package org.sonar.server.permission;

import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.template.PermissionTemplateDbTester;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.computation.task.projectanalysis.issue.DefaultAssigneeTest;
import org.sonar.server.permission.index.PermissionIndexer;
import org.sonar.server.permission.ws.template.DefaultTemplatesResolverRule;
import org.sonar.server.tester.UserSessionRule;

/* loaded from: input_file:org/sonar/server/permission/PermissionTemplateServiceTest.class */
public class PermissionTemplateServiceTest {
    private OrganizationDto organization;
    private ComponentDto privateProject;
    private ComponentDto publicProject;
    private GroupDto group;
    private UserDto user;
    private UserDto creator;

    @Rule
    public ExpectedException throwable = ExpectedException.none();

    @Rule
    public DbTester dbTester = DbTester.create(new AlwaysIncreasingSystem2());

    @Rule
    public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withGovernance();
    private UserSessionRule userSession = UserSessionRule.standalone();
    private PermissionTemplateDbTester templateDb = this.dbTester.permissionTemplates();
    private DbSession session = this.dbTester.getSession();
    private PermissionIndexer permissionIndexer = (PermissionIndexer) Mockito.mock(PermissionIndexer.class);
    private PermissionTemplateService underTest = new PermissionTemplateService(this.dbTester.getDbClient(), this.permissionIndexer, this.userSession, this.defaultTemplatesResolver);

    @Before
    public void setUp() throws Exception {
        this.organization = this.dbTester.organizations().insert();
        this.privateProject = this.dbTester.components().insertPrivateProject(this.organization);
        this.publicProject = this.dbTester.components().insertPublicProject(this.organization);
        this.group = this.dbTester.users().insertGroup(this.organization);
        this.user = this.dbTester.users().insertUser();
        this.creator = this.dbTester.users().insertUser();
    }

    @Test
    public void apply_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, "p1");
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(this.privateProject));
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, null, this.privateProject)).isEmpty();
    }

    @Test
    public void apply_default_does_not_insert_permission_to_group_AnyOne_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.privateProject, this.creator.getId());
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, null, this.privateProject)).isEmpty();
    }

    @Test
    public void apply_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, str);
        });
        this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, "p1");
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(this.publicProject));
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, null, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_permissions_to_group_AnyOne_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, str);
        });
        this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.publicProject, (Integer) null);
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, null, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void apply_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, str);
        });
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, "p1");
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(this.privateProject));
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, this.group, this.privateProject)).containsOnly(new String[]{"p1", "user", "codeviewer", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_any_permissions_to_group_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, str);
        });
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.privateProject, (Integer) null);
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, this.group, this.privateProject)).containsOnly(new String[]{"p1", "user", "codeviewer", "admin", "issueadmin", "scan"});
    }

    @Test
    public void apply_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, str);
        });
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, "p1");
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(this.publicProject));
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, this.group, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_permissions_to_group_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, str);
        });
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, this.group, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.publicProject, (Integer) null);
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, this.group, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void apply_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, str);
        });
        this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, "p1");
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(this.publicProject));
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_permissions_to_user_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, str);
        });
        this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.publicProject, (Integer) null);
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void apply_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, str);
        });
        this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, "p1");
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(this.privateProject));
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, this.privateProject)).containsOnly(new String[]{"p1", "user", "codeviewer", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_any_permissions_to_user_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, str);
        });
        this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.privateProject, (Integer) null);
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, this.privateProject)).containsOnly(new String[]{"p1", "user", "codeviewer", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_permissions_to_ProjectCreator_but_USER_and_CODEVIEWER_when_applying_template_on_public_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addProjectCreatorToTemplate(insertTemplate, str);
        });
        this.dbTester.permissionTemplates().addProjectCreatorToTemplate(insertTemplate, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.publicProject, this.user.getId());
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, this.publicProject)).containsOnly(new String[]{"p1", "admin", "issueadmin", "scan"});
    }

    @Test
    public void applyDefault_inserts_any_permissions_to_ProjectCreator_when_applying_template_on_private_project() {
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        ProjectPermissions.ALL.forEach(str -> {
            this.dbTester.permissionTemplates().addProjectCreatorToTemplate(insertTemplate, str);
        });
        this.dbTester.permissionTemplates().addProjectCreatorToTemplate(insertTemplate, "p1");
        this.dbTester.organizations().setDefaultTemplates(this.organization, insertTemplate.getUuid(), (String) null);
        this.underTest.applyDefault(this.session, this.organization.getUuid(), this.privateProject, this.user.getId());
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, this.privateProject)).containsOnly(new String[]{"p1", "user", "codeviewer", "admin", "issueadmin", "scan"});
    }

