package org.visallo.core.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.vertexium.Authorizations;
import org.vertexium.Edge;
import org.vertexium.Element;
import org.vertexium.Graph;
import org.vertexium.Metadata;
import org.vertexium.Property;
import org.vertexium.Vertex;
import org.vertexium.Visibility;
import org.visallo.core.exception.VisalloAccessDeniedException;
import org.visallo.core.model.ontology.Concept;
import org.visallo.core.model.ontology.OntologyProperty;
import org.visallo.core.model.ontology.OntologyRepository;
import org.visallo.core.model.ontology.Relationship;
import org.visallo.core.model.properties.VisalloProperties;
import org.visallo.core.model.properties.types.PropertyMetadata;
import org.visallo.core.model.user.UserRepository;
import org.visallo.core.user.User;
import org.visallo.core.util.ClientApiConverter;
import org.visallo.web.clientapi.model.ClientApiElementAcl;
import org.visallo.web.clientapi.model.ClientApiPropertyAcl;
import org.visallo.web.clientapi.model.ClientApiVertex;
import org.visallo.web.clientapi.model.VisibilityJson;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/visallo/core/security/ACLProviderTest.class */
public class ACLProviderTest {
    private static final String REGULAR_PROP_NAME = "regularPropName";
    private static final String REGULAR_PROP_KEY = "regularPropKey";
    private static final String COMMENT_PROP_KEY = "commentPropKey";
    private static final String COMMENT_PROP_NAME = VisalloProperties.COMMENT.getPropertyName();
    private static final Visibility VISIBILITY = Visibility.EMPTY;
    private static final VisibilityJson VISIBILITY_JSON = new VisibilityJson();

    @Mock
    private Graph graph;

    @Mock
    private OntologyRepository ontologyRepository;

    @Mock
    private UserRepository userRepository;

    @Mock
    private OntologyProperty ontologyProperty1;

    @Mock
    private OntologyProperty ontologyProperty2;

    @Mock
    private OntologyProperty ontologyProperty3;

    @Mock
    private OntologyProperty ontologyProperty4;

    @Mock
    private Concept vertexConcept;

    @Mock
    private Concept parentConcept;

    @Mock
    private Vertex vertex;

    @Mock
    private Edge edge;

    @Mock
    private Relationship edgeRelationship;

    @Mock
    private Property elementProperty1;

    @Mock
    private Property elementProperty2a;

    @Mock
    private Property elementProperty2b;

    @Mock
    private Property elementProperty3;

    @Mock
    private Property user1RegularProperty;

    @Mock
    private Property user1CommentProperty;

    @Mock
    private User user1;

    @Mock
    private User user2;

    @Mock
    private User userWithCommentEditAny;

    @Mock
    private User userWithCommentDeleteAny;
    private ACLProvider aclProvider;

    /* loaded from: input_file:org/visallo/core/security/ACLProviderTest$MockAclProvider.class */
    private static class MockAclProvider extends ACLProvider {
        protected MockAclProvider(Graph graph, UserRepository userRepository, OntologyRepository ontologyRepository) {
            super(graph, userRepository, ontologyRepository);
        }

        public boolean canDeleteElement(Element element, User user) {
            return false;
        }

        public boolean canDeleteProperty(Element element, String str, String str2, User user) {
            return false;
        }

        public boolean canUpdateElement(Element element, User user) {
            return false;
        }

        public boolean canUpdateProperty(Element element, String str, String str2, User user) {
            return false;
        }

        public boolean canAddProperty(Element element, String str, String str2, User user) {
            return false;
        }
    }

