package org.camunda.bpm.engine.test.api.identity;

import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.time.DateUtils;
import org.assertj.core.api.Assertions;
import org.assertj.core.groups.Tuple;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.MissingAuthorization;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.TenantQuery;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.engine.impl.persistence.entity.TenantEntity;
import org.camunda.bpm.engine.impl.persistence.entity.UserEntity;
import org.camunda.bpm.engine.impl.util.ClockUtil;
import org.camunda.bpm.engine.test.api.authorization.util.AuthorizationTestUtil;
import org.camunda.bpm.engine.test.util.PluggableProcessEngineTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/identity/IdentityServiceAuthorizationsTest.class */
public class IdentityServiceAuthorizationsTest extends PluggableProcessEngineTest {
    private static final String jonny2 = "jonny2";

    @After
    public void tearDown() throws Exception {
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        cleanupAfterTest();
    }

    @Test
    public void shouldCreateTransientUserWithoutPermission() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.newUser("jonny1");
        } catch (AuthorizationException e) {
            Assert.fail("no authorization exception expected");
        }
    }

    @Test
    public void testUserInsertionAuthorizations() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.saveUser(this.identityService.newUser("jonny1"));
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.USER.resourceName(), null, missingAuthorization);
        }
    }

    @Test
    public void testUserDeleteAuthorizations() {
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.deleteUser("jonny1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.USER.resourceName(), "jonny1", missingAuthorization);
        }
    }

    @Test
    public void testTenantAuthorizationAfterDeleteUser() {
        this.identityService.saveUser(this.identityService.newUser(jonny2));
        grantPermissions();
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        User newUser = this.identityService.newUser("jonny1");
        this.identityService.saveUser(newUser);
        String id = newUser.getId();
        this.identityService.saveTenant(this.identityService.newTenant("tenant1"));
        this.identityService.createTenantUserMembership("tenant1", id);
        TenantQuery userMember = this.identityService.createTenantQuery().userMember(id);
        Assertions.assertThat(userMember.count()).isEqualTo(1L);
        this.identityService.deleteUser(id);
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Assertions.assertThat(userMember.count()).isEqualTo(0L);
        Assertions.assertThat(this.authorizationService.createAuthorizationQuery().resourceType(Resources.TENANT).userIdIn(new String[]{id}).count()).isEqualTo(0L);
    }

    @Test
    public void testUserUpdateAuthorizations() {
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.UPDATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        User user = (User) this.identityService.createUserQuery().singleResult();
        user.setFirstName("Jonny");
        try {
            this.identityService.saveUser(user);
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.UPDATE.getName(), Resources.USER.resourceName(), "jonny1", missingAuthorization);
        }
        this.identityService.saveUser(this.identityService.newUser("jonny3"));
    }

    @Test
    public void testUserUnlock() throws ParseException {
        User newUser = this.identityService.newUser("jonny");
        newUser.setPassword("xxx");
        this.identityService.saveUser(newUser);
        lockUser("jonny", "invalid pwd");
        UserEntity userEntity = (UserEntity) this.identityService.createUserQuery().userId(newUser.getId()).singleResult();
        Assert.assertNotNull(userEntity);
        Assert.assertNotNull(userEntity.getLockExpirationTime());
        Assert.assertEquals(10, userEntity.getAttempts());
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthentication("admin", Collections.singletonList("camunda-admin"), (List) null);
        this.identityService.unlockUser(userEntity.getId());
        UserEntity userEntity2 = (UserEntity) this.identityService.createUserQuery().userId(newUser.getId()).singleResult();
        Assert.assertNotNull(userEntity2);
        Assert.assertNull(userEntity2.getLockExpirationTime());
        Assert.assertEquals(0L, userEntity2.getAttempts());
    }

