package org.rhq.enterprise.server.authz.test;

import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Set;
import javax.persistence.EntityManager;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.resource.Resource;
import org.rhq.core.domain.resource.group.ResourceGroup;
import org.rhq.enterprise.server.authz.AuthorizationManagerLocal;
import org.rhq.enterprise.server.authz.RoleManagerLocal;
import org.rhq.enterprise.server.test.AbstractEJB3Test;
import org.rhq.enterprise.server.util.LookupUtil;
import org.rhq.enterprise.server.util.SessionTestHelper;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test
/* loaded from: input_file:org/rhq/enterprise/server/authz/test/AuthorizationManagerBeanTest.class */
public class AuthorizationManagerBeanTest extends AbstractEJB3Test {
    private AuthorizationManagerLocal authorizationManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    private void init() {
        try {
            this.authorizationManager = LookupUtil.getAuthorizationManager();
        } catch (Throwable th) {
            th.printStackTrace();
            throw new RuntimeException(th);
        }
    }

    @Test(groups = {"integration.session"})
    public void testGlobalPermissions() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Subject createNewSubject = SessionTestHelper.createNewSubject(entityManager, "testSubject");
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "testRole1");
            Set<Permission> allGlobalPerms = SessionTestHelper.getAllGlobalPerms();
            createNewRoleForSubject.getPermissions().addAll(allGlobalPerms);
            entityManager.merge(createNewRoleForSubject);
            entityManager.flush();
            Set<Permission> explicitGlobalPermissions = this.authorizationManager.getExplicitGlobalPermissions(createNewSubject);
            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(allGlobalPerms, explicitGlobalPermissions)) {
                throw new AssertionError("Failed to get 1-subject, 1-role global permissions");
            }
            for (Permission permission : allGlobalPerms) {
                if (!$assertionsDisabled && !this.authorizationManager.hasGlobalPermission(createNewSubject, permission)) {
                    throw new AssertionError("Failed to get global permission " + permission.toString());
                }
            }
            getTransactionManager().begin();
            EntityManager entityManager2 = getEntityManager();
            try {
                Subject createNewSubject2 = SessionTestHelper.createNewSubject(entityManager2, "testSubject");
                Role createNewRoleForSubject2 = SessionTestHelper.createNewRoleForSubject(entityManager2, createNewSubject2, "testRole1");
                Role createNewRoleForSubject3 = SessionTestHelper.createNewRoleForSubject(entityManager2, createNewSubject2, "testRole2");
                Set<Permission> allGlobalPerms2 = SessionTestHelper.getAllGlobalPerms();
                createNewRoleForSubject2.getPermissions().addAll(allGlobalPerms2);
                createNewRoleForSubject3.getPermissions().addAll(allGlobalPerms2);
                entityManager2.merge(createNewRoleForSubject2);
                entityManager2.merge(createNewRoleForSubject3);
                entityManager2.flush();
                Set<Permission> explicitGlobalPermissions2 = this.authorizationManager.getExplicitGlobalPermissions(createNewSubject2);
                if (!$assertionsDisabled && !SessionTestHelper.samePermissions(allGlobalPerms2, explicitGlobalPermissions2)) {
                    throw new AssertionError("Failed to get 1-subject, 2-role distinct global permissions");
                }
                for (Permission permission2 : allGlobalPerms2) {
                    if (!$assertionsDisabled && !this.authorizationManager.hasGlobalPermission(createNewSubject2, permission2)) {
                        throw new AssertionError("Failed to get global permission " + permission2.toString());
                    }
                }
                getTransactionManager().rollback();
                getTransactionManager().begin();
                EntityManager entityManager3 = getEntityManager();
                try {
                    Subject createNewSubject3 = SessionTestHelper.createNewSubject(entityManager3, "testSubject");
                    Role createNewRoleForSubject4 = SessionTestHelper.createNewRoleForSubject(entityManager3, createNewSubject3, "testRole1");
                    Role createNewRoleForSubject5 = SessionTestHelper.createNewRoleForSubject(entityManager3, createNewSubject3, "testRole2");
                    createNewRoleForSubject4.getPermissions().add(Permission.CONTROL);
                    createNewRoleForSubject5.getPermissions().add(Permission.CONFIGURE_WRITE);
                    entityManager3.merge(createNewRoleForSubject4);
                    entityManager3.merge(createNewRoleForSubject5);
                    entityManager3.flush();
                    EnumSet noneOf = EnumSet.noneOf(Permission.class);
                    Set<Permission> explicitGlobalPermissions3 = this.authorizationManager.getExplicitGlobalPermissions(createNewSubject3);
                    if (!$assertionsDisabled && !SessionTestHelper.samePermissions(noneOf, explicitGlobalPermissions3)) {
                        throw new AssertionError("Failed by getting resource permissions as global permissions");
                    }
                    for (Permission permission3 : SessionTestHelper.getAllGlobalPerms()) {
                        if (!$assertionsDisabled && this.authorizationManager.hasGlobalPermission(createNewSubject3, permission3)) {
                            throw new AssertionError("Failed by  a resource permission as a global permission " + permission3.toString());
                        }
                    }
                    getTransactionManager().rollback();
                } finally {
                    getTransactionManager().rollback();
                }
            } finally {
                getTransactionManager().rollback();
            }
        } finally {
        }
    }

