package org.iternine.jeppetto.test.accesscontrol;

import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import org.iternine.jeppetto.dao.AccessControlContext;
import org.iternine.jeppetto.dao.AccessControlException;
import org.iternine.jeppetto.dao.AccessType;
import org.iternine.jeppetto.dao.GenericDAO;
import org.iternine.jeppetto.dao.NoSuchItemException;
import org.iternine.jeppetto.dao.SettableAccessControlContextProvider;
import org.iternine.jeppetto.dao.SimpleAccessControlContext;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/iternine/jeppetto/test/accesscontrol/AccessControlTest.class */
public abstract class AccessControlTest {
    private SettableAccessControlContextProvider accessControlContextProvider;
    private static SimpleAccessControlContext identifiedUser = new SimpleAccessControlContext("001");
    private static SimpleAccessControlContext userWithCreatorsRole = new SimpleAccessControlContext("002", Collections.singleton("Creators"));
    private static SimpleAccessControlContext userWithAccessorsRole = new SimpleAccessControlContext("003", Collections.singleton("Accessors"));
    private static SimpleAccessControlContext administrator = new SimpleAccessControlContext("004", Collections.singleton("Administrator"));
    private static SimpleAccessControlContext anotherUser = new SimpleAccessControlContext("005", Collections.singleton("Administrator"));
    private static SimpleAccessControlContext anonymousUser = new SimpleAccessControlContext();

    protected abstract DefaultAccessObjectDAO getDefaultAccessObjectDAO();

    protected abstract IdentifiedCreatableObjectDAO getIdentifiedCreatableObjectDAO();

    protected abstract RoleCreatableObjectDAO getRoleCreatableObjectDAO();

    protected abstract void reset();

    @Before
    public void before() {
        this.accessControlContextProvider = getDefaultAccessObjectDAO().getAccessControlContextProvider();
    }

    @After
    public void after() {
        reset();
        this.accessControlContextProvider = null;
    }

    @Test
    public void createObjectsWithUserWithCreatorsRole() {
        saveObjectWithContext(userWithCreatorsRole, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        saveObjectWithContext(userWithCreatorsRole, new IdentifiedCreatableObject(), getIdentifiedCreatableObjectDAO());
        saveObjectWithContext(userWithCreatorsRole, new RoleCreatableObject(), getRoleCreatableObjectDAO());
    }

    @Test
    public void createObjectsWithIdentifiedUser() {
        saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        saveObjectWithContext(identifiedUser, new IdentifiedCreatableObject(), getIdentifiedCreatableObjectDAO());
        try {
            saveObjectWithContext(identifiedUser, new RoleCreatableObject(), getRoleCreatableObjectDAO());
            throw new RuntimeException("Expected AccessControlException");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void createObjectsWithAnonymousUser() {
        saveObjectWithContext(anonymousUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        try {
            saveObjectWithContext(anonymousUser, new IdentifiedCreatableObject(), getIdentifiedCreatableObjectDAO());
            throw new RuntimeException("Expected AccessControlException");
        } catch (AccessControlException e) {
            try {
                saveObjectWithContext(anonymousUser, new RoleCreatableObject(), getRoleCreatableObjectDAO());
                throw new RuntimeException("Expected AccessControlException");
            } catch (AccessControlException e2) {
            }
        }
    }

