package org.camunda.bpm.engine.test.api.authorization.optimize;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.DecisionService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.RepositoryService;
import org.camunda.bpm.engine.RuntimeService;
import org.camunda.bpm.engine.TaskService;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.OptimizeService;
import org.camunda.bpm.engine.repository.DecisionDefinition;
import org.camunda.bpm.engine.repository.DeploymentBuilder;
import org.camunda.bpm.engine.repository.ProcessDefinition;
import org.camunda.bpm.engine.runtime.ProcessInstance;
import org.camunda.bpm.engine.task.Task;
import org.camunda.bpm.engine.test.ProcessEngineRule;
import org.camunda.bpm.engine.test.RequiredHistoryLevel;
import org.camunda.bpm.engine.test.api.authorization.util.AuthorizationTestBaseRule;
import org.camunda.bpm.engine.test.api.cfg.FallbackSerializerFactoryTest;
import org.camunda.bpm.engine.test.util.ProcessEngineTestRule;
import org.camunda.bpm.engine.test.util.ProvidedProcessEngineRule;
import org.camunda.bpm.engine.test.util.ResetDmnConfigUtil;
import org.camunda.bpm.engine.variable.Variables;
import org.camunda.bpm.model.bpmn.Bpmn;
import org.camunda.bpm.model.bpmn.BpmnModelInstance;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RequiredHistoryLevel("full")
@RunWith(Parameterized.class)
/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/optimize/OptimizeServiceAuthorizationTest.class */
public class OptimizeServiceAuthorizationTest {
    public static final String TEST_DECISION = "testDecision";
    public static final String SIMPLE_PROCESS = "process";
    public static final String USER_TASK_PROCESS = "userTaskProcess";
    private OptimizeService optimizeService;
    protected static final String TENANT_ONE = "tenant1";
    protected static final String TENANT_TWO = "tenant2";
    public static final String DECISION_INPUT_EQUALS_OUTPUT = "org/camunda/bpm/engine/test/history/HistoricDecisionInstanceTest.decisionSingleOutput.dmn11.xml";

    @Parameterized.Parameter
    public Function<OptimizeService, List<?>> methodToTest;
    protected IdentityService identityService;
    protected RepositoryService repositoryService;
    protected AuthorizationService authorizationService;
    protected RuntimeService runtimeService;
    protected DecisionService decisionService;
    protected TaskService taskService;
    protected String userId = "test";
    protected ProcessEngineRule engineRule = new ProvidedProcessEngineRule();
    protected ProcessEngineTestRule testRule = new ProcessEngineTestRule(this.engineRule);
    protected AuthorizationTestBaseRule authRule = new AuthorizationTestBaseRule(this.engineRule);

    @Rule
    public RuleChain ruleChain = RuleChain.outerRule(this.engineRule).around(this.testRule).around(this.authRule);

    /* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/optimize/OptimizeServiceAuthorizationTest$Function.class */
    private interface Function<T, T1> {
        T1 apply(T t);
    }

    @Parameterized.Parameters
    public static Collection<Object[]> data() {
        return Arrays.asList(new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.1
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getCompletedHistoricActivityInstances(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.2
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getRunningHistoricActivityInstances(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.3
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getCompletedHistoricProcessInstances(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.4
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getRunningHistoricProcessInstances(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.5
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getCompletedHistoricTaskInstances(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.6
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getRunningHistoricTaskInstances(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.7
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getHistoricIdentityLinkLogs(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.8
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getHistoricUserOperationLogs(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.9
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getHistoricVariableUpdates(new Date(0L), (Date) null, 10);
            }
        }}, new Object[]{new Function<OptimizeService, List<?>>() { // from class: org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.10
            @Override // org.camunda.bpm.engine.test.api.authorization.optimize.OptimizeServiceAuthorizationTest.Function
            public List<?> apply(OptimizeService optimizeService) {
                return optimizeService.getHistoricDecisionInstances(new Date(0L), (Date) null, 10);
            }
        }});
    }

