package org.graylog.security.shares;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSet;
import com.google.common.eventbus.EventBus;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.shiro.subject.Subject;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowingConsumer;
import org.graylog.grn.GRN;
import org.graylog.grn.GRNRegistry;
import org.graylog.grn.GRNTypes;
import org.graylog.security.BuiltinCapabilities;
import org.graylog.security.Capability;
import org.graylog.security.DBGrantService;
import org.graylog.security.entities.EntityDependencyPermissionChecker;
import org.graylog.security.entities.EntityDependencyResolver;
import org.graylog.security.shares.EntityShareResponse;
import org.graylog.testing.GRNExtension;
import org.graylog.testing.mongodb.MongoDBExtension;
import org.graylog.testing.mongodb.MongoDBFixtures;
import org.graylog.testing.mongodb.MongoDBTestService;
import org.graylog.testing.mongodb.MongoJackExtension;
import org.graylog2.bindings.providers.MongoJackObjectMapperProvider;
import org.graylog2.plugin.database.users.User;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.extension.Extensions;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@MongoDBFixtures({"EntitySharesServiceTest.json"})
@Extensions({@ExtendWith({MongoDBExtension.class}), @ExtendWith({MongoJackExtension.class}), @ExtendWith({GRNExtension.class}), @ExtendWith({MockitoExtension.class})})
/* loaded from: input_file:org/graylog/security/shares/EntitySharesServiceTest.class */
class EntitySharesServiceTest {
    private EntitySharesService entitySharesService;

    @Mock
    private EntityDependencyResolver entityDependencyResolver;

    @Mock
    private EntityDependencyPermissionChecker entityDependencyPermissionChecker;

    @Mock
    private GranteeService granteeService;
    private GRNRegistry grnRegistry;
    private DBGrantService dbGrantService;

    EntitySharesServiceTest() {
    }

    @BeforeEach
    void setUp(MongoDBTestService mongoDBTestService, MongoJackObjectMapperProvider mongoJackObjectMapperProvider, GRNRegistry gRNRegistry) {
        this.grnRegistry = gRNRegistry;
        this.dbGrantService = new DBGrantService(mongoDBTestService.mongoConnection(), mongoJackObjectMapperProvider, this.grnRegistry);
        Mockito.lenient().when(this.entityDependencyResolver.resolve((GRN) ArgumentMatchers.any())).thenReturn(ImmutableSet.of());
        Mockito.lenient().when(this.entityDependencyPermissionChecker.check((GRN) ArgumentMatchers.any(), (ImmutableSet) ArgumentMatchers.any(), (Set) ArgumentMatchers.any())).thenReturn(ImmutableMultimap.of());
        Mockito.lenient().when(this.granteeService.getAvailableGrantees((User) ArgumentMatchers.any())).thenReturn(ImmutableSet.of());
        this.entitySharesService = new EntitySharesService(this.dbGrantService, this.entityDependencyResolver, this.entityDependencyPermissionChecker, gRNRegistry, this.granteeService, (EventBus) Mockito.mock(EventBus.class));
        new BuiltinCapabilities();
    }

    @DisplayName("Validates we cannot remove the last owner")
    @Test
    void validateLastOwnerCannotBeRemoved() {
        GRN newGRN = this.grnRegistry.newGRN(GRNTypes.STREAM, "54e3deadbeefdeadbeefaffe");
        EntityShareRequest create = EntityShareRequest.create(ImmutableMap.of());
        Set set = (Set) ((Set) this.dbGrantService.getAll().stream().map((v0) -> {
            return v0.grantee();
        }).collect(Collectors.toSet())).stream().map(grn -> {
            return Grantee.createUser(grn, grn.entity());
        }).collect(Collectors.toSet());
        Mockito.lenient().when(this.granteeService.getAvailableGrantees((User) ArgumentMatchers.any())).thenReturn(set);
        Mockito.lenient().when(this.granteeService.getModifiableGrantees((Set) ArgumentMatchers.any(), (ImmutableSet) ArgumentMatchers.any())).thenReturn(set);
        Assertions.assertThat(this.entitySharesService.prepareShare(newGRN, create, createMockUser("hans"), (Subject) Mockito.mock(Subject.class)).validationResult()).satisfies(new ThrowingConsumer[]{validationResult -> {
            Assertions.assertThat(validationResult.failed()).isTrue();
            Assertions.assertThat(validationResult.getErrors()).isNotEmpty();
            Assertions.assertThat(((Collection) validationResult.getErrors().get("selected_grantee_capabilities")).toString()).contains(new CharSequence[]{"Removing the following owners"}).contains(new CharSequence[]{"grn::::user:jane"}).contains(new CharSequence[]{"grn::::user:invisible"});
        }});
    }

