission("user", FILE_KEY);
    }

    @Test
    public void checkComponentPermission_succeeds_when_flag_is_true_on_UserDto_no_matter_if_user_has_permission_for_specified_key_in_db() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.checkComponentPermission("user", FILE_KEY)).isSameAs(newUserSession);
        Assertions.assertThat(newUserSession.checkComponentPermission("codeviewer", FILE_KEY)).isSameAs(newUserSession);
        Assertions.assertThat(newUserSession.checkComponentPermission("whatever", "who cares?")).isSameAs(newUserSession);
    }

    @Test
    public void checkComponentPermission_throws_FE_when_user_has_not_permission_for_specified_key_in_db() {
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newFileDto(this.db.components().insertComponent(ComponentTesting.newProjectDto()), (ComponentDto) null));
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkComponentPermission("user", insertComponent.getKey());
    }

    @Test
    public void checkComponentPermission_throws_FE_when_project_does_not_exist_in_db() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkComponentPermission("user", "another");
    }

    @Test
    public void checkComponentPermission_fails_with_FE_when_project_of_specified_uuid_can_not_be_found() {
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newFileDto(this.db.components().insertComponent(ComponentTesting.newProjectDto()), (ComponentDto) null).setProjectUuid("INVALID"));
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkComponentPermission("user", insertComponent.getKey());
    }

    @Test
    public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.checkComponentUuidPermission("user", "BCDE")).isSameAs(newUserSession);
        Assertions.assertThat(newUserSession.checkComponentUuidPermission("whatever", "who cares?")).isSameAs(newUserSession);
    }

    @Test
    public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {
        addProjectPermissions(this.project, "user");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkComponentUuidPermission("user", "another-uuid");
    }

    @Test
    public void deprecated_has_global_permission() throws Exception {
        addGlobalPermissions("profileadmin", "admin");
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasGlobalPermission("profileadmin")).isTrue();
        Assertions.assertThat(newUserSession.hasGlobalPermission("admin")).isTrue();
        Assertions.assertThat(newUserSession.hasGlobalPermission("gateadmin")).isFalse();
    }

    @Test
    public void deprecated_check_global_permission() throws Exception {
        addGlobalPermissions("profileadmin", "admin");
        newUserSession(this.userDto).checkGlobalPermission("profileadmin");
    }

    @Test
    public void fail_if_user_dto_is_null() throws Exception {
        this.expectedException.expect(NullPointerException.class);
        newUserSession(null);
    }

    @Test
    public void anonymous_user() throws Exception {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.getLogin()).isNull();
        Assertions.assertThat(newAnonymousSession.isLoggedIn()).isFalse();
    }

    @Test
    public void has_global_permission_for_anonymous() throws Exception {
        addAnyonePermissions(null, "profileadmin", "admin");
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.getLogin()).isNull();
        Assertions.assertThat(newAnonymousSession.isLoggedIn()).isFalse();
        Assertions.assertThat(newAnonymousSession.hasPermission("profileadmin")).isTrue();
        Assertions.assertThat(newAnonymousSession.hasPermission("admin")).isTrue();
        Assertions.assertThat(newAnonymousSession.hasPermission("gateadmin")).isFalse();
    }

    @Test
    public void has_project_permission_for_anonymous() throws Exception {
        addAnyonePermissions(this.project, "user");
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.hasComponentPermission("user", FILE_KEY)).isTrue();
        Assertions.assertThat(newAnonymousSession.hasComponentPermission("codeviewer", FILE_KEY)).isFalse();
        Assertions.assertThat(newAnonymousSession.hasComponentPermission("admin", FILE_KEY)).isFalse();
    }

    @Test
    public void checkOrganizationPermission_fails_with_ForbiddenException_when_user_has_no_permissions_on_organization() {
        expectInsufficientPrivilegesForbiddenException();
        newUserSession(NON_ROOT_USER_DTO).checkOrganizationPermission("org-uuid", "perm1");
    }

    @Test
    public void hasOrganizationPermission_for_logged_in_user() {
        OrganizationDto insert = this.db.organizations().insert();
        ComponentDto insertProject = this.db.components().insertProject();
        this.db.users().insertPermissionOnUser(insert, this.userDto, "provisioning");
        this.db.users().insertProjectPermissionOnUser(insert, this.userDto, "admin", insertProject);
        ServerUserSession newUserSession = newUserSession(this.userDto);
        Assertions.assertThat(newUserSession.hasOrganizationPermission(insert.getUuid(), "provisioning")).isTrue();
        Assertions.assertThat(newUserSession.hasOrganizationPermission(insert.getUuid(), "admin")).isFalse();
        Assertions.assertThat(newUserSession.hasOrganizationPermission("another-org", "provisioning")).isFalse();
    }

    @Test
    public void hasOrganizationPermission_for_anonymous_user() {
        OrganizationDto insert = this.db.organizations().insert();
        this.db.users().insertPermissionOnAnyone(insert, "provisioning");
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.hasOrganizationPermission(insert.getUuid(), "provisioning")).isTrue();
        Assertions.assertThat(newAnonymousSession.hasOrganizationPermission(insert.getUuid(), "admin")).isFalse();
        Assertions.assertThat(newAnonymousSession.hasOrganizationPermission("another-org", "provisioning")).isFalse();
    }

    private ServerUserSession newUserSession(UserDto userDto) {
        return ServerUserSession.createForUser(this.dbClient, userDto);
    }

    private ServerUserSession newAnonymousSession() {
        return ServerUserSession.createForAnonymous(this.dbClient);
    }

    private void addGlobalPermissions(String... strArr) {
        addPermissions(null, strArr);
    }

    private void addProjectPermissions(ComponentDto componentDto, String... strArr) {
        addPermissions(componentDto, strArr);
    }

    private void addPermissions(@Nullable ComponentDto componentDto, String... strArr) {
        for (String str : strArr) {
            if (componentDto == null) {
                this.db.users().insertPermissionOnUser(this.userDto, str);
            } else {
                this.db.users().insertProjectPermissionOnUser(this.userDto, str, componentDto);
            }
        }
    }

    private void addAnyonePermissions(@Nullable ComponentDto componentDto, String... strArr) {
        for (String str : strArr) {
            if (componentDto == null) {
                this.db.users().insertPermissionOnAnyone(str);
            } else {
                this.db.users().insertProjectPermissionOnAnyone(str, componentDto);
            }
        }
    }

    private void expectInsufficientPrivilegesForbiddenException() {
        this.expectedException.expect(ForbiddenException.class);
        this.expectedException.expectMessage("Insufficient privileges");
    }
}
