package io.prestosql.plugin.base.security;

import com.google.common.collect.ImmutableSet;
import io.prestosql.spi.connector.ConnectorAccessControl;
import io.prestosql.spi.connector.ConnectorTransactionHandle;
import io.prestosql.spi.connector.SchemaTableName;
import io.prestosql.spi.security.AccessDeniedException;
import io.prestosql.spi.security.Identity;
import io.prestosql.spi.testing.InterfaceTestUtils;
import java.io.IOException;
import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:io/prestosql/plugin/base/security/TestFileBasedAccessControl.class */
public class TestFileBasedAccessControl {
    public static final ConnectorTransactionHandle TRANSACTION_HANDLE = new ConnectorTransactionHandle() { // from class: io.prestosql.plugin.base.security.TestFileBasedAccessControl.1
    };

    @Test
    public void testSchemaRules() throws IOException {
        ConnectorAccessControl createAccessControl = createAccessControl("schema.json");
        createAccessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), new SchemaTableName("test", "test"));
        createAccessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("bob", "test"));
        assertDenied(() -> {
            createAccessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("test", "test"));
        });
        assertDenied(() -> {
            createAccessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), new SchemaTableName("secret", "test"));
        });
    }

    @Test
    public void testTableRules() throws IOException {
        ConnectorAccessControl createAccessControl = createAccessControl("table.json");
        createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), new SchemaTableName("test", "test"), ImmutableSet.of());
        createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
        createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of("bobcolumn"));
        createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
        createAccessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("bobschema", "bobtable"));
        createAccessControl.checkCanDeleteFromTable(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("bobschema", "bobtable"));
        createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("joe"), new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
        createAccessControl.checkCanCreateViewWithSelectFromColumns(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
        createAccessControl.checkCanDropTable(TRANSACTION_HANDLE, user("admin"), new SchemaTableName("bobschema", "bobtable"));
        assertDenied(() -> {
            createAccessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("alice"), new SchemaTableName("bobschema", "bobtable"));
        });
        assertDenied(() -> {
            createAccessControl.checkCanDropTable(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("bobschema", "bobtable"));
        });
        assertDenied(() -> {
            createAccessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), new SchemaTableName("test", "test"));
        });
        assertDenied(() -> {
            createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("admin"), new SchemaTableName("secret", "secret"), ImmutableSet.of());
        });
        assertDenied(() -> {
            createAccessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("joe"), new SchemaTableName("secret", "secret"), ImmutableSet.of());
        });
        assertDenied(() -> {
            createAccessControl.checkCanCreateViewWithSelectFromColumns(TRANSACTION_HANDLE, user("joe"), new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
        });
    }

    @Test
    public void testSessionPropertyRules() throws IOException {
        ConnectorAccessControl createAccessControl = createAccessControl("session_property.json");
        createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("admin"), "dangerous");
        createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), "safe");
        createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), "unsafe");
        createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("bob"), "safe");
        assertDenied(() -> {
            createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("bob"), "unsafe");
        });
        assertDenied(() -> {
            createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), "dangerous");
        });
        assertDenied(() -> {
            createAccessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("charlie"), "safe");
        });
    }

    @Test
    public void testInvalidRules() {
        Assertions.assertThatThrownBy(() -> {
            createAccessControl("invalid.json");
        }).hasMessageContaining("Invalid JSON");
    }

    @Test
    public void testEverythingImplemented() {
        InterfaceTestUtils.assertAllMethodsOverridden(ConnectorAccessControl.class, FileBasedAccessControl.class);
    }

    private static Identity user(String str) {
        return new Identity(str, Optional.empty());
    }

    private ConnectorAccessControl createAccessControl(String str) throws IOException {
        String path = getClass().getClassLoader().getResource(str).getPath();
        FileBasedAccessControlConfig fileBasedAccessControlConfig = new FileBasedAccessControlConfig();
        fileBasedAccessControlConfig.setConfigFile(path);
        return new FileBasedAccessControl(fileBasedAccessControlConfig);
    }

    private static void assertDenied(Assert.ThrowingRunnable throwingRunnable) {
        Assert.assertThrows(AccessDeniedException.class, throwingRunnable);
    }
}
