package org.graylog.plugins.views.search.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.NotFoundException;
import org.apache.shiro.subject.Subject;
import org.assertj.core.api.Assertions;
import org.graylog.plugins.views.search.Query;
import org.graylog.plugins.views.search.Search;
import org.graylog.plugins.views.search.SearchDomain;
import org.graylog.plugins.views.search.permissions.SearchUser;
import org.graylog.plugins.views.search.searchfilters.ReferencedSearchFiltersHelper;
import org.graylog.plugins.views.search.searchfilters.db.SearchFilterVisibilityCheckStatus;
import org.graylog.plugins.views.search.searchfilters.db.SearchFilterVisibilityChecker;
import org.graylog.plugins.views.search.searchfilters.model.UsesSearchFilters;
import org.graylog.plugins.views.search.searchtypes.MessageList;
import org.graylog.plugins.views.search.views.Position;
import org.graylog.plugins.views.search.views.UnknownWidgetConfigDTO;
import org.graylog.plugins.views.search.views.ViewDTO;
import org.graylog.plugins.views.search.views.ViewResolver;
import org.graylog.plugins.views.search.views.ViewService;
import org.graylog.plugins.views.search.views.ViewStateDTO;
import org.graylog.plugins.views.search.views.WidgetDTO;
import org.graylog.plugins.views.search.views.WidgetPositionDTO;
import org.graylog.plugins.views.startpage.StartPageService;
import org.graylog.plugins.views.startpage.recentActivities.RecentActivityService;
import org.graylog.security.UserContext;
import org.graylog2.audit.AuditEventSender;
import org.graylog2.dashboards.events.DashboardDeletedEvent;
import org.graylog2.events.ClusterEventBus;
import org.graylog2.plugin.cluster.ClusterConfigService;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.security.PasswordAlgorithmFactory;
import org.graylog2.shared.security.Permissions;
import org.graylog2.users.UserImpl;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/graylog/plugins/views/search/rest/ViewsResourceTest.class */
public class ViewsResourceTest {
    private static final Map<String, ViewResolver> EMPTY_VIEW_RESOLVERS = Collections.emptyMap();
    private static final SearchFilterVisibilityChecker EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER = searchFilterVisibilityChecker(Collections.emptyList());
    private static final String VIEW_ID = "test-view";
    private static final SearchUser SEARCH_USER = TestSearchUser.builder().withUser(testUser -> {
        testUser.withUsername("testuser");
    }).allowView(VIEW_ID).allowEditView(VIEW_ID).allowDeleteView(VIEW_ID).allowDeleteView("foobar").canCreateDashboards(true).build();
    private static final String SEARCH_ID = "6141d457d3a6b9d73c8ac55a";
    private static final ViewDTO TEST_DASHBOARD_VIEW = ViewDTO.builder().id(VIEW_ID).title("test-dashboard").searchId(SEARCH_ID).state(Collections.emptyMap()).type(ViewDTO.Type.DASHBOARD).build();
    private static final ViewDTO TEST_SEARCH_VIEW = ViewDTO.builder().id(VIEW_ID).title("test-dashboard").searchId(SEARCH_ID).state(Collections.emptyMap()).type(ViewDTO.Type.SEARCH).build();
    private static final Search SEARCH = Search.builder().id(SEARCH_ID).queries(ImmutableSet.of()).build();

    @Test
    public void creatingViewAddsCurrentUserAsOwner() throws ValidationException {
        ViewService viewService = (ViewService) Mockito.mock(ViewService.class);
        Mockito.when(viewService.saveWithOwner((ViewDTO) ArgumentMatchers.any(), (User) ArgumentMatchers.any())).thenReturn(ViewDTO.builder().searchId("1").title("2").state(new HashMap()).build());
        createViewsResource(viewService, (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER, EMPTY_VIEW_RESOLVERS, SEARCH).create(TEST_DASHBOARD_VIEW, mockUserContext(), SEARCH_USER);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ViewDTO.class);
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(User.class);
        ((ViewService) Mockito.verify(viewService, Mockito.times(1))).saveWithOwner((ViewDTO) forClass.capture(), (User) forClass2.capture());
        Assertions.assertThat(((ViewDTO) forClass.getValue()).owner()).hasValue("testuser");
        Assertions.assertThat(((User) forClass2.getValue()).getName()).isEqualTo("testuser");
    }

