package org.sonar.server.permission.ws;

import java.util.function.Consumer;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.GroupPermissionDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;

/* loaded from: input_file:org/sonar/server/permission/ws/RemoveGroupActionTest.class */
public class RemoveGroupActionTest extends BasePermissionWsTest<RemoveGroupAction> {
    private GroupDto aGroup;

    @Before
    public void setUp() {
        this.aGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.server.permission.ws.BasePermissionWsTest
    public RemoveGroupAction buildWsAction() {
        return new RemoveGroupAction(this.db.getDbClient(), this.userSession, newPermissionUpdater(), newPermissionWsSupport());
    }

    @Test
    public void remove_permission_using_group_name() {
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.ADMINISTER);
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.PROVISION_PROJECTS);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("permission", "provisioning").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, (ComponentDto) null)).containsOnly(new String[]{OrganizationPermission.ADMINISTER.getKey()});
    }

    @Test
    public void remove_permission_using_group_id() {
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.ADMINISTER);
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.PROVISION_PROJECTS);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupId", this.aGroup.getId().toString()).setParam("permission", OrganizationPermission.PROVISION_PROJECTS.getKey()).execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, (ComponentDto) null)).containsOnly(new String[]{OrganizationPermission.ADMINISTER.getKey()});
    }

    @Test
    public void remove_project_permission() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.ADMINISTER);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "admin", insertPrivateProject);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "issueadmin", insertPrivateProject);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("projectId", insertPrivateProject.uuid()).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, (ComponentDto) null)).containsOnly(new String[]{OrganizationPermission.ADMINISTER.getKey()});
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, insertPrivateProject)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void remove_with_view_uuid() {
        ComponentDto insertView = this.db.components().insertView();
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.ADMINISTER);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "admin", insertView);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "issueadmin", insertView);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("projectId", insertView.uuid()).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, (ComponentDto) null)).containsOnly(new String[]{OrganizationPermission.ADMINISTER.getKey()});
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, insertView)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void remove_with_project_key() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.ADMINISTER);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "admin", insertPrivateProject);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "issueadmin", insertPrivateProject);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("projectKey", insertPrivateProject.getDbKey()).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, (ComponentDto) null)).containsOnly(new String[]{OrganizationPermission.ADMINISTER.getKey()});
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, insertPrivateProject)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void fail_to_remove_last_admin_permission() throws Exception {
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.ADMINISTER);
        this.db.users().insertPermissionOnGroup(this.aGroup, OrganizationPermission.PROVISION_PROJECTS);
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Last group with permission 'admin'. Permission cannot be removed.");
        executeRequest(this.aGroup, "admin");
    }

    @Test
    public void fail_when_project_does_not_exist() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("Project id 'unknown-project-uuid' not found");
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("projectId", "unknown-project-uuid").setParam("permission", OrganizationPermission.ADMINISTER.getKey()).execute();
    }

    @Test
    public void fail_when_project_project_permission_without_project() throws Exception {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Invalid global permission 'issueadmin'. Valid values are [admin, profileadmin, gateadmin, scan, provisioning]");
        executeRequest(this.aGroup, "issueadmin");
    }

    @Test
    public void fail_when_component_is_a_module() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newModuleDto(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()))));
    }

    @Test
    public void fail_when_component_is_a_directory() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newDirectory(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()), "A/B")));
    }

    @Test
    public void fail_when_component_is_a_file() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newFileDto(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()), (ComponentDto) null, "file-uuid")));
    }

    @Test
    public void fail_when_component_is_a_subview() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newSubView(ComponentTesting.newView(this.db.organizations().insert()))));
    }

    private void failIfComponentIsNotAProjectOrView(ComponentDto componentDto) {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Component '" + componentDto.getDbKey() + "' (id: " + componentDto.uuid() + ") must be a project or a view.");
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("projectId", componentDto.uuid()).setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_group_name_is_missing() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Group name or group id must be provided");
        newRequest().setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_permission_name_and_id_are_missing() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        this.expectedException.expectMessage("The 'permission' parameter is missing");
        newRequest().setParam("groupName", this.aGroup.getName()).execute();
    }

    @Test
    public void fail_when_group_id_does_not_exist() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage("No group with id '999999'");
        newRequest().setParam("permission", "admin").setParam("groupId", "999999").execute();
    }

    @Test
    public void fail_when_project_uuid_and_project_key_are_provided() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Project id or project key can be provided, not both.");
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("permission", "admin").setParam("projectId", insertPrivateProject.uuid()).setParam("projectKey", insertPrivateProject.getDbKey()).execute();
    }

    private void executeRequest(GroupDto groupDto, String str) {
        newRequest().setParam("groupName", groupDto.getName()).setParam("permission", str).execute();
    }

    private void executeRequest(GroupDto groupDto, OrganizationDto organizationDto, String str) {
        newRequest().setParam("groupName", groupDto.getName()).setParam("permission", str).setParam("organization", organizationDto.getKey()).execute();
    }

