package org.sonar.server.user;

import com.google.common.base.Preconditions;
import java.util.Arrays;
import java.util.function.Consumer;
import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbTester;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.organization.TestDefaultOrganizationProvider;
import org.sonar.server.organization.TestOrganizationFlags;

/* loaded from: input_file:org/sonar/server/user/ServerUserSessionTest.class */
public class ServerUserSessionTest {
    private static final String LOGIN = "marius";
    private static final String PUBLIC_PROJECT_UUID = "public_project";
    private static final String PRIVATE_PROJECT_UUID = "private_project";
    private static final String FILE_KEY = "com.foo:Bar:BarFile.xoo";
    private static final String FILE_UUID = "BCDE";
    private static final UserDto ROOT_USER_DTO = new UserDto() { // from class: org.sonar.server.user.ServerUserSessionTest.1
        {
            setRoot(true);
        }
    }.setLogin("root_user");
    private static final UserDto NON_ROOT_USER_DTO = new UserDto() { // from class: org.sonar.server.user.ServerUserSessionTest.2
        {
            setRoot(false);
        }
    }.setLogin("regular_user");
    private UserDto user;
    private GroupDto groupOfUser;
    private OrganizationDto organization;
    private ComponentDto publicProject;
    private ComponentDto privateProject;

    @Rule
    public DbTester db = DbTester.create(System2.INSTANCE);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private DbClient dbClient = this.db.getDbClient();
    private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone();
    private TestDefaultOrganizationProvider defaultOrganizationProvider = TestDefaultOrganizationProvider.from(this.db);

    @Before
    public void setUp() throws Exception {
        this.organization = this.db.organizations().insert();
        this.publicProject = this.db.components().insertPublicProject(this.organization, PUBLIC_PROJECT_UUID);
        this.privateProject = this.db.components().insertPrivateProject(this.organization, new Consumer[]{componentDto -> {
            componentDto.setUuid(PRIVATE_PROJECT_UUID).setProjectUuid(PRIVATE_PROJECT_UUID).setPrivate(true);
        }});
        this.db.components().insertComponent(ComponentTesting.newFileDto(this.publicProject, (ComponentDto) null, FILE_UUID).setDbKey(FILE_KEY));
        this.user = this.db.users().insertUser(LOGIN);
        this.groupOfUser = this.db.users().insertGroup(this.organization);
    }

    @Test
    public void anonymous_is_not_logged_in_and_does_not_have_login() throws Exception {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.getLogin()).isNull();
        Assertions.assertThat(newAnonymousSession.isLoggedIn()).isFalse();
    }

    @Test
    public void getGroups_is_empty_on_anonymous() {
        Assertions.assertThat(newAnonymousSession().getGroups()).isEmpty();
    }

    @Test
    public void getGroups_is_empty_if_user_is_not_member_of_any_group() {
        Assertions.assertThat(newUserSession(this.user).getGroups()).isEmpty();
    }

    @Test
    public void getGroups_returns_the_groups_of_logged_in_user() {
        GroupDto insertGroup = this.db.users().insertGroup();
        GroupDto insertGroup2 = this.db.users().insertGroup();
        this.db.users().insertMember(insertGroup, this.user);
        this.db.users().insertMember(insertGroup2, this.user);
        Assertions.assertThat(newUserSession(this.user).getGroups()).extracting((v0) -> {
            return v0.getId();
        }).containsOnly(new Integer[]{insertGroup.getId(), insertGroup2.getId()});
    }

    @Test
    public void getGroups_keeps_groups_in_cache() {
        GroupDto insertGroup = this.db.users().insertGroup();
        GroupDto insertGroup2 = this.db.users().insertGroup();
        this.db.users().insertMember(insertGroup, this.user);
        ServerUserSession newUserSession = newUserSession(this.user);
        Assertions.assertThat(newUserSession.getGroups()).extracting((v0) -> {
            return v0.getId();
        }).containsOnly(new Integer[]{insertGroup.getId()});
        this.db.users().insertMember(insertGroup2, this.user);
        Assertions.assertThat(newUserSession.getGroups()).extracting((v0) -> {
            return v0.getId();
        }).containsOnly(new Integer[]{insertGroup.getId()});
    }