    @Test
    public void throwsExceptionWhenCreatingSearchWithFilterThatUserIsNotAllowedToSee() {
        ViewsResource createViewsResource = createViewsResource((ViewService) Mockito.mock(ViewService.class), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), searchFilterVisibilityChecker(Collections.singletonList("<<You cannot see this filter>>")), EMPTY_VIEW_RESOLVERS, SEARCH);
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.create(TEST_DASHBOARD_VIEW, (UserContext) Mockito.mock(UserContext.class), SEARCH_USER);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("View cannot be saved, as it contains Search Filters which you are not privileged to view : [<<You cannot see this filter>>]");
    }

    @Test
    public void throwsExceptionWhenCreatingDashboardWithFilterThatUserIsNotAllowedToSee() {
        ViewsResource createViewsResource = createViewsResource(mockViewService(TEST_DASHBOARD_VIEW), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), searchFilterVisibilityChecker(Collections.singletonList("<<You cannot see this filter>>")), EMPTY_VIEW_RESOLVERS, SEARCH);
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.create(TEST_DASHBOARD_VIEW, (UserContext) Mockito.mock(UserContext.class), SEARCH_USER);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("View cannot be saved, as it contains Search Filters which you are not privileged to view : [<<You cannot see this filter>>]");
    }

    @Test
    public void throwsExceptionWhenUpdatingSearchWithFilterThatUserIsNotAllowedToSee() {
        ViewsResource createViewsResource = createViewsResource(mockViewService(TEST_DASHBOARD_VIEW), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), searchFilterVisibilityChecker(Collections.singletonList("<<You cannot see this filter>>")), EMPTY_VIEW_RESOLVERS, SEARCH);
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.update(VIEW_ID, TEST_DASHBOARD_VIEW, SEARCH_USER);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("View cannot be saved, as it contains Search Filters which you are not privileged to view : [<<You cannot see this filter>>]");
    }

    @Test
    public void updatesSearchSuccessfullyIfInvisibleFilterWasPresentBefore() {
        ViewService mockViewService = mockViewService(TEST_SEARCH_VIEW);
        Mockito.when(mockViewService.update((ViewDTO) ArgumentMatchers.any())).thenReturn(ViewDTO.builder().searchId("1").title("2").state(new HashMap()).build());
        createViewsResource(mockViewService, (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), referencedFiltersHelperWithIDs(Collections.singleton("<<Hidden filter, but not added by this update>>")), searchFilterVisibilityChecker(Collections.singletonList("<<Hidden filter, but not added by this update>>")), EMPTY_VIEW_RESOLVERS, SEARCH).update(VIEW_ID, TEST_SEARCH_VIEW, SEARCH_USER);
        ((ViewService) Mockito.verify(mockViewService)).update(TEST_SEARCH_VIEW);
    }

    @Test
    public void throwsExceptionWhenUpdatingDashboardWithFilterThatUserIsNotAllowedToSee() {
        ViewsResource createViewsResource = createViewsResource(mockViewService(TEST_DASHBOARD_VIEW), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), searchFilterVisibilityChecker(Collections.singletonList("<<You cannot see this filter>>")), EMPTY_VIEW_RESOLVERS, SEARCH);
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.update(VIEW_ID, TEST_DASHBOARD_VIEW, SEARCH_USER);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("View cannot be saved, as it contains Search Filters which you are not privileged to view : [<<You cannot see this filter>>]");
    }

    @Test
    public void updatesDashboardSuccessfullyIfInvisibleFilterWasPresentBefore() {
        ViewService mockViewService = mockViewService(TEST_DASHBOARD_VIEW);
        Mockito.when(mockViewService.update((ViewDTO) ArgumentMatchers.any())).thenReturn(ViewDTO.builder().searchId("1").title("2").state(new HashMap()).build());
        createViewsResource(mockViewService, (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), referencedFiltersHelperWithIDs(Collections.singleton("<<Hidden filter, but not added by this update>>")), searchFilterVisibilityChecker(Collections.singletonList("<<Hidden filter, but not added by this update>>")), EMPTY_VIEW_RESOLVERS, SEARCH).update(VIEW_ID, TEST_DASHBOARD_VIEW, SEARCH_USER);
        ((ViewService) Mockito.verify(mockViewService)).update(TEST_DASHBOARD_VIEW);
    }

