package org.sonar.server.permission.index;

import org.assertj.core.api.Assertions;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDbTester;
import org.sonar.db.user.UserDto;
import org.sonar.server.es.EsTester;
import org.sonar.server.es.ProjectIndexer;
import org.sonar.server.tester.UserSessionRule;

/* loaded from: input_file:org/sonar/server/permission/index/PermissionIndexerTest.class */
public class PermissionIndexerTest {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);

    @Rule
    public EsTester esTester = new EsTester(new FooIndexDefinition());

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();
    private ComponentDbTester componentDbTester = new ComponentDbTester(this.dbTester);
    private UserDbTester userDbTester = new UserDbTester(this.dbTester);
    private FooIndex fooIndex = new FooIndex(this.esTester.client(), new AuthorizationTypeSupport(this.userSession));
    private FooIndexer fooIndexer = new FooIndexer(this.esTester.client());
    private PermissionIndexer underTest = new PermissionIndexer(this.dbTester.getDbClient(), this.esTester.client(), new NeedAuthorizationIndexer[]{this.fooIndexer});

    @Before
    public void setUp() throws Exception {
        this.underTest.start();
    }

    @After
    public void tearDown() throws Exception {
        this.underTest.stop();
    }

    @Test
    public void indexAllIfEmpty_does_nothing_if_no_data() {
        this.underTest.indexAllIfEmpty();
        Assertions.assertThat(this.esTester.countDocuments(FooIndexDefinition.FOO_INDEX, "authorization")).isZero();
        Assertions.assertThat(this.fooIndex.hasAccessToProject("a_project")).isFalse();
    }

    @Test
    public void indexAllIfEmpty_grants_access_to_user() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", createAndIndexProject);
        this.userDbTester.insertProjectPermissionOnUser(insertUser2, "admin", createAndIndexProject);
        this.underTest.indexAllIfEmpty();
        verifyAnyoneNotAuthorized(createAndIndexProject);
        verifyAuthorized(createAndIndexProject, insertUser);
        verifyNotAuthorized(createAndIndexProject, insertUser2);
    }

    @Test
    public void indexAllIfEmpty_grants_access_to_group() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        UserDto insertUser3 = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        GroupDto insertGroup2 = this.userDbTester.insertGroup();
        this.userDbTester.insertProjectPermissionOnGroup(insertGroup, "user", createAndIndexProject);
        this.userDbTester.insertProjectPermissionOnGroup(insertGroup2, "admin", createAndIndexProject);
        this.underTest.indexAllIfEmpty();
        verifyAnyoneNotAuthorized(createAndIndexProject);
        verifyAuthorized(createAndIndexProject, insertUser, insertGroup);
        verifyNotAuthorized(createAndIndexProject, insertUser2, insertGroup2);
        verifyNotAuthorized(createAndIndexProject, insertUser3);
    }

    @Test
    public void indexAllIfEmpty_grants_access_to_user_and_group() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        this.userDbTester.insertMember(insertGroup, insertUser2);
        this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", createAndIndexProject);
        this.userDbTester.insertProjectPermissionOnGroup(insertGroup, "user", createAndIndexProject);
        this.underTest.indexAllIfEmpty();
        verifyAnyoneNotAuthorized(createAndIndexProject);
        verifyAuthorized(createAndIndexProject, insertUser);
        verifyAuthorized(createAndIndexProject, insertUser, insertGroup);
        verifyNotAuthorized(createAndIndexProject, insertUser2);
    }

    @Test
    public void indexAllIfEmpty_does_not_grant_access_to_anybody() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        UserDto insertUser = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        this.underTest.indexAllIfEmpty();
        verifyAnyoneNotAuthorized(createAndIndexProject);
        verifyNotAuthorized(createAndIndexProject, insertUser);
        verifyNotAuthorized(createAndIndexProject, insertUser, insertGroup);
    }

    @Test
    public void indexAllIfEmpty_grants_access_to_anyone() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        UserDto insertUser = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        this.userDbTester.insertProjectPermissionOnAnyone("user", createAndIndexProject);
        this.underTest.indexAllIfEmpty();
        verifyAnyoneAuthorized(createAndIndexProject);
        verifyAuthorized(createAndIndexProject, insertUser);
        verifyAuthorized(createAndIndexProject, insertUser, insertGroup);
    }

    @Test
    public void indexAllIfEmpty_grants_access_on_many_projects() {
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        ComponentDto componentDto = null;
        for (int i = 0; i < 1010; i++) {
            componentDto = createAndIndexProject();
            this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", componentDto);
        }
        this.underTest.indexAllIfEmpty();
        verifyAnyoneNotAuthorized(componentDto);
        verifyAuthorized(componentDto, insertUser);
        verifyNotAuthorized(componentDto, insertUser2);
    }

