package org.sonar.server.permission.index;

import org.assertj.core.api.Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDbTester;
import org.sonar.db.user.UserDto;
import org.sonar.server.es.EsTester;
import org.sonar.server.es.IndexType;
import org.sonar.server.es.ProjectIndexer;
import org.sonar.server.tester.UserSessionRule;

/* loaded from: input_file:org/sonar/server/permission/index/PermissionIndexerTest.class */
public class PermissionIndexerTest {
    private static final IndexType INDEX_TYPE_FOO_AUTH = AuthorizationTypeSupport.getAuthorizationIndexType(FooIndexDefinition.INDEX_TYPE_FOO);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);

    @Rule
    public EsTester esTester = new EsTester(new FooIndexDefinition());

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();
    private ComponentDbTester componentDbTester = new ComponentDbTester(this.dbTester);
    private UserDbTester userDbTester = new UserDbTester(this.dbTester);
    private FooIndex fooIndex = new FooIndex(this.esTester.client(), new AuthorizationTypeSupport(this.userSession));
    private FooIndexer fooIndexer = new FooIndexer(this.esTester.client());
    private PermissionIndexer underTest = new PermissionIndexer(this.dbTester.getDbClient(), this.esTester.client(), new NeedAuthorizationIndexer[]{this.fooIndexer});

    @Test
    public void initalizeOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        verifyAuthorized(createAndIndexPublicProject, insertUser);
        verifyAuthorized(createAndIndexPublicProject, insertUser2);
    }

    @Test
    public void initializeOnStartup_grants_access_to_user() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        this.userDbTester.insertProjectPermissionOnUser(insertUser2, "admin", createAndIndexPrivateProject);
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2);
    }

    @Test
    public void initializeOnStartup_grants_access_to_group_on_private_project() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        UserDto insertUser3 = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        GroupDto insertGroup2 = this.userDbTester.insertGroup();
        this.userDbTester.insertProjectPermissionOnGroup(insertGroup, "user", createAndIndexPrivateProject);
        this.userDbTester.insertProjectPermissionOnGroup(insertGroup2, "admin", createAndIndexPrivateProject);
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyAuthorized(createAndIndexPrivateProject, insertUser, insertGroup);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2, insertGroup2);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser3);
    }

    @Test
    public void initializeOnStartup_grants_access_to_user_and_group() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        this.userDbTester.insertMember(insertGroup, insertUser2);
        this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        this.userDbTester.insertProjectPermissionOnGroup(insertGroup, "user", createAndIndexPrivateProject);
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        verifyAuthorized(createAndIndexPrivateProject, insertUser, insertGroup);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2);
    }

    @Test
    public void initializeOnStartup_does_not_grant_access_to_anybody_on_private_project() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser, insertGroup);
    }

    @Test
    public void initializeOnStartup_grants_access_to_anybody_on_public_project() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        UserDto insertUser = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        verifyAuthorized(createAndIndexPublicProject, insertUser);
        verifyAuthorized(createAndIndexPublicProject, insertUser, insertGroup);
    }

    @Test
    public void initializeOnStartup_grants_access_to_anybody_on_view() {
        ComponentDto createAndIndexView = createAndIndexView();
        UserDto insertUser = this.userDbTester.insertUser();
        GroupDto insertGroup = this.userDbTester.insertGroup();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexView);
        verifyAuthorized(createAndIndexView, insertUser);
        verifyAuthorized(createAndIndexView, insertUser, insertGroup);
    }

    @Test
    public void initializeOnStartup_grants_access_on_many_projects() {
        UserDto insertUser = this.userDbTester.insertUser();
        UserDto insertUser2 = this.userDbTester.insertUser();
        ComponentDto componentDto = null;
        for (int i = 0; i < 1010; i++) {
            componentDto = createAndIndexPrivateProject();
            this.userDbTester.insertProjectPermissionOnUser(insertUser, "user", componentDto);
        }
        indexOnStartup();
        verifyAnyoneNotAuthorized(componentDto);
        verifyAuthorized(componentDto, insertUser);
        verifyNotAuthorized(componentDto, insertUser2);
    }

