package org.sonar.server.permission.ws.template;

import java.util.List;
import javax.annotation.Nullable;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.PermissionQuery;
import org.sonar.db.permission.template.PermissionTemplateDto;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.permission.ws.BasePermissionWsTest;
import org.sonar.server.ws.TestRequest;

/* loaded from: input_file:org/sonar/server/permission/ws/template/RemoveUserFromTemplateActionTest.class */
public class RemoveUserFromTemplateActionTest extends BasePermissionWsTest<RemoveUserFromTemplateAction> {
    private static final String DEFAULT_PERMISSION = "codeviewer";
    private UserDto user;
    private PermissionTemplateDto template;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.server.permission.ws.BasePermissionWsTest
    public RemoveUserFromTemplateAction buildWsAction() {
        return new RemoveUserFromTemplateAction(this.db.getDbClient(), newPermissionWsSupport(), this.userSession);
    }

    @Before
    public void setUp() {
        this.user = this.db.users().insertUser("user-login");
        this.db.organizations().addMember(this.db.getDefaultOrganization(), new UserDto[]{this.user});
        this.template = this.db.permissionTemplates().insertTemplate(this.db.getDefaultOrganization());
        addUserToTemplate(this.user, this.template, DEFAULT_PERMISSION);
    }

    @Test
    public void remove_user_from_template() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
        Assertions.assertThat(getLoginsInTemplateAndPermission(this.template, DEFAULT_PERMISSION)).isEmpty();
    }

    @Test
    public void remove_user_from_template_by_name_case_insensitive() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("login", this.user.getLogin()).setParam("permission", DEFAULT_PERMISSION).setParam("templateName", this.template.getName().toUpperCase()).execute();
        Assertions.assertThat(getLoginsInTemplateAndPermission(this.template, DEFAULT_PERMISSION)).isEmpty();
    }

    @Test
    public void remove_user_from_template_twice_without_failing() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
        Assertions.assertThat(getLoginsInTemplateAndPermission(this.template, DEFAULT_PERMISSION)).isEmpty();
    }

    @Test
    public void keep_user_permission_not_removed() throws Exception {
        addUserToTemplate(this.user, this.template, "issueadmin");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
        Assertions.assertThat(getLoginsInTemplateAndPermission(this.template, DEFAULT_PERMISSION)).isEmpty();
        Assertions.assertThat(getLoginsInTemplateAndPermission(this.template, "issueadmin")).containsExactly(new String[]{this.user.getLogin()});
    }

    @Test
    public void keep_other_users_when_one_user_removed() throws Exception {
        UserDto insertUser = this.db.users().insertUser("new-login");
        this.db.organizations().addMember(this.db.getDefaultOrganization(), new UserDto[]{insertUser});
        addUserToTemplate(insertUser, this.template, DEFAULT_PERMISSION);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
        Assertions.assertThat(getLoginsInTemplateAndPermission(this.template, DEFAULT_PERMISSION)).containsExactly(new String[]{"new-login"});
    }

    @Test
    public void fail_if_not_a_project_permission() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest(this.user.getLogin(), this.template.getUuid(), "provisioning");
    }

    @Test
    public void fail_if_insufficient_privileges() throws Exception {
        this.userSession.logIn();
        this.expectedException.expect(ForbiddenException.class);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
    }

    @Test
    public void fail_if_not_logged_in() throws Exception {
        this.userSession.anonymous();
        this.expectedException.expect(UnauthorizedException.class);
        newRequest(this.user.getLogin(), this.template.getUuid(), DEFAULT_PERMISSION);
    }

    @Test
    public void fail_if_user_missing() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest(null, this.template.getUuid(), DEFAULT_PERMISSION);
    }

    @Test
    public void fail_if_permission_missing() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest(this.user.getLogin(), this.template.getUuid(), null);
    }

    @Test
    public void fail_if_template_missing() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        newRequest(this.user.getLogin(), null, DEFAULT_PERMISSION);
    }

    @Test
    public void fail_if_user_does_not_exist() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("User with login 'unknown-login' is not found");
        newRequest("unknown-login", this.template.getUuid(), DEFAULT_PERMISSION);
    }

    @Test
    public void fail_if_template_key_does_not_exist() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Permission template with id 'unknown-key' is not found");
        newRequest(this.user.getLogin(), "unknown-key", DEFAULT_PERMISSION);
    }

    private void newRequest(@Nullable String str, @Nullable String str2, @Nullable String str3) {
        TestRequest newRequest = newRequest();
        if (str != null) {
            newRequest.setParam("login", str);
        }
        if (str2 != null) {
            newRequest.setParam("templateId", str2);
        }
        if (str3 != null) {
            newRequest.setParam("permission", str3);
        }
        newRequest.execute();
    }

    private List<String> getLoginsInTemplateAndPermission(PermissionTemplateDto permissionTemplateDto, String str) {
        return this.db.getDbClient().permissionTemplateDao().selectUserLoginsByQueryAndTemplate(this.db.getSession(), PermissionQuery.builder().setOrganizationUuid(permissionTemplateDto.getOrganizationUuid()).setPermission(str).build(), permissionTemplateDto.getId().longValue());
    }

    private void addUserToTemplate(UserDto userDto, PermissionTemplateDto permissionTemplateDto, String str) {
        this.db.getDbClient().permissionTemplateDao().insertUserPermission(this.db.getSession(), permissionTemplateDto.getId(), userDto.getId(), str);
        this.db.commit();
    }
}
