package org.camunda.bpm.engine.test.api.authorization;

import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.ProcessDefinitionPermissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.authorization.TaskPermissions;
import org.camunda.bpm.engine.query.Query;
import org.camunda.bpm.engine.runtime.VariableInstance;
import org.camunda.bpm.engine.runtime.VariableInstanceQuery;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/VariableInstanceAuthorizationTest.class */
public class VariableInstanceAuthorizationTest extends AuthorizationTest {
    protected static final String PROCESS_KEY = "oneTaskProcess";
    protected static final String CASE_KEY = "oneTaskCase";
    protected String deploymentId;
    protected boolean ensureSpecificVariablePermission;

    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    public void setUp() throws Exception {
        this.deploymentId = createDeployment(null, "org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml", "org/camunda/bpm/engine/test/api/authorization/oneTaskCase.cmmn").getId();
        this.ensureSpecificVariablePermission = this.processEngineConfiguration.isEnforceSpecificVariablePermission();
        super.setUp();
    }

    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    public void tearDown() {
        super.tearDown();
        deleteDeployment(this.deploymentId);
        this.processEngineConfiguration.setEnforceSpecificVariablePermission(this.ensureSpecificVariablePermission);
    }

    public void testProcessVariableQueryWithoutAuthorization() {
        startProcessInstanceByKey("oneTaskProcess", getVariables());
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testCaseVariableQueryWithoutAuthorization() {
        createCaseInstanceByKey(CASE_KEY, getVariables());
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 1);
    }

    public void testProcessLocalTaskVariableQueryWithoutAuthorization() {
        startProcessInstanceByKey("oneTaskProcess");
        setTaskVariableLocal(selectSingleTask().getId(), "aVariableName", "aVariableValue");
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testCaseLocalTaskVariableQueryWithoutAuthorization() {
        createCaseInstanceByKey(CASE_KEY);
        setTaskVariableLocal(selectSingleTask().getId(), "aVariableName", "aVariableValue");
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 1);
    }

    public void testStandaloneTaskVariableQueryWithoutAuthorization() {
        createTask("myTask");
        setTaskVariable("myTask", "aVariableName", "aVariableValue");
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
        deleteTask("myTask", true);
    }

    public void testProcessVariableQueryWithReadPermissionOnProcessInstance() {
        String id = startProcessInstanceByKey("oneTaskProcess", getVariables()).getId();
        createGrantAuthorization(Resources.PROCESS_INSTANCE, id, this.userId, Permissions.READ);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void testProcessVariableQueryWithReadInstancesPermissionOnOneTaskProcess() {
        String id = startProcessInstanceByKey("oneTaskProcess", getVariables()).getId();
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "oneTaskProcess", this.userId, Permissions.READ_INSTANCE);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void testProcessVariableQueryWithReadInstanceVariablePermission() {
        setReadVariableAsDefaultReadVariablePermission();
        String id = startProcessInstanceByKey("oneTaskProcess", getVariables()).getId();
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "oneTaskProcess", this.userId, ProcessDefinitionPermissions.READ_INSTANCE_VARIABLE);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void failingTestProcessVariableQueryWithReadVariablePermission() {
        setReadVariableAsDefaultReadVariablePermission();
        startProcessInstanceByKey("oneTaskProcess", getVariables());
        createGrantAuthorization(Resources.TASK, "*", this.userId, TaskPermissions.READ_VARIABLE);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testProcessVariableQueryWithReadProcessInstanceWhenReadVariableIsEnabled() {
        setReadVariableAsDefaultReadVariablePermission();
        createGrantAuthorization(Resources.PROCESS_INSTANCE, startProcessInstanceByKey("oneTaskProcess", getVariables()).getId(), this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testProcessVariableQueryWithReadTaskWhenReadVariableIsEnabled() {
        setReadVariableAsDefaultReadVariablePermission();
        startProcessInstanceByKey("oneTaskProcess", getVariables()).getId();
        createGrantAuthorization(Resources.TASK, "*", this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testProcessLocalTaskVariableQueryWithReadPermissionOnTask() {
        startProcessInstanceByKey("oneTaskProcess");
        String id = selectSingleTask().getId();
        setTaskVariableLocal(id, "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.TASK, id, this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 1);
    }

    public void testProcessLocalTaskVariableQueryWithMultiple() {
        startProcessInstanceByKey("oneTaskProcess");
        String id = selectSingleTask().getId();
        setTaskVariableLocal(id, "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.TASK, id, this.userId, Permissions.READ);
        createGrantAuthorization(Resources.TASK, "*", this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 1);
    }