    @Test
    public void testUserUnlockWithoutAuthorization() throws ParseException {
        User newUser = this.identityService.newUser("jonny");
        newUser.setPassword("xxx");
        this.identityService.saveUser(newUser);
        lockUser("jonny", "invalid pwd");
        UserEntity userEntity = (UserEntity) this.identityService.createUserQuery().userId(newUser.getId()).singleResult();
        Assert.assertNotNull(userEntity);
        Assert.assertNotNull(userEntity.getLockExpirationTime());
        Assert.assertEquals(10, userEntity.getAttempts());
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthentication("admin", (List) null, (List) null);
        try {
            this.identityService.unlockUser(userEntity.getId());
            Assert.fail("expected exception");
        } catch (AuthorizationException e) {
            Assert.assertTrue(e.getMessage().contains("ENGINE-03029 Required admin authenticated group or user."));
        }
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        UserEntity userEntity2 = (UserEntity) this.identityService.createUserQuery().userId(newUser.getId()).singleResult();
        Assert.assertNotNull(userEntity2);
        Assert.assertNotNull(userEntity2.getLockExpirationTime());
        Assert.assertEquals(10, userEntity2.getAttempts());
    }

    @Test
    public void shouldCreateTransientGroupWithoutPermission() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.newGroup("group1");
        } catch (AuthorizationException e) {
            Assert.fail("no authorization exception expected");
        }
    }

    @Test
    public void testGroupInsertionAuthorizations() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.saveGroup(this.identityService.newGroup("group1"));
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.GROUP.resourceName(), null, missingAuthorization);
        }
    }

    @Test
    public void testGroupDeleteAuthorizations() {
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.deleteGroup("group1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.GROUP.resourceName(), "group1", missingAuthorization);
        }
    }

    @Test
    public void testTenantAuthorizationAfterDeleteGroup() {
        this.identityService.saveUser(this.identityService.newUser(jonny2));
        grantPermissions();
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        this.identityService.saveTenant(this.identityService.newTenant("tenant1"));
        this.identityService.createTenantGroupMembership("tenant1", "group1");
        TenantQuery groupMember = this.identityService.createTenantQuery().groupMember("group1");
        Assertions.assertThat(groupMember.count()).isEqualTo(1L);
        this.identityService.deleteGroup("group1");
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Assertions.assertThat(groupMember.count()).isEqualTo(0L);
        Assertions.assertThat(this.authorizationService.createAuthorizationQuery().resourceType(Resources.TENANT).groupIdIn(new String[]{"group1"}).count()).isEqualTo(0L);
    }

    @Test
    public void testGroupUpdateAuthorizations() {
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.UPDATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        Group group = (Group) this.identityService.createGroupQuery().singleResult();
        group.setName("Group 1");
        try {
            this.identityService.saveGroup(group);
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.UPDATE.getName(), Resources.GROUP.resourceName(), "group1", missingAuthorization);
        }
        this.identityService.saveGroup(this.identityService.newGroup("group2"));
    }

    @Test
    public void shouldCreateTransientTenantWithoutPermission() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.newTenant("tenant");
        } catch (AuthorizationException e) {
            Assert.fail("no authorization exception expected");
        }
    }

    @Test
    public void testTenantInsertionAuthorizations() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.saveTenant(this.identityService.newTenant("tenant"));
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.TENANT.resourceName(), null, missingAuthorization);
        }
    }

    @Test
    public void testTenantDeleteAuthorizations() {
        this.identityService.saveTenant(new TenantEntity("tenant"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.deleteTenant("tenant");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.TENANT.resourceName(), "tenant", missingAuthorization);
        }
    }

    @Test
    public void testTenantUpdateAuthorizations() {
        this.identityService.saveTenant(new TenantEntity("tenant"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.UPDATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        Tenant tenant = (Tenant) this.identityService.createTenantQuery().singleResult();
        tenant.setName("newName");
        try {
            this.identityService.saveTenant(tenant);
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.UPDATE.getName(), Resources.TENANT.resourceName(), "tenant", missingAuthorization);
        }
        this.identityService.saveTenant(this.identityService.newTenant("newTenant"));
    }

    @Test
    public void testMembershipCreateAuthorizations() {
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP_MEMBERSHIP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.createMembership("jonny1", "group1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.GROUP_MEMBERSHIP.resourceName(), "group1", missingAuthorization);
        }
    }

