package org.openmetadata.service.security.policyevaluator;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.openmetadata.schema.type.MetadataOperation;
import org.openmetadata.schema.type.Permission;
import org.openmetadata.schema.type.ResourcePermission;

/* loaded from: input_file:org/openmetadata/service/security/policyevaluator/PolicyEvaluatorTest.class */
class PolicyEvaluatorTest {
    PolicyEvaluatorTest() {
    }

    @Test
    public void test_AccessOrderOfPrecedence() {
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.DENY, Permission.Access.DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.ALLOW, Permission.Access.DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_DENY, Permission.Access.DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_ALLOW, Permission.Access.DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.NOT_ALLOW, Permission.Access.DENY));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.DENY, Permission.Access.ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.ALLOW, Permission.Access.ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_DENY, Permission.Access.ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_ALLOW, Permission.Access.ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.NOT_ALLOW, Permission.Access.ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.DENY, Permission.Access.CONDITIONAL_DENY));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.ALLOW, Permission.Access.CONDITIONAL_DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_DENY, Permission.Access.CONDITIONAL_DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_ALLOW, Permission.Access.CONDITIONAL_DENY));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.NOT_ALLOW, Permission.Access.CONDITIONAL_DENY));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.DENY, Permission.Access.CONDITIONAL_ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.ALLOW, Permission.Access.CONDITIONAL_ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_DENY, Permission.Access.CONDITIONAL_ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_ALLOW, Permission.Access.CONDITIONAL_ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.NOT_ALLOW, Permission.Access.CONDITIONAL_ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.DENY, Permission.Access.NOT_ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.ALLOW, Permission.Access.NOT_ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_DENY, Permission.Access.NOT_ALLOW));
        Assertions.assertTrue(CompiledRule.overrideAccess(Permission.Access.CONDITIONAL_ALLOW, Permission.Access.NOT_ALLOW));
        Assertions.assertFalse(CompiledRule.overrideAccess(Permission.Access.NOT_ALLOW, Permission.Access.NOT_ALLOW));
    }

    @Test
    void trimResourcePermissions() {
        ResourcePermission resourcePermission = getResourcePermission("r1", Permission.Access.DENY, MetadataOperation.ALL, MetadataOperation.VIEW_ALL, MetadataOperation.VIEW_BASIC, MetadataOperation.VIEW_QUERIES, MetadataOperation.EDIT_ALL, MetadataOperation.EDIT_LINEAGE, MetadataOperation.EDIT_CUSTOM_FIELDS);
        ArrayList arrayList = new ArrayList(List.of(MetadataOperation.ALL, MetadataOperation.VIEW_ALL, MetadataOperation.EDIT_ALL));
        ResourcePermission resourcePermission2 = getResourcePermission("r2", Permission.Access.ALLOW, MetadataOperation.ALL, MetadataOperation.VIEW_BASIC, MetadataOperation.VIEW_USAGE, MetadataOperation.EDIT_ALL, MetadataOperation.EDIT_LINEAGE, MetadataOperation.EDIT_CUSTOM_FIELDS, MetadataOperation.EDIT_DISPLAY_NAME);
        ArrayList arrayList2 = new ArrayList(List.of(MetadataOperation.ALL, MetadataOperation.VIEW_BASIC, MetadataOperation.VIEW_USAGE, MetadataOperation.EDIT_ALL));
        List of = List.of(resourcePermission, resourcePermission2);
        PolicyEvaluator.trimResourcePermissions(of);
        assertEqualsPermissions(arrayList, ((ResourcePermission) of.get(0)).getPermissions());
        assertEqualsPermissions(arrayList2, ((ResourcePermission) of.get(1)).getPermissions());
    }

    @Test
    void trimResourcePermission() {
        assertEqualsPermissions(new ArrayList(List.of(MetadataOperation.ALL, MetadataOperation.VIEW_ALL, MetadataOperation.EDIT_ALL)), PolicyEvaluator.trimResourcePermission(getResourcePermission("testResource", Permission.Access.ALLOW, MetadataOperation.ALL, MetadataOperation.VIEW_ALL, MetadataOperation.VIEW_BASIC, MetadataOperation.VIEW_QUERIES, MetadataOperation.EDIT_ALL, MetadataOperation.EDIT_LINEAGE, MetadataOperation.EDIT_CUSTOM_FIELDS)).getPermissions());
    }