    @Test
    public void deleteProject_deletes_the_documents_related_to_the_project() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        ComponentDto createAndIndexProject2 = createAndIndexProject();
        this.userDbTester.insertProjectPermissionOnAnyone("user", createAndIndexProject);
        this.userDbTester.insertProjectPermissionOnAnyone("user", createAndIndexProject2);
        this.underTest.indexAllIfEmpty();
        Assertions.assertThat(this.esTester.countDocuments(FooIndexDefinition.FOO_INDEX, "authorization")).isEqualTo(2L);
        this.underTest.deleteProject(createAndIndexProject.uuid());
        Assertions.assertThat(this.esTester.countDocuments(FooIndexDefinition.FOO_INDEX, "authorization")).isEqualTo(1L);
    }

    @Test
    public void indexProject_does_nothing_because_authorizations_are_triggered_outside_standard_indexer_lifecycle() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        this.userDbTester.insertProjectPermissionOnAnyone("user", createAndIndexProject);
        this.underTest.indexProject(createAndIndexProject.uuid(), ProjectIndexer.Cause.NEW_ANALYSIS);
        this.underTest.indexProject(createAndIndexProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        this.underTest.indexProject(createAndIndexProject.uuid(), ProjectIndexer.Cause.PROJECT_KEY_UPDATE);
        Assertions.assertThat(this.esTester.countDocuments(FooIndexDefinition.FOO_INDEX, "authorization")).isEqualTo(0L);
    }

    @Test
    public void projects_without_any_permission_are_not_returned() {
        ComponentDto createAndIndexProject = createAndIndexProject();
        UserDto insertUser = this.userDbTester.insertUser();
        this.underTest.indexAllIfEmpty();
        verifyAnyoneNotAuthorized(createAndIndexProject);
        verifyNotAuthorized(createAndIndexProject, insertUser);
    }

    @Test
    public void permissions_on_anyone_should_not_conflict_between_organizations() {
        ComponentDto createAndIndexProject = createAndIndexProject(this.dbTester.organizations().insert());
        ComponentDto createAndIndexProject2 = createAndIndexProject(this.dbTester.organizations().insert());
        UserDto insertUser = this.userDbTester.insertUser();
        this.userDbTester.insertProjectPermissionOnAnyone("user", createAndIndexProject);
        this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", createAndIndexProject2);
        this.underTest.indexAllIfEmpty();
        verifyAnyoneAuthorized(createAndIndexProject);
        verifyAnyoneNotAuthorized(createAndIndexProject2);
        verifyAuthorized(createAndIndexProject, insertUser);
        verifyAuthorized(createAndIndexProject2, insertUser);
    }

    private void verifyAuthorized(ComponentDto componentDto, UserDto userDto) {
        log_in(userDto);
        verifyAuthorized(componentDto, true);
    }

    private void verifyAuthorized(ComponentDto componentDto, UserDto userDto, GroupDto groupDto) {
        log_in(userDto).setGroups(groupDto);
        verifyAuthorized(componentDto, true);
    }

    private void verifyNotAuthorized(ComponentDto componentDto, UserDto userDto) {
        log_in(userDto);
        verifyAuthorized(componentDto, false);
    }

    private void verifyNotAuthorized(ComponentDto componentDto, UserDto userDto, GroupDto groupDto) {
        log_in(userDto).setGroups(groupDto);
        verifyAuthorized(componentDto, false);
    }

    private void verifyAnyoneAuthorized(ComponentDto componentDto) {
        this.userSession.anonymous();
        verifyAuthorized(componentDto, true);
    }

    private void verifyAnyoneNotAuthorized(ComponentDto componentDto) {
        this.userSession.anonymous();
        verifyAuthorized(componentDto, false);
    }

    private void verifyAuthorized(ComponentDto componentDto, boolean z) {
        Assertions.assertThat(this.fooIndex.hasAccessToProject(componentDto.uuid())).isEqualTo(z);
    }

    private UserSessionRule log_in(UserDto userDto) {
        this.userSession.logIn(userDto.getLogin()).setUserId(Integer.valueOf(userDto.getId().intValue()));
        return this.userSession;
    }

    private ComponentDto createAndIndexProject() {
        ComponentDto insertProject = this.componentDbTester.insertProject();
        this.fooIndexer.indexProject(insertProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        return insertProject;
    }

    private ComponentDto createAndIndexProject(OrganizationDto organizationDto) {
        ComponentDto insertProject = this.componentDbTester.insertProject(organizationDto);
        this.fooIndexer.indexProject(insertProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        return insertProject;
    }
}
