package org.camunda.bpm.engine.test.api.authorization.history;

import org.assertj.core.api.Assertions;
import org.camunda.bpm.engine.authorization.HistoricProcessInstancePermissions;
import org.camunda.bpm.engine.authorization.HistoricTaskPermissions;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.ProcessDefinitionPermissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.task.Task;
import org.camunda.bpm.engine.test.RequiredHistoryLevel;
import org.camunda.bpm.engine.test.api.authorization.AuthorizationTest;
import org.camunda.bpm.engine.test.api.authorization.DeleteProcessDefinitionAuthorizationTest;
import org.camunda.bpm.engine.test.api.cfg.FallbackSerializerFactoryTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

@RequiredHistoryLevel("full")
/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/history/HistoricIdentityLinkLogAuthorizationTest.class */
public class HistoricIdentityLinkLogAuthorizationTest extends AuthorizationTest {
    protected static final String ONE_PROCESS_KEY = "demoAssigneeProcess";
    protected static final String CASE_KEY = "oneTaskCase";

    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    @Before
    public void setUp() throws Exception {
        this.testRule.deploy("org/camunda/bpm/engine/test/api/authorization/oneTaskProcess.bpmn20.xml", "org/camunda/bpm/engine/test/api/authorization/oneTaskCase.cmmn");
        super.setUp();
    }

    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    @After
    public void tearDown() {
        super.tearDown();
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(false);
    }

    @Test
    public void testQueryForStandaloneTaskHistoricIdentityLinkWithoutAuthrorization() {
        disableAuthorization();
        Task newTask = this.taskService.newTask("newTask");
        newTask.setAssignee("aUserId");
        this.taskService.saveTask(newTask);
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 1);
        disableAuthorization();
        this.taskService.deleteTask("newTask", true);
        enableAuthorization();
    }

    @Test
    public void testQueryForTaskHistoricIdentityLinkWithoutUserPermission() {
        disableAuthorization();
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        String id = ((Task) this.taskService.createTaskQuery().singleResult()).getId();
        this.identityService.setAuthenticatedUserId("aAssignerId");
        this.taskService.addCandidateUser(id, "aUserId");
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 0);
    }

    @Test
    public void testQueryForTaskHistoricIdentityLinkWithUserPermission() {
        disableAuthorization();
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 1);
    }

    @Test
    public void testQueryWithMultiple() {
        disableAuthorization();
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 1);
    }

    @Test
    public void shouldNotFindLinkWithRevokedReadHistoryPermissionOnAnyProcessDefinition() {
        disableAuthorization();
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, "*", this.userId, Permissions.READ_HISTORY);
        createRevokeAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 0);
    }

    @Test
    public void testQueryCaseTask() {
        this.testRule.createCaseInstanceByKey(CASE_KEY);
        String id = ((Task) this.taskService.createTaskQuery().singleResult()).getId();
        this.identityService.setAuthenticatedUserId("aAssignerId");
        this.taskService.addCandidateUser(id, "aUserId");
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 1);
    }

    @Test
    public void testMixedQuery() {
        disableAuthorization();
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        this.testRule.createCaseInstanceByKey(CASE_KEY);
        this.taskService.addCandidateUser(((Task) this.taskService.createTaskQuery().list().get(3)).getId(), "dUserId");
        this.testRule.createCaseInstanceByKey(CASE_KEY);
        this.taskService.addCandidateUser(((Task) this.taskService.createTaskQuery().list().get(4)).getId(), "eUserId");
        createTaskAndAssignUser(DeleteProcessDefinitionAuthorizationTest.PROCESS_DEFINITION_KEY);
        createTaskAndAssignUser("two");
        createTaskAndAssignUser("three");
        createTaskAndAssignUser("four");
        createTaskAndAssignUser("five");
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 7);
        disableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 10);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        enableAuthorization();
        verifyQueryResults(this.historyService.createHistoricIdentityLinkLogQuery(), 10);
        deleteTask(DeleteProcessDefinitionAuthorizationTest.PROCESS_DEFINITION_KEY, true);
        deleteTask("two", true);
        deleteTask("three", true);
        deleteTask("four", true);
        deleteTask("five", true);
    }

    @Test
    public void testCheckNonePermissionOnHistoricTask() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        createGrantAuthorization(Resources.HISTORIC_TASK, selectSingleTask().getId(), this.userId, HistoricTaskPermissions.NONE);
        Assert.assertEquals(0L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
    }

    @Test
    public void testCheckReadPermissionOnHistoricTask() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        createGrantAuthorization(Resources.HISTORIC_TASK, selectSingleTask().getId(), this.userId, HistoricTaskPermissions.READ);
        Assert.assertEquals(1L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
    }