    @Test
    public void apply_permission_template() {
        ComponentDto insertPrivateProject = this.dbTester.components().insertPrivateProject(this.organization);
        GroupDto insertGroup = this.dbTester.users().insertGroup(this.organization);
        GroupDto insertGroup2 = this.dbTester.users().insertGroup(this.organization);
        this.dbTester.users().insertPermissionOnGroup(insertGroup, "admin");
        this.dbTester.users().insertPermissionOnGroup(insertGroup2, "user");
        this.dbTester.users().insertPermissionOnUser(this.organization, this.user, "admin");
        PermissionTemplateDto insertTemplate = this.dbTester.permissionTemplates().insertTemplate(this.organization);
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, insertGroup, "admin");
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, insertGroup, "issueadmin");
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, insertGroup2, "user");
        this.dbTester.permissionTemplates().addGroupToTemplate(insertTemplate, insertGroup2, "codeviewer");
        this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, "user");
        this.dbTester.permissionTemplates().addAnyoneToTemplate(insertTemplate, "codeviewer");
        this.dbTester.permissionTemplates().addUserToTemplate(insertTemplate, this.user, "admin");
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, insertGroup, insertPrivateProject)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, insertGroup2, insertPrivateProject)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, null, insertPrivateProject)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, insertPrivateProject)).isEmpty();
        this.underTest.apply(this.session, insertTemplate, Collections.singletonList(insertPrivateProject));
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, insertGroup, insertPrivateProject)).containsOnly(new String[]{"admin", "issueadmin"});
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, insertGroup2, insertPrivateProject)).containsOnly(new String[]{"user", "codeviewer"});
        Assertions.assertThat(selectProjectPermissionsOfGroup(this.organization, null, insertPrivateProject)).isEmpty();
        Assertions.assertThat(selectProjectPermissionsOfUser(this.user, insertPrivateProject)).containsOnly(new String[]{"admin"});
        checkAuthorizationUpdatedAtIsUpdated(insertPrivateProject);
    }

    private List<String> selectProjectPermissionsOfGroup(OrganizationDto organizationDto, @Nullable GroupDto groupDto, ComponentDto componentDto) {
        return this.dbTester.getDbClient().groupPermissionDao().selectProjectPermissionsOfGroup(this.session, organizationDto.getUuid(), groupDto != null ? groupDto.getId() : null, componentDto.getId().longValue());
    }

    private List<String> selectProjectPermissionsOfUser(UserDto userDto, ComponentDto componentDto) {
        return this.dbTester.getDbClient().userPermissionDao().selectProjectPermissionsOfUser(this.session, userDto.getId().intValue(), componentDto.getId().longValue());
    }

    @Test
    public void would_user_have_scan_permission_with_default_permission_template() {
        this.dbTester.users().insertMember(this.group, this.user);
        PermissionTemplateDto insertTemplate = this.templateDb.insertTemplate(this.organization);
        this.dbTester.organizations().setDefaultTemplates(insertTemplate, (PermissionTemplateDto) null);
        this.templateDb.addProjectCreatorToTemplate(insertTemplate.getId().longValue(), "scan");
        this.templateDb.addUserToTemplate(insertTemplate.getId().longValue(), this.user.getId().intValue(), "user");
        this.templateDb.addGroupToTemplate(insertTemplate.getId().longValue(), this.group.getId(), "codeviewer");
        this.templateDb.addGroupToTemplate(insertTemplate.getId().longValue(), (Integer) null, "issueadmin");
        checkWouldUserHaveScanPermission(this.organization, this.user.getId(), true);
        checkWouldUserHaveScanPermission(this.organization, null, false);
    }

    @Test
    public void would_user_have_scan_permission_with_unknown_default_permission_template() {
        this.dbTester.organizations().setDefaultTemplates(this.dbTester.getDefaultOrganization(), "UNKNOWN_TEMPLATE_UUID", (String) null);
        checkWouldUserHaveScanPermission(this.dbTester.getDefaultOrganization(), null, false);
    }

    @Test
    public void would_user_have_scann_permission_with_empty_template() {
        this.dbTester.organizations().setDefaultTemplates(this.templateDb.insertTemplate(this.dbTester.getDefaultOrganization()), (PermissionTemplateDto) null);
        checkWouldUserHaveScanPermission(this.dbTester.getDefaultOrganization(), null, false);
    }

    private void checkWouldUserHaveScanPermission(OrganizationDto organizationDto, @Nullable Integer num, boolean z) {
        Assertions.assertThat(this.underTest.wouldUserHaveScanPermissionWithDefaultTemplate(this.session, organizationDto.getUuid(), num, (String) null, DefaultAssigneeTest.PROJECT_KEY, "TRK")).isEqualTo(z);
    }

    private void checkAuthorizationUpdatedAtIsUpdated(ComponentDto componentDto) {
        Assertions.assertThat(this.dbTester.getDbClient().componentDao().selectOrFailById(this.session, componentDto.getId().longValue()).getAuthorizationUpdatedAt()).isNotNull();
    }
}
