package org.opencms.file;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import junit.extensions.TestSetup;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.opencms.file.types.CmsResourceTypeFolder;
import org.opencms.file.types.CmsResourceTypeImage;
import org.opencms.file.types.CmsResourceTypePlain;
import org.opencms.main.OpenCms;
import org.opencms.report.CmsLogReport;
import org.opencms.security.CmsAccessControlEntry;
import org.opencms.security.CmsPermissionSet;
import org.opencms.security.CmsPermissionSetCustom;
import org.opencms.security.CmsRole;
import org.opencms.test.OpenCmsTestCase;
import org.opencms.test.OpenCmsTestProperties;
import org.opencms.util.CmsUUID;

/* loaded from: input_file:org/opencms/file/TestPermissions.class */
public class TestPermissions extends OpenCmsTestCase {
    public static Test suite() {
        OpenCmsTestProperties.initialize(org.opencms.test.AllTests.TEST_PROPERTIES_PATH);
        TestSuite testSuite = new TestSuite();
        testSuite.setName(TestPermissions.class.getName());
        testSuite.addTest(new TestPermissions("testLockStatusPermission"));
        testSuite.addTest(new TestPermissions("testPublishPermissions"));
        testSuite.addTest(new TestPermissions("testSiblingPermissions"));
        testSuite.addTest(new TestPermissions("testVisiblePermission"));
        testSuite.addTest(new TestPermissions("testVisiblePermissionForFolder"));
        testSuite.addTest(new TestPermissions("testFilterForFolder"));
        testSuite.addTest(new TestPermissions("testDefaultPermissions"));
        testSuite.addTest(new TestPermissions("testPermissionOverwrite"));
        testSuite.addTest(new TestPermissions("testPermissionInheritance"));
        testSuite.addTest(new TestPermissions("testUserDeletion"));
        return new TestSetup(testSuite) { // from class: org.opencms.file.TestPermissions.1
            protected void setUp() {
                OpenCmsTestCase.setupOpenCms("simpletest", "/");
            }

            protected void tearDown() {
                OpenCmsTestCase.removeOpenCms();
            }
        };
    }

    public TestPermissions(String str) {
        super(str);
    }

    public void testDefaultPermissions() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing default permissions");
        cmsObject.createResource("testDefaultPermissions.txt", CmsResourceTypePlain.getStaticTypeId());
        cmsObject.createUser("testAdmin", "secret", "", (Map) null);
        cmsObject.addUserToGroup("testAdmin", OpenCms.getDefaultUsers().getGroupAdministrators());
        cmsObject.createUser("testUser", "secret", "", (Map) null);
        cmsObject.addUserToGroup("testUser", OpenCms.getDefaultUsers().getGroupUsers());
        cmsObject.createUser("testGuest", "secret", "", (Map) null);
        cmsObject.addUserToGroup("testGuest", OpenCms.getDefaultUsers().getGroupGuests());
        assertEquals("+r+w+v+c+d", cmsObject.getPermissions("testDefaultPermissions.txt", "testAdmin").getPermissionString());
        assertEquals("+r+w+v", cmsObject.getPermissions("testDefaultPermissions.txt", "testUser").getPermissionString());
        assertEquals("+r+v", cmsObject.getPermissions("testDefaultPermissions.txt", "testGuest").getPermissionString());
    }

    public void testFilterForFolder() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing resource filer for the files in a folder");
        List resourcesInFolder = cmsObject.getResourcesInFolder("/types", CmsResourceFilter.requireType(CmsResourceTypeImage.getStaticTypeId()));
        if (resourcesInFolder.size() != 1) {
            fail("There is only 1 image resource in the folder, not " + resourcesInFolder.size());
        }
        List filesInFolder = cmsObject.getFilesInFolder("/types", CmsResourceFilter.requireType(CmsResourceTypeImage.getStaticTypeId()));
        if (filesInFolder.size() != 1) {
            fail("There is only 1 image resource in the folder, not " + filesInFolder.size());
        }
        List readResources = cmsObject.readResources("/types", CmsResourceFilter.requireType(CmsResourceTypeImage.getStaticTypeId()));
        if (readResources.size() != 1) {
            fail("There is only 1 image resource in the folder, not " + readResources.size());
        }
    }