    @Test
    public void deleteProject_deletes_the_documents_related_to_the_project() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        createAndIndexPublicProject();
        indexOnStartup();
        Assertions.assertThat(this.esTester.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2L);
        this.underTest.deleteProject(createAndIndexPublicProject.uuid());
        Assertions.assertThat(this.esTester.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(1L);
    }

    @Test
    public void indexProject_does_nothing_because_authorizations_are_triggered_outside_standard_indexer_lifecycle() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        this.underTest.indexProject(createAndIndexPublicProject.uuid(), ProjectIndexer.Cause.NEW_ANALYSIS);
        this.underTest.indexProject(createAndIndexPublicProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        this.underTest.indexProject(createAndIndexPublicProject.uuid(), ProjectIndexer.Cause.PROJECT_KEY_UPDATE);
        Assertions.assertThat(this.esTester.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(0L);
    }

    @Test
    public void public_projects_are_visible_to_any_body_which_ever_the_organization() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject(this.dbTester.organizations().insert());
        ComponentDto createAndIndexPublicProject2 = createAndIndexPublicProject(this.dbTester.organizations().insert());
        UserDto insertUser = this.userDbTester.insertUser();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        verifyAnyoneAuthorized(createAndIndexPublicProject2);
        verifyAuthorized(createAndIndexPublicProject, insertUser);
        verifyAuthorized(createAndIndexPublicProject2, insertUser);
    }

    private void indexOnStartup() {
        this.underTest.indexOnStartup(this.underTest.getIndexTypes());
    }

    private void verifyAuthorized(ComponentDto componentDto, UserDto userDto) {
        log_in(userDto);
        verifyAuthorized(componentDto, true);
    }

    private void verifyAuthorized(ComponentDto componentDto, UserDto userDto, GroupDto groupDto) {
        log_in(userDto).setGroups(groupDto);
        verifyAuthorized(componentDto, true);
    }

    private void verifyNotAuthorized(ComponentDto componentDto, UserDto userDto) {
        log_in(userDto);
        verifyAuthorized(componentDto, false);
    }

    private void verifyNotAuthorized(ComponentDto componentDto, UserDto userDto, GroupDto groupDto) {
        log_in(userDto).setGroups(groupDto);
        verifyAuthorized(componentDto, false);
    }

    private void verifyAnyoneAuthorized(ComponentDto componentDto) {
        this.userSession.anonymous();
        verifyAuthorized(componentDto, true);
    }

    private void verifyAnyoneNotAuthorized(ComponentDto componentDto) {
        this.userSession.anonymous();
        verifyAuthorized(componentDto, false);
    }

    private void verifyAuthorized(ComponentDto componentDto, boolean z) {
        Assertions.assertThat(this.fooIndex.hasAccessToProject(componentDto.uuid())).isEqualTo(z);
    }

    private UserSessionRule log_in(UserDto userDto) {
        this.userSession.logIn(userDto.getLogin()).setUserId(userDto.getId());
        return this.userSession;
    }

    private ComponentDto createAndIndexPublicProject() {
        ComponentDto insertPublicProject = this.componentDbTester.insertPublicProject();
        this.fooIndexer.indexProject(insertPublicProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        return insertPublicProject;
    }

    private ComponentDto createAndIndexPrivateProject() {
        ComponentDto insertPrivateProject = this.componentDbTester.insertPrivateProject();
        this.fooIndexer.indexProject(insertPrivateProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        return insertPrivateProject;
    }

    private ComponentDto createAndIndexView() {
        ComponentDto insertView = this.componentDbTester.insertView();
        this.fooIndexer.indexProject(insertView.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        return insertView;
    }

    private ComponentDto createAndIndexPublicProject(OrganizationDto organizationDto) {
        ComponentDto insertPublicProject = this.componentDbTester.insertPublicProject(organizationDto);
        this.fooIndexer.indexProject(insertPublicProject.uuid(), ProjectIndexer.Cause.PROJECT_CREATION);
        return insertPublicProject;
    }
}
