package org.opencms.security;

import com.opencms.template.A_CmsXmlContent;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import junit.extensions.TestSetup;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.opencms.file.CmsGroup;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsUser;
import org.opencms.main.OpenCms;
import org.opencms.test.OpenCmsTestCase;
import org.opencms.test.OpenCmsTestProperties;

/* loaded from: input_file:org/opencms/security/TestRoles.class */
public class TestRoles extends OpenCmsTestCase {
    public TestRoles(String str) {
        super(str);
    }

    public static Test suite() {
        OpenCmsTestProperties.initialize(org.opencms.test.AllTests.TEST_PROPERTIES_PATH);
        TestSuite testSuite = new TestSuite();
        testSuite.setName(TestRoles.class.getName());
        testSuite.addTest(new TestRoles("testRoleExceptionMessages"));
        testSuite.addTest(new TestRoles("testRoleAssignments"));
        testSuite.addTest(new TestRoles("testSubRoles"));
        testSuite.addTest(new TestRoles("testVirtualRoleGroups"));
        testSuite.addTest(new TestRoles("testRoleDelegating"));
        return new TestSetup(testSuite) { // from class: org.opencms.security.TestRoles.1
            protected void setUp() {
                OpenCmsTestCase.setupOpenCms("simpletest", "/");
            }

            protected void tearDown() {
                OpenCmsTestCase.removeOpenCms();
            }
        };
    }

    private static void checkMessage(String str) {
        System.out.println(str);
        assertFalse(str.indexOf("???") >= 0);
        assertFalse(str.indexOf(123) >= 0);
    }

    public void testRoleAssignments() throws Exception {
        echo("Testing role assignments");
        CmsObject cmsObject = getCmsObject();
        CmsRoleManager roleManager = OpenCms.getRoleManager();
        roleManager.checkRoleForResource(cmsObject, CmsRole.ROOT_ADMIN, "/");
        roleManager.checkRole(cmsObject, CmsRole.ROOT_ADMIN);
        roleManager.checkRoleForResource(cmsObject, CmsRole.DEVELOPER, "/");
        roleManager.checkRole(cmsObject, CmsRole.DEVELOPER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION));
        roleManager.checkRoleForResource(cmsObject, CmsRole.WORKPLACE_MANAGER, "/");
        roleManager.checkRole(cmsObject, CmsRole.WORKPLACE_MANAGER);
        assertFalse(roleManager.getManageableGroups(cmsObject, A_CmsXmlContent.C_TEMPLATE_EXTENSION, false).isEmpty());
        assertFalse(roleManager.getManageableUsers(cmsObject, A_CmsXmlContent.C_TEMPLATE_EXTENSION, false).isEmpty());
        assertFalse(roleManager.getOrgUnitsForRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), false).isEmpty());
        assertFalse(roleManager.getRolesOfUser(cmsObject, cmsObject.getRequestContext().getCurrentUser().getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, false, false).isEmpty());
        assertTrue(roleManager.getUsersOfRole(cmsObject, CmsRole.ROOT_ADMIN, true, false).contains(cmsObject.getRequestContext().getCurrentUser()));
        assertTrue(roleManager.getUsersOfRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), true, true).isEmpty());
        assertEquals(1, roleManager.getUsersOfRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), true, false).size());
        CmsUser readUser = cmsObject.readUser("test1");
        assertFalse(roleManager.hasRoleForResource(cmsObject, readUser.getName(), CmsRole.ROOT_ADMIN, "/"));
        assertFalse(roleManager.hasRole(cmsObject, readUser.getName(), CmsRole.ROOT_ADMIN));
        assertFalse(roleManager.hasRoleForResource(cmsObject, readUser.getName(), CmsRole.DEVELOPER, "/"));
        assertFalse(roleManager.hasRole(cmsObject, readUser.getName(), CmsRole.DEVELOPER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION)));
        assertFalse(roleManager.hasRoleForResource(cmsObject, readUser.getName(), CmsRole.WORKPLACE_MANAGER, "/"));
        assertFalse(roleManager.hasRole(cmsObject, readUser.getName(), CmsRole.WORKPLACE_MANAGER));
        assertEquals(5, roleManager.getRolesOfUser(cmsObject, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, false, false).size());
        assertFalse(roleManager.getUsersOfRole(cmsObject, CmsRole.ROOT_ADMIN, true, false).contains(readUser));
        assertTrue(roleManager.getUsersOfRole(cmsObject, CmsRole.ROOT_ADMIN, true, false).contains(cmsObject.getRequestContext().getCurrentUser()));
        assertTrue(roleManager.getUsersOfRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), true, false).contains(cmsObject.getRequestContext().getCurrentUser()));
        cmsObject.loginUser(readUser.getName(), "test1");
        try {
            cmsObject.createUser("mytest", "mytest", "my test", (Map) null);
            fail("the user should not have account management permissions");
        } catch (CmsRoleViolationException e) {
        }
        assertTrue(roleManager.getManageableGroups(cmsObject, A_CmsXmlContent.C_TEMPLATE_EXTENSION, false).isEmpty());
        assertTrue(roleManager.getManageableUsers(cmsObject, A_CmsXmlContent.C_TEMPLATE_EXTENSION, false).isEmpty());
        assertTrue(roleManager.getOrgUnitsForRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), false).isEmpty());
        CmsObject cmsObject2 = getCmsObject();
        roleManager.addUserToRole(cmsObject2, CmsRole.ADMINISTRATOR, readUser.getName());
        cmsObject2.loginUser(readUser.getName(), "test1");
        cmsObject2.createUser("mytest", "mytest", "my test", (Map) null);
        assertFalse(roleManager.hasRoleForResource(cmsObject2, readUser.getName(), CmsRole.ROOT_ADMIN, "/"));
        assertFalse(roleManager.hasRole(cmsObject2, readUser.getName(), CmsRole.ROOT_ADMIN));
        assertTrue(roleManager.hasRoleForResource(cmsObject2, readUser.getName(), CmsRole.DEVELOPER, "/"));
        assertTrue(roleManager.hasRole(cmsObject2, readUser.getName(), CmsRole.DEVELOPER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION)));
        assertFalse(roleManager.hasRoleForResource(cmsObject2, readUser.getName(), CmsRole.WORKPLACE_MANAGER, "/"));
        assertFalse(roleManager.hasRole(cmsObject2, readUser.getName(), CmsRole.WORKPLACE_MANAGER));
        assertFalse(roleManager.getManageableGroups(cmsObject2, A_CmsXmlContent.C_TEMPLATE_EXTENSION, false).isEmpty());
        assertFalse(roleManager.getManageableUsers(cmsObject2, A_CmsXmlContent.C_TEMPLATE_EXTENSION, false).isEmpty());
        assertFalse(roleManager.getOrgUnitsForRole(cmsObject2, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), false).isEmpty());
        assertFalse(roleManager.getRolesOfUser(cmsObject2, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, false, false).isEmpty());
        assertTrue(roleManager.getUsersOfRole(cmsObject2, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), true, false).contains(cmsObject2.getRequestContext().getCurrentUser()));
        assertTrue(roleManager.getUsersOfRole(cmsObject2, CmsRole.ACCOUNT_MANAGER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), true, true).isEmpty());
        assertTrue(roleManager.getUsersOfRole(cmsObject2, CmsRole.ROOT_ADMIN, true, false).contains(cmsObject2.readUser("Admin")));
        assertFalse(roleManager.getUsersOfRole(cmsObject2, CmsRole.ROOT_ADMIN, true, false).contains(cmsObject2.getRequestContext().getCurrentUser()));
    }

