package org.camunda.bpm.engine.test.api.authorization.history;

import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import org.assertj.core.api.Assertions;
import org.assertj.core.groups.Tuple;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.authorization.HistoricProcessInstancePermissions;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.ProcessDefinitionPermissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.history.HistoricJobLog;
import org.camunda.bpm.engine.history.HistoricJobLogQuery;
import org.camunda.bpm.engine.history.HistoricProcessInstance;
import org.camunda.bpm.engine.impl.interceptor.Command;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.query.Query;
import org.camunda.bpm.engine.runtime.Job;
import org.camunda.bpm.engine.task.Task;
import org.camunda.bpm.engine.test.RequiredHistoryLevel;
import org.camunda.bpm.engine.test.api.authorization.AuthorizationTest;
import org.camunda.bpm.engine.test.api.cfg.FallbackSerializerFactoryTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

@RequiredHistoryLevel("full")
/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/history/HistoricJobLogAuthorizationTest.class */
public class HistoricJobLogAuthorizationTest extends AuthorizationTest {
    protected static final String TIMER_START_PROCESS_KEY = "timerStartProcess";
    protected static final String TIMER_BOUNDARY_PROCESS_KEY = "timerBoundaryProcess";
    protected static final String ONE_INCIDENT_PROCESS_KEY = "process";
    protected String batchId;
    protected String deploymentId;

    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    @Before
    public void setUp() throws Exception {
        this.deploymentId = this.testRule.deploy("org/camunda/bpm/engine/test/api/authorization/timerStartEventProcess.bpmn20.xml", "org/camunda/bpm/engine/test/api/authorization/timerBoundaryEventProcess.bpmn20.xml", "org/camunda/bpm/engine/test/api/authorization/oneIncidentProcess.bpmn20.xml").getId();
        super.setUp();
    }

    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    @After
    public void tearDown() {
        super.tearDown();
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Object>() { // from class: org.camunda.bpm.engine.test.api.authorization.history.HistoricJobLogAuthorizationTest.1
            public Object execute(CommandContext commandContext) {
                commandContext.getHistoricJobLogManager().deleteHistoricJobLogsByHandlerType("suspend-processdefinition");
                return null;
            }
        });
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(false);
        if (this.batchId != null) {
            this.managementService.deleteBatch(this.batchId, true);
            this.batchId = null;
        }
    }

    @Test
    public void testStartTimerJobLogQueryWithoutAuthorization() {
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 0);
    }

    @Test
    public void testStartTimerJobLogQueryWithReadHistoryPermissionOnProcessDefinition() {
        createGrantAuthorization(Resources.PROCESS_DEFINITION, TIMER_START_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 1);
    }

    @Test
    public void testStartTimerJobLogQueryWithReadHistoryPermissionOnAnyProcessDefinition() {
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 1);
    }

    @Test
    public void testSimpleQueryWithoutAuthorization() {
        startProcessAndExecuteJob("process");
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 0);
    }

    @Test
    public void testSimpleQueryWithHistoryReadPermissionOnProcessDefinition() {
        startProcessAndExecuteJob("process");
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 4);
    }

    @Test
    public void testSimpleQueryWithHistoryReadPermissionOnAnyProcessDefinition() {
        startProcessAndExecuteJob("process");
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 5);
    }

    @Test
    public void testSimpleQueryWithMultiple() {
        startProcessAndExecuteJob("process");
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 5);
    }

    @Test
    public void testQueryWithoutAuthorization() {
        startProcessAndExecuteJob("process");
        startProcessAndExecuteJob("process");
        startProcessAndExecuteJob("process");
        disableAuthorization();
        this.managementService.executeJob(((Job) this.managementService.createJobQuery().processDefinitionKey(TIMER_START_PROCESS_KEY).singleResult()).getId());
        this.managementService.executeJob(((Job) this.managementService.createJobQuery().processDefinitionKey(TIMER_START_PROCESS_KEY).singleResult()).getId());
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 0);
    }

    @Test
    public void testQueryWithHistoryReadPermissionOnProcessDefinition() {
        startProcessAndExecuteJob("process");
        startProcessAndExecuteJob("process");
        startProcessAndExecuteJob("process");
        disableAuthorization();
        this.managementService.executeJob(((Job) this.managementService.createJobQuery().processDefinitionKey(TIMER_START_PROCESS_KEY).singleResult()).getId());
        this.managementService.executeJob(((Job) this.managementService.createJobQuery().processDefinitionKey(TIMER_START_PROCESS_KEY).singleResult()).getId());
        enableAuthorization();
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 12);
    }