    @Test
    void testVerifyIntegrity() {
        ViewsResource createViewsResource = createViewsResource((ViewService) Mockito.mock(ViewService.class), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER, EMPTY_VIEW_RESOLVERS, new Search[0]);
        ViewDTO build = ViewDTO.builder().searchId("123").title("my-search").state(Collections.emptyMap()).build();
        Search build2 = Search.builder().id("123").build();
        Assertions.assertThatCode(() -> {
            createViewsResource.validateSearchProperties(build, build2);
        }).doesNotThrowAnyException();
        Search build3 = build2.toBuilder().queries(ImmutableSet.of(Query.builder().id("Q-111").build())).build();
        ViewDTO build4 = build.toBuilder().state(Collections.singletonMap("Q-123", ViewStateDTO.builder().widgets(Collections.emptySet()).widgetMapping(Collections.emptyMap()).widgetPositions(Collections.emptyMap()).build())).build();
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.validateSearchProperties(build4, build3);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("Search queries do not correspond to view/state queries, missing query IDs: [Q-123]; search queries: [Q-111]; state queries: [Q-123]");
        Search build5 = build2.toBuilder().queries(ImmutableSet.of(Query.builder().id("Q-111").searchTypes(ImmutableSet.of(MessageList.builder().id("T-111").build())).build())).build();
        ViewDTO build6 = build.toBuilder().state(Collections.singletonMap("Q-111", ViewStateDTO.builder().widgetMapping(Collections.singletonMap("W-123", Collections.singleton("T-123"))).widgetPositions(Collections.emptyMap()).widgets(Collections.emptySet()).build())).build();
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.validateSearchProperties(build6, build5);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("missing searches [T-123]; search types: [T-111]; state types: [T-123]");
        Search build7 = build2.toBuilder().queries(ImmutableSet.of(Query.builder().id("Q-111").searchTypes(ImmutableSet.of(MessageList.builder().id("T-123").build())).build())).build();
        ViewDTO build8 = build.toBuilder().state(Collections.singletonMap("Q-111", ViewStateDTO.builder().widgets(Collections.singleton(WidgetDTO.builder().id("W-123").type("my-type").config(UnknownWidgetConfigDTO.create(Collections.emptyMap())).build())).widgetPositions(Collections.singletonMap("W-111", WidgetPositionDTO.Builder.create().col(Position.fromInt(1)).row(Position.fromInt(1)).height(Position.fromInt(100)).width(Position.fromInt(100)).build())).widgetMapping(Collections.singletonMap("W-123", Collections.singleton("T-123"))).build())).build();
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.validateSearchProperties(build8, build7);
        }).isInstanceOf(BadRequestException.class).hasMessageContaining("Widget positions don't correspond to widgets, missing widget positions [W-123]; widget IDs: [W-123]; widget positions: [W-111]");
    }

    @Test
    public void shouldNotCreateADashboardWithoutPermission() {
        ViewsResource createViewsResource = createViewsResource((ViewService) Mockito.mock(ViewService.class), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER, EMPTY_VIEW_RESOLVERS, new Search[0]);
        SearchUser build = TestSearchUser.builder().canCreateDashboards(false).build();
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.create(TEST_DASHBOARD_VIEW, (UserContext) Mockito.mock(UserContext.class), build);
        }).isInstanceOf(ForbiddenException.class);
    }

    @Test
    public void invalidObjectIdReturnsViewNotFoundException() {
        ViewsResource createViewsResource = createViewsResource((ViewService) Mockito.mock(ViewService.class), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER, EMPTY_VIEW_RESOLVERS, new Search[0]);
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.get("invalid", SEARCH_USER);
        }).isInstanceOf(NotFoundException.class);
    }

    @Test
    public void deletingDashboardTriggersEvent() {
        ViewService viewService = (ViewService) Mockito.mock(ViewService.class);
        ClusterEventBus clusterEventBus = (ClusterEventBus) Mockito.mock(ClusterEventBus.class);
        Mockito.when(viewService.get("foobar")).thenReturn(Optional.of(ViewDTO.builder().id("foobar").type(ViewDTO.Type.DASHBOARD).searchId(SEARCH_ID).title("my-dashboard").state(Collections.emptyMap()).build()));
        createViewsResource(viewService, (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), clusterEventBus, new ReferencedSearchFiltersHelper(), EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER, EMPTY_VIEW_RESOLVERS, new Search[0]).delete("foobar", SEARCH_USER);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(DashboardDeletedEvent.class);
        ((ClusterEventBus) Mockito.verify(clusterEventBus, Mockito.times(1))).post(forClass.capture());
        Assertions.assertThat(((DashboardDeletedEvent) forClass.getValue()).dashboardId()).isEqualTo("foobar");
    }

