package org.uberfire.security.impl.authz;

import java.util.Arrays;
import java.util.Collections;
import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.GroupImpl;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.UserImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import org.uberfire.security.authz.AuthorizationResult;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.VotingStrategy;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/uberfire/security/impl/authz/DefaultPermissionManagerTest.class */
public class DefaultPermissionManagerTest {
    private static final String PERMISSION_NAME = "guideddecisiontable.edit.columns";
    private DefaultAuthorizationPolicy authorizationPolicy;
    private DefaultPermissionManager defaultPermissionManager;
    private DefaultPermissionTypeRegistry permissionTypeRegistry;
    private DefaultAuthzResultCache cache;

    @Before
    public void setUp() {
        this.permissionTypeRegistry = (DefaultPermissionTypeRegistry) Mockito.spy(new DefaultPermissionTypeRegistry());
        this.cache = (DefaultAuthzResultCache) Mockito.spy(new DefaultAuthzResultCache());
        this.defaultPermissionManager = (DefaultPermissionManager) Mockito.spy(new DefaultPermissionManager(this.permissionTypeRegistry, this.cache));
        this.authorizationPolicy = (DefaultAuthorizationPolicy) Mockito.spy(new DefaultAuthorizationPolicy());
        this.defaultPermissionManager.setAuthorizationPolicy(this.authorizationPolicy);
    }

    @Test
    public void testResolvePermissionsCustomDeniedOverDefaultGranted() {
        VotingStrategy votingStrategy = VotingStrategy.PRIORITY;
        RoleImpl roleImpl = new RoleImpl("business-user");
        GroupImpl groupImpl = new GroupImpl("director");
        UserImpl makeUser = makeUser("director", groupImpl, roleImpl);
        mockDefaultPermissions(this.authorizationPolicy, makeGrantedPermissionCollection());
        mockRolePermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), roleImpl, 0);
        mockDefaultGroupPermissions(this.authorizationPolicy, makeGrantedPermissionCollection(), groupImpl);
        Assert.assertEquals(AuthorizationResult.ACCESS_DENIED, this.defaultPermissionManager.resolvePermissions(makeUser, votingStrategy).get(PERMISSION_NAME).getResult());
    }

    @Test
    public void testResolvePermissionsCustomGrantedOverDefaultDenied() {
        VotingStrategy votingStrategy = VotingStrategy.PRIORITY;
        RoleImpl roleImpl = new RoleImpl("business-user");
        GroupImpl groupImpl = new GroupImpl("director");
        UserImpl makeUser = makeUser("director", groupImpl, roleImpl);
        mockDefaultPermissions(this.authorizationPolicy, makeDeniedPermissionCollection());
        mockRolePermissions(this.authorizationPolicy, makeGrantedPermissionCollection(), roleImpl, 0);
        mockDefaultGroupPermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), groupImpl);
        Assert.assertEquals(AuthorizationResult.ACCESS_GRANTED, this.defaultPermissionManager.resolvePermissions(makeUser, votingStrategy).get(PERMISSION_NAME).getResult());
    }

    @Test
    public void testResolvePermissionsTwoCustomRolesGranted() {
        VotingStrategy votingStrategy = VotingStrategy.PRIORITY;
        RoleImpl roleImpl = new RoleImpl("business-user");
        RoleImpl roleImpl2 = new RoleImpl("manager");
        GroupImpl groupImpl = new GroupImpl("director");
        UserImpl makeUser = makeUser("director", groupImpl, roleImpl, roleImpl2);
        mockDefaultPermissions(this.authorizationPolicy, makeDeniedPermissionCollection());
        mockRolePermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), roleImpl, 0);
        mockRolePermissions(this.authorizationPolicy, makeGrantedPermissionCollection(), roleImpl2, 1);
        mockDefaultGroupPermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), groupImpl);
        Assert.assertEquals(AuthorizationResult.ACCESS_GRANTED, this.defaultPermissionManager.resolvePermissions(makeUser, votingStrategy).get(PERMISSION_NAME).getResult());
    }

    @Test
    public void testResolvePermissionsTwoCustomRolesDenied() {
        VotingStrategy votingStrategy = VotingStrategy.PRIORITY;
        RoleImpl roleImpl = new RoleImpl("business-user");
        RoleImpl roleImpl2 = new RoleImpl("manager");
        GroupImpl groupImpl = new GroupImpl("director");
        UserImpl makeUser = makeUser("director", groupImpl, roleImpl, roleImpl2);
        mockDefaultPermissions(this.authorizationPolicy, makeDeniedPermissionCollection());
        mockRolePermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), roleImpl, 1);
        mockRolePermissions(this.authorizationPolicy, makeGrantedPermissionCollection(), roleImpl2, 0);
        mockDefaultGroupPermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), groupImpl);
        Assert.assertEquals(AuthorizationResult.ACCESS_DENIED, this.defaultPermissionManager.resolvePermissions(makeUser, votingStrategy).get(PERMISSION_NAME).getResult());
    }

