package org.sonar.server.permission;

import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.permission.PermissionChange;
import org.sonar.server.usergroups.ws.GroupIdOrAnyone;

/* loaded from: input_file:org/sonar/server/permission/GroupPermissionChangerTest.class */
public class GroupPermissionChangerTest {

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private GroupPermissionChanger underTest = new GroupPermissionChanger(this.db.getDbClient());

    /* renamed from: org, reason: collision with root package name */
    private OrganizationDto f0org;
    private GroupDto group;
    private ComponentDto project;

    @Before
    public void setUp() throws Exception {
        this.f0org = this.db.organizations().insert();
        this.group = this.db.users().insertGroup(this.f0org, "a-group");
        this.project = this.db.components().insertProject(this.f0org);
    }

    @Test
    public void add_permission_to_group() {
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "gateadmin", (ProjectId) null, new GroupIdOrAnyone(this.group)));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).containsOnly(new String[]{"gateadmin"});
    }

    @Test
    public void add_project_permission_to_group() {
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "issueadmin", new ProjectId(this.project), new GroupIdOrAnyone(this.group)));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, this.project)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void add_permission_to_anyone() {
        OrganizationDto defaultOrganization = this.db.getDefaultOrganization();
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "gateadmin", (ProjectId) null, new GroupIdOrAnyone(defaultOrganization.getUuid(), (Long) null)));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectAnyonePermissions(defaultOrganization, (ComponentDto) null)).containsOnly(new String[]{"gateadmin"});
    }

    @Test
    public void add_project_permission_to_anyone() {
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "issueadmin", new ProjectId(this.project), new GroupIdOrAnyone(this.f0org.getUuid(), (Long) null)));
        Assertions.assertThat(this.db.users().selectAnyonePermissions(this.f0org, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectAnyonePermissions(this.f0org, this.project)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void do_nothing_when_adding_permission_that_already_exists() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.db.users().insertPermissionOnGroup(this.group, "gateadmin");
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "gateadmin", (ProjectId) null, groupIdOrAnyone));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).containsOnly(new String[]{"gateadmin"});
    }

    @Test
    public void fail_to_add_global_permission_on_project() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Invalid project permission 'gateadmin'. Valid values are [admin, codeviewer, issueadmin, scan, user]");
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "gateadmin", new ProjectId(this.project), groupIdOrAnyone));
    }

    @Test
    public void fail_to_add_project_permission_on_global_group() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]");
        apply(new GroupPermissionChange(PermissionChange.Operation.ADD, "issueadmin", (ProjectId) null, groupIdOrAnyone));
    }

    @Test
    public void remove_permission_from_group() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.db.users().insertPermissionOnGroup(this.group, "gateadmin");
        this.db.users().insertPermissionOnGroup(this.group, "provisioning");
        apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, "gateadmin", (ProjectId) null, groupIdOrAnyone));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).containsOnly(new String[]{"provisioning"});
    }

    @Test
    public void remove_project_permission_from_group() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.db.users().insertPermissionOnGroup(this.group, "gateadmin");
        this.db.users().insertProjectPermissionOnGroup(this.group, "issueadmin", this.project);
        this.db.users().insertProjectPermissionOnGroup(this.group, "codeviewer", this.project);
        apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, "issueadmin", new ProjectId(this.project), groupIdOrAnyone));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).containsOnly(new String[]{"gateadmin"});
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, this.project)).containsOnly(new String[]{"codeviewer"});
    }

    @Test
    public void do_not_fail_if_removing_a_permission_that_does_not_exist() {
        apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, "issueadmin", new ProjectId(this.project), new GroupIdOrAnyone(this.group)));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, this.project)).isEmpty();
    }

    @Test
    public void fail_to_remove_admin_permission_if_no_more_admins() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.db.users().insertPermissionOnGroup(this.group, "admin");
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed.");
        this.underTest.apply(this.db.getSession(), new GroupPermissionChange(PermissionChange.Operation.REMOVE, "admin", (ProjectId) null, groupIdOrAnyone));
    }

    @Test
    public void remove_admin_group_if_still_other_admins() {
        GroupIdOrAnyone groupIdOrAnyone = new GroupIdOrAnyone(this.group);
        this.db.users().insertPermissionOnGroup(this.group, "admin");
        this.db.users().insertPermissionOnUser(this.f0org, this.db.users().insertUser(), "admin");
        apply(new GroupPermissionChange(PermissionChange.Operation.REMOVE, "admin", (ProjectId) null, groupIdOrAnyone));
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.group, (ComponentDto) null)).isEmpty();
    }

    private void apply(GroupPermissionChange groupPermissionChange) {
        this.underTest.apply(this.db.getSession(), groupPermissionChange);
        this.db.commit();
    }
}
