package org.sonar.server.permission.ws;

import java.util.function.Consumer;
import org.assertj.core.api.Assertions;
import org.junit.Test;
import org.sonar.core.permission.ProjectPermissions;
import org.sonar.db.component.ComponentDto;
import org.sonar.db.component.ComponentTesting;
import org.sonar.db.organization.OrganizationDto;
import org.sonar.db.permission.OrganizationPermission;
import org.sonar.db.user.GroupDto;
import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.exceptions.ServerException;

/* loaded from: input_file:org/sonar/server/permission/ws/AddGroupActionTest.class */
public class AddGroupActionTest extends BasePermissionWsTest<AddGroupAction> {
    private static final String A_PROJECT_UUID = "project-uuid";
    private static final String A_PROJECT_KEY = "project-key";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.server.permission.ws.BasePermissionWsTest
    public AddGroupAction buildWsAction() {
        return new AddGroupAction(this.db.getDbClient(), this.userSession, newPermissionUpdater(), newPermissionWsSupport());
    }

    @Test
    public void add_permission_to_group_referenced_by_its_name() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", "sonar-administrators").setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, (ComponentDto) null)).containsOnly(new String[]{"admin"});
    }

    @Test
    public void reference_group_by_its_name_in_organization() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert, "the-group");
        loginAsAdmin(insert, new OrganizationDto[0]);
        newRequest().setParam("organization", insert.getKey()).setParam("groupName", insertGroup.getName()).setParam("permission", "provisioning").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, (ComponentDto) null)).containsOnly(new String[]{"provisioning"});
    }

    @Test
    public void add_permission_to_group_referenced_by_its_id() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupId", insertGroup.getId().toString()).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, (ComponentDto) null)).containsOnly(new String[]{"admin"});
    }

    @Test
    public void add_permission_to_project_referenced_by_its_id() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(this.db.getDefaultOrganization(), A_PROJECT_UUID).setDbKey(A_PROJECT_KEY));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectId", A_PROJECT_UUID).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, insertComponent)).containsOnly(new String[]{"admin"});
    }

    @Test
    public void add_permission_to_project_referenced_by_its_key() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(this.db.getDefaultOrganization(), A_PROJECT_UUID).setDbKey(A_PROJECT_KEY));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectKey", A_PROJECT_KEY).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, insertComponent)).containsOnly(new String[]{"admin"});
    }

    @Test
    public void add_with_view_uuid() {
        OrganizationDto defaultOrganization = this.db.getDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newView(defaultOrganization, "view-uuid").setDbKey("view-key"));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectId", insertComponent.uuid()).setParam("permission", "admin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, (ComponentDto) null)).isEmpty();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, insertComponent)).containsOnly(new String[]{"admin"});
    }

    @Test
    public void fail_if_project_uuid_is_not_found() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(NotFoundException.class);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectId", "not-found").setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_component_is_a_module() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newModuleDto(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()))));
    }

    @Test
    public void fail_when_component_is_a_directory() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newDirectory(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()), "A/B")));
    }

    @Test
    public void fail_when_component_is_a_file() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newFileDto(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()), (ComponentDto) null, "file-uuid")));
    }

    @Test
    public void fail_when_component_is_a_subview() {
        failIfComponentIsNotAProjectOrView(this.db.components().insertComponent(ComponentTesting.newSubView(ComponentTesting.newView(this.db.organizations().insert()))));
    }

    private void failIfComponentIsNotAProjectOrView(ComponentDto componentDto) {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Component '" + componentDto.getDbKey() + "' (id: " + componentDto.uuid() + ") must be a project or a view.");
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectId", componentDto.uuid()).setParam("permission", "admin").execute();
    }

    @Test
    public void adding_a_project_permission_fails_if_project_is_not_set() throws Exception {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        executeRequest(insertGroup, "issueadmin");
    }

    @Test
    public void adding_a_project_permission_fails_if_component_is_not_a_project() {
        OrganizationDto defaultOrganization = this.db.getDefaultOrganization();
        GroupDto insertGroup = this.db.users().insertGroup(defaultOrganization, "sonar-administrators");
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newFileDto(this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(defaultOrganization, A_PROJECT_UUID).setDbKey(A_PROJECT_KEY)), (ComponentDto) null, "file-uuid"));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectId", insertComponent.uuid()).setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_get_request() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(ServerException.class);
        newRequest().setMethod("GET").setParam("groupName", "sonar-administrators").setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_group_name_and_group_id_are_missing() {
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Group name or group id must be provided");
        newRequest().setParam("permission", "admin").execute();
    }

    @Test
    public void fail_when_permission_is_missing() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest().setParam("groupName", insertGroup.getName()).execute();
    }

    @Test
    public void fail_if_not_administrator_of_organization() {
        GroupDto insertGroup = this.db.users().insertGroup();
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(IllegalArgumentException.class);
        newRequest().setParam("groupName", insertGroup.getName()).execute();
    }

    @Test
    public void fail_if_administrator_of_other_organization_only() {
        OrganizationDto insert = this.db.organizations().insert();
        OrganizationDto insert2 = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert, "the-group");
        loginAsAdmin(insert2, new OrganizationDto[0]);
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("groupId", insertGroup.getId().toString()).setParam("permission", "provisioning").execute();
    }

    @Test
    public void fail_when_project_uuid_and_project_key_are_provided() {
        GroupDto insertGroup = this.db.users().insertGroup();
        ComponentDto insertComponent = this.db.components().insertComponent(ComponentTesting.newPrivateProjectDto(this.db.organizations().insert()));
        loginAsAdmin(this.db.getDefaultOrganization(), new OrganizationDto[0]);
        this.expectedException.expect(BadRequestException.class);
        this.expectedException.expectMessage("Project id or project key can be provided, not both.");
        newRequest().setParam("groupName", insertGroup.getName()).setParam("permission", "admin").setParam("projectId", insertComponent.uuid()).setParam("projectKey", insertComponent.getDbKey()).execute();
    }

