package org.jpasecurity.persistence.security;

import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import org.hibernate.Query;
import org.jpasecurity.Alias;
import org.jpasecurity.TestEntityManager;
import org.jpasecurity.model.FieldAccessAnnotationTestBean;
import org.jpasecurity.security.authentication.TestSecurityContext;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:org/jpasecurity/persistence/security/CriteriaAccessRulesGeneratorTest.class */
public class CriteriaAccessRulesGeneratorTest {
    public static final String USER = "user";

    @Rule
    public TestEntityManager entityManager = new TestEntityManager("annotation-based-field-access-criteria-access-rules-test");
    private CriteriaBuilder criteriaBuilder;
    private FieldAccessAnnotationTestBean accessibleBean;
    private FieldAccessAnnotationTestBean inaccessibleBean;

    @Before
    public void setUp() {
        TestSecurityContext.authenticate("admin", new Object[]{"admin"});
        this.inaccessibleBean = new FieldAccessAnnotationTestBean("");
        this.accessibleBean = new FieldAccessAnnotationTestBean("user", this.inaccessibleBean);
        this.entityManager.getTransaction().begin();
        this.entityManager.persist(this.inaccessibleBean);
        this.entityManager.persist(this.accessibleBean);
        this.entityManager.getTransaction().commit();
        this.entityManager.clear();
        this.criteriaBuilder = this.entityManager.getCriteriaBuilder();
    }

    @After
    public void tearDown() {
        TestSecurityContext.authenticate("admin", new Object[]{"admin"});
        this.entityManager.getTransaction().begin();
        this.entityManager.remove(this.entityManager.merge(this.accessibleBean));
        this.entityManager.remove(this.entityManager.merge(this.inaccessibleBean));
        this.entityManager.getTransaction().commit();
        TestSecurityContext.authenticate(null, new Object[0]);
    }

    @Test
    public void isNullAccessRule() {
        check("isNull", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name is null");
    }

    @Test
    public void isNotNullAccessRule() {
        check("isNotNull", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name is not null");
    }

    @Test
    public void inStaticStringsAccessRule() {
        check("inStaticStrings", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name in (:param0)");
    }

    @Test
    public void inSubSelectAccessRule() {
        check("inSubSelect", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name in (select b.name from FieldAccessAnnotationTestBean as b)");
    }

    @Test
    public void notInStaticStringsAccessRule() {
        check("notRefInStaticStrings", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (:param0)");
    }

    @Test
    public void notInSubSelectAccessRule() {
        check("notRefInSubSelect", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (select b.name from FieldAccessAnnotationTestBean as b)");
    }

    @Test
    public void refNotInStaticStringsAccessRule() {
        check("refNotInStaticStrings", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (:param0)");
    }

    @Test
    public void refNotInSubSelectAccessRule() {
        check("refNotInSubSelect", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (select b.name from FieldAccessAnnotationTestBean as b)");
    }

    @Test
    public void subSelectJoiningAccessRule() {
        check("subSelectJoining", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (select b.name from FieldAccessAnnotationTestBean as b, FieldAccessAnnotationTestBean as p where b.parent=p)");
    }

    @Test
    public void subSelectJoiningMoreDottingAccessRule() {
        check("subSelectJoiningMoreDotting", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (select b.name from FieldAccessAnnotationTestBean as b, FieldAccessAnnotationTestBean as p where b.parent.parent=p)");
    }

    @Test
    public void notEqual1AccessRule() {
        check("notEqual1", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (select b.name from FieldAccessAnnotationTestBean as b where b.id<>0)");
    }

    @Test
    public void notEqual2AccessRule() {
        check("notEqual2", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.name not in (select b.name from FieldAccessAnnotationTestBean as b where b.id<>0)");
    }

    @Test
    public void integerParameterAccessRule() {
        TestSecurityContext.register(new Alias("CURRENT_ID"), 1);
        check("parameter", "select alias0 from FieldAccessAnnotationTestBean as alias0 where alias0.id=:CURRENT_ID");
    }

    private void check(Object obj, String str) {
        TestSecurityContext.authenticate("admin", new Object[]{obj});
        CriteriaQuery createQuery = this.criteriaBuilder.createQuery(FieldAccessAnnotationTestBean.class);
        createQuery.from(FieldAccessAnnotationTestBean.class);
        Assert.assertEquals(str, ((Query) this.entityManager.createQuery(createQuery).unwrap(Query.class)).getQueryString());
    }
}
