package org.sonar.server.permission.index;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import org.assertj.core.api.Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.es.EsTester;
import org.sonar.server.es.IndexType;
import org.sonar.server.es.IndexingResult;
import org.sonar.server.es.ProjectIndexer;
import org.sonar.server.tester.UserSessionRule;

/* loaded from: input_file:org/sonar/server/permission/index/PermissionIndexerTest.class */
public class PermissionIndexerTest {
    private static final IndexType INDEX_TYPE_FOO_AUTH = AuthorizationTypeSupport.getAuthorizationIndexType(FooIndexDefinition.INDEX_TYPE_FOO);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);

    @Rule
    public EsTester es = new EsTester(new FooIndexDefinition());

    @Rule
    public UserSessionRule userSession = UserSessionRule.standalone();
    private FooIndex fooIndex = new FooIndex(this.es.client(), new AuthorizationTypeSupport(this.userSession));
    private FooIndexer fooIndexer = new FooIndexer(this.db.getDbClient(), this.es.client());
    private PermissionIndexer underTest = new PermissionIndexer(this.db.getDbClient(), this.es.client(), new NeedAuthorizationIndexer[]{this.fooIndexer});

    @Test
    public void indexOnStartup_grants_access_to_any_user_and_to_group_Anyone_on_public_projects() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        verifyAuthorized(createAndIndexPublicProject, insertUser);
        verifyAuthorized(createAndIndexPublicProject, insertUser2);
    }

    @Test
    public void deletion_resilience_will_deindex_projects() {
        ComponentDto createUnindexedPublicProject = createUnindexedPublicProject();
        createUnindexedPublicProject();
        indexOnStartup();
        Assertions.assertThat(this.es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(2L);
        this.db.getDbClient().componentDao().delete(this.db.getSession(), createUnindexedPublicProject.getId().longValue());
        this.underTest.prepareForRecovery(this.db.getSession(), Arrays.asList(createUnindexedPublicProject.uuid()), ProjectIndexer.Cause.PROJECT_DELETION);
        Assertions.assertThat(this.db.countRowsOfTable(this.db.getSession(), "es_queue")).isEqualTo(1);
        this.underTest.index(this.db.getSession(), this.db.getDbClient().esQueueDao().selectForRecovery(this.db.getSession(), Long.MAX_VALUE, 2L));
        Assertions.assertThat(this.db.countRowsOfTable(this.db.getSession(), "es_queue")).isEqualTo(0);
        Assertions.assertThat(this.es.countDocuments(INDEX_TYPE_FOO_AUTH)).isEqualTo(1L);
    }

    @Test
    public void indexOnStartup_grants_access_to_user() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        this.db.users().insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        this.db.users().insertProjectPermissionOnUser(insertUser2, "admin", createAndIndexPrivateProject);
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2);
    }

    @Test
    public void indexOnStartup_grants_access_to_group_on_private_project() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        UserDto insertUser3 = this.db.users().insertUser();
        GroupDto insertGroup = this.db.users().insertGroup();
        GroupDto insertGroup2 = this.db.users().insertGroup();
        this.db.users().insertProjectPermissionOnGroup(insertGroup, "user", createAndIndexPrivateProject);
        this.db.users().insertProjectPermissionOnGroup(insertGroup2, "admin", createAndIndexPrivateProject);
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyAuthorized(createAndIndexPrivateProject, insertUser, insertGroup);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2, insertGroup2);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser3);
    }

    @Test
    public void indexOnStartup_grants_access_to_user_and_group() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        GroupDto insertGroup = this.db.users().insertGroup();
        this.db.users().insertMember(insertGroup, insertUser2);
        this.db.users().insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        this.db.users().insertProjectPermissionOnGroup(insertGroup, "user", createAndIndexPrivateProject);
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        verifyAuthorized(createAndIndexPrivateProject, insertUser, insertGroup);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2);
    }

    @Test
    public void indexOnStartup_does_not_grant_access_to_anybody_on_private_project() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        GroupDto insertGroup = this.db.users().insertGroup();
        indexOnStartup();
        verifyAnyoneNotAuthorized(createAndIndexPrivateProject);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser, insertGroup);
    }

    @Test
    public void indexOnStartup_grants_access_to_anybody_on_public_project() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        UserDto insertUser = this.db.users().insertUser();
        GroupDto insertGroup = this.db.users().insertGroup();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        verifyAuthorized(createAndIndexPublicProject, insertUser);
        verifyAuthorized(createAndIndexPublicProject, insertUser, insertGroup);
    }