    @Before
    public void before() {
        this.aclProvider = (ACLProvider) Mockito.spy(new MockAclProvider(this.graph, this.userRepository, this.ontologyRepository));
        Mockito.when(this.user1.getUserId()).thenReturn("USER_1");
        Mockito.when(this.user1.getPrivileges()).thenReturn(ImmutableSet.of("EDIT", "COMMENT"));
        Mockito.when(this.user2.getUserId()).thenReturn("USER_2");
        Mockito.when(this.user2.getPrivileges()).thenReturn(ImmutableSet.of("EDIT", "COMMENT"));
        Mockito.when(this.userWithCommentEditAny.getUserId()).thenReturn("USER_WITH_COMMENT_EDIT_ANY");
        Mockito.when(this.userWithCommentEditAny.getPrivileges()).thenReturn(ImmutableSet.of("EDIT", "COMMENT_EDIT_ANY"));
        Mockito.when(this.userWithCommentDeleteAny.getUserId()).thenReturn("USER_WITH_COMMENT_DELETE_ANY");
        Mockito.when(this.userWithCommentDeleteAny.getPrivileges()).thenReturn(ImmutableSet.of("EDIT", "COMMENT_DELETE_ANY"));
        Mockito.when(this.ontologyRepository.getConceptByIRI("vertex")).thenReturn(this.vertexConcept);
        Mockito.when(this.ontologyRepository.getConceptByIRI("parent")).thenReturn(this.parentConcept);
        Mockito.when(this.ontologyRepository.getRelationshipByIRI("edge")).thenReturn(this.edgeRelationship);
        Mockito.when(this.vertexConcept.getParentConceptIRI()).thenReturn("parent");
        Mockito.when(this.vertexConcept.getProperties()).thenReturn(ImmutableList.of(this.ontologyProperty1, this.ontologyProperty2, this.ontologyProperty4));
        Mockito.when(this.parentConcept.getParentConceptIRI()).thenReturn((Object) null);
        Mockito.when(this.parentConcept.getProperties()).thenReturn(ImmutableList.of(this.ontologyProperty3));
        Mockito.when(this.edgeRelationship.getProperties()).thenReturn(ImmutableList.of(this.ontologyProperty1, this.ontologyProperty2, this.ontologyProperty3, this.ontologyProperty4));
        Mockito.when(this.ontologyProperty1.getTitle()).thenReturn("prop1");
        Mockito.when(this.ontologyProperty2.getTitle()).thenReturn("prop2");
        Mockito.when(this.ontologyProperty3.getTitle()).thenReturn("prop3");
        Mockito.when(this.ontologyProperty4.getTitle()).thenReturn("prop4");
        ImmutableList of = ImmutableList.of(this.elementProperty1, this.elementProperty2a, this.elementProperty2b, this.elementProperty3);
        Mockito.when(this.vertex.getId()).thenReturn("VERTEX_1");
        Mockito.when(this.vertex.getPropertyValue(VisalloProperties.CONCEPT_TYPE.getPropertyName())).thenReturn("vertex");
        Mockito.when(this.vertex.getProperties("prop1")).thenReturn(ImmutableList.of(this.elementProperty1));
        Mockito.when(this.vertex.getProperties("prop2")).thenReturn(ImmutableList.of(this.elementProperty2a, this.elementProperty2b));
        Mockito.when(this.vertex.getProperties("prop3")).thenReturn(ImmutableList.of(this.elementProperty3));
        Mockito.when(this.vertex.getProperties("prop4")).thenReturn(Collections.emptyList());
        Mockito.when(this.vertex.getProperties()).thenReturn(Lists.newArrayList(of));
        Mockito.when(this.edge.getId()).thenReturn("EDGE_1");
        Mockito.when(this.edge.getLabel()).thenReturn("edge");
        Mockito.when(this.edge.getProperties("prop1")).thenReturn(ImmutableList.of(this.elementProperty1));
        Mockito.when(this.edge.getProperties("prop2")).thenReturn(ImmutableList.of(this.elementProperty2a, this.elementProperty2b));
        Mockito.when(this.edge.getProperties("prop3")).thenReturn(ImmutableList.of(this.elementProperty3));
        Mockito.when(this.edge.getProperties("prop4")).thenReturn(Collections.emptyList());
        Mockito.when(this.edge.getProperties()).thenReturn(Lists.newArrayList(of));
        Mockito.when(this.graph.getVertex((String) Mockito.eq("VERTEX_1"), (Authorizations) Mockito.any(Authorizations.class))).thenReturn(this.vertex);
        Mockito.when(this.graph.getEdge((String) Mockito.eq("EDGE_1"), (Authorizations) Mockito.any(Authorizations.class))).thenReturn(this.edge);
        Mockito.when(this.elementProperty1.getName()).thenReturn("prop1");
        Mockito.when(this.elementProperty1.getKey()).thenReturn("keyA");
        Mockito.when(this.elementProperty2a.getName()).thenReturn("prop2");
        Mockito.when(this.elementProperty2a.getKey()).thenReturn("keyA");
        Mockito.when(this.elementProperty2b.getName()).thenReturn("prop2");
        Mockito.when(this.elementProperty2b.getKey()).thenReturn("keyB");
        Mockito.when(this.elementProperty3.getName()).thenReturn("prop3");
        Mockito.when(this.elementProperty3.getKey()).thenReturn("keyA");
        Iterator it = of.iterator();
        while (it.hasNext()) {
            Mockito.when(((Property) it.next()).getMetadata()).thenReturn(new Metadata());
        }
    }