    public void testLockStatusPermission() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing lock status permissions on a file");
        CmsResource readResource = cmsObject.readResource("/folder1/page1.html");
        cmsObject.loginUser("test1", "test1");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        cmsObject.lockResource("/folder1/page1.html");
        assertTrue(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL));
        cmsObject.loginUser("test2", "test2");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        assertTrue(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, false, CmsResourceFilter.ALL));
        assertFalse(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL));
        cmsObject.changeLock("/folder1/page1.html");
        assertTrue(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL));
        cmsObject.loginUser("test1", "test1");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        assertTrue(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, false, CmsResourceFilter.ALL));
        assertFalse(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL));
        cmsObject.changeLock("/folder1/page1.html");
        assertTrue(cmsObject.hasPermissions(readResource, CmsPermissionSet.ACCESS_WRITE, true, CmsResourceFilter.ALL));
        cmsObject.unlockResource("/folder1/page1.html");
    }

    public void testPermissionInheritance() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing inheritance of permissions");
        String str = "testPermissionInheritance/subfolder";
        String str2 = "testPermissionInheritance/test.txt";
        String str3 = str + "/subtest.txt";
        cmsObject.createResource("testPermissionInheritance", CmsResourceTypeFolder.getStaticTypeId());
        cmsObject.createResource(str, CmsResourceTypeFolder.getStaticTypeId());
        cmsObject.createResource(str2, CmsResourceTypePlain.getStaticTypeId());
        cmsObject.createResource(str3, CmsResourceTypePlain.getStaticTypeId());
        assertEquals("+r+w+v", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("+r+w+v", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("+r+w+v", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "Users", "+o");
        assertEquals("", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("+r+w+v", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("+r+w+v", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "Users", "+o+i");
        assertEquals("", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.createGroup("GroupA", "", 0, "");
        cmsObject.createGroup("GroupB", "", 0, "");
        cmsObject.createGroup("GroupC", "", 0, "");
        cmsObject.createGroup("GroupD", "", 0, "");
        cmsObject.addUserToGroup("testUser", "GroupA");
        cmsObject.addUserToGroup("testUser", "GroupB");
        cmsObject.addUserToGroup("testUser", "GroupC");
        cmsObject.addUserToGroup("testUser", "GroupD");
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupA", "+r");
        assertEquals("+r", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupA", "+r+i");
        assertEquals("+r", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("+r", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("+r", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupB", "+w");
        assertEquals("+r+w", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("+r", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("+r", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupB", "+w+i");
        assertEquals("+r+w", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("+r+w", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("+r+w", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupC", "-r");
        assertEquals("-r+w", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("+r+w", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("+r+w", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupC", "-r+i");
        assertEquals("-r+w", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("-r+w", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("-r+w", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupD", "-w");
        assertEquals("-r-w", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("-r+w", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("-r+w", cmsObject.getPermissions(str3, "testUser").getPermissionString());
        cmsObject.chacc("testPermissionInheritance", "GROUP", "GroupD", "-w+i");
        assertEquals("-r-w", cmsObject.getPermissions(str2, "testUser").getPermissionString());
        assertEquals("-r-w", cmsObject.getPermissions(str, "testUser").getPermissionString());
        assertEquals("-r-w", cmsObject.getPermissions(str3, "testUser").getPermissionString());
    }

    public void testPermissionOverwrite() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing permission overwrite");
        cmsObject.createResource("testPermissionOverwrite", CmsResourceTypeFolder.getStaticTypeId());
        assertEquals("+r+w+v", cmsObject.getPermissions("testPermissionOverwrite", "testUser").getPermissionString());
        cmsObject.chacc("testPermissionOverwrite", "GROUP", "Users", "+o");
        assertEquals("", cmsObject.getPermissions("testPermissionOverwrite", "testUser").getPermissionString());
        cmsObject.chacc("testPermissionOverwrite", "GROUP", "Users", "-r");
        assertEquals("-r+w+v", cmsObject.getPermissions("testPermissionOverwrite", "testUser").getPermissionString());
    }