    @Test
    public void unauthorizedAccessAttempts() throws AccessControlException, NoSuchItemException {
        String saveObjectWithContext = saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        getObjectWithContext(identifiedUser, saveObjectWithContext, getDefaultAccessObjectDAO());
        try {
            getObjectWithContext(userWithCreatorsRole, saveObjectWithContext, getDefaultAccessObjectDAO());
            throw new RuntimeException("Expected NoSuchItemException");
        } catch (NoSuchItemException e) {
            try {
                getObjectWithContext(anonymousUser, saveObjectWithContext, getDefaultAccessObjectDAO());
                throw new RuntimeException("Expected NoSuchItemException");
            } catch (NoSuchItemException e2) {
                this.accessControlContextProvider.setCurrent(identifiedUser);
                getDefaultAccessObjectDAO().revokeAccess(saveObjectWithContext, identifiedUser.getAccessId());
                try {
                    getObjectWithContext(identifiedUser, saveObjectWithContext, getDefaultAccessObjectDAO());
                    throw new RuntimeException("Expected NoSuchItemException");
                } catch (NoSuchItemException e3) {
                    try {
                        getObjectWithContext(anonymousUser, saveObjectWithContext, getDefaultAccessObjectDAO());
                        throw new RuntimeException("Expected NoSuchItemException");
                    } catch (NoSuchItemException e4) {
                    }
                }
            }
        }
    }

    @Test
    public void cantDeleteOthersObject() throws AccessControlException, NoSuchItemException {
        String saveObjectWithContext = saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        this.accessControlContextProvider.setCurrent(userWithCreatorsRole);
        getDefaultAccessObjectDAO().deleteById(saveObjectWithContext);
        getObjectWithContext(identifiedUser, saveObjectWithContext, getDefaultAccessObjectDAO());
    }

    @Test
    public void grantedAccessAttempt() throws NoSuchItemException {
        String saveObjectWithContext = saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        this.accessControlContextProvider.setCurrent(identifiedUser);
        getDefaultAccessObjectDAO().grantAccess(saveObjectWithContext, userWithCreatorsRole.getAccessId(), AccessType.Read);
        getObjectWithContext(userWithCreatorsRole, saveObjectWithContext, getDefaultAccessObjectDAO());
        try {
            this.accessControlContextProvider.setCurrent(userWithCreatorsRole);
            getDefaultAccessObjectDAO().grantAccess(saveObjectWithContext, anotherUser.getAccessId(), AccessType.Read);
            throw new RuntimeException("Expected AccessControlException");
        } catch (AccessControlException e) {
            try {
                this.accessControlContextProvider.setCurrent(userWithCreatorsRole);
                getDefaultAccessObjectDAO().grantAccess(saveObjectWithContext, userWithCreatorsRole.getAccessId(), AccessType.ReadWrite);
                throw new RuntimeException("Expected AccessControlException");
            } catch (AccessControlException e2) {
                this.accessControlContextProvider.setCurrent(identifiedUser);
                getDefaultAccessObjectDAO().grantAccess(saveObjectWithContext, userWithCreatorsRole.getAccessId(), AccessType.ReadWrite);
                this.accessControlContextProvider.setCurrent(userWithCreatorsRole);
                getDefaultAccessObjectDAO().grantAccess(saveObjectWithContext, anotherUser.getAccessId(), AccessType.Read);
                getObjectWithContext(anotherUser, saveObjectWithContext, getDefaultAccessObjectDAO());
                this.accessControlContextProvider.setCurrent(identifiedUser);
                Map grantedAccesses = getDefaultAccessObjectDAO().getGrantedAccesses(saveObjectWithContext);
                Assert.assertEquals(3L, grantedAccesses.size());
                Assert.assertEquals(AccessType.ReadWrite, grantedAccesses.get(identifiedUser.getAccessId()));
                Assert.assertEquals(AccessType.ReadWrite, grantedAccesses.get(userWithCreatorsRole.getAccessId()));
                Assert.assertEquals(AccessType.Read, grantedAccesses.get(anotherUser.getAccessId()));
            }
        }
    }

    @Test
    public void updateObjectWithCreatorContext() {
        DefaultAccessObject defaultAccessObject = (DefaultAccessObject) getObjectWithContext(identifiedUser, saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO()), getDefaultAccessObjectDAO());
        defaultAccessObject.setIntValue(5);
        saveObjectWithContext(identifiedUser, defaultAccessObject, getDefaultAccessObjectDAO());
    }