    @DisplayName("The validation should ignore invisble owners")
    @Test
    void ignoreInvisibleOwners() {
        GRN newGRN = this.grnRegistry.newGRN(GRNTypes.STREAM, "54e3deadbeefdeadbeefaffe");
        EntityShareRequest create = EntityShareRequest.create(ImmutableMap.of());
        Set set = (Set) ((Set) this.dbGrantService.getAll().stream().map((v0) -> {
            return v0.grantee();
        }).collect(Collectors.toSet())).stream().filter(grn -> {
            return grn.toString().equals("grn::::user:invisible");
        }).map(grn2 -> {
            return Grantee.createUser(grn2, grn2.entity());
        }).collect(Collectors.toSet());
        Mockito.lenient().when(this.granteeService.getAvailableGrantees((User) ArgumentMatchers.any())).thenReturn(set);
        Mockito.lenient().when(this.granteeService.getModifiableGrantees((Set) ArgumentMatchers.any(), (ImmutableSet) ArgumentMatchers.any())).thenReturn(set);
        Assertions.assertThat(this.entitySharesService.prepareShare(newGRN, create, createMockUser("hans"), (Subject) Mockito.mock(Subject.class)).validationResult()).satisfies(new ThrowingConsumer[]{validationResult -> {
            Assertions.assertThat(validationResult.failed()).isFalse();
        }});
    }

    @DisplayName("Validates we cannot remove the last owner by changing the own capability")
    @Test
    void validateLastOwnerCannotBeRemovedByChangingCapability() {
        GRN newGRN = this.grnRegistry.newGRN(GRNTypes.EVENT_DEFINITION, "54e3deadbeefdeadbeefaffe");
        GRN newGRN2 = this.grnRegistry.newGRN(GRNTypes.USER, "bob");
        EntityShareRequest create = EntityShareRequest.create(ImmutableMap.of(newGRN2, Capability.VIEW));
        User createMockUser = createMockUser("requestingUser");
        ImmutableSet of = ImmutableSet.of(Grantee.createUser(newGRN2, "bob"));
        Mockito.when(this.granteeService.getAvailableGrantees(createMockUser)).thenReturn(of);
        Mockito.lenient().when(this.granteeService.getModifiableGrantees((Set) ArgumentMatchers.any(), (ImmutableSet) ArgumentMatchers.any())).thenReturn(of);
        Assertions.assertThat(this.entitySharesService.prepareShare(newGRN, create, createMockUser, (Subject) Mockito.mock(Subject.class)).validationResult()).satisfies(new ThrowingConsumer[]{validationResult -> {
            Assertions.assertThat(validationResult.failed()).isTrue();
            Assertions.assertThat(validationResult.getErrors()).isNotEmpty();
            Assertions.assertThat((Collection) validationResult.getErrors().get("selected_grantee_capabilities")).contains(new String[]{"Removing the following owners <[grn::::user:bob]> will leave the entity ownerless."});
        }});
    }

