package org.camunda.bpm.engine.test.api.authorization;

import java.util.List;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.ProcessEngineConfiguration;
import org.camunda.bpm.engine.TaskService;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.test.ProcessEngineRule;
import org.camunda.bpm.engine.test.util.ProcessEngineTestRule;
import org.camunda.bpm.engine.test.util.ProvidedProcessEngineRule;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/TaskCountByCandidateGroupAuthorizationTest.class */
public class TaskCountByCandidateGroupAuthorizationTest {
    protected TaskService taskService;
    protected IdentityService identityService;
    protected AuthorizationService authorizationService;
    protected ProcessEngineConfiguration processEngineConfiguration;
    public ProcessEngineRule processEngineRule = new ProvidedProcessEngineRule();
    public ProcessEngineTestRule processEngineTestRule = new ProcessEngineTestRule(this.processEngineRule);

    @Rule
    public RuleChain ruleChain = RuleChain.outerRule(this.processEngineTestRule).around(this.processEngineRule);
    protected String userId = "user";

    @Before
    public void setUp() {
        this.taskService = this.processEngineRule.getTaskService();
        this.identityService = this.processEngineRule.getIdentityService();
        this.authorizationService = this.processEngineRule.getAuthorizationService();
        this.processEngineConfiguration = this.processEngineRule.getProcessEngineConfiguration();
    }

    @Test
    public void shouldFetchTaskCountWithAuthorization() {
        this.identityService.saveUser(this.identityService.newUser(this.userId));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.addPermission(Permissions.READ);
        createNewAuthorization.setResource(Resources.TASK);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.setUserId(this.userId);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        authenticate();
        List taskCountByCandidateGroup = this.taskService.createTaskReport().taskCountByCandidateGroup();
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        this.authorizationService.deleteAuthorization(createNewAuthorization.getId());
        this.identityService.deleteUser(this.userId);
        Assert.assertEquals(0L, taskCountByCandidateGroup.size());
    }

    @Test
    public void shouldFailToFetchTaskCountWithMissingAuthorization() {
        boolean z = false;
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        authenticate();
        try {
            this.taskService.createTaskReport().taskCountByCandidateGroup();
            z = true;
        } catch (AuthorizationException e) {
            if (!e.getMessage().contains(this.userId + "' does not have 'READ' permission on resource '*' of type 'Task'")) {
                z = true;
            }
        }
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        if (z) {
            Assert.fail("There should be an authorization exception for '" + this.userId + "' because of a missing 'READ' permission on 'Task'.");
        }
    }

    protected void authenticate() {
        this.identityService.setAuthentication(this.userId, (List) null, (List) null);
    }
}