    @Test
    public void indexOnStartup_grants_access_to_anybody_on_view() {
        ComponentDto createAndIndexView = createAndIndexView();
        UserDto insertUser = this.db.users().insertUser();
        GroupDto insertGroup = this.db.users().insertGroup();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexView);
        verifyAuthorized(createAndIndexView, insertUser);
        verifyAuthorized(createAndIndexView, insertUser, insertGroup);
    }

    @Test
    public void indexOnStartup_grants_access_on_many_projects() {
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        ComponentDto componentDto = null;
        for (int i = 0; i < 10; i++) {
            componentDto = createAndIndexPrivateProject();
            this.db.users().insertProjectPermissionOnUser(insertUser, "user", componentDto);
        }
        indexOnStartup();
        verifyAnyoneNotAuthorized(componentDto);
        verifyAuthorized(componentDto, insertUser);
        verifyNotAuthorized(componentDto, insertUser2);
    }

    @Test
    public void public_projects_are_visible_to_anybody_whatever_the_organization() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject(this.db.organizations().insert());
        ComponentDto createAndIndexPublicProject2 = createAndIndexPublicProject(this.db.organizations().insert());
        UserDto insertUser = this.db.users().insertUser();
        indexOnStartup();
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        verifyAnyoneAuthorized(createAndIndexPublicProject2);
        verifyAuthorized(createAndIndexPublicProject, insertUser);
        verifyAuthorized(createAndIndexPublicProject2, insertUser);
    }

    @Test
    public void indexOnAnalysis_does_nothing_because_CE_does_not_touch_permissions() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        this.underTest.indexOnAnalysis(createAndIndexPublicProject.uuid());
        assertThatAuthIndexHasSize(0);
        verifyAnyoneNotAuthorized(createAndIndexPublicProject);
    }

    @Test
    public void permissions_are_not_updated_on_project_tags_update() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        indexPermissions(createAndIndexPublicProject, ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
        assertThatAuthIndexHasSize(0);
        verifyAnyoneNotAuthorized(createAndIndexPublicProject);
    }

    @Test
    public void permissions_are_not_updated_on_project_key_update() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        indexPermissions(createAndIndexPublicProject, ProjectIndexer.Cause.PROJECT_TAGS_UPDATE);
        assertThatAuthIndexHasSize(0);
        verifyAnyoneNotAuthorized(createAndIndexPublicProject);
    }

    @Test
    public void index_permissions_on_project_creation() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        this.db.users().insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        indexPermissions(createAndIndexPrivateProject, ProjectIndexer.Cause.PROJECT_CREATION);
        assertThatAuthIndexHasSize(1);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
    }

    @Test
    public void index_permissions_on_permission_change() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        UserDto insertUser2 = this.db.users().insertUser();
        this.db.users().insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        indexPermissions(createAndIndexPrivateProject, ProjectIndexer.Cause.PROJECT_CREATION);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser2);
        this.db.users().insertProjectPermissionOnUser(insertUser2, "user", createAndIndexPrivateProject);
        indexPermissions(createAndIndexPrivateProject, ProjectIndexer.Cause.PERMISSION_CHANGE);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
    }

    @Test
    public void delete_permissions_on_project_deletion() {
        ComponentDto createAndIndexPrivateProject = createAndIndexPrivateProject();
        UserDto insertUser = this.db.users().insertUser();
        this.db.users().insertProjectPermissionOnUser(insertUser, "user", createAndIndexPrivateProject);
        indexPermissions(createAndIndexPrivateProject, ProjectIndexer.Cause.PROJECT_CREATION);
        verifyAuthorized(createAndIndexPrivateProject, insertUser);
        this.db.getDbClient().componentDao().delete(this.db.getSession(), createAndIndexPrivateProject.getId().longValue());
        indexPermissions(createAndIndexPrivateProject, ProjectIndexer.Cause.PROJECT_DELETION);
        verifyNotAuthorized(createAndIndexPrivateProject, insertUser);
        assertThatAuthIndexHasSize(0);
    }