    @Before
    public void setUp() throws Exception {
        this.identityService = this.engineRule.getIdentityService();
        this.repositoryService = this.engineRule.getRepositoryService();
        this.authorizationService = this.engineRule.getAuthorizationService();
        this.runtimeService = this.engineRule.getRuntimeService();
        this.decisionService = this.engineRule.getDecisionService();
        this.taskService = this.engineRule.getTaskService();
        this.optimizeService = this.engineRule.getProcessEngineConfiguration().getOptimizeService();
        ResetDmnConfigUtil.reset(this.engineRule.getProcessEngineConfiguration().getDmnEngineConfiguration()).enableFeelLegacyBehavior(true).init();
        this.authRule.createUserAndGroup(this.userId, "testGroup");
        this.authRule.createGrantAuthorization(Resources.AUTHORIZATION, "*", this.userId, Permissions.ALL);
        this.authRule.createGrantAuthorization(Resources.USER, "*", this.userId, Permissions.ALL);
        deployTestData();
        this.authRule.enableAuthorization(this.userId);
    }

    @After
    public void tearDown() {
        ResetDmnConfigUtil.reset(this.engineRule.getProcessEngineConfiguration().getDmnEngineConfiguration()).enableFeelLegacyBehavior(false).init();
        this.authRule.disableAuthorization();
        this.authRule.deleteUsersAndGroups();
        this.identityService.clearAuthentication();
    }

    @Test
    public void cantGetDataWithoutTenantAuthorization() {
        this.identityService.setAuthentication(this.userId, (List) null, Collections.singletonList(TENANT_ONE));
        this.authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.DECISION_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        try {
            this.methodToTest.apply(this.optimizeService);
            Assert.fail("Exception expected: It should not be possible to retrieve the data");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            this.testRule.assertTextPresent(this.userId, message);
            this.testRule.assertTextPresent(Permissions.READ.getName(), message);
            this.testRule.assertTextPresent(Resources.TENANT.resourceName(), message);
        }
    }

    @Test
    public void cantGetDataWithoutProcessDefinitionAuthorization() {
        this.identityService.setAuthentication(this.userId, (List) null, Collections.singletonList(TENANT_ONE));
        this.authRule.createGrantAuthorization(Resources.DECISION_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.TENANT, "*", this.userId, Permissions.READ);
        try {
            this.methodToTest.apply(this.optimizeService);
            Assert.fail("Exception expected: It should not be possible to retrieve the data");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            this.testRule.assertTextPresent(this.userId, message);
            this.testRule.assertTextPresent(Permissions.READ_HISTORY.getName(), message);
            this.testRule.assertTextPresent(Resources.PROCESS_DEFINITION.resourceName(), message);
        }
    }

    @Test
    public void authorizationOnSingleProcessResourceNotEnough() {
        this.identityService.setAuthentication(this.userId, (List) null, Collections.singletonList(TENANT_ONE));
        this.authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.DECISION_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.TENANT, "*", this.userId, Permissions.READ);
        try {
            this.methodToTest.apply(this.optimizeService);
            Assert.fail("Exception expected: It should not be possible to retrieve the data");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            this.testRule.assertTextPresent(this.userId, message);
            this.testRule.assertTextPresent(Permissions.READ_HISTORY.getName(), message);
            this.testRule.assertTextPresent(Resources.PROCESS_DEFINITION.resourceName(), message);
        }
    }

    @Test
    public void cantGetDataWithoutDecisionDefinitionAuthorization() {
        this.identityService.setAuthentication(this.userId, (List) null, Collections.singletonList(TENANT_ONE));
        this.authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.TENANT, "*", this.userId, Permissions.READ);
        try {
            this.methodToTest.apply(this.optimizeService);
            Assert.fail("Exception expected: It should not be possible to retrieve the data");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            this.testRule.assertTextPresent(this.userId, message);
            this.testRule.assertTextPresent(Permissions.READ_HISTORY.getName(), message);
            this.testRule.assertTextPresent(Resources.DECISION_DEFINITION.resourceName(), message);
        }
    }

