package org.fcrepo.auth.roles.basic;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.fcrepo.auth.roles.common.AccessRolesProvider;
import org.fcrepo.http.commons.session.SessionFactory;
import org.fcrepo.http.commons.test.util.TestHelpers;
import org.fcrepo.kernel.modeshape.FedoraSessionImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.modeshape.jcr.value.Path;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/fcrepo/auth/roles/basic/BasicRolesAuthorizationDelegateTest.class */
public class BasicRolesAuthorizationDelegateTest {
    private static final String[] READ_ACTION = {"read"};
    private static final String[] WRITE_ACTION = {"write"};
    private BasicRolesAuthorizationDelegate authorizationDelegate;

    @Mock
    private AccessRolesProvider accessRolesProvider;

    @Mock
    private SessionFactory sessionFactory;

    @Mock
    private FedoraSessionImpl mockFedoraSession;

    @Mock
    private Session mockSession;

    @Mock
    private Principal principal;
    private Set<Principal> allPrincipals;

    @Mock
    private Path adminablePath;

    @Mock
    private Path writablePath;

    @Mock
    private Path readablePath;

    @Mock
    private Path unreadablePath;

    @Mock
    private Path unrecognizablePath;

    @Mock
    private Path authzPath;

    @Before
    public void setUp() throws RepositoryException {
        this.authorizationDelegate = new BasicRolesAuthorizationDelegate();
        TestHelpers.setField(this.authorizationDelegate, "accessRolesProvider", this.accessRolesProvider);
        TestHelpers.setField(this.authorizationDelegate, "sessionFactory", this.sessionFactory);
        Mockito.when(this.sessionFactory.getInternalSession()).thenReturn(this.mockFedoraSession);
        Mockito.when(this.principal.getName()).thenReturn("user");
        this.allPrincipals = Collections.singleton(this.principal);
        Mockito.when(this.mockFedoraSession.getJcrSession()).thenReturn(this.mockSession);
        Mockito.when(this.mockSession.getAttribute("fedora-user-principal")).thenReturn(this.principal);
        Mockito.when(this.mockSession.getAttribute("fedora-all-principals")).thenReturn(this.allPrincipals);
        Map singletonMap = Collections.singletonMap("user", Arrays.asList("admin"));
        Map singletonMap2 = Collections.singletonMap("user", Arrays.asList("writer"));
        Map singletonMap3 = Collections.singletonMap("user", Arrays.asList("reader"));
        Map singletonMap4 = Collections.singletonMap("user", Collections.emptyList());
        Map singletonMap5 = Collections.singletonMap("user", Arrays.asList("something_else"));
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.adminablePath, this.mockSession)).thenReturn(singletonMap);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.writablePath, this.mockSession)).thenReturn(singletonMap2);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.readablePath, this.mockSession)).thenReturn(singletonMap3);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.unreadablePath, this.mockSession)).thenReturn(singletonMap4);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.unrecognizablePath, this.mockSession)).thenReturn(singletonMap5);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.authzPath, this.mockSession)).thenReturn(singletonMap2);
        Mockito.when(this.authzPath.toString()).thenReturn("/blah/{http://fedora.info/definitions/v4/authorization#}");
    }

    @Test
    public void testPermitRemoveChildNodesForRemoveChildNodesAction() {
        Assert.assertTrue(this.authorizationDelegate.hasPermission(this.mockSession, this.unreadablePath, new String[]{"remove_child_nodes"}));
    }

    @Test
    public void testPermitAnythingForAdminablePath() {
        Assert.assertTrue("Should permit write action for path with admin role", this.authorizationDelegate.hasPermission(this.mockSession, this.adminablePath, WRITE_ACTION));
        Assert.assertTrue("Should permit read action for path with admin role", this.authorizationDelegate.hasPermission(this.mockSession, this.adminablePath, READ_ACTION));
        Assert.assertTrue("Should permit another arbitrary action for path with admin role", this.authorizationDelegate.hasPermission(this.mockSession, this.adminablePath, new String[]{"whatever"}));
    }

    @Test
    public void testPermitReadAndWriteForWritablePath() {
        Assert.assertTrue("Should permit write for path with writer role", this.authorizationDelegate.hasPermission(this.mockSession, this.writablePath, WRITE_ACTION));
        Assert.assertTrue("Should permit read for path with writer role", this.authorizationDelegate.hasPermission(this.mockSession, this.writablePath, READ_ACTION));
    }

    @Test
    public void testDenyWriteForReadablePath() {
        Assert.assertFalse("Should deny write for path with reader role", this.authorizationDelegate.hasPermission(this.mockSession, this.readablePath, WRITE_ACTION));
        Assert.assertTrue("Should permit read for path with reader role", this.authorizationDelegate.hasPermission(this.mockSession, this.readablePath, READ_ACTION));
    }

    @Test
    public void testDenyReadAndWriteForUnreadablePath() {
        Assert.assertFalse("Should deny write for path with no roles", this.authorizationDelegate.hasPermission(this.mockSession, this.unreadablePath, WRITE_ACTION));
        Assert.assertFalse("Should deny read for path with no roles", this.authorizationDelegate.hasPermission(this.mockSession, this.unreadablePath, READ_ACTION));
    }

    @Test
    public void testDenyAllForUnrecognizableRole() {
        Assert.assertFalse("Should deny write for path with unrecognizable role", this.authorizationDelegate.hasPermission(this.mockSession, this.unrecognizablePath, WRITE_ACTION));
        Assert.assertFalse("Should deny read for path with unrecognizable role", this.authorizationDelegate.hasPermission(this.mockSession, this.unrecognizablePath, READ_ACTION));
    }

    @Test
    public void testDenyWriteToWriterForAuthzPath() {
        Assert.assertFalse("Should deny write for ACL path", this.authorizationDelegate.hasPermission(this.mockSession, this.authzPath, WRITE_ACTION));
    }
}
