package org.camunda.bpm.engine.test.api.identity;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.assertj.core.api.Assertions;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.test.util.ProcessEngineBootstrapRule;
import org.camunda.bpm.engine.test.util.ProcessEngineTestRule;
import org.camunda.bpm.engine.test.util.ProvidedProcessEngineRule;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/identity/AdminGroupsTest.class */
public class AdminGroupsTest {
    protected ProcessEngineBootstrapRule bootstrapRule = new ProcessEngineBootstrapRule();
    protected ProvidedProcessEngineRule engineRule = new ProvidedProcessEngineRule(this.bootstrapRule);
    public ProcessEngineTestRule testRule = new ProcessEngineTestRule(this.engineRule);

    @Rule
    public RuleChain ruleChain = RuleChain.outerRule(this.bootstrapRule).around(this.engineRule).around(this.testRule);
    protected ProcessEngineConfigurationImpl processEngineConfiguration;
    protected IdentityService identityService;
    protected AuthorizationService authorizationService;

    @Before
    public void init() {
        this.processEngineConfiguration = this.engineRule.getProcessEngineConfiguration();
        this.identityService = this.engineRule.getIdentityService();
        this.authorizationService = this.engineRule.getAuthorizationService();
    }

    @After
    public void tearDown() throws Exception {
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        cleanupAfterTest();
    }

    protected void cleanupAfterTest() {
        Iterator it = this.identityService.createGroupQuery().list().iterator();
        while (it.hasNext()) {
            this.identityService.deleteGroup(((Group) it.next()).getId());
        }
        Iterator it2 = this.identityService.createUserQuery().list().iterator();
        while (it2.hasNext()) {
            this.identityService.deleteUser(((User) it2.next()).getId());
        }
        Iterator it3 = this.authorizationService.createAuthorizationQuery().list().iterator();
        while (it3.hasNext()) {
            this.authorizationService.deleteAuthorization(((Authorization) it3.next()).getId());
        }
    }

    @Test
    public void testWithoutAdminGroup() {
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        this.identityService.newUser("jonny1");
        this.identityService.setAuthentication("nonAdmin", (List) null, (List) null);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assertions.assertThatThrownBy(() -> {
            this.identityService.unlockUser("jonny1");
        }).isInstanceOf(AuthorizationException.class).hasMessageContaining("Required admin authenticated group or user.");
    }

    @Test
    public void testWithAdminGroup() {
        this.processEngineConfiguration.getAdminGroups().add("adminGroup");
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        this.identityService.setAuthentication("admin", Collections.singletonList("adminGroup"), (List) null);
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("admin");
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.unlockUser("jonny1");
    }
}