    @Test
    public void testResolvePermissionsTwoCustomRolesSamePriority() {
        VotingStrategy votingStrategy = VotingStrategy.PRIORITY;
        RoleImpl roleImpl = new RoleImpl("business-user");
        RoleImpl roleImpl2 = new RoleImpl("manager");
        GroupImpl groupImpl = new GroupImpl("director");
        UserImpl makeUser = makeUser("director", groupImpl, roleImpl, roleImpl2);
        mockDefaultPermissions(this.authorizationPolicy, makeDeniedPermissionCollection());
        mockRolePermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), roleImpl, 0);
        mockRolePermissions(this.authorizationPolicy, makeGrantedPermissionCollection(), roleImpl2, 0);
        mockDefaultGroupPermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), groupImpl);
        Assert.assertEquals(AuthorizationResult.ACCESS_GRANTED, this.defaultPermissionManager.resolvePermissions(makeUser, votingStrategy).get(PERMISSION_NAME).getResult());
    }

    @Test
    public void testPermissionCache() {
        VotingStrategy votingStrategy = VotingStrategy.PRIORITY;
        RoleImpl roleImpl = new RoleImpl("business-user");
        RoleImpl roleImpl2 = new RoleImpl("manager");
        GroupImpl groupImpl = new GroupImpl("director");
        UserImpl makeUser = makeUser("director", groupImpl, roleImpl, roleImpl2);
        mockDefaultPermissions(this.authorizationPolicy, makeDeniedPermissionCollection());
        mockRolePermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), roleImpl, 0);
        mockRolePermissions(this.authorizationPolicy, makeGrantedPermissionCollection(), roleImpl2, 0);
        mockDefaultGroupPermissions(this.authorizationPolicy, makeDeniedPermissionCollection(), groupImpl);
        Assert.assertNull(this.cache.get(makeUser, makePermissionGranted()));
        AuthorizationResult checkPermission = this.defaultPermissionManager.checkPermission(makePermissionGranted(), makeUser, votingStrategy);
        ((DefaultPermissionManager) Mockito.verify(this.defaultPermissionManager)).resolvePermissions(makeUser, votingStrategy);
        Assert.assertEquals(AuthorizationResult.ACCESS_GRANTED, checkPermission);
        Assert.assertEquals(AuthorizationResult.ACCESS_GRANTED, this.cache.get(makeUser, makePermissionGranted()));
        Assert.assertNull(this.cache.get(makeUser, makePermissionDenied()));
        AuthorizationResult checkPermission2 = this.defaultPermissionManager.checkPermission(makePermissionDenied(), makeUser, votingStrategy);
        ((DefaultPermissionManager) Mockito.verify(this.defaultPermissionManager, Mockito.times(2))).resolvePermissions(makeUser, votingStrategy);
        Assert.assertEquals(AuthorizationResult.ACCESS_DENIED, checkPermission2);
        Assert.assertEquals(AuthorizationResult.ACCESS_DENIED, this.cache.get(makeUser, makePermissionDenied()));
        Assert.assertEquals(2L, this.cache.size(makeUser));
    }

    private void mockDefaultGroupPermissions(DefaultAuthorizationPolicy defaultAuthorizationPolicy, DefaultPermissionCollection defaultPermissionCollection, final Group group) {
        defaultAuthorizationPolicy.registerAuthzEntry(new DefaultAuthorizationEntry() { // from class: org.uberfire.security.impl.authz.DefaultPermissionManagerTest.1
            {
                setGroup(group);
            }
        });
        ((DefaultAuthorizationPolicy) Mockito.doReturn(defaultPermissionCollection).when(defaultAuthorizationPolicy)).getPermissions(group);
    }

    private void mockRolePermissions(DefaultAuthorizationPolicy defaultAuthorizationPolicy, DefaultPermissionCollection defaultPermissionCollection, final Role role, final int i) {
        defaultAuthorizationPolicy.registerAuthzEntry(new DefaultAuthorizationEntry() { // from class: org.uberfire.security.impl.authz.DefaultPermissionManagerTest.2
            {
                setRole(role);
                setPriority(i);
            }
        });
        ((DefaultAuthorizationPolicy) Mockito.doReturn(defaultPermissionCollection).when(defaultAuthorizationPolicy)).getPermissions(role);
    }

    private void mockDefaultPermissions(DefaultAuthorizationPolicy defaultAuthorizationPolicy, DefaultPermissionCollection defaultPermissionCollection) {
        ((DefaultAuthorizationPolicy) Mockito.doReturn(defaultPermissionCollection).when(defaultAuthorizationPolicy)).getPermissions();
    }

    private UserImpl makeUser(String str, Group group, Role... roleArr) {
        return new UserImpl(str, Arrays.asList(roleArr), Collections.singletonList(group));
    }

    private DefaultPermissionCollection makeDeniedPermissionCollection() {
        return new DefaultPermissionCollection() { // from class: org.uberfire.security.impl.authz.DefaultPermissionManagerTest.3
            {
                add(new Permission[]{DefaultPermissionManagerTest.this.makePermissionDenied()});
            }
        };
    }

    private DefaultPermissionCollection makeGrantedPermissionCollection() {
        return new DefaultPermissionCollection() { // from class: org.uberfire.security.impl.authz.DefaultPermissionManagerTest.4
            {
                add(new Permission[]{DefaultPermissionManagerTest.this.makePermissionGranted()});
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DotNamedPermission makePermissionDenied() {
        return new DotNamedPermission(PERMISSION_NAME, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DotNamedPermission makePermissionGranted() {
        return new DotNamedPermission(PERMISSION_NAME, true);
    }
}