    @DisplayName("Validates we can switch owners")
    @Test
    void validateOwnerSwitch() {
        Assertions.assertThat(this.entitySharesService.prepareShare(this.grnRegistry.newGRN(GRNTypes.STREAM, "54e3deadbeefdeadbeefaffe"), EntityShareRequest.create(ImmutableMap.of(this.grnRegistry.newGRN(GRNTypes.USER, "horst"), Capability.OWN)), createMockUser("hans"), (Subject) Mockito.mock(Subject.class)).validationResult()).satisfies(new ThrowingConsumer[]{validationResult -> {
            Assertions.assertThat(validationResult.failed()).isFalse();
            Assertions.assertThat(validationResult.getErrors()).isEmpty();
        }});
    }

    @DisplayName("Validates we can modify ownerless entitites")
    @Test
    void validateOwnerless() {
        Assertions.assertThat(this.entitySharesService.prepareShare(this.grnRegistry.newGRN(GRNTypes.DASHBOARD, "54e3deadbeefdeadbeefaffe"), EntityShareRequest.create(ImmutableMap.of(this.grnRegistry.newGRN(GRNTypes.USER, "horst"), Capability.MANAGE)), createMockUser("hans"), (Subject) Mockito.mock(Subject.class)).validationResult()).satisfies(new ThrowingConsumer[]{validationResult -> {
            Assertions.assertThat(validationResult.failed()).isFalse();
            Assertions.assertThat(validationResult.getErrors()).isEmpty();
        }});
    }

    @DisplayName("Don't run validation on initial empty request")
    @Test
    void noValidationOnEmptyRequest() {
        Assertions.assertThat(this.entitySharesService.prepareShare(this.grnRegistry.newGRN(GRNTypes.DASHBOARD, "54e3deadbeefdeadbeefaffe"), EntityShareRequest.create((Map) null), createMockUser("hans"), (Subject) Mockito.mock(Subject.class)).validationResult()).satisfies(new ThrowingConsumer[]{validationResult -> {
            Assertions.assertThat(validationResult.failed()).isFalse();
            Assertions.assertThat(validationResult.getErrors()).isEmpty();
        }});
    }

    @DisplayName("Only show shares for visible grantees")
    @Test
    void noSharesforInvisibleGrantees() {
        Assertions.assertThat(this.entitySharesService.prepareShare(this.grnRegistry.newGRN(GRNTypes.STREAM, "54e3deadbeefdeadbeefaffe"), EntityShareRequest.create((Map) null), createMockUser("hans"), (Subject) Mockito.mock(Subject.class)).activeShares()).satisfies(new ThrowingConsumer[]{collection -> {
            Assertions.assertThat(collection).isEmpty();
        }});
    }

    @DisplayName("Only show shares for visible grantees")
    @Test
    void showShareForVisibleGrantee() {
        GRN newGRN = this.grnRegistry.newGRN(GRNTypes.STREAM, "54e3deadbeefdeadbeefaffe");
        EntityShareRequest create = EntityShareRequest.create((Map) null);
        User createMockUser = createMockUser("hans");
        GRN newGRN2 = this.grnRegistry.newGRN(GRNTypes.USER, "jane");
        ImmutableSet of = ImmutableSet.of(Grantee.createUser(newGRN2, "jane"));
        Mockito.when(this.granteeService.getAvailableGrantees(createMockUser)).thenReturn(of);
        Mockito.lenient().when(this.granteeService.getModifiableGrantees((Set) ArgumentMatchers.any(), (ImmutableSet) ArgumentMatchers.any())).thenReturn(of);
        Assertions.assertThat(this.entitySharesService.prepareShare(newGRN, create, createMockUser, (Subject) Mockito.mock(Subject.class)).activeShares()).satisfies(new ThrowingConsumer[]{collection -> {
            Assertions.assertThat(collection).hasSize(1);
            Assertions.assertThat(((EntityShareResponse.ActiveShare) collection.iterator().next()).grantee()).isEqualTo(newGRN2);
        }});
    }

    private User createMockUser(String str) {
        User user = (User) Mockito.mock(User.class);
        Mockito.lenient().when(user.getName()).thenReturn(str);
        Mockito.lenient().when(user.getId()).thenReturn(str);
        return user;
    }
}