    @Test
    public void isRoot_is_false_is_flag_root_is_false_on_UserDto() {
        Assertions.assertThat(newUserSession(ROOT_USER_DTO).isRoot()).isTrue();
        Assertions.assertThat(newUserSession(NON_ROOT_USER_DTO).isRoot()).isFalse();
    }

    @Test
    public void checkIsRoot_throws_IPFE_if_flag_root_is_false_on_UserDto() {
        ServerUserSession newUserSession = newUserSession(NON_ROOT_USER_DTO);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkIsRoot();
    }

    @Test
    public void checkIsRoot_does_not_fail_if_flag_root_is_true_on_UserDto() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.checkIsRoot()).isSameAs(newUserSession);
    }

    @Test
    public void hasComponentUuidPermission_returns_true_when_flag_root_is_true_on_UserDto_no_matter_if_user_has_project_permission_for_given_uuid() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("user", FILE_UUID)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("codeviewer", FILE_UUID)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("admin", FILE_UUID)).isTrue();
        Assertions.assertThat(newUserSession.hasComponentUuidPermission("whatever", "who cares?")).isTrue();
    }

    @Test
    public void checkComponentUuidPermission_succeeds_if_user_has_permission_for_specified_uuid_in_db() {
        ServerUserSession newUserSession = newUserSession(ROOT_USER_DTO);
        Assertions.assertThat(newUserSession.checkComponentUuidPermission("user", FILE_UUID)).isSameAs(newUserSession);
        Assertions.assertThat(newUserSession.checkComponentUuidPermission("whatever", "who cares?")).isSameAs(newUserSession);
    }

    @Test
    public void checkComponentUuidPermission_fails_with_FE_when_user_has_not_permission_for_specified_uuid_in_db() {
        addProjectPermissions(this.privateProject, "user");
        ServerUserSession newUserSession = newUserSession(this.user);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession.checkComponentUuidPermission("user", "another-uuid");
    }

    @Test
    public void checkPermission_throws_ForbiddenException_when_user_doesnt_have_the_specified_permission_on_organization() {
        OrganizationDto insert = this.db.organizations().insert();
        this.db.users().insertUser(NON_ROOT_USER_DTO);
        expectInsufficientPrivilegesForbiddenException();
        newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, insert);
    }

    @Test
    public void checkPermission_succeeds_when_user_has_the_specified_permission_on_organization() {
        OrganizationDto insert = this.db.organizations().insert();
        this.db.users().insertUser(NON_ROOT_USER_DTO);
        this.db.users().insertPermissionOnUser(insert, NON_ROOT_USER_DTO, "provisioning");
        newUserSession(NON_ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, insert);
    }

    @Test
    public void checkPermission_succeeds_when_user_is_root() {
        newUserSession(ROOT_USER_DTO).checkPermission(OrganizationPermission.PROVISION_PROJECTS, this.db.organizations().insert());
    }

    @Test
    public void test_hasPermission_on_organization_for_logged_in_user() {
        OrganizationDto insert = this.db.organizations().insert();
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject(insert);
        this.db.users().insertPermissionOnUser(insert, this.user, OrganizationPermission.PROVISION_PROJECTS);
        this.db.users().insertProjectPermissionOnUser(this.user, "admin", insertPrivateProject);
        ServerUserSession newUserSession = newUserSession(this.user);
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, insert.getUuid())).isTrue();
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.ADMINISTER, insert.getUuid())).isFalse();
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse();
    }

    @Test
    public void test_hasPermission_on_organization_for_anonymous_user() {
        OrganizationDto insert = this.db.organizations().insert();
        this.db.users().insertPermissionOnAnyone(insert, OrganizationPermission.PROVISION_PROJECTS);
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, insert.getUuid())).isTrue();
        Assertions.assertThat(newAnonymousSession.hasPermission(OrganizationPermission.ADMINISTER, insert.getUuid())).isFalse();
        Assertions.assertThat(newAnonymousSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, "another-org")).isFalse();
    }

