package org.dspace.workflowbasic;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.sql.SQLException;
import org.apache.log4j.Logger;
import org.dspace.AbstractIntegrationTest;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.CollectionHelper;
import org.dspace.content.Community;
import org.dspace.content.DSpaceObject;
import org.dspace.content.Item;
import org.dspace.content.WorkspaceItem;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.EPersonDeletionException;
import org.dspace.eperson.Group;
import org.dspace.services.ConfigurationService;
import org.dspace.utils.DSpace;
import org.dspace.workflow.WorkflowItem;
import org.dspace.workflow.WorkflowManager;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/dspace/workflowbasic/BasicWorkflowAuthorizationIntegrationTest.class */
public class BasicWorkflowAuthorizationIntegrationTest extends AbstractIntegrationTest {
    private static final Logger log = Logger.getLogger(BasicWorkflowAuthorizationIntegrationTest.class);
    protected ConfigurationService configurationService = new DSpace().getConfigurationService();
    protected Community owningCommunity = null;
    protected Collection collection = null;
    protected Group group = null;
    protected EPerson member = null;

    @Override // org.dspace.AbstractUnitTest
    @Before
    public void init() {
        super.init();
        try {
            try {
                this.context.turnOffAuthorisationSystem();
                this.owningCommunity = Community.create((Community) null, this.context);
                this.collection = this.owningCommunity.createCollection();
                this.member = EPerson.create(this.context);
                this.member.setEmail("john.smith@example.com");
                this.member.setFirstName("John");
                this.member.setLastName("Smith");
                this.group = Group.create(this.context);
                this.group.addMember(this.member);
                this.group.update();
                this.context.restoreAuthSystemState();
            } catch (SQLException e) {
                log.error("SQL Error in init", e);
                Assert.fail("SQL Error in init: " + e.getMessage());
                this.context.restoreAuthSystemState();
            } catch (AuthorizeException e2) {
                log.error("Authorization Error in init", e2);
                Assert.fail("Authorization Error in init: " + e2.getMessage());
                this.context.restoreAuthSystemState();
            }
        } catch (Throwable th) {
            this.context.restoreAuthSystemState();
            throw th;
        }
    }

    @Override // org.dspace.AbstractUnitTest
    @After
    public void destroy() {
        try {
            this.context.turnOffAuthorisationSystem();
            if (this.collection != null) {
                try {
                    try {
                        try {
                            CollectionHelper.delete(this.collection);
                        } catch (IOException e) {
                            log.error("deleting collection", e);
                        }
                    } catch (AuthorizeException e2) {
                        log.error("deleting collection", e2);
                    }
                } catch (SQLException e3) {
                    log.error("deleting collection", e3);
                }
                this.collection = null;
            }
            if (this.owningCommunity != null) {
                try {
                    try {
                        try {
                            this.owningCommunity.delete();
                        } catch (SQLException e4) {
                            log.error("deleting community", e4);
                        }
                    } catch (IOException e5) {
                        log.error("deleting community", e5);
                    }
                } catch (AuthorizeException e6) {
                    log.error("deleting community", e6);
                }
                this.owningCommunity = null;
            }
            if (this.member != null) {
                if (this.group != null) {
                    try {
                        this.group.removeMember(this.member);
                    } catch (Exception e7) {
                        log.error("detaching group relationship", e7);
                    }
                    try {
                        this.group.delete();
                    } catch (SQLException e8) {
                        log.error("deleting group");
                    }
                    this.group = null;
                }
                try {
                    try {
                        try {
                            this.member.delete();
                        } catch (EPersonDeletionException e9) {
                            log.error("deleting user", e9);
                        }
                    } catch (AuthorizeException e10) {
                        log.error("deleting user", e10);
                    }
                } catch (SQLException e11) {
                    log.error("deleting user", e11);
                }
            }
            super.destroy();
        } finally {
            this.context.restoreAuthSystemState();
        }
    }

    private void setWorkflowGroup(Collection collection, int i, Group group) throws SQLException, AuthorizeException {
        collection.setWorkflowGroup(i, group);
    }

    @Test
    public void testsetWorkflowGroupSetsPermission() throws SQLException, AuthorizeException {
        try {
            this.context.turnOffAuthorisationSystem();
            setWorkflowGroup(this.collection, 1, this.group);
            this.collection.update();
            this.context.restoreAuthSystemState();
            this.context.setCurrentUser(this.member);
            Assert.assertThat("Workflow step 1 Group is not our test Group", this.collection.getWorkflowGroup(1), CoreMatchers.equalTo(this.group));
            Assert.assertTrue("Test EPerson is not member of test Group", this.group.isMember(this.member));
            Assert.assertTrue("Test EPerson is not authorized for step 1", AuthorizeManager.authorizeActionBoolean(this.context, this.collection, 5, true));
        } catch (Throwable th) {
            this.context.restoreAuthSystemState();
            throw th;
        }
    }