    public void testProcessLocalTaskVariableQueryWithReadPermissionOnProcessInstance() {
        String id = startProcessInstanceByKey("oneTaskProcess").getId();
        setTaskVariableLocal(selectSingleTask().getId(), "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.PROCESS_INSTANCE, id, this.userId, Permissions.READ);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void testProcessLocalTaskVariableQueryWithReadPermissionOnOneProcessTask() {
        String id = startProcessInstanceByKey("oneTaskProcess").getId();
        setTaskVariableLocal(selectSingleTask().getId(), "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "oneTaskProcess", this.userId, Permissions.READ_INSTANCE);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void testProcessLocalTaskVariableQueryWithReadInstanceVariablePermission() {
        setReadVariableAsDefaultReadVariablePermission();
        String id = startProcessInstanceByKey("oneTaskProcess").getId();
        setTaskVariableLocal(selectSingleTask().getId(), "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "oneTaskProcess", this.userId, ProcessDefinitionPermissions.READ_INSTANCE_VARIABLE);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void testProcessLocalTaskVariableQueryWithReadVariablePermission() {
        setReadVariableAsDefaultReadVariablePermission();
        String id = startProcessInstanceByKey("oneTaskProcess").getId();
        String id2 = selectSingleTask().getId();
        setTaskVariableLocal(id2, "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.TASK, id2, this.userId, TaskPermissions.READ_VARIABLE);
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        VariableInstance variableInstance = (VariableInstance) createVariableInstanceQuery.singleResult();
        assertNotNull(variableInstance);
        assertEquals(id, variableInstance.getProcessInstanceId());
    }

    public void testProcessLocalTaskVariableQueryWithReadProcessInstanceWhenReadVariableIsEnabled() {
        setReadVariableAsDefaultReadVariablePermission();
        String id = startProcessInstanceByKey("oneTaskProcess").getId();
        setTaskVariableLocal(selectSingleTask().getId(), "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.PROCESS_INSTANCE, id, this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testProcessLocalTaskVariableQueryWithReadTaskWhenReadVariableIsEnabled() {
        setReadVariableAsDefaultReadVariablePermission();
        startProcessInstanceByKey("oneTaskProcess");
        String id = selectSingleTask().getId();
        setTaskVariableLocal(id, "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.TASK, id, this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 0);
    }

    public void testStandaloneTaskVariableQueryWithReadPermissionOnTask() {
        createTask("myTask");
        setTaskVariable("myTask", "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.TASK, "myTask", this.userId, Permissions.READ);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 1);
        deleteTask("myTask", true);
    }

    public void testStandaloneTaskVariableQueryWithReadVariablePermissionOnTask() {
        setReadVariableAsDefaultReadVariablePermission();
        createTask("myTask");
        setTaskVariable("myTask", "aVariableName", "aVariableValue");
        createGrantAuthorization(Resources.TASK, "myTask", this.userId, TaskPermissions.READ_VARIABLE);
        verifyQueryResults(this.runtimeService.createVariableInstanceQuery(), 1);
        deleteTask("myTask", true);
    }

    public void testMixedVariables() {
        createTask("myTask");
        setTaskVariable("myTask", "aVariableName", "aVariableValue");
        String processInstanceId = startProcessInstanceByKey("oneTaskProcess", getVariables()).getProcessInstanceId();
        createCaseInstanceByKey(CASE_KEY, getVariables());
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        createGrantAuthorization(Resources.TASK, "myTask", this.userId, Permissions.READ);
        verifyQueryResults(createVariableInstanceQuery, 2);
        createGrantAuthorization(Resources.PROCESS_INSTANCE, processInstanceId, this.userId, Permissions.READ);
        verifyQueryResults(createVariableInstanceQuery, 3);
        deleteTask("myTask", true);
    }

    public void testMixedVariablesWhenReadVariableIsEnabled() {
        setReadVariableAsDefaultReadVariablePermission();
        createTask("myTask");
        setTaskVariable("myTask", "aVariableName", "aVariableValue");
        startProcessInstanceByKey("oneTaskProcess", getVariables()).getProcessInstanceId();
        createCaseInstanceByKey(CASE_KEY, getVariables());
        VariableInstanceQuery createVariableInstanceQuery = this.runtimeService.createVariableInstanceQuery();
        verifyQueryResults(createVariableInstanceQuery, 1);
        createGrantAuthorization(Resources.TASK, "myTask", this.userId, TaskPermissions.READ_VARIABLE);
        verifyQueryResults(createVariableInstanceQuery, 2);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "oneTaskProcess", this.userId, ProcessDefinitionPermissions.READ_INSTANCE_VARIABLE);
        verifyQueryResults(createVariableInstanceQuery, 3);
        deleteTask("myTask", true);
    }

    protected void verifyQueryResults(VariableInstanceQuery variableInstanceQuery, int i) {
        verifyQueryResults((Query<?, ?>) variableInstanceQuery, i);
    }

    protected void setReadVariableAsDefaultReadVariablePermission() {
        this.processEngineConfiguration.setEnforceSpecificVariablePermission(true);
    }
}