    @Test
    public void testMembershipDeleteAuthorizations() {
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP_MEMBERSHIP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.deleteMembership("jonny1", "group1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.GROUP_MEMBERSHIP.resourceName(), "group1", missingAuthorization);
        }
    }

    @Test
    public void shouldKeepAuthorizationsForAnyUser() {
        Group newGroup = this.identityService.newGroup("myGroup");
        this.identityService.saveGroup(newGroup);
        User newUser = this.identityService.newUser("myUser");
        this.identityService.saveUser(newUser);
        this.identityService.createMembership(newUser.getId(), newGroup.getId());
        createAuthorization(0, Resources.GROUP, newGroup.getId(), "*", Permissions.ALL);
        createAuthorization(0, Resources.GROUP_MEMBERSHIP, newGroup.getId(), "*", Permissions.ALL);
        createAuthorization(0, Resources.USER, newUser.getId(), "*", Permissions.ALL);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(newUser.getId());
        this.identityService.deleteMembership(newUser.getId(), newGroup.getId());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Assertions.assertThat(this.authorizationService.createAuthorizationQuery().list()).extracting(new String[]{"resource", "resourceId", "userId", "permissions"}).containsExactlyInAnyOrder(new Tuple[]{Assertions.tuple(new Object[]{Integer.valueOf(Resources.GROUP.resourceType()), newGroup.getId(), "*", Integer.valueOf(Permissions.ALL.getValue())}), Assertions.tuple(new Object[]{Integer.valueOf(Resources.GROUP_MEMBERSHIP.resourceType()), newGroup.getId(), "*", Integer.valueOf(Permissions.ALL.getValue())}), Assertions.tuple(new Object[]{Integer.valueOf(Resources.USER.resourceType()), newUser.getId(), "*", Integer.valueOf(Permissions.ALL.getValue())})});
    }

    @Test
    public void shouldRemoveAuthorizationForUserAndKeepAuthorizationsForAnyUser() {
        Group newGroup = this.identityService.newGroup("myGroup");
        this.identityService.saveGroup(newGroup);
        User newUser = this.identityService.newUser("myUser");
        this.identityService.saveUser(newUser);
        this.identityService.createMembership(newUser.getId(), newGroup.getId());
        createAuthorization(0, Resources.GROUP, newGroup.getId(), "*", Permissions.ALL);
        createAuthorization(0, Resources.GROUP_MEMBERSHIP, newGroup.getId(), "*", Permissions.ALL);
        createAuthorization(1, Resources.GROUP_MEMBERSHIP, newGroup.getId(), newUser.getId(), Permissions.ALL);
        createAuthorization(1, Resources.GROUP_MEMBERSHIP, newGroup.getId(), "foo", Permissions.ALL);
        createAuthorization(0, Resources.USER, newUser.getId(), "*", Permissions.ALL);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(newUser.getId());
        this.identityService.deleteMembership(newUser.getId(), newGroup.getId());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Assertions.assertThat(this.authorizationService.createAuthorizationQuery().list()).extracting(new String[]{"resource", "resourceId", "userId", "permissions"}).containsExactlyInAnyOrder(new Tuple[]{Assertions.tuple(new Object[]{Integer.valueOf(Resources.GROUP.resourceType()), newGroup.getId(), "*", Integer.valueOf(Permissions.ALL.getValue())}), Assertions.tuple(new Object[]{Integer.valueOf(Resources.GROUP_MEMBERSHIP.resourceType()), newGroup.getId(), "*", Integer.valueOf(Permissions.ALL.getValue())}), Assertions.tuple(new Object[]{Integer.valueOf(Resources.GROUP_MEMBERSHIP.resourceType()), newGroup.getId(), "foo", Integer.valueOf(Permissions.ALL.getValue())}), Assertions.tuple(new Object[]{Integer.valueOf(Resources.USER.resourceType()), newUser.getId(), "*", Integer.valueOf(Permissions.ALL.getValue())})});
    }