    public void testRoleDelegating() throws Exception {
        echo("Testing role delegating");
        CmsObject cmsObject = getCmsObject();
        CmsRoleManager roleManager = OpenCms.getRoleManager();
        CmsUser createUser = cmsObject.createUser("testUser", "testUser", "testUser", (Map) null);
        roleManager.addUserToRole(cmsObject, CmsRole.ACCOUNT_MANAGER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), createUser.getName());
        cmsObject.loginUser(createUser.getName(), "testUser");
        CmsUser createUser2 = cmsObject.createUser("testUser2", "testUser2", "testUser2", (Map) null);
        try {
            roleManager.addUserToRole(cmsObject, CmsRole.DEVELOPER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), createUser2.getName());
            fail("it should not be possible to delegate a role you do not have");
        } catch (CmsRoleViolationException e) {
        }
        roleManager.addUserToRole(cmsObject, CmsRole.ACCOUNT_MANAGER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), createUser2.getName());
    }

    public void testRoleExceptionMessages() throws Exception {
        echo("Testing role exception messages");
        for (CmsRole cmsRole : CmsRole.getSystemRoles()) {
            checkMessage(cmsRole.getName(Locale.ENGLISH));
            checkMessage(cmsRole.getDescription(Locale.ENGLISH));
        }
        CmsRole cmsRole2 = new CmsRole("MY_VERY_SPECIAL_ROLE", (CmsRole) null, OpenCms.getDefaultUsers().getGroupAdministrators(), true);
        checkMessage(cmsRole2.getName(Locale.ENGLISH));
        checkMessage(cmsRole2.getDescription(Locale.ENGLISH));
    }