    @Test
    void trimPermissions_withAllowAccess_trimmed() {
        assertEqualsPermissions(Arrays.asList(MetadataOperation.ALL, MetadataOperation.DELETE, MetadataOperation.CREATE, MetadataOperation.VIEW_ALL, MetadataOperation.EDIT_ALL), PolicyEvaluator.trimPermissions(getPermissions(OperationContext.getAllOperations(new MetadataOperation[0]), Permission.Access.ALLOW)));
    }

    @Test
    void trimPermissions_withDenyAccess_trimmed() {
        assertEqualsPermissions(Arrays.asList(MetadataOperation.ALL, MetadataOperation.DELETE, MetadataOperation.CREATE, MetadataOperation.VIEW_ALL, MetadataOperation.EDIT_ALL), PolicyEvaluator.trimPermissions(getPermissions(OperationContext.getAllOperations(new MetadataOperation[0]), Permission.Access.DENY)));
    }

    @Test
    void trimPermissions_withNotAllowAccessToViewAll_viewOpsNotTrimmed() {
        List<Permission> permissions = getPermissions(OperationContext.getAllOperations(new MetadataOperation[0]), Permission.Access.ALLOW);
        List list = (List) Arrays.stream(MetadataOperation.values()).filter(metadataOperation -> {
            return !metadataOperation.value().startsWith("Edit");
        }).collect(Collectors.toList());
        list.add(MetadataOperation.EDIT_ALL);
        updateAccess(permissions, MetadataOperation.VIEW_ALL, Permission.Access.NOT_ALLOW);
        assertEqualsPermissions(list, PolicyEvaluator.trimPermissions(permissions));
    }

    @Test
    void trimPermissions_withConditionalAllowAccessToEditAll_editOpsNotTrimmed() {
        List<Permission> permissions = getPermissions(OperationContext.getAllOperations(new MetadataOperation[0]), Permission.Access.ALLOW);
        List list = (List) Arrays.stream(MetadataOperation.values()).filter(metadataOperation -> {
            return !metadataOperation.value().startsWith("View");
        }).collect(Collectors.toList());
        list.add(MetadataOperation.VIEW_ALL);
        updateAccess(permissions, MetadataOperation.EDIT_ALL, Permission.Access.CONDITIONAL_ALLOW);
        assertEqualsPermissions(list, PolicyEvaluator.trimPermissions(permissions));
    }

    @Test
    void trimPermissions_withConditionalAccess_notTrimmed() {
        List<Permission> permissions = getPermissions(OperationContext.getAllOperations(new MetadataOperation[0]), Permission.Access.ALLOW);
        List allOperations = OperationContext.getAllOperations(new MetadataOperation[0]);
        updateAccess(permissions, MetadataOperation.VIEW_ALL, Permission.Access.CONDITIONAL_ALLOW);
        updateAccess(permissions, MetadataOperation.EDIT_ALL, Permission.Access.CONDITIONAL_DENY);
        assertEqualsPermissions(allOperations, PolicyEvaluator.trimPermissions(permissions));
    }

    public static void assertEqualsPermissions(List<MetadataOperation> list, List<Permission> list2) {
        Assertions.assertEquals(list.size(), list2.size());
        list2.sort(Comparator.comparing((v0) -> {
            return v0.getOperation();
        }));
        Collections.sort(list);
        for (int i = 0; i < list.size(); i++) {
            Assertions.assertEquals(list.get(i).value(), list2.get(i).getOperation().value());
        }
    }

    public static List<Permission> getPermissions(List<MetadataOperation> list, Permission.Access access) {
        ArrayList arrayList = new ArrayList();
        list.forEach(metadataOperation -> {
            arrayList.add(getPermission(metadataOperation, access));
        });
        return arrayList;
    }

    public static void updateAccess(List<Permission> list, MetadataOperation metadataOperation, Permission.Access access) {
        list.forEach(permission -> {
            if (permission.getOperation().equals(metadataOperation)) {
                permission.setAccess(access);
            }
        });
    }

    public static ResourcePermission getResourcePermission(String str, Permission.Access access, MetadataOperation... metadataOperationArr) {
        ResourcePermission resourcePermission = new ResourcePermission();
        ArrayList arrayList = new ArrayList();
        resourcePermission.setResource(str);
        for (MetadataOperation metadataOperation : metadataOperationArr) {
            arrayList.add(new Permission().withAccess(access).withOperation(metadataOperation));
        }
        resourcePermission.setPermissions(arrayList);
        return resourcePermission;
    }

    public static Permission getPermission(MetadataOperation metadataOperation, Permission.Access access) {
        Permission withOperation = new Permission().withOperation(metadataOperation);
        withOperation.setAccess(access);
        return withOperation;
    }
}
