package io.camunda.zeebe.engine.processing.authorization;

import com.tngtech.archunit.base.DescribedPredicate;
import com.tngtech.archunit.core.domain.JavaClass;
import com.tngtech.archunit.core.importer.ImportOption;
import com.tngtech.archunit.junit.AnalyzeClasses;
import com.tngtech.archunit.junit.ArchTest;
import com.tngtech.archunit.lang.ArchCondition;
import com.tngtech.archunit.lang.ArchRule;
import com.tngtech.archunit.lang.ConditionEvents;
import com.tngtech.archunit.lang.conditions.ArchConditions;
import com.tngtech.archunit.lang.syntax.ArchRuleDefinition;
import io.camunda.zeebe.engine.processing.ExcludeAuthorizationCheck;
import io.camunda.zeebe.engine.processing.identity.AuthorizationCheckBehavior;
import io.camunda.zeebe.engine.processing.identity.PermissionsBehavior;
import io.camunda.zeebe.engine.processing.job.DefaultJobCommandPreconditionGuard;
import io.camunda.zeebe.engine.processing.job.behaviour.JobUpdateBehaviour;
import io.camunda.zeebe.engine.processing.streamprocessor.CommandProcessor;
import io.camunda.zeebe.engine.processing.streamprocessor.TypedRecordProcessor;
import io.camunda.zeebe.engine.processing.usertask.processors.UserTaskCommandPreconditionChecker;
import io.camunda.zeebe.engine.processing.usertask.processors.UserTaskCommandProcessor;
import io.camunda.zeebe.protocol.impl.record.value.job.JobRecord;
import io.camunda.zeebe.stream.api.records.TypedRecord;

@AnalyzeClasses(packages = {"io.camunda.zeebe.engine.processing.."}, importOptions = {ImportOption.DoNotIncludeTests.class})
/* loaded from: input_file:io/camunda/zeebe/engine/processing/authorization/AuthorizationArchTest.class */
public class AuthorizationArchTest {

    @ArchTest
    public static final ArchRule PROCESSOR_CHECKS_AUTHORIZATION = ArchRuleDefinition.classes().that(processCommands()).and(areNotExcludedFromAuthorizationChecks()).should(checkAuthorization());

    @ArchTest
    public static final ArchRule DELEGATED_CLASSES_CHECK_AUTHORIZATION = ArchRuleDefinition.classes().that(areDelegatedToCheckAuthorizations()).should(checkAuthorization());

    private static DescribedPredicate<JavaClass> processCommands() {
        return new DescribedPredicate<JavaClass>("process commands", new Object[0]) { // from class: io.camunda.zeebe.engine.processing.authorization.AuthorizationArchTest.1
            public boolean test(JavaClass javaClass) {
                return JavaClass.Predicates.implement(TypedRecordProcessor.class).or(JavaClass.Predicates.implement(CommandProcessor.class)).or(JavaClass.Predicates.implement(UserTaskCommandProcessor.class)).test(javaClass);
            }
        };
    }

    private static DescribedPredicate<JavaClass> areNotExcludedFromAuthorizationChecks() {
        return new DescribedPredicate<JavaClass>("are not excluded from authorization checks", new Object[0]) { // from class: io.camunda.zeebe.engine.processing.authorization.AuthorizationArchTest.2
            public boolean test(JavaClass javaClass) {
                return !javaClass.isAnnotatedWith(ExcludeAuthorizationCheck.class);
            }
        };
    }

    private static ArchCondition<JavaClass> checkAuthorization() {
        return new ArchCondition<JavaClass>("check authorization", new Object[0]) { // from class: io.camunda.zeebe.engine.processing.authorization.AuthorizationArchTest.3
            public void check(JavaClass javaClass, ConditionEvents conditionEvents) {
                ArchConditions.callMethod(AuthorizationCheckBehavior.class, "isAuthorized", new Class[]{AuthorizationCheckBehavior.AuthorizationRequest.class}).or(ArchConditions.callMethod(JobUpdateBehaviour.class, "isAuthorized", new Class[]{TypedRecord.class, JobRecord.class})).or(ArchConditions.callMethod(DefaultJobCommandPreconditionGuard.class, "onCommand", new Class[]{TypedRecord.class, CommandProcessor.CommandControl.class})).or(ArchConditions.callMethod(UserTaskCommandPreconditionChecker.class, "check", new Class[]{TypedRecord.class})).or(ArchConditions.callMethod(PermissionsBehavior.class, "isAuthorized", new Class[]{TypedRecord.class})).check(javaClass, conditionEvents);
            }
        };
    }

    private static DescribedPredicate<JavaClass> areDelegatedToCheckAuthorizations() {
        return new DescribedPredicate<JavaClass>("process commands", new Object[0]) { // from class: io.camunda.zeebe.engine.processing.authorization.AuthorizationArchTest.4
            public boolean test(JavaClass javaClass) {
                return JavaClass.Predicates.assignableFrom(JobUpdateBehaviour.class).or(JavaClass.Predicates.assignableFrom(DefaultJobCommandPreconditionGuard.class)).or(JavaClass.Predicates.assignableFrom(UserTaskCommandPreconditionChecker.class)).or(JavaClass.Predicates.assignableFrom(PermissionsBehavior.class)).test(javaClass);
            }
        };
    }
}