    public void testSubRoles() throws Exception {
        echo("Testing subroles operations");
        CmsObject cmsObject = getCmsObject();
        CmsRoleManager roleManager = OpenCms.getRoleManager();
        List rolesOfUser = roleManager.getRolesOfUser(cmsObject, cmsObject.getRequestContext().getCurrentUser().getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, false, true, false);
        assertEquals(1, rolesOfUser.size());
        assertTrue(rolesOfUser.contains(CmsRole.ROOT_ADMIN));
        roleManager.addUserToRole(cmsObject, CmsRole.DEVELOPER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), cmsObject.getRequestContext().getCurrentUser().getName());
        List rolesOfUser2 = roleManager.getRolesOfUser(cmsObject, cmsObject.getRequestContext().getCurrentUser().getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, false, true, false);
        assertEquals(1, rolesOfUser2.size());
        assertTrue(rolesOfUser2.contains(CmsRole.ROOT_ADMIN));
        CmsUser readUser = cmsObject.readUser("test2");
        List rolesOfUser3 = roleManager.getRolesOfUser(cmsObject, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, false);
        assertEquals(1, rolesOfUser3.size());
        assertTrue(rolesOfUser3.contains(CmsRole.WORKPLACE_USER.forOrgUnit(readUser.getOuFqn())));
        roleManager.addUserToRole(cmsObject, CmsRole.VFS_MANAGER.forOrgUnit(readUser.getOuFqn()), readUser.getName());
        List rolesOfUser4 = roleManager.getRolesOfUser(cmsObject, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, false);
        assertEquals(1, rolesOfUser4.size());
        assertTrue(rolesOfUser4.contains(CmsRole.VFS_MANAGER.forOrgUnit(readUser.getOuFqn())));
        List rolesOfUser5 = roleManager.getRolesOfUser(cmsObject, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, false, false);
        List children = CmsRole.VFS_MANAGER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION).getChildren(true);
        children.add(CmsRole.VFS_MANAGER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION));
        assertEquals(children.size(), rolesOfUser5.size());
        Iterator it = rolesOfUser5.iterator();
        while (it.hasNext()) {
            assertTrue(children.contains((CmsRole) it.next()));
        }
        roleManager.addUserToRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(readUser.getOuFqn()), readUser.getName());
        List rolesOfUser6 = roleManager.getRolesOfUser(cmsObject, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, false);
        assertEquals(1, rolesOfUser6.size());
        assertTrue(rolesOfUser6.contains(CmsRole.ADMINISTRATOR.forOrgUnit(readUser.getOuFqn())));
        List rolesOfUser7 = roleManager.getRolesOfUser(cmsObject, readUser.getName(), A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, false, false);
        List children2 = CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION).getChildren(true);
        children2.add(CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION));
        assertEquals(children2.size(), rolesOfUser7.size());
        Iterator it2 = rolesOfUser7.iterator();
        while (it2.hasNext()) {
            assertTrue(children2.contains((CmsRole) it2.next()));
        }
    }

    public void testVirtualRoleGroups() throws Exception {
        echo("Testing virtual role groups");
        CmsObject cmsObject = getCmsObject();
        CmsGroup createGroup = cmsObject.createGroup("mytest", "vfs managers", CmsRole.VFS_MANAGER.getVirtualGroupFlags(), (String) null);
        List usersOfRole = OpenCms.getRoleManager().getUsersOfRole(cmsObject, CmsRole.VFS_MANAGER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), true, false);
        List usersOfGroup = cmsObject.getUsersOfGroup(createGroup.getName());
        assertEquals(new HashSet(usersOfRole), new HashSet(usersOfGroup));
        OpenCms.getRoleManager().addUserToRole(cmsObject, CmsRole.DEVELOPER.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), "Guest");
        assertEquals(new HashSet(usersOfRole), new HashSet(cmsObject.getUsersOfGroup(createGroup.getName())));
        OpenCms.getRoleManager().addUserToRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), "Guest");
        assertEquals(usersOfGroup.size() + 1, cmsObject.getUsersOfGroup(createGroup.getName()).size());
        assertTrue(cmsObject.getUsersOfGroup(createGroup.getName()).contains(cmsObject.readUser("Guest")));
        OpenCms.getRoleManager().removeUserFromRole(cmsObject, CmsRole.ADMINISTRATOR.forOrgUnit(A_CmsXmlContent.C_TEMPLATE_EXTENSION), "Guest");
        assertEquals(new HashSet(usersOfRole), new HashSet(cmsObject.getUsersOfGroup(createGroup.getName())));
        cmsObject.deleteGroup(createGroup.getName());
        assertFalse(OpenCms.getOrgUnitManager().getGroups(cmsObject, A_CmsXmlContent.C_TEMPLATE_EXTENSION, true).contains(createGroup));
        assertTrue(OpenCms.getRoleManager().getRolesOfUser(cmsObject, "Guest", A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, true).isEmpty());
        CmsGroup createGroup2 = cmsObject.createGroup("mytest", "vfs managers", CmsRole.VFS_MANAGER.getVirtualGroupFlags(), (String) null);
        assertEquals(1, cmsObject.getGroupsOfUser("Guest", false).size());
        assertTrue(OpenCms.getRoleManager().getRolesOfUser(cmsObject, "Guest", A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, true).isEmpty());
        cmsObject.addUserToGroup("Guest", createGroup2.getName());
        assertEquals(3, cmsObject.getGroupsOfUser("Guest", false).size());
        assertEquals(1, OpenCms.getRoleManager().getRolesOfUser(cmsObject, "Guest", A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, true).size());
        cmsObject.removeUserFromGroup("Guest", createGroup2.getName());
        assertEquals(1, cmsObject.getGroupsOfUser("Guest", false).size());
        assertTrue(OpenCms.getRoleManager().getRolesOfUser(cmsObject, "Guest", A_CmsXmlContent.C_TEMPLATE_EXTENSION, true, true, true).isEmpty());
    }
}