    @Test
    public void testQueryWithHistoryReadPermissionOnAnyProcessDefinition() {
        startProcessAndExecuteJob("process");
        startProcessAndExecuteJob("process");
        startProcessAndExecuteJob("process");
        disableAuthorization();
        this.managementService.executeJob(((Job) this.managementService.createJobQuery().processDefinitionKey(TIMER_START_PROCESS_KEY).singleResult()).getId());
        this.managementService.executeJob(((Job) this.managementService.createJobQuery().processDefinitionKey(TIMER_START_PROCESS_KEY).singleResult()).getId());
        enableAuthorization();
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 17);
    }

    @Test
    public void testQueryAfterStandaloneJob() {
        disableAuthorization();
        this.repositoryService.suspendProcessDefinitionByKey(TIMER_BOUNDARY_PROCESS_KEY, true, new Date());
        enableAuthorization();
        HistoricJobLogQuery createHistoricJobLogQuery = this.historyService.createHistoricJobLogQuery();
        verifyQueryResults(createHistoricJobLogQuery, 1);
        Assert.assertNull(((HistoricJobLog) createHistoricJobLogQuery.singleResult()).getProcessDefinitionKey());
        deleteDeployment(this.deploymentId);
        disableAuthorization();
        this.managementService.deleteJob(((Job) this.managementService.createJobQuery().singleResult()).getId());
        enableAuthorization();
    }

    @Test
    public void testQueryAfterDeletingDeployment() {
        startProcessInstanceByKey(TIMER_BOUNDARY_PROCESS_KEY);
        startProcessInstanceByKey(TIMER_BOUNDARY_PROCESS_KEY);
        startProcessInstanceByKey(TIMER_BOUNDARY_PROCESS_KEY);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, TIMER_BOUNDARY_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        disableAuthorization();
        Iterator it = this.taskService.createTaskQuery().list().iterator();
        while (it.hasNext()) {
            this.taskService.complete(((Task) it.next()).getId());
        }
        enableAuthorization();
        disableAuthorization();
        this.repositoryService.deleteDeployment(this.deploymentId);
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricJobLogQuery(), 6);
        disableAuthorization();
        Iterator it2 = this.historyService.createHistoricProcessInstanceQuery().list().iterator();
        while (it2.hasNext()) {
            this.historyService.deleteHistoricProcessInstance(((HistoricProcessInstance) it2.next()).getId());
        }
        enableAuthorization();
    }

    @Test
    public void testGetHistoricStandaloneJobLogExceptionStacktrace() {
        disableAuthorization();
        this.repositoryService.suspendProcessDefinitionByKey(TIMER_BOUNDARY_PROCESS_KEY, true, new Date());
        enableAuthorization();
        Assert.assertNull(this.historyService.getHistoricJobLogExceptionStacktrace(((HistoricJobLog) this.historyService.createHistoricJobLogQuery().singleResult()).getId()));
        deleteDeployment(this.deploymentId);
        disableAuthorization();
        this.managementService.deleteJob(((Job) this.managementService.createJobQuery().singleResult()).getId());
        enableAuthorization();
    }

    @Test
    public void testGetHistoricJobLogExceptionStacktraceWithoutAuthorization() {
        startProcessAndExecuteJob("process");
        disableAuthorization();
        String id = ((HistoricJobLog) this.historyService.createHistoricJobLogQuery().failureLog().listPage(0, 1).get(0)).getId();
        enableAuthorization();
        try {
            this.historyService.getHistoricJobLogExceptionStacktrace(id);
            Assert.fail("Exception expected: It should not be possible to get the historic job log exception stacktrace");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            this.testRule.assertTextPresent(this.userId, message);
            this.testRule.assertTextPresent(Permissions.READ_HISTORY.getName(), message);
            this.testRule.assertTextPresent("process", message);
            this.testRule.assertTextPresent(Resources.PROCESS_DEFINITION.resourceName(), message);
        }
    }

