package org.camunda.bpm.engine.test.api.identity;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.exception.NullValueException;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.test.util.PluggableProcessEngineTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/identity/AuthorizationServiceWithEnabledAuthorizationTest.class */
public class AuthorizationServiceWithEnabledAuthorizationTest extends PluggableProcessEngineTest {
    @Before
    public void setUp() throws Exception {
        this.processEngineConfiguration.setAuthorizationEnabled(true);
    }

    @After
    public void tearDown() throws Exception {
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        cleanupAfterTest();
    }

    @Test
    public void testAuthorizationCheckEmptyDb() {
        TestResource testResource = TestResource.RESOURCE1;
        TestResource testResource2 = TestResource.RESOURCE2;
        List asList = Arrays.asList("sales", "marketing");
        List singletonList = Collections.singletonList("marketing");
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.ALL, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone", singletonList, TestPermissions.CREATE, testResource2));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.DELETE, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.ALL, testResource, "someId"));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone", singletonList, TestPermissions.CREATE, testResource2, "someId"));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.DELETE, testResource, "someOtherId"));
    }

    @Test
    public void testUserOverrideGlobalGrantAuthorizationCheck() {
        TestResource testResource = TestResource.RESOURCE1;
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(testResource);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(TestPermissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization2.setUserId("jonny");
        createNewAuthorization2.setResource(testResource);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.removePermission(TestPermissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        List asList = Arrays.asList("sales", "marketing");
        List singletonList = Collections.singletonList("marketing");
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.ALL, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.ALL, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.READ, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.ALL, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", singletonList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.ALL, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", singletonList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.DELETE, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.DELETE, testResource));
    }

    @Test
    public void testGroupOverrideGlobalGrantAuthorizationCheck() {
        TestResource testResource = TestResource.RESOURCE1;
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(testResource);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(TestPermissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization2.setGroupId("sales");
        createNewAuthorization2.setResource(testResource);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.removePermission(TestPermissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        List asList = Arrays.asList("sales", "marketing");
        List singletonList = Collections.singletonList("marketing");
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.ALL, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.ALL, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", singletonList, TestPermissions.ALL, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", singletonList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.ALL, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.READ, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", asList, TestPermissions.ALL, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", asList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.DELETE, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.DELETE, testResource));
    }

    @Test
    public void testUserOverrideGlobalRevokeAuthorizationCheck() {
        TestResource testResource = TestResource.RESOURCE1;
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(testResource);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.removePermission(TestPermissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId("jonny");
        createNewAuthorization2.setResource(testResource);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.addPermission(TestPermissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.ALL, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.READ, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.DELETE, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.ALL, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.READ, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", (List) null, TestPermissions.DELETE, testResource));
    }

    @Test
    public void testNullAuthorizationCheckUserGroup() {
        try {
            this.authorizationService.isUserAuthorized((String) null, (List) null, TestPermissions.UPDATE, TestResource.RESOURCE1);
            Assert.fail("Expected NullValueException");
        } catch (NullValueException e) {
            Assert.assertTrue(e.getMessage().contains("Authorization must have a 'userId' or/and a 'groupId'"));
        }
    }

    @Test
    public void testNullAuthorizationCheckPermission() {
        try {
            this.authorizationService.isUserAuthorized("jonny", (List) null, (Permission) null, TestResource.RESOURCE1);
            Assert.fail("Expected NullValueException");
        } catch (NullValueException e) {
            Assert.assertTrue(e.getMessage().contains("Invalid permission for an authorization"));
        }
    }

    @Test
    public void testNullAuthorizationCheckResource() {
        try {
            this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.UPDATE, (Resource) null);
            Assert.fail("Expected NullValueException");
        } catch (NullValueException e) {
            Assert.assertTrue(e.getMessage().contains("Invalid resource for an authorization"));
        }
    }

    @Test
    public void testUserOverrideGroupOverrideGlobalAuthorizationCheck() {
        TestResource testResource = TestResource.RESOURCE1;
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(testResource);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(TestPermissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization2.setGroupId("sales");
        createNewAuthorization2.setResource(testResource);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.removePermission(TestPermissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        Authorization createNewAuthorization3 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization3.setUserId("jonny");
        createNewAuthorization3.setResource(testResource);
        createNewAuthorization3.setResourceId("*");
        createNewAuthorization3.addPermission(TestPermissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization3);
        List asList = Arrays.asList("sales", "marketing");
        List singletonList = Collections.singletonList("marketing");
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", asList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.READ, testResource));
        Assert.assertFalse(this.authorizationService.isUserAuthorized("someone else", asList, TestPermissions.READ, testResource));
        Assert.assertTrue(this.authorizationService.isUserAuthorized("someone else", singletonList, TestPermissions.READ, testResource));
    }

    @Test
    public void testEnabledAuthorizationCheck() {
        Assert.assertFalse(this.authorizationService.isUserAuthorized("jonny", (List) null, TestPermissions.UPDATE, TestResource.RESOURCE1));
    }

    protected void cleanupAfterTest() {
        Iterator it = this.identityService.createUserQuery().list().iterator();
        while (it.hasNext()) {
            this.identityService.deleteUser(((User) it.next()).getId());
        }
        Iterator it2 = this.authorizationService.createAuthorizationQuery().list().iterator();
        while (it2.hasNext()) {
            this.authorizationService.deleteAuthorization(((Authorization) it2.next()).getId());
        }
    }
}