    @Test
    public void hasPermission_on_organization_keeps_cache_of_permissions_of_logged_in_user() {
        OrganizationDto insert = this.db.organizations().insert();
        this.db.users().insertPermissionOnUser(insert, this.user, "provisioning");
        ServerUserSession newUserSession = newUserSession(this.user);
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, insert.getUuid())).isTrue();
        this.db.users().deletePermissionFromUser(insert, this.user, OrganizationPermission.PROVISION_PROJECTS);
        this.db.users().insertPermissionOnUser(insert, this.user, OrganizationPermission.SCAN);
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, insert.getUuid())).isTrue();
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.ADMINISTER, insert.getUuid())).isFalse();
        Assertions.assertThat(newUserSession.hasPermission(OrganizationPermission.SCAN, insert.getUuid())).isFalse();
    }

    @Test
    public void hasPermission_on_organization_keeps_cache_of_permissions_of_anonymous_user() {
        OrganizationDto insert = this.db.organizations().insert();
        this.db.users().insertPermissionOnAnyone(insert, OrganizationPermission.PROVISION_PROJECTS);
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(newAnonymousSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, insert.getUuid())).isTrue();
        this.db.users().insertPermissionOnAnyone(insert, OrganizationPermission.SCAN);
        Assertions.assertThat(newAnonymousSession.hasPermission(OrganizationPermission.PROVISION_PROJECTS, insert.getUuid())).isTrue();
        Assertions.assertThat(newAnonymousSession.hasPermission(OrganizationPermission.SCAN, insert.getUuid())).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_without_permissions() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "user", this.publicProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "codeviewer", this.publicProject)).isTrue();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_global_permissions() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnAnyone("p1", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "user", this.publicProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "codeviewer", this.publicProject)).isTrue();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_group_permissions() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnGroup(this.db.users().insertGroup(this.organization), "p1", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "user", this.publicProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "codeviewer", this.publicProject)).isTrue();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_permissions_USER_and_CODEVIEWER_on_public_projects_with_user_permissions() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnUser(this.db.users().insertUser(), "p1", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "user", this.publicProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "codeviewer", this.publicProject)).isTrue();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_without_permissions() {
        ServerUserSession newUserSession = newUserSession(this.user);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "user", this.privateProject)).isFalse();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "codeviewer", this.privateProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_group_permissions() {
        ServerUserSession newUserSession = newUserSession(this.user);
        this.db.users().insertProjectPermissionOnGroup(this.db.users().insertGroup(this.organization), "p1", this.privateProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "user", this.privateProject)).isFalse();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "codeviewer", this.privateProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_authenticated_user_for_permissions_USER_and_CODEVIEWER_on_private_projects_with_user_permissions() {
        ServerUserSession newUserSession = newUserSession(this.user);
        this.db.users().insertProjectPermissionOnUser(this.db.users().insertUser(), "p1", this.privateProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "user", this.privateProject)).isFalse();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "codeviewer", this.privateProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_true_for_anonymous_user_for_inserted_permissions_on_group_AnyOne_on_public_projects() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnAnyone("p1", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "p1", this.publicProject)).isTrue();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_public_projects() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnGroup(this.groupOfUser, "p1", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "p1", this.publicProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_group_on_private_projects() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnGroup(this.groupOfUser, "p1", this.privateProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "p1", this.privateProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_public_projects() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnUser(this.user, "p1", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "p1", this.publicProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_false_for_anonymous_user_for_inserted_permissions_on_user_on_private_projects() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnUser(this.user, "p1", this.privateProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "p1", this.privateProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_returns_true_for_any_project_or_permission_for_root_user() {
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession(ROOT_USER_DTO), "does not matter", this.publicProject)).isTrue();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_logged_in_user() {
        this.db.users().insertProjectPermissionOnUser(this.user, "admin", this.publicProject);
        ServerUserSession newUserSession = newUserSession(this.user);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "admin", this.publicProject)).isTrue();
        this.db.users().deletePermissionFromUser(this.publicProject, this.user, "admin");
        this.db.users().insertProjectPermissionOnUser(this.user, "issueadmin", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "admin", this.publicProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "issueadmin", this.publicProject)).isFalse();
    }

