package org.sonar.server.permission.ws;

import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.ServerException;

/* loaded from: input_file:org/sonar/server/permission/ws/RemoveUserActionTest.class */
public class RemoveUserActionTest extends BasePermissionWsTest<RemoveUserAction> {
    private static final String A_PROJECT_UUID = "project-uuid";
    private static final String A_PROJECT_KEY = "project-key";
    private static final String A_LOGIN = "ray.bradbury";
    private UserDto user;

    @Before
    public void setUp() {
        this.user = this.db.users().insertUser(A_LOGIN);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.server.permission.ws.BasePermissionWsTest
    public RemoveUserAction buildWsAction() {
        return new RemoveUserAction(this.db.getDbClient(), this.userSession, newPermissionUpdater(), newPermissionWsSupport());
    }

    @Test
    public void remove_permission_from_user() throws Exception {
        this.db.users().insertPermissionOnUser(this.user, OrganizationPermission.PROVISION_PROJECTS);
        this.db.users().insertPermissionOnUser(this.user, OrganizationPermission.ADMINISTER_QUALITY_GATES);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("login", this.user.getLogin()).setParam("permission", "gateadmin").execute();
        Assertions.assertThat(this.db.users().selectPermissionsOfUser(this.user, this.db.getDefaultOrganization())).containsOnly(new OrganizationPermission[]{OrganizationPermission.PROVISION_PROJECTS});
    }

    @Test
    public void fail_to_remove_admin_permission_if_last_admin() throws Exception {
        this.db.users().insertPermissionOnUser(this.user, OrganizationPermission.ADMINISTER);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Last user with permission 'admin'. Permission cannot be removed.");
        newRequest().setParam("login", this.user.getLogin()).setParam("permission", "admin").execute();
    }

    @Test
    public void remove_permission_from_project() throws Exception {
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert(), A_PROJECT_UUID).setKey(A_PROJECT_KEY));
        this.db.users().insertProjectPermissionOnUser(this.user, "codeviewer", insertComponent);
        this.db.users().insertProjectPermissionOnUser(this.user, "issueadmin", insertComponent);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("login", this.user.getLogin()).setParam("projectId", insertComponent.uuid()).setParam("permission", "codeviewer").execute();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user, insertComponent)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void remove_with_project_key() throws Exception {
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert(), A_PROJECT_UUID).setKey(A_PROJECT_KEY));
        this.db.users().insertProjectPermissionOnUser(this.user, "issueadmin", insertComponent);
        this.db.users().insertProjectPermissionOnUser(this.user, "codeviewer", insertComponent);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("login", this.user.getLogin()).setParam("projectKey", insertComponent.getKey()).setParam("permission", "issueadmin").execute();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user, insertComponent)).containsOnly(new String[]{"codeviewer"});
    }

    @Test
    public void remove_with_view_uuid() throws Exception {
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newView(this.db.organizations().insert(), "view-uuid").setKey("view-key"));
        this.db.users().insertProjectPermissionOnUser(this.user, "issueadmin", insertComponent);
        this.db.users().insertProjectPermissionOnUser(this.user, "admin", insertComponent);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("login", this.user.getLogin()).setParam("projectKey", insertComponent.getKey()).setParam("permission", "issueadmin").execute();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user, insertComponent)).containsOnly(new String[]{"admin"});
    }

    @Test
    public void fail_when_project_does_not_exist() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        newRequest().setParam("login", this.user.getLogin()).setParam("projectId", "unknown-project-uuid").setParam("permission", "issueadmin").execute();
    }

    @Test
    public void fail_when_project_permission_without_permission() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        newRequest().setParam("login", this.user.getLogin()).setParam("permission", "issueadmin").execute();
    }

    @Test
    public void fail_when_component_is_not_a_project() throws Exception {
        this.db.components().insertComponent(ComponentTesting.newFileDto(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()), (ComponentDto) null, "file-uuid"));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        newRequest().setParam("login", this.user.getLogin()).setParam("projectId", "file-uuid").setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_get_request() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(ServerException.class);
        newRequest().setMethod("GET").setParam("login", "george.orwell").setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_user_login_is_missing() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest().setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_permission_is_missing() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest().setParam("login", this.user.getLogin()).execute();
    }

    @Test
    public void fail_when_project_uuid_and_project_key_are_provided() throws Exception {
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert(), A_PROJECT_UUID).setKey(A_PROJECT_KEY));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Project id or project key can be provided, not both.");
        newRequest().setParam("permission", "admin").setParam("login", this.user.getLogin()).setParam("projectId", insertComponent.uuid()).setParam("projectKey", insertComponent.getKey()).execute();
    }

    @Test
    public void removing_global_permission_fails_if_not_administrator_of_organization() throws Exception {
        this.userSession.logIn();
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("login", this.user.getLogin()).setParam("permission", "provisioning").execute();
    }

    @Test
    public void removing_project_permission_fails_if_not_administrator_of_project() throws Exception {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.userSession.logIn();
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("login", this.user.getLogin()).setParam("permission", "issueadmin").setParam("projectKey", insertPrivateProject.key()).execute();
    }

    @Test
    public void removing_project_permission_is_allowed_to_project_administrators() throws Exception {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.db.users().insertProjectPermissionOnUser(this.user, "codeviewer", insertPrivateProject);
        this.db.users().insertProjectPermissionOnUser(this.user, "issueadmin", insertPrivateProject);
        this.userSession.logIn().addProjectPermission("admin", insertPrivateProject);
        newRequest().setParam("login", this.user.getLogin()).setParam("projectId", insertPrivateProject.uuid()).setParam("permission", "issueadmin").execute();
        Assertions.assertThat(this.db.users().selectProjectPermissionsOfUser(this.user, insertPrivateProject)).containsOnly(new String[]{"codeviewer"});
    }

    @Test
    public void fail_when_removing_USER_permission_on_a_public_project() {
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(this.db.organizations().insert());
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Permission user can't be removed from a public component");
        newRequest().setParam("login", this.user.getLogin()).setParam("projectId", insertPublicProject.uuid()).setParam("permission", "user").execute();
    }

    @Test
    public void fail_when_removing_CODEVIEWER_permission_on_a_public_project() {
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(this.db.organizations().insert());
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Permission codeviewer can't be removed from a public component");
        newRequest().setParam("login", this.user.getLogin()).setParam("projectId", insertPublicProject.uuid()).setParam("permission", "codeviewer").execute();
    }
}