    @Test
    public void appendAclOnVertexShouldPopulateClientApiElementAcl() {
        appendAclShouldPopulateClientApiElementAcl(this.vertex);
    }

    @Test
    public void appendAclOnEdgeShouldPopulateClientApiElementAcl() {
        appendAclShouldPopulateClientApiElementAcl(this.edge);
    }

    @Test
    public void checkCanAddOrUpdatePropertyShouldNotThrowWhenUserUpdatesAccessibleRegularProperty() {
        setupForRegularPropertyTests();
        this.aclProvider.checkCanAddOrUpdateProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user1);
    }

    @Test(expected = VisalloAccessDeniedException.class)
    public void checkCanAddOrUpdatePropertyShouldThrowWhenUserUpdatesInaccessibleRegularProperty() {
        setupForRegularPropertyTests();
        this.aclProvider.checkCanAddOrUpdateProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user2);
    }

    @Test
    public void checkCanDeletePropertyShouldNotThrowWhenUserDeletesAccessibleRegularProperty() {
        setupForRegularPropertyTests();
        this.aclProvider.checkCanDeleteProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user1);
    }

    @Test(expected = VisalloAccessDeniedException.class)
    public void checkCanDeletePropertyShouldThrowWhenUserDeletesInaccessibleRegularProperty() {
        setupForRegularPropertyTests();
        this.aclProvider.checkCanDeleteProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user2);
    }

    @Test
    public void checkCanAddOrUpdatePropertyShouldNotThrowWhenUserUpdatesOwnComment() {
        setupForCommentPropertyTests();
        this.aclProvider.checkCanAddOrUpdateProperty(this.vertex, COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName(), this.user1);
    }

    @Test(expected = VisalloAccessDeniedException.class)
    public void checkCanAddOrUpdatePropertyShouldThrowWhenUserUpdatesAnotherUsersComment() {
        setupForCommentPropertyTests();
        this.aclProvider.checkCanAddOrUpdateProperty(this.vertex, COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName(), this.user2);
    }

    @Test
    public void checkCanAddOrUpdatePropertyShouldNotThrowWhenPrivilegedUserUpdatesAnotherUsersComment() {
        setupForCommentPropertyTests();
        this.aclProvider.checkCanAddOrUpdateProperty(this.vertex, COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName(), this.userWithCommentEditAny);
    }

    @Test
    public void checkCanDeletePropertyShouldNotThrowWhenUserDeletesOwnComment() {
        setupForCommentPropertyTests();
        this.aclProvider.checkCanDeleteProperty(this.vertex, COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName(), this.user1);
    }