    @Test
    public void adding_global_permission_fails_if_not_administrator_of_organization() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        this.userSession.logIn().addPermission(OrganizationPermission.ADMINISTER, "anotherOrg");
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("permission", "provisioning").execute();
    }

    @Test
    public void adding_project_permission_fails_if_not_administrator_of_project() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.userSession.logIn();
        this.expectedException.expect(ForbiddenException.class);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("permission", "provisioning").setParam("projectKey", insertPrivateProject.getDbKey()).execute();
    }

    @Test
    public void adding_project_permission_is_allowed_to_project_administrators() {
        GroupDto insertGroup = this.db.users().insertGroup(this.db.getDefaultOrganization(), "sonar-administrators");
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.userSession.logIn().addProjectPermission("admin", insertPrivateProject);
        newRequest().setParam("groupName", insertGroup.getName()).setParam("projectId", insertPrivateProject.uuid()).setParam("permission", "issueadmin").execute();
        Assertions.assertThat(this.db.users().selectGroupPermissions(insertGroup, insertPrivateProject)).containsOnly(new String[]{"issueadmin"});
    }

    @Test
    public void fails_when_adding_any_permission_to_group_AnyOne_on_a_private_project() {
        ComponentDto insertPrivateProject = this.db.components().insertPrivateProject();
        this.userSession.logIn().addProjectPermission("admin", insertPrivateProject);
        ProjectPermissions.ALL.forEach(str -> {
            try {
                newRequest().setParam("groupName", "anyone").setParam("projectId", insertPrivateProject.uuid()).setParam("permission", str).execute();
                Assertions.fail("a BadRequestException should have been raised for " + str);
            } catch (BadRequestException e) {
                Assertions.assertThat(e).hasMessage("No permission can be granted to Anyone on a private component");
            }
        });
    }

    @Test
    public void no_effect_when_adding_USER_permission_to_group_AnyOne_on_a_public_project() {
        OrganizationDto insert = this.db.organizations().insert();
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(insert);
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        newRequest().setParam("groupName", "anyone").setParam("projectId", insertPublicProject.uuid()).setParam("permission", "user").execute();
        Assertions.assertThat(this.db.users().selectAnyonePermissions(insert, insertPublicProject)).isEmpty();
    }

    @Test
    public void no_effect_when_adding_CODEVIEWER_permission_to_group_AnyOne_on_a_public_project() {
        OrganizationDto insert = this.db.organizations().insert();
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(insert);
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        newRequest().setParam("groupName", "anyone").setParam("projectId", insertPublicProject.uuid()).setParam("permission", "codeviewer").execute();
        Assertions.assertThat(this.db.users().selectAnyonePermissions(insert, insertPublicProject)).isEmpty();
    }

    @Test
    public void no_effect_when_adding_USER_permission_to_group_on_a_public_project() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(insert);
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        newRequest().setParam("organization", insert.getKey()).setParam("groupName", insertGroup.getName()).setParam("projectId", insertPublicProject.uuid()).setParam("permission", "user").execute();
        Assertions.assertThat(this.db.users().selectAnyonePermissions(insert, insertPublicProject)).isEmpty();
    }

    @Test
    public void no_effect_when_adding_CODEVIEWER_permission_to_group_on_a_public_project() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertPublicProject = this.db.components().insertPublicProject(insert);
        this.userSession.logIn().addProjectPermission("admin", insertPublicProject);
        newRequest().setParam("organization", insert.getKey()).setParam("groupName", insertGroup.getName()).setParam("projectId", insertPublicProject.uuid()).setParam("permission", "codeviewer").execute();
        Assertions.assertThat(this.db.users().selectAnyonePermissions(insert, insertPublicProject)).isEmpty();
    }

    @Test
    public void fail_when_using_branch_db_key() throws Exception {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertMainBranch = this.db.components().insertMainBranch(insert, new Consumer[0]);
        this.userSession.logIn().addProjectPermission("admin", insertMainBranch);
        ComponentDto insertProjectBranch = this.db.components().insertProjectBranch(insertMainBranch, new Consumer[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage(String.format("Project key '%s' not found", insertProjectBranch.getDbKey()));
        newRequest().setParam("organization", insert.getKey()).setParam("projectKey", insertProjectBranch.getDbKey()).setParam("groupName", insertGroup.getName()).setParam("permission", "issueadmin").execute();
    }

    @Test
    public void fail_when_using_branch_uuid() {
        OrganizationDto insert = this.db.organizations().insert();
        GroupDto insertGroup = this.db.users().insertGroup(insert);
        ComponentDto insertMainBranch = this.db.components().insertMainBranch(insert, new Consumer[0]);
        this.userSession.logIn().addProjectPermission("admin", insertMainBranch);
        ComponentDto insertProjectBranch = this.db.components().insertProjectBranch(insertMainBranch, new Consumer[0]);
        this.expectedException.expect(NotFoundException.class);
        this.expectedException.expectMessage(String.format("Project id '%s' not found", insertProjectBranch.uuid()));
        newRequest().setParam("organization", insert.getKey()).setParam("projectId", insertProjectBranch.uuid()).setParam("groupName", insertGroup.getName()).setParam("permission", "issueadmin").execute();
    }

    private void executeRequest(GroupDto groupDto, String str) {
        newRequest().setParam("groupName", groupDto.getName()).setParam("permission", str).execute();
    }
}