    @Test
    public void hasComponentPermissionByDtoOrUuid_keeps_cache_of_permissions_of_anonymous_user() {
        this.db.users().insertProjectPermissionOnAnyone("admin", this.publicProject);
        ServerUserSession newAnonymousSession = newAnonymousSession();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "admin", this.publicProject)).isTrue();
        this.db.users().deleteProjectPermissionFromAnyone(this.publicProject, "admin");
        this.db.users().insertProjectPermissionOnAnyone("issueadmin", this.publicProject);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "admin", this.publicProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newAnonymousSession, "issueadmin", this.publicProject)).isFalse();
    }

    private boolean hasComponentPermissionByDtoOrUuid(UserSession userSession, String str, ComponentDto componentDto) {
        boolean hasComponentPermission = userSession.hasComponentPermission(str, componentDto);
        Preconditions.checkState(hasComponentPermission == userSession.hasComponentUuidPermission(str, componentDto.uuid()), "Different behaviors");
        return hasComponentPermission;
    }

    @Test
    public void keepAuthorizedComponents_returns_empty_list_if_no_permissions_are_granted() {
        Assertions.assertThat(newAnonymousSession().keepAuthorizedComponents("admin", Arrays.asList(this.privateProject, this.publicProject))).isEmpty();
    }

    @Test
    public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_logged_in_user() {
        ServerUserSession newUserSession = newUserSession(this.user);
        this.db.users().insertProjectPermissionOnUser(this.user, "admin", this.privateProject);
        Assertions.assertThat(newUserSession.keepAuthorizedComponents("issueadmin", Arrays.asList(this.privateProject, this.publicProject))).isEmpty();
        Assertions.assertThat(newUserSession.keepAuthorizedComponents("admin", Arrays.asList(this.privateProject, this.publicProject))).containsExactly(new ComponentDto[]{this.privateProject});
    }

    @Test
    public void keepAuthorizedComponents_filters_components_with_granted_permissions_for_anonymous() {
        ServerUserSession newAnonymousSession = newAnonymousSession();
        this.db.users().insertProjectPermissionOnAnyone("issueadmin", this.publicProject);
        Assertions.assertThat(newAnonymousSession.keepAuthorizedComponents("admin", Arrays.asList(this.privateProject, this.publicProject))).isEmpty();
        Assertions.assertThat(newAnonymousSession.keepAuthorizedComponents("issueadmin", Arrays.asList(this.privateProject, this.publicProject))).containsExactly(new ComponentDto[]{this.publicProject});
    }

    @Test
    public void keepAuthorizedComponents_returns_all_specified_components_if_root() {
        this.user = this.db.users().makeRoot(this.user);
        Assertions.assertThat(newUserSession(this.user).keepAuthorizedComponents("admin", Arrays.asList(this.privateProject, this.publicProject))).containsExactly(new ComponentDto[]{this.privateProject, this.publicProject});
    }

    @Test
    public void keepAuthorizedComponents_on_branches() {
        this.user = this.db.users().insertUser();
        this.db.users().insertProjectPermissionOnUser(this.user, "admin", this.privateProject);
        ComponentDto insertProjectBranch = this.db.components().insertProjectBranch(this.privateProject, new Consumer[0]);
        Assertions.assertThat(newUserSession(this.user).keepAuthorizedComponents("admin", Arrays.asList(this.privateProject, insertProjectBranch))).containsExactlyInAnyOrder(new ComponentDto[]{this.privateProject, insertProjectBranch});
    }

    @Test
    public void isSystemAdministrator_returns_true_if_org_feature_is_enabled_and_user_is_root() {
        this.organizationFlags.setEnabled(true);
        this.user = this.db.users().makeRoot(this.user);
        Assertions.assertThat(newUserSession(this.user).isSystemAdministrator()).isTrue();
    }

    @Test
    public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_not_root() {
        this.organizationFlags.setEnabled(true);
        this.user = this.db.users().makeNotRoot(this.user);
        Assertions.assertThat(newUserSession(this.user).isSystemAdministrator()).isFalse();
    }