    @Test
    public void testTenantUserMembershipCreateAuthorizations() {
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        this.identityService.saveTenant(this.identityService.newTenant("tenant1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT_MEMBERSHIP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.createTenantUserMembership("tenant1", "jonny1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.TENANT_MEMBERSHIP.resourceName(), "tenant1", missingAuthorization);
        }
    }

    @Test
    public void testTenantGroupMembershipCreateAuthorizations() {
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        this.identityService.saveTenant(this.identityService.newTenant("tenant1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT_MEMBERSHIP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.createTenantGroupMembership("tenant1", "group1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.TENANT_MEMBERSHIP.resourceName(), "tenant1", missingAuthorization);
        }
    }

    @Test
    public void testTenantUserMembershipDeleteAuthorizations() {
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        this.identityService.saveTenant(this.identityService.newTenant("tenant1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT_MEMBERSHIP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.deleteTenantUserMembership("tenant1", "jonny1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.TENANT_MEMBERSHIP.resourceName(), "tenant1", missingAuthorization);
        }
    }

    @Test
    public void testTenanGroupMembershipDeleteAuthorizations() {
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        this.identityService.saveTenant(this.identityService.newTenant("tenant1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT_MEMBERSHIP);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.identityService.deleteTenantGroupMembership("tenant1", "group1");
            Assert.fail("exception expected");
        } catch (AuthorizationException e) {
            Assert.assertEquals(1L, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            Assert.assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.TENANT_MEMBERSHIP.resourceName(), "tenant1", missingAuthorization);
        }
    }

    @Test
    public void testUserQueryAuthorizations() {
        this.identityService.setAuthenticatedUserId(jonny2);
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNull(this.identityService.createUserQuery().singleResult());
        Assert.assertEquals(0L, this.identityService.createUserQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId(jonny2);
        createNewAuthorization2.setResource(Resources.USER);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNotNull(this.identityService.createUserQuery().singleResult());
        Assert.assertEquals(1L, this.identityService.createUserQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.USER).userIdIn(new String[]{"*"}).singleResult();
        authorization.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(authorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNotNull(this.identityService.createUserQuery().singleResult());
        Assert.assertEquals(1L, this.identityService.createUserQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization authorization2 = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.USER).userIdIn(new String[]{jonny2}).singleResult();
        authorization2.removePermission(Permissions.READ);
        this.authorizationService.saveAuthorization(authorization2);
        Authorization createNewAuthorization3 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization3.setUserId(jonny2);
        createNewAuthorization3.setResource(Resources.USER);
        createNewAuthorization3.setResourceId("*");
        createNewAuthorization3.removePermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization3);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNull(this.identityService.createUserQuery().singleResult());
        Assert.assertEquals(0L, this.identityService.createUserQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        this.authorizationService.deleteAuthorization(authorization2.getId());
        this.authorizationService.deleteAuthorization(createNewAuthorization3.getId());
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNotNull(this.identityService.createUserQuery().singleResult());
        Assert.assertEquals(1L, this.identityService.createUserQuery().count());
    }