    @Test
    public void authorizationOnSingleDecisionResourceNotEnough() {
        this.identityService.setAuthentication(this.userId, (List) null, Collections.singletonList(TENANT_ONE));
        this.authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.DECISION_DEFINITION, "testDecision", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.TENANT, "*", this.userId, Permissions.READ);
        try {
            this.methodToTest.apply(this.optimizeService);
            Assert.fail("Exception expected: It should not be possible to retrieve the data");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            this.testRule.assertTextPresent(this.userId, message);
            this.testRule.assertTextPresent(Permissions.READ_HISTORY.getName(), message);
            this.testRule.assertTextPresent(Resources.DECISION_DEFINITION.resourceName(), message);
        }
    }

    @Test
    public void canGetDataWithAllAuthorizations() {
        this.identityService.setAuthentication(this.userId, (List) null, Collections.singletonList(TENANT_ONE));
        generateTestData();
        this.authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.DECISION_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        this.authRule.createGrantAuthorization(Resources.TENANT, "*", this.userId, Permissions.READ);
        MatcherAssert.assertThat(Integer.valueOf(this.methodToTest.apply(this.optimizeService).size()), Matchers.greaterThan(0));
    }

    private void generateTestData() {
        this.engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(false);
        this.runtimeService.startProcessInstanceById(selectProcessDefinitionByKey("process").getId(), Variables.createVariables().putValue("foo", FallbackSerializerFactoryTest.ExampleConstantSerializer.DESERIALIZED_VALUE));
        ProcessInstance startProcessInstanceById = this.runtimeService.startProcessInstanceById(selectProcessDefinitionByKey(USER_TASK_PROCESS).getId());
        this.runtimeService.suspendProcessInstanceById(startProcessInstanceById.getId());
        this.runtimeService.activateProcessInstanceById(startProcessInstanceById.getId());
        completeAllUserTasks();
        this.decisionService.evaluateDecisionById(selectDecisionDefinitionByKey().getId()).variables(Variables.createVariables().putValue("input1", "a")).evaluate();
        this.engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
    }

    private void completeAllUserTasks() {
        for (Task task : this.taskService.createTaskQuery().list()) {
            this.taskService.claim(task.getId(), this.userId);
            this.taskService.complete(task.getId());
        }
    }

    protected ProcessDefinition selectProcessDefinitionByKey(String str) {
        return (ProcessDefinition) this.repositoryService.createProcessDefinitionQuery().processDefinitionKey(str).singleResult();
    }

    protected DecisionDefinition selectDecisionDefinitionByKey() {
        return (DecisionDefinition) this.repositoryService.createDecisionDefinitionQuery().decisionDefinitionKey("testDecision").singleResult();
    }

    private void deployTestData() {
        DeploymentBuilder tenantId = this.repositoryService.createDeployment().tenantId(TENANT_ONE);
        tenantId.addModelInstance("testProcess1-.bpmn", Bpmn.createExecutableProcess("process").startEvent().endEvent().done());
        BpmnModelInstance done = Bpmn.createExecutableProcess(USER_TASK_PROCESS).startEvent().userTask().userTask().endEvent().done();
        tenantId.addModelInstance("userTaskProcess1-.bpmn", done);
        tenantId.addClasspathResource("org/camunda/bpm/engine/test/history/HistoricDecisionInstanceTest.decisionSingleOutput.dmn11.xml");
        this.testRule.deploy(tenantId);
        DeploymentBuilder tenantId2 = this.repositoryService.createDeployment().tenantId(TENANT_TWO);
        tenantId2.addModelInstance("testProcess2-.bpmn", done);
        tenantId2.addClasspathResource("org/camunda/bpm/engine/test/history/HistoricDecisionInstanceTest.decisionSingleOutput.dmn11.xml");
        this.testRule.deploy(tenantId2);
    }
}