    @Test(expected = VisalloAccessDeniedException.class)
    public void checkCanDeletePropertyShouldThrowWhenUserDeletesAnotherUsersComment() {
        setupForCommentPropertyTests();
        this.aclProvider.checkCanDeleteProperty(this.vertex, COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName(), this.user2);
    }

    @Test
    public void checkCanDeletePropertyShouldNotThrowWhenPrivilegedUserDeletesAnotherUsersComment() {
        setupForCommentPropertyTests();
        this.aclProvider.checkCanDeleteProperty(this.vertex, COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName(), this.userWithCommentDeleteAny);
    }

    private void setupForCommentPropertyTests() {
        Mockito.when(this.user1CommentProperty.getMetadata()).thenReturn(new PropertyMetadata(this.user1, VISIBILITY_JSON, VISIBILITY).createMetadata());
        Mockito.when(this.vertex.getProperty(COMMENT_PROP_KEY, VisalloProperties.COMMENT.getPropertyName())).thenReturn(this.user1CommentProperty);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateElement((Element) Mockito.eq(this.vertex), (User) Mockito.any(User.class)))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty((Element) Mockito.eq(this.vertex), (String) Mockito.eq(COMMENT_PROP_KEY), (String) Mockito.eq(COMMENT_PROP_NAME), (User) Mockito.any(User.class)))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty((Element) Mockito.eq(this.vertex), (String) Mockito.eq(COMMENT_PROP_KEY), (String) Mockito.eq(COMMENT_PROP_NAME), (User) Mockito.any(User.class)))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty((Element) Mockito.eq(this.vertex), (String) Mockito.eq(COMMENT_PROP_KEY), (String) Mockito.eq(COMMENT_PROP_NAME), (User) Mockito.any(User.class)))).thenReturn(true);
    }

    private void setupForRegularPropertyTests() {
        Mockito.when(this.user1RegularProperty.getMetadata()).thenReturn(new PropertyMetadata(this.user1, VISIBILITY_JSON, VISIBILITY).createMetadata());
        Mockito.when(this.vertex.getProperty(REGULAR_PROP_KEY, REGULAR_PROP_NAME)).thenReturn(this.user1RegularProperty);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateElement(this.vertex, this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateElement(this.vertex, this.user2))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user2))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user2))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(this.vertex, REGULAR_PROP_KEY, REGULAR_PROP_NAME, this.user2))).thenReturn(false);
    }

