package org.camunda.bpm.engine.test.api.authorization;

import java.util.Iterator;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.RuntimeService;
import org.camunda.bpm.engine.TaskService;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.authorization.TaskPermissions;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.task.IdentityLink;
import org.camunda.bpm.engine.task.Task;
import org.camunda.bpm.engine.test.Deployment;
import org.camunda.bpm.engine.test.ProcessEngineRule;
import org.camunda.bpm.engine.test.api.authorization.util.AuthorizationTestRule;
import org.camunda.bpm.engine.test.util.ProvidedProcessEngineRule;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/TaskReadVariablePermissionAuthorizationTest.class */
public class TaskReadVariablePermissionAuthorizationTest {
    private static final String PROCESS_KEY = "oneTaskProcess";
    private static final String DEMO = "demo";
    private static final String ACCOUNTING_GROUP = "accounting";
    protected static String userId = "test";
    public ProcessEngineRule engineRule = new ProvidedProcessEngineRule();
    protected AuthorizationTestRule authRule = new AuthorizationTestRule(this.engineRule);

    @Rule
    public RuleChain ruleChain = RuleChain.outerRule(this.engineRule).around(this.authRule);
    private ProcessEngineConfigurationImpl processEngineConfiguration;
    private IdentityService identityService;
    private AuthorizationService authorizationService;
    private TaskService taskService;
    private RuntimeService runtimeService;
    private boolean enforceSpecificVariablePermission;

    @Before
    public void init() {
        this.processEngineConfiguration = this.engineRule.getProcessEngineConfiguration();
        this.identityService = this.engineRule.getIdentityService();
        this.authorizationService = this.engineRule.getAuthorizationService();
        this.taskService = this.engineRule.getTaskService();
        this.runtimeService = this.engineRule.getRuntimeService();
        this.enforceSpecificVariablePermission = this.processEngineConfiguration.isEnforceSpecificVariablePermission();
        this.processEngineConfiguration.setEnforceSpecificVariablePermission(true);
        this.identityService.saveUser(this.identityService.newUser(userId));
        this.identityService.setAuthenticatedUserId(userId);
        this.authRule.createGrantAuthorization(Resources.AUTHORIZATION, "*", userId, Permissions.CREATE);
    }

    @After
    public void cleanUp() {
        this.authRule.disableAuthorization();
        Iterator it = this.identityService.createUserQuery().list().iterator();
        while (it.hasNext()) {
            this.identityService.deleteUser(((User) it.next()).getId());
        }
        Iterator it2 = this.authorizationService.createAuthorizationQuery().userIdIn(new String[]{"demo"}).list().iterator();
        while (it2.hasNext()) {
            this.authorizationService.deleteAuthorization(((Authorization) it2.next()).getId());
        }
        Iterator it3 = this.authorizationService.createAuthorizationQuery().groupIdIn(new String[]{ACCOUNTING_GROUP}).list().iterator();
        while (it3.hasNext()) {
            this.authorizationService.deleteAuthorization(((Authorization) it3.next()).getId());
        }
        this.processEngineConfiguration.setEnforceSpecificVariablePermission(this.enforceSpecificVariablePermission);
    }

    @Test
    public void testSaveStandaloneTaskAndCheckAssigneePermissions() {
        createTask("myTask");
        Task selectSingleTask = selectSingleTask();
        selectSingleTask.setAssignee("demo");
        this.authRule.createGrantAuthorization(Resources.TASK, "myTask", userId, Permissions.UPDATE);
        this.taskService.saveTask(selectSingleTask);
        Task selectSingleTask2 = selectSingleTask();
        Assert.assertNotNull(selectSingleTask2);
        Assert.assertEquals("demo", selectSingleTask2.getAssignee());
        verifyUserAuthorization("demo");
        this.taskService.deleteTask("myTask", true);
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testSaveProcessTaskAndCheckAssigneePermissions() {
        startProcessInstanceByKey("oneTaskProcess");
        Task selectSingleTask = selectSingleTask();
        selectSingleTask.setAssignee("demo");
        this.authRule.createGrantAuthorization(Resources.TASK, selectSingleTask.getId(), userId, Permissions.UPDATE);
        this.taskService.saveTask(selectSingleTask);
        Task selectSingleTask2 = selectSingleTask();
        Assert.assertNotNull(selectSingleTask2);
        Assert.assertEquals("demo", selectSingleTask2.getAssignee());
        verifyUserAuthorization("demo");
    }

    @Test
    public void testStandaloneTaskSetOwnerAndCheckOwnerPermissions() {
        createTask("myTask");
        this.authRule.createGrantAuthorization(Resources.TASK, "myTask", userId, Permissions.UPDATE);
        this.taskService.setOwner("myTask", "demo");
        Task selectSingleTask = selectSingleTask();
        Assert.assertNotNull(selectSingleTask);
        Assert.assertEquals("demo", selectSingleTask.getOwner());
        verifyUserAuthorization("demo");
        this.taskService.deleteTask("myTask", true);
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testProcessTaskSetOwnerAndCheckOwnerPermissions() {
        startProcessInstanceByKey("oneTaskProcess");
        String id = selectSingleTask().getId();
        this.authRule.createGrantAuthorization(Resources.TASK, id, userId, Permissions.UPDATE);
        this.taskService.setOwner(id, "demo");
        Task selectSingleTask = selectSingleTask();
        Assert.assertNotNull(selectSingleTask);
        Assert.assertEquals("demo", selectSingleTask.getOwner());
        verifyUserAuthorization("demo");
    }