    @Test
    public void testUserQueryAuthorizationsMultipleGroups() {
        this.identityService.setAuthenticatedUserId(jonny2);
        this.identityService.saveUser(this.identityService.newUser("demo"));
        this.identityService.saveUser(this.identityService.newUser("mary"));
        this.identityService.saveUser(this.identityService.newUser("peter"));
        this.identityService.saveUser(this.identityService.newUser("john"));
        this.identityService.saveGroup(this.identityService.newGroup("sales"));
        this.identityService.saveGroup(this.identityService.newGroup("accounting"));
        this.identityService.saveGroup(this.identityService.newGroup("management"));
        this.identityService.createMembership("demo", "sales");
        this.identityService.createMembership("demo", "accounting");
        this.identityService.createMembership("demo", "management");
        this.identityService.createMembership("john", "sales");
        this.identityService.createMembership("mary", "accounting");
        this.identityService.createMembership("peter", "management");
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("demo");
        createNewAuthorization.setResource(Resources.USER);
        createNewAuthorization.setResourceId("demo");
        createNewAuthorization.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId("john");
        createNewAuthorization2.setResource(Resources.USER);
        createNewAuthorization2.setResourceId("john");
        createNewAuthorization2.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        Authorization createNewAuthorization3 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization3.setUserId("mary");
        createNewAuthorization3.setResource(Resources.USER);
        createNewAuthorization3.setResourceId("mary");
        createNewAuthorization3.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization3);
        Authorization createNewAuthorization4 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization4.setUserId("peter");
        createNewAuthorization4.setResource(Resources.USER);
        createNewAuthorization4.setResourceId("peter");
        createNewAuthorization4.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization4);
        Authorization createNewAuthorization5 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization5.setGroupId("accounting");
        createNewAuthorization5.setResource(Resources.GROUP);
        createNewAuthorization5.setResourceId("accounting");
        createNewAuthorization5.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization5);
        Authorization createNewAuthorization6 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization6.setGroupId("sales");
        createNewAuthorization6.setResource(Resources.GROUP);
        createNewAuthorization6.setResourceId("sales");
        createNewAuthorization6.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization6);
        Authorization createNewAuthorization7 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization7.setGroupId("management");
        createNewAuthorization7.setResource(Resources.GROUP);
        createNewAuthorization7.setResourceId("management");
        createNewAuthorization7.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization7);
        Authorization createNewAuthorization8 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization8.setGroupId("sales");
        createNewAuthorization8.setResource(Resources.USER);
        createNewAuthorization8.setResourceId("demo");
        createNewAuthorization8.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization8);
        Authorization createNewAuthorization9 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization9.setGroupId("sales");
        createNewAuthorization9.setResource(Resources.USER);
        createNewAuthorization9.setResourceId("john");
        createNewAuthorization9.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization9);
        Authorization createNewAuthorization10 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization10.setGroupId("management");
        createNewAuthorization10.setResource(Resources.USER);
        createNewAuthorization10.setResourceId("demo");
        createNewAuthorization10.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization10);
        Authorization createNewAuthorization11 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization11.setGroupId("management");
        createNewAuthorization11.setResource(Resources.USER);
        createNewAuthorization11.setResourceId("peter");
        createNewAuthorization11.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization11);
        Authorization createNewAuthorization12 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization12.setGroupId("accounting");
        createNewAuthorization12.setResource(Resources.USER);
        createNewAuthorization12.setResourceId("demo");
        createNewAuthorization12.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization12);
        Authorization createNewAuthorization13 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization13.setGroupId("accounting");
        createNewAuthorization13.setResource(Resources.USER);
        createNewAuthorization13.setResourceId("mary");
        createNewAuthorization13.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization13);
        ArrayList arrayList = new ArrayList();
        arrayList.add("management");
        arrayList.add("accounting");
        arrayList.add("sales");
        this.identityService.setAuthentication("demo", arrayList);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        List<User> list = this.identityService.createUserQuery().memberOfGroup("sales").list();
        Assert.assertEquals(2L, list.size());
        for (User user : list) {
            if (!user.getId().equals("demo") && !user.getId().equals("john")) {
                Assert.fail("Unexpected user for group sales: " + user.getId());
            }
        }
        List<User> list2 = this.identityService.createUserQuery().memberOfGroup("accounting").list();
        Assert.assertEquals(2L, list2.size());
        for (User user2 : list2) {
            if (!user2.getId().equals("demo") && !user2.getId().equals("mary")) {
                Assert.fail("Unexpected user for group accounting: " + user2.getId());
            }
        }
        List<User> list3 = this.identityService.createUserQuery().memberOfGroup("management").list();
        Assert.assertEquals(2L, list3.size());
        for (User user3 : list3) {
            if (!user3.getId().equals("demo") && !user3.getId().equals("peter")) {
                Assert.fail("Unexpected user for group managment: " + user3.getId());
            }
        }
    }

