package net.krotscheck.kangaroo.authz.admin.v1.resource;

import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import net.krotscheck.kangaroo.authz.common.database.entity.AbstractAuthzEntity;
import net.krotscheck.kangaroo.authz.common.database.entity.Application;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.Role;
import net.krotscheck.kangaroo.authz.common.database.entity.User;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.common.response.ListResponseEntity;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/resource/UserServiceBrowseTest.class */
public final class UserServiceBrowseTest extends AbstractServiceBrowseTest<User> {
    private static final GenericType<ListResponseEntity<User>> LIST_TYPE = new GenericType<ListResponseEntity<User>>() { // from class: net.krotscheck.kangaroo.authz.admin.v1.resource.UserServiceBrowseTest.1
    };

    public UserServiceBrowseTest(ClientType clientType, String str, Boolean bool) {
        super(clientType, str, bool);
    }

    @Parameterized.Parameters
    public static Collection parameters() {
        return Arrays.asList(new Object[]{ClientType.Implicit, "kangaroo:user_admin", false}, new Object[]{ClientType.Implicit, "kangaroo:user", false}, new Object[]{ClientType.Implicit, "kangaroo:user_admin", true}, new Object[]{ClientType.Implicit, "kangaroo:user", true}, new Object[]{ClientType.ClientCredentials, "kangaroo:user_admin", false}, new Object[]{ClientType.ClientCredentials, "kangaroo:user", false});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    public String getAdminScope() {
        return "kangaroo:user_admin";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    public String getRegularScope() {
        return "kangaroo:user";
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    protected GenericType<ListResponseEntity<User>> getListType() {
        return LIST_TYPE;
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractServiceBrowseTest
    protected List<User> getAccessibleEntities(OAuthToken oAuthToken) {
        OAuthToken oAuthToken2 = (OAuthToken) getAttached((UserServiceBrowseTest) oAuthToken);
        return !oAuthToken2.getScopes().containsKey(getAdminScope()) ? getOwnedEntities(oAuthToken2) : (List) getSession().createCriteria(Application.class).list().stream().flatMap(application -> {
            return application.getUsers().stream();
        }).distinct().collect(Collectors.toList());
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractServiceBrowseTest
    protected List<User> getOwnedEntities(User user) {
        return (List) user.getApplications().stream().flatMap(application -> {
            return application.getUsers().stream();
        }).distinct().collect(Collectors.toList());
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    protected URI getUrlForId(String str) {
        return UriBuilder.fromPath("/user/").path(str).build(new Object[0]);
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    protected URI getUrlForEntity(AbstractAuthzEntity abstractAuthzEntity) {
        return getUrlForId(IdUtil.toString(abstractAuthzEntity.getId()));
    }

    @Test
    public void testBrowseFilterByApplication() {
        Application application = getAdminContext().getApplication();
        HashMap hashMap = new HashMap();
        hashMap.put("application", IdUtil.toString(application.getId()));
        Response browse = browse(hashMap, getAdminToken());
        Integer valueOf = Integer.valueOf(((List) getAccessibleEntities(getAdminToken()).stream().filter(user -> {
            return user.getApplication().equals(application);
        }).distinct().collect(Collectors.toList())).size());
        int min = Math.min(10, valueOf.intValue());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST.getStatusCode(), "invalid_scope");
        } else if (isAccessible(application, getAdminToken())) {
            assertListResponse(browse, Integer.valueOf(min), 0, 10, valueOf);
        } else {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST);
        }
    }

    @Test
    public void testBrowseFilterByInvalidApplication() {
        HashMap hashMap = new HashMap();
        hashMap.put("application", IdUtil.toString(IdUtil.next()));
        Response browse = browse(hashMap, getAdminToken());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST.getStatusCode(), "invalid_scope");
        } else {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST);
        }
    }

    @Test
    public void testBrowseFilterByRole() {
        Role role = (Role) ((List) getAdminContext().getApplication().getRoles().stream().filter(role2 -> {
            return role2.getName().equals("admin");
        }).collect(Collectors.toList())).get(0);
        HashMap hashMap = new HashMap();
        hashMap.put("role", IdUtil.toString(role.getId()));
        Response browse = browse(hashMap, getAdminToken());
        Integer valueOf = Integer.valueOf(((List) getAccessibleEntities(getAdminToken()).stream().filter(user -> {
            return user.getRole() != null;
        }).filter(user2 -> {
            return user2.getRole().equals(role);
        }).distinct().collect(Collectors.toList())).size());
        int min = Math.min(10, valueOf.intValue());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST.getStatusCode(), "invalid_scope");
        } else if (isAccessible(role, getAdminToken())) {
            assertListResponse(browse, Integer.valueOf(min), 0, 10, valueOf);
        } else {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST);
        }
    }

    @Test
    public void testBrowseFilterByInvalidRole() {
        HashMap hashMap = new HashMap();
        hashMap.put("role", IdUtil.toString(IdUtil.next()));
        Response browse = browse(hashMap, getAdminToken());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST.getStatusCode(), "invalid_scope");
        } else {
            assertErrorResponse(browse, Response.Status.BAD_REQUEST);
        }
    }
}