    @Test
    public void updateObjectWithReadWriteContext() {
        IdentifiedCreatableObject identifiedCreatableObject = (IdentifiedCreatableObject) getObjectWithContext(administrator, saveObjectWithContext(identifiedUser, new IdentifiedCreatableObject(), getIdentifiedCreatableObjectDAO()), getIdentifiedCreatableObjectDAO());
        identifiedCreatableObject.setIntValue(5);
        saveObjectWithContext(identifiedUser, identifiedCreatableObject, getIdentifiedCreatableObjectDAO());
    }

    @Test(expected = AccessControlException.class)
    public void updateObjectWithReadContext() {
        String saveObjectWithContext = saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        this.accessControlContextProvider.setCurrent(identifiedUser);
        getDefaultAccessObjectDAO().grantAccess(saveObjectWithContext, userWithCreatorsRole.getAccessId(), AccessType.Read);
        DefaultAccessObject defaultAccessObject = (DefaultAccessObject) getObjectWithContext(userWithCreatorsRole, saveObjectWithContext, getDefaultAccessObjectDAO());
        defaultAccessObject.setIntValue(5);
        saveObjectWithContext(userWithCreatorsRole, defaultAccessObject, getDefaultAccessObjectDAO());
    }

    @Test
    public void allowedRoleAccessAttempt() throws NoSuchItemException {
        getObjectWithContext(administrator, saveObjectWithContext(identifiedUser, new IdentifiedCreatableObject(), getIdentifiedCreatableObjectDAO()), getIdentifiedCreatableObjectDAO());
    }

    @Test
    public void createAndGetOwnObjects() {
        for (int i = 0; i < 10; i++) {
            saveObjectWithContext(identifiedUser, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        }
        for (int i2 = 0; i2 < 5; i2++) {
            saveObjectWithContext(userWithCreatorsRole, new DefaultAccessObject(), getDefaultAccessObjectDAO());
        }
        this.accessControlContextProvider.setCurrent(identifiedUser);
        String str = null;
        int i3 = 0;
        for (DefaultAccessObject defaultAccessObject : getDefaultAccessObjectDAO().findAll()) {
            if (str == null) {
                str = defaultAccessObject.getId();
            }
            i3++;
        }
        Assert.assertEquals(10L, i3);
        this.accessControlContextProvider.setCurrent(userWithCreatorsRole);
        int i4 = 0;
        Iterator it = getDefaultAccessObjectDAO().findAll().iterator();
        while (it.hasNext()) {
            Assert.assertNotSame(str, ((DefaultAccessObject) it.next()).getId());
            i4++;
        }
        Assert.assertEquals(5L, i4);
    }

    @Test
    public void creatorWithAccessTypeNoneCantAccessObject() {
        String saveObjectWithContext = saveObjectWithContext(userWithCreatorsRole, new RoleCreatableObject(), getRoleCreatableObjectDAO());
        try {
            getObjectWithContext(userWithCreatorsRole, saveObjectWithContext, getRoleCreatableObjectDAO());
            throw new RuntimeException("Creator should not be able to access this object (grantedAccess of None prohibits)");
        } catch (NoSuchItemException e) {
            getObjectWithContext(userWithAccessorsRole, saveObjectWithContext, getRoleCreatableObjectDAO());
        }
    }

    @Test
    public void accessObjectUsingAsQueries() {
        String saveObjectWithContext = saveObjectWithContext(userWithCreatorsRole, new RoleCreatableObject(), getRoleCreatableObjectDAO());
        try {
            getObjectWithContext(userWithCreatorsRole, saveObjectWithContext, getRoleCreatableObjectDAO());
            throw new RuntimeException("Creator should not be able to access this object (grantedAccess of None prohibits)");
        } catch (NoSuchItemException e) {
            Assert.assertEquals(saveObjectWithContext, getRoleCreatableObjectDAO().findByIdAs(saveObjectWithContext, userWithAccessorsRole).getId());
            try {
                getRoleCreatableObjectDAO().findByIdAs(saveObjectWithContext, anotherUser);
                throw new RuntimeException("User should not be able to access this object");
            } catch (NoSuchItemException e2) {
            }
        }
    }