    @Test
    public void testGroupQueryAuthorizations() {
        this.identityService.setAuthenticatedUserId(jonny2);
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        this.identityService.saveGroup(this.identityService.newGroup("group1"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.GROUP);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNull(this.identityService.createGroupQuery().singleResult());
        Assert.assertEquals(0L, this.identityService.createGroupQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId(jonny2);
        createNewAuthorization2.setResource(Resources.GROUP);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNotNull(this.identityService.createGroupQuery().singleResult());
        Assert.assertEquals(1L, this.identityService.createGroupQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.GROUP).userIdIn(new String[]{"*"}).singleResult();
        authorization.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(authorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNotNull(this.identityService.createGroupQuery().singleResult());
        Assert.assertEquals(1L, this.identityService.createGroupQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization authorization2 = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.GROUP).userIdIn(new String[]{jonny2}).singleResult();
        authorization2.removePermission(Permissions.READ);
        this.authorizationService.saveAuthorization(authorization2);
        Authorization createNewAuthorization3 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization3.setUserId(jonny2);
        createNewAuthorization3.setResource(Resources.GROUP);
        createNewAuthorization3.setResourceId("*");
        createNewAuthorization3.removePermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization3);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNull(this.identityService.createGroupQuery().singleResult());
        Assert.assertEquals(0L, this.identityService.createGroupQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        this.authorizationService.deleteAuthorization(authorization2.getId());
        this.authorizationService.deleteAuthorization(createNewAuthorization3.getId());
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertNotNull(this.identityService.createGroupQuery().singleResult());
        Assert.assertEquals(1L, this.identityService.createGroupQuery().count());
    }

    @Test
    public void testTenantQueryAuthorizations() {
        this.identityService.setAuthenticatedUserId(jonny2);
        this.identityService.saveUser(this.identityService.newUser("jonny1"));
        this.identityService.saveTenant(this.identityService.newTenant("tenant"));
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.TENANT);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertEquals(0L, this.identityService.createTenantQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId(jonny2);
        createNewAuthorization2.setResource(Resources.TENANT);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertEquals(1L, this.identityService.createTenantQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.TENANT).userIdIn(new String[]{"*"}).singleResult();
        authorization.addPermission(Permissions.READ);
        this.authorizationService.saveAuthorization(authorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertEquals(1L, this.identityService.createTenantQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        Authorization authorization2 = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.TENANT).userIdIn(new String[]{jonny2}).singleResult();
        authorization2.removePermission(Permissions.READ);
        this.authorizationService.saveAuthorization(authorization2);
        Authorization createNewAuthorization3 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization3.setUserId(jonny2);
        createNewAuthorization3.setResource(Resources.TENANT);
        createNewAuthorization3.setResourceId("*");
        createNewAuthorization3.removePermission(Permissions.READ);
        this.authorizationService.saveAuthorization(createNewAuthorization3);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertEquals(0L, this.identityService.createTenantQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        this.authorizationService.deleteAuthorization(authorization2.getId());
        this.authorizationService.deleteAuthorization(createNewAuthorization3.getId());
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        Assert.assertEquals(1L, this.identityService.createTenantQuery().count());
    }

    @Test
    public void shouldDeleteTenantUserMembership() {
        this.identityService.saveUser(this.identityService.newUser("userOne"));
        this.identityService.saveUser(this.identityService.newUser("userTwo"));
        this.identityService.saveTenant(this.identityService.newTenant("tenantOne"));
        this.engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
        this.identityService.createTenantUserMembership("tenantOne", "userOne");
        this.identityService.createTenantUserMembership("tenantOne", "userTwo");
        Assertions.assertThat(this.engineRule.getAuthorizationService().createAuthorizationQuery().list()).extracting(new String[]{"resourceId", "userId"}).containsExactlyInAnyOrder(new Tuple[]{Assertions.tuple(new Object[]{"tenantOne", "userOne"}), Assertions.tuple(new Object[]{"tenantOne", "userTwo"})});
        this.identityService.deleteTenantUserMembership("tenantOne", "userOne");
        Assertions.assertThat(this.engineRule.getAuthorizationService().createAuthorizationQuery().list()).extracting(new String[]{"resourceId", "userId"}).containsExactly(new Tuple[]{Assertions.tuple(new Object[]{"tenantOne", "userTwo"})});
    }