    @Test
    public void testsetWorkflowGroupRevokesPermission() throws SQLException, AuthorizeException {
        try {
            this.context.turnOffAuthorisationSystem();
            setWorkflowGroup(this.collection, 1, this.group);
            this.collection.update();
            this.context.restoreAuthSystemState();
            this.context.setCurrentUser(this.member);
            Assert.assertThat("Test workflow group is not the group for step 1", this.collection.getWorkflowGroup(1), CoreMatchers.equalTo(this.group));
            Assert.assertTrue("Member of test workflow group not authorized for step 1", AuthorizeManager.authorizeActionBoolean(this.context, this.collection, 5, true));
            try {
                this.context.turnOffAuthorisationSystem();
                setWorkflowGroup(this.collection, 1, null);
                this.collection.update();
                this.context.restoreAuthSystemState();
                Assert.assertThat("Workflow step 1group is not null", this.collection.getWorkflowGroup(1), CoreMatchers.nullValue());
                Assert.assertFalse("Member of test workflow group is still authorized for step 1", AuthorizeManager.authorizeActionBoolean(this.context, this.collection, 5, true));
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testReviewerPermissions() throws SQLException, AuthorizeException, IOException {
        try {
            this.context.turnOffAuthorisationSystem();
            setWorkflowGroup(this.collection, 1, this.group);
            this.collection.update();
            WorkspaceItem create = WorkspaceItem.create(this.context, this.collection, false);
            Item item = create.getItem();
            Bundle createBundle = item.createBundle("ORIGINAL");
            createBundle.createBitstream(new FileInputStream(new File(testProps.get("test.bitstream").toString())));
            createBundle.update();
            item.update();
            create.update();
            WorkflowItem startWithoutNotify = WorkflowManager.startWithoutNotify(this.context, create);
            startWithoutNotify.update();
            this.context.restoreAuthSystemState();
            this.context.setCurrentUser(this.member);
            WorkflowItem find = WorkflowItem.find(this.context, startWithoutNotify.getID());
            WorkflowManager.claim(this.context, find, this.context.getCurrentUser());
            Item item2 = find.getItem();
            int i = 0;
            for (int i2 : new int[]{0, 1, 3, 4, 2}) {
                int i3 = i;
                i++;
                Assert.assertTrue("testReviewerPermissions 1-" + i3, AuthorizeManager.authorizeActionBoolean(this.context, item2, i2, false));
            }
            Bundle bundle = item2.getBundles("ORIGINAL")[0];
            DSpaceObject dSpaceObject = bundle.getBitstreams()[0];
            Assert.assertTrue("testReviewerPermissions 2-1", AuthorizeManager.authorizeActionBoolean(this.context, bundle, 0, false));
            int i4 = i;
            int i5 = i + 1;
            Assert.assertTrue("testReviewerPermissions 2-2" + i4, AuthorizeManager.authorizeActionBoolean(this.context, dSpaceObject, 0, false));
        } catch (Throwable th) {
            this.context.restoreAuthSystemState();
            throw th;
        }
    }

    @Test(expected = AuthorizeException.class)
    public void testNonWorkflowGroupMemberCannotClaimTask() throws SQLException, AuthorizeException, IOException {
        try {
            this.context.turnOffAuthorisationSystem();
            EPerson create = EPerson.create(this.context);
            create.setEmail("jane.doe@example.com");
            create.setFirstName("Jane");
            create.setLastName("Doe");
            setWorkflowGroup(this.collection, 1, this.group);
            this.collection.update();
            WorkspaceItem create2 = WorkspaceItem.create(this.context, this.collection, false);
            Item item = create2.getItem();
            Bundle createBundle = item.createBundle("ORIGINAL");
            createBundle.createBitstream(new FileInputStream(new File(testProps.get("test.bitstream").toString())));
            createBundle.update();
            item.update();
            create2.update();
            WorkflowItem startWithoutNotify = WorkflowManager.startWithoutNotify(this.context, create2);
            startWithoutNotify.update();
            this.context.restoreAuthSystemState();
            this.context.setCurrentUser(create);
            WorkflowManager.claim(this.context, WorkflowItem.find(this.context, startWithoutNotify.getID()), this.context.getCurrentUser());
            Assert.fail("Someone, not part of a workflow step group was able to claim a task without an AUthorizeException.");
        } catch (Throwable th) {
            this.context.restoreAuthSystemState();
            throw th;
        }
    }

    @Test(expected = AuthorizeException.class)
    public void testNonWorkflowGroupSubmitterCannotClaimTask() throws SQLException, AuthorizeException, IOException {
        try {
            this.context.turnOffAuthorisationSystem();
            EPerson create = EPerson.create(this.context);
            create.setEmail("richard.roe@example.com");
            create.setFirstName("Richard");
            create.setLastName("Roe");
            setWorkflowGroup(this.collection, 1, this.group);
            this.collection.update();
            WorkspaceItem create2 = WorkspaceItem.create(this.context, this.collection, false);
            Item item = create2.getItem();
            item.setSubmitter(create);
            Bundle createBundle = item.createBundle("ORIGINAL");
            createBundle.createBitstream(new FileInputStream(new File(testProps.get("test.bitstream").toString())));
            createBundle.update();
            item.update();
            create2.update();
            WorkflowItem startWithoutNotify = WorkflowManager.startWithoutNotify(this.context, create2);
            startWithoutNotify.update();
            this.context.restoreAuthSystemState();
            this.context.setCurrentUser(create);
            WorkflowManager.claim(this.context, WorkflowItem.find(this.context, startWithoutNotify.getID()), this.context.getCurrentUser());
            Assert.fail("A submitter was able to claim a task without being a member of the appropriate workflow step group. Expected: AuthorizeException.");
        } catch (Throwable th) {
            this.context.restoreAuthSystemState();
            throw th;
        }
    }
}