    public void testPublishPermissions() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing publish permissions for a user");
        cmsObject.deleteProject(cmsObject.readProject("Offline").getUuid());
        cmsObject.createProject("Offline", "Project used for test case", OpenCms.getDefaultUsers().getGroupAdministrators(), OpenCms.getDefaultUsers().getGroupAdministrators());
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        cmsObject.copyResourceToProject("/");
        cmsObject.lockResource("/folder1/page1.html");
        cmsObject.chacc("/folder1/page1.html", "GROUP", OpenCms.getDefaultUsers().getGroupUsers(), 0, 0, 4);
        cmsObject.chacc("/folder1/page1.html", "USER", "test1", 3, 0, 4);
        cmsObject.chacc("/folder1/page1.html", "USER", "test2", 19, 0, 4);
        cmsObject.unlockResource("/folder1/page1.html");
        cmsObject.loginUser("test1", "test1");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/folder1/page1.html"), false);
            fail("Publish permissions available but should not be available for user test1");
        } catch (Exception e) {
        }
        cmsObject.loginUser("test2", "test2");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/folder1/page1.html"), false);
        } catch (Exception e2) {
            fail("Publish permissions unavailable but should be available for user test2");
        }
        cmsObject.loginUser("Admin", "admin");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/folder1/page1.html"), false);
        } catch (Exception e3) {
            fail("Publish permissions unavailable but should be available for user Admin");
        }
        cmsObject.loginUser("Admin", "admin");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        cmsObject.createResource("/newfolder/", CmsResourceTypeFolder.getStaticTypeId());
        cmsObject.lockResource("/newfolder/");
        cmsObject.chacc("/newfolder/", "GROUP", OpenCms.getDefaultUsers().getGroupUsers(), 0, 0, 6);
        cmsObject.chacc("/newfolder/", "USER", "test1", 3, 0, 6);
        cmsObject.chacc("/newfolder/", "USER", "test2", 19, 0, 6);
        cmsObject.unlockResource("/newfolder/");
        cmsObject.createResource("/newfolder/newpage.html", CmsResourceTypePlain.getStaticTypeId(), "This is a test".getBytes(), Collections.EMPTY_LIST);
        cmsObject.unlockResource("/newfolder/newpage.html");
        cmsObject.loginUser("test1", "test1");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/newfolder/newpage.html"), false);
            fail("Publish permissions available but should not be available for user test1");
        } catch (Exception e4) {
        }
        cmsObject.loginUser("test2", "test2");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/newfolder/newpage.html"), false);
            fail("Publish permissions available but should be unavailable for user test2 because the parent folder is new");
        } catch (Exception e5) {
        }
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/newfolder/"), false);
        } catch (Exception e6) {
            fail("Publish permissions on new folder unavailable but should be available for user test2");
        }
        OpenCms.getPublishManager().publishResource(cmsObject, "/newfolder/");
        OpenCms.getPublishManager().waitWhileRunning();
        try {
            OpenCms.getPublishManager().getPublishList(cmsObject, cmsObject.readResource("/newfolder/newpage.html"), false);
        } catch (Exception e7) {
            fail("Publish permissions unavailable but should be available for user test2 because the parent folder is now published");
        }
    }

    public void testSiblingPermissions() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing permissions on siblings");
        CmsResource readResource = cmsObject.readResource("/folder1/page4.html");
        CmsUser readUser = cmsObject.readUser(OpenCms.getDefaultUsers().getUserGuest());
        CmsPermissionSetCustom cmsPermissionSetCustom = new CmsPermissionSetCustom("-r");
        TestChacc.chaccFileUser(this, cmsObject, "/folder1/page4.html", readUser, cmsPermissionSetCustom, 0);
        cmsObject.createSibling("/folder1/page4.html", "/folder1/page4sib.html", (List) null);
        CmsAccessControlEntry cmsAccessControlEntry = new CmsAccessControlEntry(readResource.getResourceId(), readUser.getId(), cmsPermissionSetCustom.getAllowedPermissions(), cmsPermissionSetCustom.getDeniedPermissions(), 16);
        assertAce(cmsObject, "/folder1/page4.html", cmsAccessControlEntry);
        assertAcl(cmsObject, "/folder1/page4.html", readUser.getId(), cmsPermissionSetCustom);
        cmsObject.deleteResource("/folder1/page4sib.html", CmsResource.DELETE_PRESERVE_SIBLINGS);
        assertAce(cmsObject, "/folder1/page4.html", cmsAccessControlEntry);
        assertAcl(cmsObject, "/folder1/page4.html", readUser.getId(), cmsPermissionSetCustom);
        cmsObject.createSibling("/folder1/page4.html", "/folder1/page4sib.html", (List) null);
        assertAce(cmsObject, "/folder1/page4.html", cmsAccessControlEntry);
        assertAcl(cmsObject, "/folder1/page4.html", readUser.getId(), cmsPermissionSetCustom);
        OpenCms.getPublishManager().publishResource(cmsObject, "/folder1/page4sib.html", true, new CmsLogReport(Locale.ENGLISH, getClass()));
        OpenCms.getPublishManager().waitWhileRunning();
        cmsObject.lockResource("/folder1/page4sib.html");
        cmsObject.deleteResource("/folder1/page4sib.html", CmsResource.DELETE_PRESERVE_SIBLINGS);
        OpenCms.getPublishManager().publishResource(cmsObject, "/folder1/page4sib.html");
        OpenCms.getPublishManager().waitWhileRunning();
        assertAce(cmsObject, "/folder1/page4.html", cmsAccessControlEntry);
        assertAcl(cmsObject, "/folder1/page4.html", readUser.getId(), cmsPermissionSetCustom);
    }