    @Test
    public void shouldDeleteTenantGroupMembership() {
        this.identityService.saveGroup(this.identityService.newGroup("groupOne"));
        this.identityService.saveGroup(this.identityService.newGroup("groupTwo"));
        this.identityService.saveTenant(this.identityService.newTenant("tenantOne"));
        this.engineRule.getProcessEngineConfiguration().setAuthorizationEnabled(true);
        this.identityService.createTenantGroupMembership("tenantOne", "groupOne");
        this.identityService.createTenantGroupMembership("tenantOne", "groupTwo");
        Assertions.assertThat(this.engineRule.getAuthorizationService().createAuthorizationQuery().list()).extracting(new String[]{"resourceId", "groupId"}).containsExactlyInAnyOrder(new Tuple[]{Assertions.tuple(new Object[]{"tenantOne", "groupOne"}), Assertions.tuple(new Object[]{"tenantOne", "groupTwo"})});
        this.identityService.deleteTenantGroupMembership("tenantOne", "groupOne");
        Assertions.assertThat(this.engineRule.getAuthorizationService().createAuthorizationQuery().list()).extracting(new String[]{"resourceId", "groupId"}).containsExactly(new Tuple[]{Assertions.tuple(new Object[]{"tenantOne", "groupTwo"})});
    }

    protected void lockUser(String str, String str2) throws ParseException {
        ClockUtil.getCurrentTime();
        for (int i = 0; i <= 11; i++) {
            try {
                Assert.assertFalse(this.identityService.checkPassword(str, str2));
                ClockUtil.setCurrentTime(DateUtils.addMinutes(ClockUtil.getCurrentTime(), 1));
            } catch (Exception e) {
                e.printStackTrace();
                return;
            }
        }
    }

    protected void grantPermissions() {
        AuthorizationEntity authorizationEntity = new AuthorizationEntity(0);
        authorizationEntity.setResource(Resources.USER);
        authorizationEntity.setResourceId("*");
        authorizationEntity.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(authorizationEntity);
        AuthorizationEntity authorizationEntity2 = new AuthorizationEntity(0);
        authorizationEntity2.setResource(Resources.GROUP);
        authorizationEntity2.setResourceId("*");
        authorizationEntity2.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(authorizationEntity2);
        AuthorizationEntity authorizationEntity3 = new AuthorizationEntity(0);
        authorizationEntity3.setResource(Resources.TENANT);
        authorizationEntity3.setResourceId("*");
        authorizationEntity3.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(authorizationEntity3);
        AuthorizationEntity authorizationEntity4 = new AuthorizationEntity(0);
        authorizationEntity4.setResource(Resources.TENANT_MEMBERSHIP);
        authorizationEntity4.setResourceId("*");
        authorizationEntity4.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(authorizationEntity4);
    }

    protected void cleanupAfterTest() {
        Iterator it = this.identityService.createGroupQuery().list().iterator();
        while (it.hasNext()) {
            this.identityService.deleteGroup(((Group) it.next()).getId());
        }
        Iterator it2 = this.identityService.createUserQuery().list().iterator();
        while (it2.hasNext()) {
            this.identityService.deleteUser(((User) it2.next()).getId());
        }
        Iterator it3 = this.identityService.createTenantQuery().list().iterator();
        while (it3.hasNext()) {
            this.identityService.deleteTenant(((Tenant) it3.next()).getId());
        }
        Iterator it4 = this.authorizationService.createAuthorizationQuery().list().iterator();
        while (it4.hasNext()) {
            this.authorizationService.deleteAuthorization(((Authorization) it4.next()).getId());
        }
    }

    protected void createAuthorization(int i, Resources resources, String str, String str2, Permissions permissions) {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(i);
        createNewAuthorization.setResource(resources);
        createNewAuthorization.setResourceId(str);
        createNewAuthorization.addPermission(permissions);
        createNewAuthorization.setUserId(str2);
        this.authorizationService.saveAuthorization(createNewAuthorization);
    }
}