    @Test
    public void testViewResolver() {
        HashMap hashMap = new HashMap();
        hashMap.put("test-resolver", new TestableFixedViewResolver(TEST_DASHBOARD_VIEW));
        ViewsResource createViewsResource = createViewsResource((ViewService) Mockito.mock(ViewService.class), (StartPageService) Mockito.mock(StartPageService.class), (RecentActivityService) Mockito.mock(RecentActivityService.class), (ClusterEventBus) Mockito.mock(ClusterEventBus.class), new ReferencedSearchFiltersHelper(), EMPTY_SEARCH_FILTER_VISIBILITY_CHECKER, hashMap, new Search[0]);
        Assertions.assertThat(createViewsResource.get("test-resolver__test-view", SEARCH_USER).id()).isEqualTo(VIEW_ID);
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.get("invalid-resolver-name__test-view", SEARCH_USER);
        }).isInstanceOf(NotFoundException.class).hasMessageContaining("Failed to find view resolver: invalid-resolver-name");
        Assertions.assertThatThrownBy(() -> {
            createViewsResource.get("test-resolver__invalid-view-id", SEARCH_USER);
        }).isInstanceOf(NotFoundException.class).hasMessageContaining("Failed to resolve view:test-resolver__invalid-view-id");
    }

    private ViewsResource createViewsResource(ViewService viewService, StartPageService startPageService, RecentActivityService recentActivityService, ClusterEventBus clusterEventBus, ReferencedSearchFiltersHelper referencedSearchFiltersHelper, SearchFilterVisibilityChecker searchFilterVisibilityChecker, Map<String, ViewResolver> map, Search... searchArr) {
        SearchDomain searchDomain = (SearchDomain) Mockito.mock(SearchDomain.class);
        for (Search search : searchArr) {
            Mockito.when(searchDomain.getForUser((String) ArgumentMatchers.eq(search.id()), (SearchUser) ArgumentMatchers.eq(SEARCH_USER))).thenReturn(Optional.of(search));
        }
        return new ViewsResource(viewService, startPageService, recentActivityService, clusterEventBus, searchDomain, map, searchFilterVisibilityChecker, referencedSearchFiltersHelper, (AuditEventSender) Mockito.mock(AuditEventSender.class), (ObjectMapper) Mockito.mock(ObjectMapper.class)) { // from class: org.graylog.plugins.views.search.rest.ViewsResourceTest.1
            protected Subject getSubject() {
                return (Subject) Mockito.mock(Subject.class);
            }

            protected User getCurrentUser() {
                return (User) Mockito.mock(User.class);
            }
        };
    }

    private static ViewService mockViewService(ViewDTO viewDTO) {
        ViewService viewService = (ViewService) Mockito.mock(ViewService.class);
        Mockito.when(viewService.get(viewDTO.id())).thenReturn(Optional.of(viewDTO));
        return viewService;
    }

    private UserContext mockUserContext() {
        UserImpl userImpl = new UserImpl((PasswordAlgorithmFactory) Mockito.mock(PasswordAlgorithmFactory.class), new Permissions(ImmutableSet.of()), (ClusterConfigService) Mockito.mock(ClusterConfigService.class), ImmutableMap.of("username", "testuser"));
        UserContext userContext = (UserContext) Mockito.mock(UserContext.class);
        Mockito.when(userContext.getUser()).thenReturn(userImpl);
        return userContext;
    }

    private static ReferencedSearchFiltersHelper referencedFiltersHelperWithIDs(final Set<String> set) {
        return new ReferencedSearchFiltersHelper() { // from class: org.graylog.plugins.views.search.rest.ViewsResourceTest.2
            public Set<String> getReferencedSearchFiltersIds(Collection<UsesSearchFilters> collection) {
                return set;
            }
        };
    }

    private static SearchFilterVisibilityChecker searchFilterVisibilityChecker(final List<String> list) {
        return new SearchFilterVisibilityChecker() { // from class: org.graylog.plugins.views.search.rest.ViewsResourceTest.3
            public SearchFilterVisibilityCheckStatus checkSearchFilterVisibility(Predicate<String> predicate, Collection<String> collection) {
                return new SearchFilterVisibilityCheckStatus(list);
            }
        };
    }
}
