package pl.edu.icm.unity.engine.authz;

import org.assertj.core.api.Assertions;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.engine.DBIntegrationTestBase;
import pl.edu.icm.unity.exceptions.AuthorizationException;
import pl.edu.icm.unity.stdext.attr.EnumAttribute;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.EntityState;
import pl.edu.icm.unity.types.basic.Group;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;

/* loaded from: input_file:pl/edu/icm/unity/engine/authz/TestAuthorization.class */
public class TestAuthorization extends DBIntegrationTestBase {

    @Autowired
    private InternalAuthorizationManager underTest;

    @Test
    public void shouldNotComplainWhenCheckingAgainstUnknownGroup() throws Exception {
        addRegularUser();
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.underTest.checkAuthorization("/unknown", new AuthzCapability[]{AuthzCapability.readInfo});
        })).isNull();
    }

    private void setAdminsRole(String str) throws Exception {
        Attribute of = EnumAttribute.of("sys:AuthorizationRole", "/", str);
        this.insecureAttrsMan.setAttribute(new EntityParam(new IdentityTaV("userName", "admin")), of);
    }

    private EntityParam addRegularUser() throws Exception {
        EntityParam entityParam = new EntityParam(Long.valueOf(this.idsMan.addEntity(new IdentityParam("userName", "user1"), "sys:all", EntityState.valid).getEntityId()));
        this.attrsMan.createAttribute(entityParam, EnumAttribute.of("sys:AuthorizationRole", "/", "Regular User"));
        return entityParam;
    }

    @Test
    public void shouldNotAllowContentsManagerToResetDB() throws Exception {
        setAdminsRole("Contents Manager");
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.serverMan.resetDatabase();
        })).isInstanceOf(AuthorizationException.class);
    }

    @Test
    public void shouldNotAllowUserToResetDB() throws Exception {
        addRegularUser();
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.serverMan.resetDatabase();
        })).isInstanceOf(AuthorizationException.class);
    }

    @Test
    public void shouldNotAllowOwnerOfSysManRoleInNonRootGroupToResetDB() throws Exception {
        EntityParam addRegularUser = addRegularUser();
        setupUserContext("admin", null);
        this.groupsMan.addGroup(new Group("/A"));
        this.groupsMan.addMemberFromParent("/A", addRegularUser);
        this.attrsMan.removeAttribute(addRegularUser, "/", "sys:AuthorizationRole");
        this.attrsMan.createAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/A", "System Manager"));
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.serverMan.resetDatabase();
        })).isInstanceOf(AuthorizationException.class);
    }

    @Test
    public void shouldNotAllowUserToAddGroup() throws Exception {
        addRegularUser();
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.groupsMan.addGroup(new Group("/A"));
        })).isInstanceOf(AuthorizationException.class);
    }

    @Test
    public void shouldAllowUserToGetOwnedAttributes() throws Exception {
        EntityParam addRegularUser = addRegularUser();
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.attrsMan.getAttributes(addRegularUser, "/", (String) null);
        })).isNull();
    }

    @Test
    public void shouldNotAllowForSettingAnAttributeWithOutdatedCredential() throws Exception {
        EntityParam addRegularUser = addRegularUser();
        setupUserContext("admin", "sys:password");
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.attrsMan.setAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/", "Inspector"));
        })).isInstanceOf(AuthorizationException.class);
    }

    @Test
    public void shouldAllowUserWithSysManInGroupToAddSubGroup() throws Exception {
        EntityParam addRegularUser = addRegularUser();
        setupUserContext("admin", null);
        this.groupsMan.addGroup(new Group("/A"));
        this.groupsMan.addMemberFromParent("/A", addRegularUser);
        this.attrsMan.createAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/A", "System Manager"));
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.groupsMan.addGroup(new Group("/A/B"));
        })).isNull();
    }

    @Test
    public void shouldAllowUserWithHigherRoleInParentGroupToRemoveGroup() throws Exception {
        EntityParam addRegularUser = addRegularUser();
        setupUserContext("admin", null);
        this.groupsMan.addGroup(new Group("/A"));
        this.groupsMan.addGroup(new Group("/A/B"));
        this.groupsMan.addMemberFromParent("/A", addRegularUser);
        this.attrsMan.setAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/", "Contents Manager"));
        this.attrsMan.createAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/A", "Anonymous User"));
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.groupsMan.removeGroup("/A/B", true);
        })).isNull();
    }

    @Test
    public void shouldAllowUserWithHigherRoleInParentGroupToAddGroup() throws Exception {
        EntityParam addRegularUser = addRegularUser();
        setupUserContext("admin", null);
        this.groupsMan.addGroup(new Group("/A"));
        this.groupsMan.addGroup(new Group("/A/G"));
        this.groupsMan.addMemberFromParent("/A", addRegularUser);
        this.groupsMan.addMemberFromParent("/A/G", addRegularUser);
        this.attrsMan.setAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/A", "Contents Manager"));
        this.attrsMan.createAttribute(addRegularUser, EnumAttribute.of("sys:AuthorizationRole", "/A/G", "Anonymous User"));
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.groupsMan.addGroup(new Group("/A/G/Z"));
        })).isNull();
    }

    @Test
    public void shouldNotAllowUserWithoutRoleToAddGroup() throws Exception {
        addRegularUser();
        setupUserContext("user1", null);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.groupsMan.addGroup(new Group("/B"));
        })).isInstanceOf(AuthorizationException.class).hasMessageContaining("addGroup");
    }
}
