package org.camunda.bpm.engine.test.api.authorization;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.BadUserRequestException;
import org.camunda.bpm.engine.ManagementService;
import org.camunda.bpm.engine.RepositoryService;
import org.camunda.bpm.engine.RuntimeService;
import org.camunda.bpm.engine.TaskService;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.ProcessDefinitionPermissions;
import org.camunda.bpm.engine.authorization.ProcessInstancePermissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.authorization.TaskPermissions;
import org.camunda.bpm.engine.externaltask.LockedExternalTask;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.management.ActivityStatistics;
import org.camunda.bpm.engine.management.DeploymentStatistics;
import org.camunda.bpm.engine.repository.ProcessDefinition;
import org.camunda.bpm.engine.runtime.Job;
import org.camunda.bpm.engine.runtime.ProcessInstance;
import org.camunda.bpm.engine.task.Task;
import org.camunda.bpm.engine.test.Deployment;
import org.camunda.bpm.engine.test.ProcessEngineRule;
import org.camunda.bpm.engine.test.RequiredHistoryLevel;
import org.camunda.bpm.engine.test.api.authorization.externaltask.FetchExternalTaskAuthorizationTest;
import org.camunda.bpm.engine.test.api.authorization.util.AuthorizationTestBaseRule;
import org.camunda.bpm.engine.test.api.cfg.FallbackSerializerFactoryTest;
import org.camunda.bpm.engine.test.api.identity.TestPermissions;
import org.camunda.bpm.engine.test.api.identity.TestResource;
import org.camunda.bpm.engine.test.api.runtime.migration.models.builder.DefaultExternalTaskModelBuilder;
import org.camunda.bpm.engine.test.cmmn.handler.specification.AbstractExecutionListenerSpec;
import org.camunda.bpm.engine.test.util.ProcessEngineTestRule;
import org.camunda.bpm.engine.test.util.ProvidedProcessEngineRule;
import org.camunda.bpm.engine.variable.Variables;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.RuleChain;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/DisabledPermissionsAuthorizationTest.class */
public class DisabledPermissionsAuthorizationTest {
    protected static final String USER_ID = "user";
    public ProcessEngineRule engineRule = new ProvidedProcessEngineRule();
    public AuthorizationTestBaseRule authRule = new AuthorizationTestBaseRule(this.engineRule);
    public ProcessEngineTestRule testHelper = new ProcessEngineTestRule(this.engineRule);

    @Rule
    public ExpectedException exceptionRule = ExpectedException.none();

    @Rule
    public RuleChain ruleChain = RuleChain.outerRule(this.engineRule).around(this.authRule).around(this.testHelper);
    ProcessEngineConfigurationImpl processEngineConfiguration;
    RepositoryService repositoryService;
    AuthorizationService authorizationService;
    RuntimeService runtimeService;
    ManagementService managementService;
    TaskService taskService;

    @Before
    public void setUp() {
        this.authRule.createUserAndGroup(USER_ID, "group");
        this.processEngineConfiguration = this.engineRule.getProcessEngineConfiguration();
        this.repositoryService = this.engineRule.getRepositoryService();
        this.authorizationService = this.engineRule.getAuthorizationService();
        this.runtimeService = this.engineRule.getRuntimeService();
        this.managementService = this.engineRule.getManagementService();
        this.taskService = this.engineRule.getTaskService();
    }

    @After
    public void tearDown() {
        this.authRule.disableAuthorization();
        this.authRule.deleteUsersAndGroups();
        this.processEngineConfiguration.setDisabledPermissions((List) null);
    }

    @Test
    public void testIsUserAuthorizedForIgnoredPermission() {
        this.processEngineConfiguration.setDisabledPermissions(Arrays.asList(Permissions.READ.name()));
        this.authRule.createGrantAuthorization(Resources.PROCESS_INSTANCE, "*", USER_ID, ProcessInstancePermissions.RETRY_JOB);
        this.authRule.enableAuthorization(USER_ID);
        this.exceptionRule.expect(BadUserRequestException.class);
        this.exceptionRule.expectMessage("The 'READ' permission is disabled, please check your process engine configuration.");
        this.authorizationService.isUserAuthorized(USER_ID, (List) null, Permissions.READ, Resources.PROCESS_DEFINITION);
    }