    private void appendAclShouldPopulateClientApiElementAcl(Element element) {
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateElement(element, this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteElement(element, this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(element, "keyA", "prop1", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(element, "keyA", "prop1", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(element, "keyA", "prop1", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(element, "keyA", "prop2", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(element, "keyA", "prop2", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(element, "keyA", "prop2", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(element, "keyB", "prop2", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(element, "keyB", "prop2", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(element, "keyB", "prop2", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(element, "keyA", "prop3", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(element, "keyA", "prop3", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(element, "keyA", "prop3", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canAddProperty(element, (String) null, "prop4", this.user1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.aclProvider.canUpdateProperty(element, (String) null, "prop4", this.user1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.aclProvider.canDeleteProperty(element, (String) null, "prop4", this.user1))).thenReturn(true);
        ClientApiVertex clientApiVertex = null;
        if (element instanceof Vertex) {
            clientApiVertex = ClientApiConverter.toClientApiVertex((Vertex) element, (String) null, (Authorizations) null);
        } else if (element instanceof Edge) {
            clientApiVertex = ClientApiConverter.toClientApiEdge((Edge) element, (String) null);
        }
        ClientApiElementAcl acl = this.aclProvider.appendACL(clientApiVertex, this.user1).getAcl();
        Assert.assertThat(Boolean.valueOf(acl.isAddable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(acl.isUpdateable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(acl.isDeleteable()), CoreMatchers.equalTo(true));
        List<ClientApiPropertyAcl> propertyAcls = acl.getPropertyAcls();
        Assert.assertThat(Integer.valueOf(propertyAcls.size()), CoreMatchers.equalTo(5));
        ClientApiPropertyAcl findSinglePropertyAcl = findSinglePropertyAcl(propertyAcls, "prop1");
        Assert.assertThat(findSinglePropertyAcl.getName(), CoreMatchers.equalTo("prop1"));
        Assert.assertThat(findSinglePropertyAcl.getKey(), CoreMatchers.equalTo("keyA"));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl.isAddable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl.isUpdateable()), CoreMatchers.equalTo(false));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl.isDeleteable()), CoreMatchers.equalTo(true));
        ClientApiPropertyAcl clientApiPropertyAcl = findMultiplePropertyAcls(propertyAcls, "prop2").get(0);
        Assert.assertThat(clientApiPropertyAcl.getName(), CoreMatchers.equalTo("prop2"));
        Assert.assertThat(clientApiPropertyAcl.getKey(), CoreMatchers.equalTo("keyA"));
        Assert.assertThat(Boolean.valueOf(clientApiPropertyAcl.isAddable()), CoreMatchers.equalTo(false));
        Assert.assertThat(Boolean.valueOf(clientApiPropertyAcl.isUpdateable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(clientApiPropertyAcl.isDeleteable()), CoreMatchers.equalTo(false));
        ClientApiPropertyAcl clientApiPropertyAcl2 = findMultiplePropertyAcls(propertyAcls, "prop2").get(1);
        Assert.assertThat(clientApiPropertyAcl2.getName(), CoreMatchers.equalTo("prop2"));
        Assert.assertThat(clientApiPropertyAcl2.getKey(), CoreMatchers.equalTo("keyB"));
        Assert.assertThat(Boolean.valueOf(clientApiPropertyAcl2.isAddable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(clientApiPropertyAcl2.isUpdateable()), CoreMatchers.equalTo(false));
        Assert.assertThat(Boolean.valueOf(clientApiPropertyAcl2.isDeleteable()), CoreMatchers.equalTo(true));
        ClientApiPropertyAcl findSinglePropertyAcl2 = findSinglePropertyAcl(propertyAcls, "prop3");
        Assert.assertThat(findSinglePropertyAcl2.getName(), CoreMatchers.equalTo("prop3"));
        Assert.assertThat(findSinglePropertyAcl2.getKey(), CoreMatchers.equalTo("keyA"));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl2.isAddable()), CoreMatchers.equalTo(false));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl2.isUpdateable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl2.isDeleteable()), CoreMatchers.equalTo(false));
        ClientApiPropertyAcl findSinglePropertyAcl3 = findSinglePropertyAcl(propertyAcls, "prop4");
        Assert.assertThat(findSinglePropertyAcl3.getName(), CoreMatchers.equalTo("prop4"));
        Assert.assertThat(findSinglePropertyAcl3.getKey(), CoreMatchers.nullValue());
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl3.isAddable()), CoreMatchers.equalTo(false));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl3.isUpdateable()), CoreMatchers.equalTo(true));
        Assert.assertThat(Boolean.valueOf(findSinglePropertyAcl3.isDeleteable()), CoreMatchers.equalTo(true));
    }

    private List<ClientApiPropertyAcl> findMultiplePropertyAcls(List<ClientApiPropertyAcl> list, String str) {
        return (List) list.stream().filter(clientApiPropertyAcl -> {
            return clientApiPropertyAcl.getName().equals(str);
        }).collect(Collectors.toList());
    }

    private ClientApiPropertyAcl findSinglePropertyAcl(List<ClientApiPropertyAcl> list, String str) {
        List<ClientApiPropertyAcl> findMultiplePropertyAcls = findMultiplePropertyAcls(list, str);
        Assert.assertThat(Integer.valueOf(findMultiplePropertyAcls.size()), CoreMatchers.equalTo(1));
        return findMultiplePropertyAcls.get(0);
    }
}