    @Test
    public void saveAndUpdateObjectWithExplicitAccessControlContext() {
        RoleCreatableObject roleCreatableObject = new RoleCreatableObject();
        getRoleCreatableObjectDAO().save(roleCreatableObject, userWithCreatorsRole);
        RoleCreatableObject findByIdAs = getRoleCreatableObjectDAO().findByIdAs(roleCreatableObject.getId(), userWithAccessorsRole);
        try {
            getRoleCreatableObjectDAO().save(findByIdAs, userWithCreatorsRole);
            throw new RuntimeException("Creator can only create, not update");
        } catch (AccessControlException e) {
            getRoleCreatableObjectDAO().save(findByIdAs, userWithAccessorsRole);
        }
    }

    @Test
    public void grantObjectAccessWithExplicitAccessControlContext() {
        RoleCreatableObject roleCreatableObject = new RoleCreatableObject();
        getRoleCreatableObjectDAO().save(roleCreatableObject, userWithCreatorsRole);
        try {
            getObjectWithContext(userWithCreatorsRole, roleCreatableObject.getId(), getRoleCreatableObjectDAO());
            throw new RuntimeException("Creator should not be able to access this object (grantedAccess of None prohibits)");
        } catch (NoSuchItemException e) {
            try {
                getRoleCreatableObjectDAO().grantAccess(roleCreatableObject.getId(), userWithCreatorsRole.getAccessId(), AccessType.ReadWrite, userWithCreatorsRole);
                throw new RuntimeException("Creator can't grant himself access");
            } catch (NoSuchItemException e2) {
                getRoleCreatableObjectDAO().grantAccess(roleCreatableObject.getId(), userWithCreatorsRole.getAccessId(), AccessType.ReadWrite, userWithAccessorsRole);
                getObjectWithContext(userWithCreatorsRole, roleCreatableObject.getId(), getRoleCreatableObjectDAO());
            }
        }
    }

    @Test
    public void verifyGrantedAccessesContainExpectedValues() {
        Map grantedAccesses = getDefaultAccessObjectDAO().getGrantedAccesses(saveObjectWithContext(userWithCreatorsRole, new DefaultAccessObject(), getDefaultAccessObjectDAO()), userWithCreatorsRole);
        Assert.assertEquals(1L, grantedAccesses.size());
        Assert.assertEquals(userWithCreatorsRole.getAccessId(), grantedAccesses.keySet().iterator().next());
        Assert.assertEquals(AccessType.ReadWrite, grantedAccesses.values().iterator().next());
    }

    private String saveObjectWithContext(AccessControlContext accessControlContext, IdentifiableObject identifiableObject, GenericDAO genericDAO) {
        this.accessControlContextProvider.setCurrent(accessControlContext);
        try {
            genericDAO.save(identifiableObject);
            String id = identifiableObject.getId();
            this.accessControlContextProvider.setCurrent((AccessControlContext) null);
            return id;
        } catch (Throwable th) {
            this.accessControlContextProvider.setCurrent((AccessControlContext) null);
            throw th;
        }
    }

    private <T extends IdentifiableObject, ID> T getObjectWithContext(AccessControlContext accessControlContext, ID id, GenericDAO<T, ID> genericDAO) throws AccessControlException, NoSuchItemException {
        this.accessControlContextProvider.setCurrent(accessControlContext);
        try {
            T t = (T) genericDAO.findById(id);
            Assert.assertEquals(t.getId(), id);
            this.accessControlContextProvider.setCurrent((AccessControlContext) null);
            return t;
        } catch (Throwable th) {
            this.accessControlContextProvider.setCurrent((AccessControlContext) null);
            throw th;
        }
    }
}