    @Test
    public void testCustomPermissionDuplicateValue() {
        this.processEngineConfiguration.setDisabledPermissions(Arrays.asList(ProcessInstancePermissions.SUSPEND.name()));
        TestResource testResource = TestResource.RESOURCE1;
        TestResource testResource2 = TestResource.RESOURCE2;
        Assert.assertEquals(ProcessInstancePermissions.SUSPEND.getValue(), TestPermissions.RANDOM.getValue());
        this.authRule.createGrantAuthorization(testResource, "*", USER_ID, TestPermissions.RANDOM);
        this.authRule.createGrantAuthorization(testResource2, "resource2-1", USER_ID, TestPermissions.RANDOM);
        this.authRule.enableAuthorization(USER_ID);
        Assert.assertEquals(true, Boolean.valueOf(this.authorizationService.isUserAuthorized(USER_ID, (List) null, TestPermissions.RANDOM, testResource)));
        Assert.assertEquals(true, Boolean.valueOf(this.authorizationService.isUserAuthorized(USER_ID, (List) null, TestPermissions.RANDOM, testResource2, "resource2-1")));
    }

    @Test
    public void testGetVariableIgnoreTaskRead() {
        this.processEngineConfiguration.setDisabledPermissions(Arrays.asList(TaskPermissions.READ.name()));
        this.taskService.saveTask(this.taskService.newTask("taskId"));
        this.taskService.setVariables("taskId", Variables.createVariables().putValue("foo", FallbackSerializerFactoryTest.ExampleConstantSerializer.DESERIALIZED_VALUE));
        this.authRule.enableAuthorization(USER_ID);
        Assert.assertEquals(FallbackSerializerFactoryTest.ExampleConstantSerializer.DESERIALIZED_VALUE, this.taskService.getVariable("taskId", "foo"));
        this.authRule.disableAuthorization();
        this.taskService.deleteTask("taskId", true);
    }

    @Test
    public void testQueryTaskIgnoreTaskRead() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(TaskPermissions.READ.name());
        arrayList.add(ProcessDefinitionPermissions.READ_TASK.name());
        this.processEngineConfiguration.setDisabledPermissions(arrayList);
        this.taskService.saveTask(this.taskService.newTask("taskId"));
        this.authRule.enableAuthorization(USER_ID);
        Assert.assertNotNull((Task) this.taskService.createTaskQuery().singleResult());
        this.authRule.disableAuthorization();
        this.taskService.deleteTask("taskId", true);
    }

