package org.sonar.server.permission.ws.template;

import java.util.List;
import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Mockito;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.permission.PermissionTemplateService;
import org.sonar.server.permission.index.PermissionIndexer;
import org.sonar.server.permission.ws.BasePermissionWsTest;
import org.sonar.server.ws.TestRequest;
import org.sonar.server.ws.TestResponse;

/* loaded from: input_file:org/sonar/server/permission/ws/template/ApplyTemplateActionTest.class */
public class ApplyTemplateActionTest extends BasePermissionWsTest<ApplyTemplateAction> {
    private UserDto user1;
    private UserDto user2;
    private GroupDto group1;
    private GroupDto group2;
    private ComponentDto project;
    private PermissionTemplateDto template1;
    private PermissionTemplateDto template2;

    @Rule
    public DefaultTemplatesResolverRule defaultTemplatesResolver = DefaultTemplatesResolverRule.withoutGovernance();
    private PermissionTemplateService permissionTemplateService = new PermissionTemplateService(this.db.getDbClient(), (PermissionIndexer) Mockito.mock(PermissionIndexer.class), this.userSession, this.defaultTemplatesResolver);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.server.permission.ws.BasePermissionWsTest
    public ApplyTemplateAction buildWsAction() {
        return new ApplyTemplateAction(this.db.getDbClient(), this.userSession, this.permissionTemplateService, newPermissionWsSupport());
    }

    @Before
    public void setUp() {
        this.user1 = this.db.users().insertUser();
        this.db.organizations().addMember(this.db.getDefaultOrganization(), this.user1);
        this.user2 = this.db.users().insertUser();
        this.db.organizations().addMember(this.db.getDefaultOrganization(), this.user2);
        this.group1 = this.db.users().insertGroup();
        this.group2 = this.db.users().insertGroup();
        this.template1 = this.db.permissionTemplates().insertTemplate(this.db.getDefaultOrganization());
        addUserToTemplate(this.user1, this.template1, "codeviewer");
        addUserToTemplate(this.user2, this.template1, "issueadmin");
        addGroupToTemplate(this.group1, this.template1, "admin");
        addGroupToTemplate(this.group2, this.template1, "user");
        this.template2 = this.db.permissionTemplates().insertTemplate(this.db.getDefaultOrganization());
        addUserToTemplate(this.user1, this.template2, "user");
        addUserToTemplate(this.user2, this.template2, "user");
        addGroupToTemplate(this.group1, this.template2, "user");
        addGroupToTemplate(this.group2, this.template2, "user");
        this.project = this.db.components().insertPrivateProject();
        this.db.users().insertProjectPermissionOnUser(this.user1, "admin", this.project);
        this.db.users().insertProjectPermissionOnUser(this.user2, "admin", this.project);
        this.db.users().insertProjectPermissionOnGroup(this.group1, "admin", this.project);
        this.db.users().insertProjectPermissionOnGroup(this.group2, "admin", this.project);
    }

    @Test
    public void apply_template_with_project_uuid() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest(this.template1.getUuid(), this.project.uuid(), null);
        assertTemplate1AppliedToProject();
    }

    @Test
    public void apply_template_with_project_uuid_by_template_name() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("templateName", this.template1.getName().toUpperCase()).setParam("projectId", this.project.uuid()).execute();
        assertTemplate1AppliedToProject();
    }

    @Test
    public void apply_template_with_project_key() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest(this.template1.getUuid(), null, this.project.key());
        assertTemplate1AppliedToProject();
    }

    @Test
    public void fail_when_unknown_template() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Permission template with id 'unknown-template-uuid' is not found");
        newRequest("unknown-template-uuid", this.project.uuid(), null);
    }

    @Test
    public void fail_when_unknown_project_uuid() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
        newRequest(this.template1.getUuid(), "unknown-project-uuid", null);
    }

    @Test
    public void fail_when_unknown_project_key() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Project key 'unknown-project-key' not found");
        newRequest(this.template1.getUuid(), null, "unknown-project-key");
    }

    @Test
    public void fail_when_template_is_not_provided() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        newRequest(null, this.project.uuid(), null);
    }

    @Test
    public void fail_when_project_uuid_and_key_not_provided() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Project id or project key can be provided, not both.");
        newRequest(this.template1.getUuid(), null, null);
    }

    @Test
    public void fail_when_not_admin_of_organization() throws Exception {
        this.userSession.logIn().addPermission(OrganizationPermission.ADMINISTER, "otherOrg");
        this.expectedException.expect(ForbiddenException.class);
        newRequest(this.template1.getUuid(), this.project.uuid(), null);
    }

    private void assertTemplate1AppliedToProject() {
        Assertions.assertThat(selectProjectPermissionGroups(this.project, "admin")).containsExactly(new String[]{this.group1.getName()});
        Assertions.assertThat(selectProjectPermissionGroups(this.project, "user")).containsExactly(new String[]{this.group2.getName()});
        Assertions.assertThat(selectProjectPermissionUsers(this.project, "admin")).isEmpty();
        Assertions.assertThat(selectProjectPermissionUsers(this.project, "codeviewer")).containsExactly(new Integer[]{this.user1.getId()});
        Assertions.assertThat(selectProjectPermissionUsers(this.project, "issueadmin")).containsExactly(new Integer[]{this.user2.getId()});
    }

    private TestResponse newRequest(@Nullable String str, @Nullable String str2, @Nullable String str3) throws Exception {
        TestRequest newRequest = newRequest();
        if (str != null) {
            newRequest.setParam("templateId", str);
        }
        if (str2 != null) {
            newRequest.setParam("projectId", str2);
        }
        if (str3 != null) {
            newRequest.setParam("projectKey", str3);
        }
        return newRequest.execute();
    }

    private void addUserToTemplate(UserDto userDto, PermissionTemplateDto permissionTemplateDto, String str) {
        this.db.getDbClient().permissionTemplateDao().insertUserPermission(this.db.getSession(), permissionTemplateDto.getId(), userDto.getId(), str);
        this.db.commit();
    }

    private void addGroupToTemplate(GroupDto groupDto, PermissionTemplateDto permissionTemplateDto, String str) {
        this.db.getDbClient().permissionTemplateDao().insertGroupPermission(this.db.getSession(), permissionTemplateDto.getId().longValue(), groupDto.getId(), str);
        this.db.commit();
    }

    private List<String> selectProjectPermissionGroups(ComponentDto componentDto, String str) {
        return this.db.getDbClient().groupPermissionDao().selectGroupNamesByQuery(this.db.getSession(), PermissionQuery.builder().setOrganizationUuid(componentDto.getOrganizationUuid()).setPermission(str).setComponentUuid(componentDto.uuid()).build());
    }

    private List<Integer> selectProjectPermissionUsers(ComponentDto componentDto, String str) {
        return this.db.getDbClient().userPermissionDao().selectUserIdsByQuery(this.db.getSession(), PermissionQuery.builder().setOrganizationUuid(componentDto.getOrganizationUuid()).setPermission(str).setComponentUuid(componentDto.uuid()).build());
    }
}