    @Test
    public void testCheckReadPermissionOnStandaloneHistoricTask() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        createTask("aTaskId");
        disableAuthorization();
        this.taskService.setAssignee("aTaskId", this.userId);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_TASK, "aTaskId", this.userId, HistoricTaskPermissions.READ);
        Assert.assertEquals(1L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
        deleteTask("aTaskId", true);
    }

    @Test
    public void testCheckNonePermissionOnStandaloneHistoricTask() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        createTask("aTaskId");
        disableAuthorization();
        this.taskService.setAssignee("aTaskId", this.userId);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_TASK, "aTaskId", this.userId, HistoricTaskPermissions.NONE);
        Assert.assertEquals(0L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
        deleteTask("aTaskId", true);
    }

    @Test
    public void testCheckReadPermissionOnCompletedHistoricTask() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        String id = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.complete(id);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_TASK, id, this.userId, HistoricTaskPermissions.READ);
        Assert.assertEquals(1L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
    }

    @Test
    public void testCheckNonePermissionOnHistoricTaskAndReadHistoryPermissionOnProcessDefinition() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        String id = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.complete(id);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_TASK, id, this.userId, HistoricTaskPermissions.NONE);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        Assert.assertEquals(1L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
    }

    @Test
    public void testCheckReadPermissionOnHistoricTaskAndNonePermissionOnProcessDefinition() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        String id = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.complete(id);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_TASK, id, this.userId, HistoricTaskPermissions.READ);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, ProcessDefinitionPermissions.NONE);
        Assert.assertEquals(1L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
    }

    @Test
    public void testHistoricTaskPermissionsAuthorizationDisabled() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        startProcessInstanceByKey(ONE_PROCESS_KEY);
        String id = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.setVariable(id, "foo", FallbackSerializerFactoryTest.ExampleConstantSerializer.DESERIALIZED_VALUE);
        Assert.assertEquals(1L, this.historyService.createHistoricIdentityLinkLogQuery().list().size());
    }

    @Test
    public void testCheckNonePermissionOnHistoricProcessInstance() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, startProcessInstanceByKey(ONE_PROCESS_KEY).getId(), this.userId, HistoricProcessInstancePermissions.NONE);
        Assertions.assertThat(this.historyService.createHistoricIdentityLinkLogQuery().list()).isEmpty();
    }

    @Test
    public void testCheckReadPermissionOnHistoricProcessInstance() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String id = startProcessInstanceByKey(ONE_PROCESS_KEY).getId();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, id, this.userId, HistoricProcessInstancePermissions.READ);
        Assertions.assertThat(this.historyService.createHistoricIdentityLinkLogQuery().list()).extracting("rootProcessInstanceId").containsExactly(new Object[]{id});
    }

    @Test
    public void testCheckReadPermissionOnCompletedHistoricProcessInstance() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String id = startProcessInstanceByKey(ONE_PROCESS_KEY).getId();
        String id2 = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.complete(id2);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, id, this.userId, HistoricProcessInstancePermissions.READ);
        Assertions.assertThat(this.historyService.createHistoricIdentityLinkLogQuery().list()).extracting("rootProcessInstanceId").containsExactly(new Object[]{id});
    }

    @Test
    public void testCheckNoneOnHistoricProcessInstanceAndReadHistoryPermissionOnProcessDefinition() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String id = startProcessInstanceByKey(ONE_PROCESS_KEY).getId();
        String id2 = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.complete(id2);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, id, this.userId, HistoricProcessInstancePermissions.NONE);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, Permissions.READ_HISTORY);
        Assertions.assertThat(this.historyService.createHistoricIdentityLinkLogQuery().list()).extracting("rootProcessInstanceId").containsExactly(new Object[]{id});
    }

    @Test
    public void testCheckReadOnHistoricProcessInstanceAndNonePermissionOnProcessDefinition() {
        this.processEngineConfiguration.setEnableHistoricInstancePermissions(true);
        String id = startProcessInstanceByKey(ONE_PROCESS_KEY).getId();
        String id2 = selectSingleTask().getId();
        disableAuthorization();
        this.taskService.complete(id2);
        enableAuthorization();
        createGrantAuthorization(Resources.HISTORIC_PROCESS_INSTANCE, id, this.userId, HistoricProcessInstancePermissions.READ);
        createGrantAuthorization(Resources.PROCESS_DEFINITION, ONE_PROCESS_KEY, this.userId, ProcessDefinitionPermissions.NONE);
        Assertions.assertThat(this.historyService.createHistoricIdentityLinkLogQuery().list()).extracting("rootProcessInstanceId").containsExactly(new Object[]{id});
    }

    public void createTaskAndAssignUser(String str) {
        Task newTask = this.taskService.newTask(str);
        newTask.setAssignee("demo");
        this.taskService.saveTask(newTask);
    }
}