    @Test
    @RequiredHistoryLevel("audit")
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testDeleteHistoricProcessInstanceIgnoreDeleteHistory() {
        this.processEngineConfiguration.setDisabledPermissions(Arrays.asList(Permissions.DELETE_HISTORY.name()));
        ProcessInstance startProcessInstanceByKey = this.runtimeService.startProcessInstanceByKey("oneTaskProcess");
        this.runtimeService.deleteProcessInstance(startProcessInstanceByKey.getId(), AbstractExecutionListenerSpec.ANY_EVENT);
        this.authRule.enableAuthorization(USER_ID);
        this.engineRule.getHistoryService().deleteHistoricProcessInstance(startProcessInstanceByKey.getId());
        this.authRule.disableAuthorization();
        Assert.assertNull(this.engineRule.getHistoryService().createHistoricProcessInstanceQuery().singleResult());
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testQueryDeploymentIgnoreRead() {
        this.engineRule.getProcessEngineConfiguration().setDisabledPermissions(Arrays.asList(Permissions.READ.name()));
        this.authRule.enableAuthorization(USER_ID);
        Assert.assertEquals(1L, this.engineRule.getRepositoryService().createDeploymentQuery().list().size());
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml"})
    public void testStartableInTasklistIgnoreRead() {
        this.processEngineConfiguration.setDisabledPermissions(Arrays.asList(Permissions.READ.name()));
        this.authRule.createGrantAuthorization(Resources.PROCESS_DEFINITION, "oneTaskProcess", USER_ID, Permissions.CREATE_INSTANCE);
        this.authRule.createGrantAuthorization(Resources.PROCESS_INSTANCE, "*", USER_ID, Permissions.CREATE);
        this.authRule.disableAuthorization();
        ProcessDefinition processDefinition = (ProcessDefinition) this.repositoryService.createProcessDefinitionQuery().processDefinitionKey("oneTaskProcess").singleResult();
        this.authRule.enableAuthorization(USER_ID);
        List list = this.repositoryService.createProcessDefinitionQuery().startablePermissionCheck().startableInTasklist().list();
        Assert.assertNotNull(list);
        Assert.assertEquals(1L, this.repositoryService.createProcessDefinitionQuery().startablePermissionCheck().startableInTasklist().count());
        Assert.assertEquals(processDefinition.getId(), ((ProcessDefinition) list.get(0)).getId());
        Assert.assertTrue(((ProcessDefinition) list.get(0)).isStartableInTasklist());
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/authorization/timerBoundaryEventProcess.bpmn20.xml"})
    public void testDeploymentStatisticsIgnoreReadInstance() {
        this.processEngineConfiguration.setDisabledPermissions(Arrays.asList(Permissions.READ_INSTANCE.name()));
        this.runtimeService.startProcessInstanceByKey("timerBoundaryProcess");
        this.authRule.enableAuthorization(USER_ID);
        for (DeploymentStatistics deploymentStatistics : this.engineRule.getManagementService().createDeploymentStatisticsQuery().list()) {
            Assert.assertEquals("Instances", 1L, deploymentStatistics.getInstances());
            Assert.assertEquals("Failed Jobs", 0L, deploymentStatistics.getFailedJobs());
            Assert.assertTrue("Incidents supposed to be empty", deploymentStatistics.getIncidentStatistics().isEmpty());
        }
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/authorization/timerBoundaryEventProcess.bpmn20.xml"})
    public void testActivityStatisticsIgnoreRead() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Permissions.READ.name());
        arrayList.add(Permissions.READ_INSTANCE.name());
        this.processEngineConfiguration.setDisabledPermissions(arrayList);
        String processDefinitionId = this.runtimeService.startProcessInstanceByKey("timerBoundaryProcess").getProcessDefinitionId();
        this.authRule.enableAuthorization(USER_ID);
        ActivityStatistics activityStatistics = (ActivityStatistics) this.managementService.createActivityStatisticsQuery(processDefinitionId).singleResult();
        Assert.assertNotNull(activityStatistics);
        Assert.assertEquals("task", activityStatistics.getId());
        Assert.assertEquals(1L, activityStatistics.getInstances());
        Assert.assertEquals(0L, activityStatistics.getFailedJobs());
        Assert.assertTrue(activityStatistics.getIncidentStatistics().isEmpty());
    }

    @Test
    @Deployment(resources = {"org/camunda/bpm/engine/test/api/externaltask/oneExternalTaskProcess.bpmn20.xml"})
    @Ignore("CAM-9888")
    public void testFetchAndLockIgnoreRead() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Permissions.READ.name());
        arrayList.add(Permissions.READ_INSTANCE.name());
        this.processEngineConfiguration.setDisabledPermissions(arrayList);
        ProcessInstance startProcessInstanceByKey = this.runtimeService.startProcessInstanceByKey("oneExternalTaskProcess");
        this.authRule.createGrantAuthorization(Resources.PROCESS_INSTANCE, "*", USER_ID, Permissions.UPDATE);
        this.authRule.enableAuthorization(USER_ID);
        List execute = this.engineRule.getExternalTaskService().fetchAndLock(1, "aWorkerId").topic("externalTaskTopic", FetchExternalTaskAuthorizationTest.LOCK_TIME).execute();
        Assert.assertEquals(1L, execute.size());
        LockedExternalTask lockedExternalTask = (LockedExternalTask) execute.get(0);
        Assert.assertNotNull(lockedExternalTask.getId());
        Assert.assertEquals(startProcessInstanceByKey.getId(), lockedExternalTask.getProcessInstanceId());
        Assert.assertEquals(startProcessInstanceByKey.getProcessDefinitionId(), lockedExternalTask.getProcessDefinitionId());
        Assert.assertEquals(DefaultExternalTaskModelBuilder.DEFAULT_EXTERNAL_TASK_NAME, lockedExternalTask.getActivityId());
        Assert.assertEquals("oneExternalTaskProcess", lockedExternalTask.getProcessDefinitionKey());
    }

    protected void startProcessAndExecuteJob(String str) {
        this.runtimeService.startProcessInstanceByKey(str);
        executeAvailableJobs(str);
    }

    protected void executeAvailableJobs(String str) {
        List list = this.managementService.createJobQuery().processDefinitionKey(str).withRetriesLeft().list();
        if (list.isEmpty()) {
            return;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                this.managementService.executeJob(((Job) it.next()).getId());
            } catch (Exception e) {
            }
        }
        executeAvailableJobs(str);
    }
}