    @Test
    public void testStandaloneTaskAddUserIdentityLinkAndUserOwnerPermissions() {
        createTask("myTask");
        this.authRule.createGrantAuthorization(Resources.TASK, "myTask", userId, Permissions.UPDATE);
        this.taskService.addUserIdentityLink("myTask", "demo", "candidate");
        this.authRule.disableAuthorization();
        List identityLinksForTask = this.taskService.getIdentityLinksForTask("myTask");
        this.authRule.disableAuthorization();
        Assert.assertNotNull(identityLinksForTask);
        Assert.assertEquals(1L, identityLinksForTask.size());
        IdentityLink identityLink = (IdentityLink) identityLinksForTask.get(0);
        Assert.assertNotNull(identityLink);
        Assert.assertEquals("demo", identityLink.getUserId());
        Assert.assertEquals("candidate", identityLink.getType());
        verifyUserAuthorization("demo");
        this.taskService.deleteTask("myTask", true);
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testProcessTaskAddUserIdentityLinkWithUpdatePersmissionOnTask() {
        startProcessInstanceByKey("oneTaskProcess");
        String id = selectSingleTask().getId();
        this.authRule.createGrantAuthorization(Resources.TASK, id, userId, Permissions.UPDATE);
        this.taskService.addUserIdentityLink(id, "demo", "candidate");
        this.authRule.disableAuthorization();
        List identityLinksForTask = this.taskService.getIdentityLinksForTask(id);
        this.authRule.disableAuthorization();
        Assert.assertNotNull(identityLinksForTask);
        Assert.assertEquals(1L, identityLinksForTask.size());
        IdentityLink identityLink = (IdentityLink) identityLinksForTask.get(0);
        Assert.assertNotNull(identityLink);
        Assert.assertEquals("demo", identityLink.getUserId());
        Assert.assertEquals("candidate", identityLink.getType());
        verifyUserAuthorization("demo");
    }

    @Test
    public void testStandaloneTaskAddGroupIdentityLink() {
        createTask("myTask");
        this.authRule.createGrantAuthorization(Resources.TASK, "myTask", userId, Permissions.UPDATE);
        this.taskService.addGroupIdentityLink("myTask", ACCOUNTING_GROUP, "candidate");
        this.authRule.disableAuthorization();
        List identityLinksForTask = this.taskService.getIdentityLinksForTask("myTask");
        this.authRule.disableAuthorization();
        Assert.assertNotNull(identityLinksForTask);
        Assert.assertEquals(1L, identityLinksForTask.size());
        IdentityLink identityLink = (IdentityLink) identityLinksForTask.get(0);
        Assert.assertNotNull(identityLink);
        Assert.assertEquals(ACCOUNTING_GROUP, identityLink.getGroupId());
        Assert.assertEquals("candidate", identityLink.getType());
        verifyGroupAuthorization(ACCOUNTING_GROUP);
        this.taskService.deleteTask("myTask", true);
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testProcessTaskAddGroupIdentityLinkWithUpdatePersmissionOnTask() {
        startProcessInstanceByKey("oneTaskProcess");
        String id = selectSingleTask().getId();
        this.authRule.createGrantAuthorization(Resources.TASK, id, userId, Permissions.UPDATE);
        this.taskService.addGroupIdentityLink(id, ACCOUNTING_GROUP, "candidate");
        this.authRule.disableAuthorization();
        List identityLinksForTask = this.taskService.getIdentityLinksForTask(id);
        this.authRule.disableAuthorization();
        Assert.assertNotNull(identityLinksForTask);
        Assert.assertEquals(1L, identityLinksForTask.size());
        IdentityLink identityLink = (IdentityLink) identityLinksForTask.get(0);
        Assert.assertNotNull(identityLink);
        Assert.assertEquals(ACCOUNTING_GROUP, identityLink.getGroupId());
        Assert.assertEquals("candidate", identityLink.getType());
        verifyGroupAuthorization(ACCOUNTING_GROUP);
    }

    protected void createTask(String str) {
        this.authRule.disableAuthorization();
        this.taskService.saveTask(this.taskService.newTask(str));
        this.authRule.enableAuthorization(userId);
    }

    protected Task selectSingleTask() {
        this.authRule.disableAuthorization();
        Task task = (Task) this.taskService.createTaskQuery().singleResult();
        this.authRule.enableAuthorization(userId);
        return task;
    }

    protected void startProcessInstanceByKey(String str) {
        this.authRule.disableAuthorization();
        this.runtimeService.startProcessInstanceByKey(str);
        this.authRule.enableAuthorization(userId);
    }

    protected void verifyUserAuthorization(String str) {
        this.authRule.disableAuthorization();
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().userIdIn(new String[]{str}).singleResult();
        Assert.assertNotNull(authorization);
        verifyReadVariablePermission(authorization);
    }

    protected void verifyGroupAuthorization(String str) {
        this.authRule.disableAuthorization();
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().groupIdIn(new String[]{str}).singleResult();
        Assert.assertNotNull(authorization);
        verifyReadVariablePermission(authorization);
    }

    protected void verifyReadVariablePermission(Authorization authorization) {
        Permission[] permissions = authorization.getPermissions(new Permission[]{TaskPermissions.READ_VARIABLE});
        Assert.assertNotNull(permissions);
        Assert.assertEquals(TaskPermissions.READ_VARIABLE, permissions[0]);
    }
}