    @Test
    public void removing_global_permission_fails_if_not_administrator_of_organization() {
        this.userSession.logIn();
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("permission", "provisioning").execute();
    }

    @Test
    public void removing_project_permission_fails_if_not_administrator_of_project() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.userSession.logIn();
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("permission", "provisioning").setParam("projectKey", insertPrivateProject.getDbKey()).execute();
    }

    @Test
    public void removing_project_permission_is_allowed_to_project_administrators() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "codeviewer", insertPrivateProject);
        this.db.users().insertProjectPermissionOnGroup(this.aGroup, "issueadmin", insertPrivateProject);
        this.userSession.logIn().addProjectPermission("admin", insertPrivateProject);
        newRequest().setParam("groupName", this.aGroup.getName()).setParam("projectId", insertPrivateProject.uuid()).setParam("permission", "issueadmin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(this.aGroup, insertPrivateProject)).containsOnly(new String[]{"codeviewer"});
    }

    @Test
    public void no_effect_when_removing_any_permission_from_group_AnyOne_on_a_private_project() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        ProjectPermissions.ALL.forEach(str -> {
            unsafeInsertProjectPermissionOnAnyone(str, insertPrivateProject);
        });
        this.userSession.logIn().addProjectPermission("admin", insertPrivateProject);
        ProjectPermissions.ALL.forEach(str2 -> {
            newRequest().setParam("groupName", "anyone").setParam("projectId", insertPrivateProject.uuid()).setParam("permission", str2).execute();
            Assertions.assertThat(this.db.users().selectAnyonePermissions(this.db.getDefaultOrganization(), insertPrivateProject)).contains(new String[]{str2});
        });
    }

    @Test
    public void fail_when_removing_USER_permission_from_group_AnyOne_on_a_public_project() {
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(this.db.organizations().insert());
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Permission user can't be removed from a public component");
        newRequest().setParam("groupName", "anyone").setParam("projectId", insertPublicProject.uuid()).setParam("permission", "user").execute();
    }

    @Test
    public void fail_when_removing_CODEVIEWER_permission_from_group_AnyOne_on_a_public_project() {
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(this.db.organizations().insert());
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Permission codeviewer can't be removed from a public component");
        newRequest().setParam("groupName", "anyone").setParam("projectId", insertPublicProject.uuid()).setParam("permission", "codeviewer").execute();
    }

    @Test
    public void fail_when_removing_USER_permission_from_group_on_a_public_project() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(insert);
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Permission user can't be removed from a public component");
        newRequest().setParam("organization", insert.getKey()).setParam("groupName", insertGroup.getName()).setParam("projectId", insertPublicProject.uuid()).setParam("permission", "user").execute();
    }

    @Test
    public void fail_when_removing_CODEVIEWER_permission_from_group_on_a_public_project() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(insert);
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Permission codeviewer can't be removed from a public component");
        newRequest().setParam("organization", insert.getKey()).setParam("groupName", insertGroup.getName()).setParam("projectId", insertPublicProject.uuid()).setParam("permission", "codeviewer").execute();
    }

    @Test
    public void fail_when_using_branch_db_key() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertMainBranch = this.db.components().insertMainBranch(insert, new Consumer[0]);
        this.userSession.logIn().addProjectPermission("admin", insertMainBranch);
        ComponentDto insertProjectBranch = this.db.components().insertProjectBranch(insertMainBranch, new Consumer[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage(String.format("Project key '%s' not found", insertProjectBranch.getDbKey()));
        newRequest().setParam("organization", insert.getKey()).setParam("projectKey", insertProjectBranch.getDbKey()).setParam("groupName", insertGroup.getName()).setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_using_branch_uuid() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertMainBranch = this.db.components().insertMainBranch(insert, new Consumer[0]);
        this.userSession.logIn().addProjectPermission("admin", insertMainBranch);
        ComponentDto insertProjectBranch = this.db.components().insertProjectBranch(insertMainBranch, new Consumer[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage(String.format("Project id '%s' not found", insertProjectBranch.uuid()));
        newRequest().setParam("organization", insert.getKey()).setParam("projectId", insertProjectBranch.uuid()).setParam("groupName", insertGroup.getName()).setParam("permission", "admin").execute();
    }

    private void unsafeInsertProjectPermissionOnAnyone(String str, ComponentDto componentDto) {
        this.db.getDbClient().groupPermissionDao().insert(this.db.getSession(), new GroupPermissionDto().setOrganizationUuid(componentDto.getOrganizationUuid()).setGroupId((Integer) null).setRole(str).setResourceId(componentDto.getId()));
        this.db.commit();
    }
}