    @Test
    public void isSystemAdministrator_returns_false_if_org_feature_is_enabled_and_user_is_administrator_of_default_organization() {
        this.organizationFlags.setEnabled(true);
        this.user = this.db.users().makeNotRoot(this.user);
        this.db.users().insertPermissionOnUser(this.db.getDefaultOrganization(), this.user, "admin");
        Assertions.assertThat(newUserSession(this.user).isSystemAdministrator()).isFalse();
    }

    @Test
    public void isSystemAdministrator_returns_true_if_org_feature_is_disabled_and_user_is_administrator_of_default_organization() {
        this.organizationFlags.setEnabled(false);
        this.user = this.db.users().makeNotRoot(this.user);
        this.db.users().insertPermissionOnUser(this.db.getDefaultOrganization(), this.user, "admin");
        Assertions.assertThat(newUserSession(this.user).isSystemAdministrator()).isTrue();
    }

    @Test
    public void isSystemAdministrator_returns_false_if_org_feature_is_disabled_and_user_is_not_administrator_of_default_organization() {
        this.organizationFlags.setEnabled(true);
        this.user = this.db.users().makeNotRoot(this.user);
        this.db.users().insertPermissionOnUser(this.db.getDefaultOrganization(), this.user, "provisioning");
        Assertions.assertThat(newUserSession(this.user).isSystemAdministrator()).isFalse();
    }

    @Test
    public void keep_isSystemAdministrator_flag_in_cache() {
        this.organizationFlags.setEnabled(false);
        this.user = this.db.users().makeNotRoot(this.user);
        this.db.users().insertPermissionOnUser(this.db.getDefaultOrganization(), this.user, "admin");
        ServerUserSession newUserSession = newUserSession(this.user);
        newUserSession.checkIsSystemAdministrator();
        this.db.getDbClient().userDao().deactivateUser(this.db.getSession(), this.user);
        this.db.commit();
        newUserSession.checkIsSystemAdministrator();
    }

    @Test
    public void checkIsSystemAdministrator_succeeds_if_system_administrator() {
        this.organizationFlags.setEnabled(true);
        this.user = this.db.users().makeRoot(this.user);
        newUserSession(this.user).checkIsSystemAdministrator();
    }

    @Test
    public void checkIsSystemAdministrator_throws_ForbiddenException_if_not_system_administrator() {
        this.organizationFlags.setEnabled(true);
        this.user = this.db.users().makeNotRoot(this.user);
        ServerUserSession newUserSession = newUserSession(this.user);
        this.expectedException.expect(ForbiddenException.class);
        this.expectedException.expectMessage("Insufficient privileges");
        newUserSession.checkIsSystemAdministrator();
    }

    @Test
    public void hasComponentPermission_on_branch_checks_permissions_of_its_project() {
        ComponentDto insertProjectBranch = this.db.components().insertProjectBranch(this.privateProject, new Consumer[]{branchDto -> {
            branchDto.setKey("feature/foo");
        }});
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newChildComponent("fileUuid", insertProjectBranch, insertProjectBranch));
        this.db.users().insertProjectPermissionOnUser(this.user, "p1", this.privateProject);
        ServerUserSession newUserSession = newUserSession(this.user);
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "p1", this.privateProject)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "p1", insertProjectBranch)).isTrue();
        Assertions.assertThat(hasComponentPermissionByDtoOrUuid(newUserSession, "p1", insertComponent)).isTrue();
    }

    private ServerUserSession newUserSession(@Nullable UserDto userDto) {
        return new ServerUserSession(this.dbClient, this.organizationFlags, this.defaultOrganizationProvider, userDto);
    }

    private ServerUserSession newAnonymousSession() {
        return newUserSession(null);
    }

    private void addProjectPermissions(ComponentDto componentDto, String... strArr) {
        addPermissions(componentDto, strArr);
    }

    private void addPermissions(@Nullable ComponentDto componentDto, String... strArr) {
        for (String str : strArr) {
            if (componentDto == null) {
                this.db.users().insertPermissionOnUser(this.user, OrganizationPermission.fromKey(str));
            } else {
                this.db.users().insertProjectPermissionOnUser(this.user, str, componentDto);
            }
        }
    }

    private void expectInsufficientPrivilegesForbiddenException() {
        this.expectedException.expect(ForbiddenException.class);
        this.expectedException.expectMessage("Insufficient privileges");
    }
}