    public void testUserDeletion() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing permissions after deleting a user");
        cmsObject.createResource("userDelete.txt", CmsResourceTypePlain.getStaticTypeId());
        cmsObject.createUser("deleteUser", "deleteMe", "", (Map) null);
        cmsObject.chacc("userDelete.txt", "USER", "deleteUser", "+r+w+v+c+d");
        cmsObject.deleteUser("deleteUser");
        Iterator it = cmsObject.getAccessControlEntries("userDelete.txt").iterator();
        while (it.hasNext()) {
            CmsUUID principal = ((CmsAccessControlEntry) it.next()).getPrincipal();
            if (cmsObject.lookupPrincipal(principal) == null && CmsRole.valueOfId(principal) == null && !principal.equals(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID) && !principal.equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) {
                fail("Principal " + principal.toString() + " is missing");
            }
        }
    }

    public void testVisiblePermission() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing visible permissions on a file");
        CmsResource readResource = cmsObject.readResource("index.html");
        cmsObject.lockResource("index.html");
        cmsObject.chacc("index.html", "GROUP", OpenCms.getDefaultUsers().getGroupUsers(), 0, 0, 4);
        cmsObject.chacc("index.html", "USER", "test1", 1, 0, 4);
        cmsObject.chacc("index.html", "USER", "test2", 5, 0, 4);
        cmsObject.unlockResource("index.html");
        cmsObject.loginUser("test1", "test1");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        if (!cmsObject.hasPermissions(readResource, new CmsPermissionSet(4, 0), true, CmsResourceFilter.ALL)) {
            fail("Visible permission checked but should have been ignored");
        }
        if (cmsObject.hasPermissions(readResource, new CmsPermissionSet(4, 0), true, CmsResourceFilter.ONLY_VISIBLE)) {
            fail("Visible permission not checked");
        }
        cmsObject.loginUser("test2", "test2");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        if (!cmsObject.hasPermissions(readResource, new CmsPermissionSet(4, 0), true, CmsResourceFilter.ALL)) {
            fail("Visible permission checked but should be ignored");
        }
        if (cmsObject.hasPermissions(readResource, new CmsPermissionSet(4, 0), true, CmsResourceFilter.ONLY_VISIBLE)) {
            return;
        }
        fail("Visible permission not detected");
    }

    public void testVisiblePermissionForFolder() throws Throwable {
        CmsObject cmsObject = getCmsObject();
        echo("Testing visible permissions on a list of files in a folder");
        cmsObject.lockResource("/types");
        cmsObject.chacc("/types", "GROUP", OpenCms.getDefaultUsers().getGroupUsers(), 0, 0, 6);
        cmsObject.chacc("/types", "USER", "test1", 1, 0, 6);
        cmsObject.chacc("/types", "USER", "test2", 5, 0, 6);
        cmsObject.unlockResource("/types");
        cmsObject.loginUser("test1", "test1");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        List readResources = cmsObject.readResources("/types", CmsResourceFilter.ONLY_VISIBLE);
        if (readResources.size() > 0) {
            fail("Was able to read " + readResources.size() + " invisible resources in a folder with filter excluding invisible resources");
        }
        assertFalse("the user has view access permission despite the view permission has been removed", cmsObject.hasPermissions(cmsObject.readResource("/types", CmsResourceFilter.ALL), CmsPermissionSet.ACCESS_VIEW, false, CmsResourceFilter.ONLY_VISIBLE));
        List readResources2 = cmsObject.readResources("/types", CmsResourceFilter.ALL);
        if (readResources2.size() != 6) {
            fail("There should be 6 visible resource in the folder, not " + readResources2.size());
        }
        cmsObject.loginUser("test2", "test2");
        cmsObject.getRequestContext().setCurrentProject(cmsObject.readProject("Offline"));
        List readResources3 = cmsObject.readResources("/types", CmsResourceFilter.ONLY_VISIBLE);
        if (readResources3.size() != 6) {
            fail("There should be 6 visible resource in the folder, not " + readResources3.size());
        }
    }
}
