package org.sonar.server.usergroups.ws;

import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.db.DbTester;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.permission.index.FooIndexDefinition;
import org.sonar.server.tester.UserSessionRule;
import org.sonar.server.ws.WsTester;

/* loaded from: input_file:org/sonar/server/usergroups/ws/RemoveUserActionTest.class */
public class RemoveUserActionTest {

    @Rule
    public DbTester db = DbTester.create(new AlwaysIncreasingSystem2());

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(this.db);
    private WsTester ws;

    @Before
    public void setUp() {
        this.ws = new WsTester(new UserGroupsWs(new UserGroupsWsAction[]{new RemoveUserAction(this.db.getDbClient(), this.userSession, new GroupWsSupport(this.db.getDbClient(), this.defaultOrganizationProvider))}));
    }

    @Test
    public void does_nothing_if_user_is_not_in_group() throws Exception {
        insertAnAdministratorInDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "admins");
        UserDto insertUser = this.db.users().insertUser("my-admin");
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).isEmpty();
    }

    @Test
    public void remove_user_by_group_id() throws Exception {
        insertAnAdministratorInDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "users");
        UserDto insertUser = this.db.users().insertUser("my-admin");
        this.db.users().insertMember(insertGroup, insertUser);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).isEmpty();
    }

    @Test
    public void remove_user_by_group_name_in_default_organization() throws Exception {
        insertAnAdministratorInDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "a_group");
        UserDto insertUser = this.db.users().insertUser("a_user");
        this.db.users().insertMember(insertGroup, insertUser);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam(FooIndexDefinition.FIELD_NAME, insertGroup.getName()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).isEmpty();
    }

    @Test
    public void remove_user_by_group_name_in_specific_organization() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert, "a_group");
        UserDto insertUser = this.db.users().insertUser("a_user");
        this.db.users().insertMember(insertGroup, insertUser);
        this.db.users().insertAdminByUserPermission(insert);
        loginAsAdmin(insert);
        newRequest().setParam("organization", insert.getKey()).setParam(FooIndexDefinition.FIELD_NAME, insertGroup.getName()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).isEmpty();
    }

    @Test
    public void remove_user_only_from_one_group() throws Exception {
        insertAnAdministratorInDefaultOrganization();
        OrganizationDto defaultOrganization = this.db.getDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(defaultOrganization, "user");
        GroupDto insertGroup2 = this.db.users().insertGroup(defaultOrganization, "admins");
        UserDto insertUser = this.db.users().insertUser("user");
        this.db.users().insertMember(insertGroup, insertUser);
        this.db.users().insertMember(insertGroup2, insertUser);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup2.getId().toString()).setParam("login", insertUser.getLogin()).execute().assertNoContent();
        Assertions.assertThat(this.db.users().selectGroupIdsOfUser(insertUser)).containsOnly(new Long[]{insertGroup.getId()});
    }

    @Test
    public void fail_if_unknown_group() throws Exception {
        UserDto insertUser = this.db.users().insertUser("my-admin");
        this.expectedException.expect(NotFoundException.class);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", "42").setParam("login", insertUser.getLogin()).execute();
    }

    @Test
    public void fail_if_unknown_user() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "admins");
        this.expectedException.expect(NotFoundException.class);
        loginAsAdminOnDefaultOrganization();
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", "my-admin").execute();
    }

    @Test
    public void throw_ForbiddenException_if_not_administrator_of_organization() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.organizations().insert(), "a-group");
        UserDto insertUser = this.db.users().insertUser();
        this.db.users().insertMember(insertGroup, insertUser);
        loginAsAdminOnDefaultOrganization();
        this.expectedException.expect(ForbiddenException.class);
        this.expectedException.expectMessage("Insufficient privileges");
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute();
    }

    @Test
    public void fail_to_remove_the_last_administrator() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert, "sonar-admins");
        this.db.users().insertPermissionOnGroup(insertGroup, "admin");
        UserDto insertUser = this.db.users().insertUser("the-single-admin");
        this.db.users().insertMember(insertGroup, insertUser);
        loginAsAdmin(insert);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("The last administrator user cannot be removed");
        newRequest().setParam("id", insertGroup.getId().toString()).setParam("login", insertUser.getLogin()).execute();
    }

    private WsTester.TestRequest newRequest() {
        return this.ws.newPostRequest("api/user_groups", "remove_user");
    }

    private void loginAsAdminOnDefaultOrganization() {
        loginAsAdmin(this.db.getDefaultOrganization());
    }

    private void loginAsAdmin(OrganizationDto organizationDto) {
        this.userSession.logIn("admin").addOrganizationPermission(organizationDto.getUuid(), "admin");
    }

    private UserDto insertAnAdministratorInDefaultOrganization() {
        return this.db.users().insertAdminByUserPermission(this.db.getDefaultOrganization());
    }
}