    @Test
    public void errors_during_indexing_are_recovered() {
        ComponentDto createAndIndexPublicProject = createAndIndexPublicProject();
        this.es.lockWrites(INDEX_TYPE_FOO_AUTH);
        IndexingResult indexPermissions = indexPermissions(createAndIndexPublicProject, ProjectIndexer.Cause.PERMISSION_CHANGE);
        Assertions.assertThat(indexPermissions.getTotal()).isEqualTo(1L);
        Assertions.assertThat(indexPermissions.getFailures()).isEqualTo(1L);
        IndexingResult recover = recover();
        Assertions.assertThat(recover.getTotal()).isEqualTo(1L);
        Assertions.assertThat(recover.getFailures()).isEqualTo(1L);
        assertThatAuthIndexHasSize(0);
        assertThatEsQueueTableHasSize(1);
        this.es.unlockWrites(INDEX_TYPE_FOO_AUTH);
        IndexingResult recover2 = recover();
        Assertions.assertThat(recover2.getTotal()).isEqualTo(1L);
        Assertions.assertThat(recover2.getFailures()).isEqualTo(0L);
        verifyAnyoneAuthorized(createAndIndexPublicProject);
        assertThatEsQueueTableHasSize(0);
    }

    private void assertThatAuthIndexHasSize(int i) {
        Assertions.assertThat(this.es.countDocuments((IndexType) this.underTest.getIndexTypes().iterator().next())).isEqualTo(i);
    }

    private void indexOnStartup() {
        this.underTest.indexOnStartup(this.underTest.getIndexTypes());
    }

    private void verifyAuthorized(ComponentDto componentDto, UserDto userDto) {
        logIn(userDto);
        verifyAuthorized(componentDto, true);
    }

    private void verifyAuthorized(ComponentDto componentDto, UserDto userDto, GroupDto groupDto) {
        logIn(userDto).setGroups(groupDto);
        verifyAuthorized(componentDto, true);
    }

    private void verifyNotAuthorized(ComponentDto componentDto, UserDto userDto) {
        logIn(userDto);
        verifyAuthorized(componentDto, false);
    }

    private void verifyNotAuthorized(ComponentDto componentDto, UserDto userDto, GroupDto groupDto) {
        logIn(userDto).setGroups(groupDto);
        verifyAuthorized(componentDto, false);
    }

    private void verifyAnyoneAuthorized(ComponentDto componentDto) {
        this.userSession.anonymous();
        verifyAuthorized(componentDto, true);
    }

    private void verifyAnyoneNotAuthorized(ComponentDto componentDto) {
        this.userSession.anonymous();
        verifyAuthorized(componentDto, false);
    }

    private void verifyAuthorized(ComponentDto componentDto, boolean z) {
        Assertions.assertThat(this.fooIndex.hasAccessToProject(componentDto.uuid())).isEqualTo(z);
    }

    private UserSessionRule logIn(UserDto userDto) {
        this.userSession.logIn(userDto.getLogin()).setUserId(userDto.getId());
        return this.userSession;
    }

    private IndexingResult indexPermissions(ComponentDto componentDto, ProjectIndexer.Cause cause) {
        DbSession session = this.db.getSession();
        Collection prepareForRecovery = this.underTest.prepareForRecovery(session, Collections.singletonList(componentDto.uuid()), cause);
        session.commit();
        return this.underTest.index(session, prepareForRecovery);
    }

    private ComponentDto createUnindexedPublicProject() {
        return this.db.components().insertPublicProject();
    }

    private ComponentDto createAndIndexPrivateProject() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.fooIndexer.indexOnAnalysis(insertPrivateProject.uuid());
        return insertPrivateProject;
    }

    private ComponentDto createAndIndexPublicProject() {
        ComponentDto insertPublicProject = this.db.components().insertPublicProject();
        this.fooIndexer.indexOnAnalysis(insertPublicProject.uuid());
        return insertPublicProject;
    }

    private ComponentDto createAndIndexView() {
        ComponentDto insertView = this.db.components().insertView();
        this.fooIndexer.indexOnAnalysis(insertView.uuid());
        return insertView;
    }

    private ComponentDto createAndIndexPublicProject(OrganizationDto organizationDto) {
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(organizationDto);
        this.fooIndexer.indexOnAnalysis(insertPublicProject.uuid());
        return insertPublicProject;
    }

    private IndexingResult recover() {
        return this.underTest.index(this.db.getSession(), this.db.getDbClient().esQueueDao().selectForRecovery(this.db.getSession(), System.currentTimeMillis() + 1000, 10L));
    }

    private void assertThatEsQueueTableHasSize(int i) {
        Assertions.assertThat(this.db.countRowsOfTable("es_queue")).isEqualTo(i);
    }
}
