package org.graylog.security.entities;

import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSet;
import org.assertj.core.api.Assertions;
import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog.security.BuiltinCapabilities;
import org.graylog.security.GranteeAuthorizer;
import org.graylog.testing.completebackend.apis.Sharing;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;

/* loaded from: input_file:org/graylog/security/entities/EntityDependencyPermissionCheckerTest.class */
public class EntityDependencyPermissionCheckerTest {

    @Mock
    private GranteeAuthorizer.Factory userAuthorizerFactory;
    private EntityDependencyPermissionChecker resolver;

    @Rule
    public final MockitoRule mockitoRule = MockitoJUnit.rule();
    private GRNRegistry grnRegistry = GRNRegistry.createWithBuiltinTypes();

    @Before
    public void setUp() throws Exception {
        this.resolver = new EntityDependencyPermissionChecker(this.userAuthorizerFactory, new BuiltinCapabilities());
    }

    @Test
    public void checkWithPermitted() {
        Assertions.assertThat(runCheck(true, true)).satisfies(immutableMultimap -> {
            Assertions.assertThat(immutableMultimap.values()).isEmpty();
        });
    }

    @Test
    public void checkWithDenied() {
        Assertions.assertThat(runCheck(true, false)).satisfies(immutableMultimap -> {
            Assertions.assertThat(immutableMultimap.values()).isNotEmpty();
        });
    }

    @Test
    public void checkWithDeniedAndSharingUserDenied() {
        Assertions.assertThat(runCheck(false, true)).satisfies(immutableMultimap -> {
            Assertions.assertThat(immutableMultimap.values()).isEmpty();
        });
    }

    private ImmutableMultimap<GRN, EntityDescriptor> runCheck(boolean z, boolean z2) {
        GRN newGRN = this.grnRegistry.newGRN(Sharing.ENTITY_USER, "john");
        GRN newGRN2 = this.grnRegistry.newGRN(Sharing.ENTITY_USER, "jane");
        GRN newGRN3 = this.grnRegistry.newGRN(Sharing.ENTITY_STREAM, "54e3deadbeefdeadbeef0001");
        GranteeAuthorizer granteeAuthorizer = (GranteeAuthorizer) Mockito.mock(GranteeAuthorizer.class);
        GranteeAuthorizer granteeAuthorizer2 = (GranteeAuthorizer) Mockito.mock(GranteeAuthorizer.class);
        ImmutableSet of = ImmutableSet.of(newGRN);
        ImmutableSet of2 = ImmutableSet.of(EntityDescriptor.create(newGRN3, "Title", ImmutableSet.of()));
        Mockito.when(this.userAuthorizerFactory.create(newGRN2)).thenReturn(granteeAuthorizer);
        Mockito.when(this.userAuthorizerFactory.create(newGRN)).thenReturn(granteeAuthorizer2);
        Mockito.when(Boolean.valueOf(granteeAuthorizer.isPermitted(ArgumentMatchers.anyString(), (GRN) ArgumentMatchers.any(GRN.class)))).thenReturn(Boolean.valueOf(z));
        Mockito.when(Boolean.valueOf(granteeAuthorizer2.isPermitted("streams:read", newGRN3))).thenReturn(Boolean.valueOf(z2));
        ImmutableMultimap<GRN, EntityDescriptor> check = this.resolver.check(newGRN2, of2, of);
        ((GranteeAuthorizer) Mockito.verify(granteeAuthorizer, Mockito.times(1))).isPermitted("streams:read", newGRN3);
        Mockito.verifyNoMoreInteractions(new Object[]{granteeAuthorizer});
        return check;
    }
}