    @Test
    public void testGetHistoricJobLogExceptionStacktraceWithReadHistoryPermissionOnProcessDefinition() {
        startProcessAndExecuteJob("process");
        disableAuthorization();
        String id = ((HistoricJobLog) this.historyService.createHistoricJobLogQuery().failureLog().listPage(0, 1).get(0)).getId();
        enableAuthorization();
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, Permissions.READ_HISTORY);
        Assert.assertNotNull(this.historyService.getHistoricJobLogExceptionStacktrace(id));
    }

    @Test
    public void testGetHistoricJobLogExceptionStacktraceWithReadHistoryPermissionOnAnyProcessDefinition() {
        startProcessAndExecuteJob("process");
        disableAuthorization();
        String id = ((HistoricJobLog) this.historyService.createHistoricJobLogQuery().failureLog().listPage(0, 1).get(0)).getId();
        enableAuthorization();
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        Assert.assertNotNull(this.historyService.getHistoricJobLogExceptionStacktrace(id));
    }

    @Test
    public void testCheckNonePermissionOnHistoricProcessInstance() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, startProcessAndExecuteJob("process").getProcessInstanceId(), this.userId, HistoricProcessInstancePermissions.NONE);
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().list()).isEmpty();
    }

    @Test
    public void testCheckReadPermissionOnHistoricProcessInstance() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String processInstanceId = startProcessAndExecuteJob("process").getProcessInstanceId();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, this.userId, HistoricProcessInstancePermissions.READ);
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().list()).extracting("processInstanceId").containsExactly(new Object[]{processInstanceId, processInstanceId, processInstanceId, processInstanceId});
    }

    @Test
    public void testCheckNoneOnHistoricProcessInstanceAndReadHistoryPermissionOnProcessDefinition() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String processInstanceId = startProcessAndExecuteJob("process").getProcessInstanceId();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, this.userId, HistoricProcessInstancePermissions.NONE);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, Permissions.READ_HISTORY);
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().list()).extracting("processInstanceId").containsExactly(new Object[]{processInstanceId, processInstanceId, processInstanceId, processInstanceId});
    }

    @Test
    public void testCheckReadOnHistoricProcessInstanceAndNonePermissionOnProcessDefinition() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String processInstanceId = startProcessAndExecuteJob("process").getProcessInstanceId();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, processInstanceId, this.userId, HistoricProcessInstancePermissions.READ);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "process", this.userId, ProcessDefinitionPermissions.NONE);
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().list()).extracting("processInstanceId").containsExactly(new Object[]{processInstanceId, processInstanceId, processInstanceId, processInstanceId});
    }

    @Test
    public void testHistoricProcessInstancePermissionsAuthorizationDisabled() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String processInstanceId = startProcessAndExecuteJob("process").getProcessInstanceId();
        disableAuthorization();
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().processInstanceId(processInstanceId).list()).extracting("processInstanceId").containsExactly(new Object[]{processInstanceId, processInstanceId, processInstanceId, processInstanceId});
    }

    @Test
    public void testSkipAuthOnNonProcessJob() {
        String processInstanceId = startProcessAndExecuteJob("process").getProcessInstanceId();
        disableAuthorization();
        this.batchId = this.runtimeService.deleteProcessInstancesAsync(Arrays.asList(processInstanceId), FallbackSerializerFactoryTest.ExampleConstantSerializer.DESERIALIZED_VALUE).getId();
        enableAuthorization();
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().list()).extracting(new String[]{"jobDefinitionType", "processInstanceId"}).containsExactly(new Tuple[]{Assertions.tuple(new Object[]{"batch-seed-job", null})});
    }

    @Test
    public void testSkipAuthOnNonProcessJob_HistoricInstancePermissionsEnabled() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String processInstanceId = startProcessAndExecuteJob("process").getProcessInstanceId();
        disableAuthorization();
        this.batchId = this.runtimeService.deleteProcessInstancesAsync(Arrays.asList(processInstanceId), FallbackSerializerFactoryTest.ExampleConstantSerializer.DESERIALIZED_VALUE).getId();
        enableAuthorization();
        Assertions.assertThat(this.historyService.createHistoricJobLogQuery().list()).extracting(new String[]{"jobDefinitionType", "processInstanceId"}).containsExactly(new Tuple[]{Assertions.tuple(new Object[]{"batch-seed-job", null})});
    }

    protected void verifyQueryResults(HistoricJobLogQuery historicJobLogQuery, int i) {
        verifyQueryResults((Query<?, ?>) historicJobLogQuery, i);
    }
}