    @Test(groups = {"integration.session"})
    public void testGroupPermissions() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Subject createNewSubject = SessionTestHelper.createNewSubject(entityManager, "testSubject");
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "testRole1");
            ResourceGroup createNewMixedGroupForRole = SessionTestHelper.createNewMixedGroupForRole(entityManager, createNewRoleForSubject, "testGroup1", false);
            EnumSet<Permission> of = EnumSet.of(Permission.CONFIGURE_WRITE, Permission.CONTROL, Permission.MANAGE_SECURITY);
            createNewRoleForSubject.getPermissions().addAll(of);
            entityManager.merge(createNewRoleForSubject);
            entityManager.flush();
            Set<Permission> explicitGroupPermissions = this.authorizationManager.getExplicitGroupPermissions(createNewSubject, createNewMixedGroupForRole.getId());
            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(of, explicitGroupPermissions)) {
                throw new AssertionError("Failed to get all 1-role, 1-group permissions");
            }
            for (Permission permission : of) {
                if (!$assertionsDisabled && !this.authorizationManager.hasGroupPermission(createNewSubject, permission, createNewMixedGroupForRole.getId())) {
                    throw new AssertionError("Failed to get single single 1-role, 1-group permission " + permission.toString());
                }
            }
            getTransactionManager().begin();
            EntityManager entityManager2 = getEntityManager();
            try {
                Subject createNewSubject2 = SessionTestHelper.createNewSubject(entityManager2, "testSubject");
                Role createNewRoleForSubject2 = SessionTestHelper.createNewRoleForSubject(entityManager2, createNewSubject2, "testRole1");
                ResourceGroup createNewMixedGroupForRole2 = SessionTestHelper.createNewMixedGroupForRole(entityManager2, createNewRoleForSubject2, "testGroup1", false);
                Role createNewRoleForSubject3 = SessionTestHelper.createNewRoleForSubject(entityManager2, createNewSubject2, "testRole2");
                ResourceGroup createNewMixedGroupForRole3 = SessionTestHelper.createNewMixedGroupForRole(entityManager2, createNewRoleForSubject3, "testGroup2", false);
                EnumSet<Permission> of2 = EnumSet.of(Permission.MANAGE_INVENTORY, Permission.MANAGE_CONTENT, Permission.DELETE_RESOURCE);
                createNewRoleForSubject2.getPermissions().addAll(of2);
                entityManager2.merge(createNewRoleForSubject2);
                entityManager2.flush();
                EnumSet<Permission> of3 = EnumSet.of(Permission.CONFIGURE_WRITE, Permission.MANAGE_INVENTORY, Permission.MANAGE_SECURITY);
                createNewRoleForSubject3.getPermissions().addAll(of3);
                entityManager2.merge(createNewRoleForSubject3);
                entityManager2.flush();
                Set<Permission> explicitGroupPermissions2 = this.authorizationManager.getExplicitGroupPermissions(createNewSubject2, createNewMixedGroupForRole2.getId());
                if (!$assertionsDisabled && !SessionTestHelper.samePermissions(of2, explicitGroupPermissions2)) {
                    throw new AssertionError("Failed to get all 2-role, 2-group permissions");
                }
                for (Permission permission2 : of2) {
                    if (!$assertionsDisabled && !this.authorizationManager.hasGroupPermission(createNewSubject2, permission2, createNewMixedGroupForRole2.getId())) {
                        throw new AssertionError("Failed to get single single 1-role, 1-group permission " + permission2.toString());
                    }
                }
                Set<Permission> explicitGroupPermissions3 = this.authorizationManager.getExplicitGroupPermissions(createNewSubject2, createNewMixedGroupForRole3.getId());
                if (!$assertionsDisabled && !SessionTestHelper.samePermissions(of3, explicitGroupPermissions3)) {
                    throw new AssertionError("Failed to get all 2-role, 2-group permissions");
                }
                for (Permission permission3 : of3) {
                    if (!$assertionsDisabled && !this.authorizationManager.hasGroupPermission(createNewSubject2, permission3, createNewMixedGroupForRole3.getId())) {
                        throw new AssertionError("Failed to get single single 1-role, 1-group permission " + permission3.toString());
                    }
                }
                getTransactionManager().rollback();
                getTransactionManager().begin();
                EntityManager entityManager3 = getEntityManager();
                try {
                    Subject createNewSubject3 = SessionTestHelper.createNewSubject(entityManager3, "testSubject");
                    Role createNewRoleForSubject4 = SessionTestHelper.createNewRoleForSubject(entityManager3, createNewSubject3, "testRole1");
                    Role createNewRoleForSubject5 = SessionTestHelper.createNewRoleForSubject(entityManager3, createNewSubject3, "testRole2");
                    ResourceGroup createNewMixedGroupForRole4 = SessionTestHelper.createNewMixedGroupForRole(entityManager3, createNewRoleForSubject4, "testGroup1", false);
                    createNewRoleForSubject5.getResourceGroups().add(createNewMixedGroupForRole4);
                    createNewMixedGroupForRole4.addRole(createNewRoleForSubject5);
                    entityManager3.merge(createNewRoleForSubject5);
                    entityManager3.merge(createNewMixedGroupForRole4);
                    entityManager3.flush();
                    EnumSet of4 = EnumSet.of(Permission.CONFIGURE_WRITE, Permission.CONTROL, Permission.MANAGE_SECURITY);
                    createNewRoleForSubject4.getPermissions().addAll(of4);
                    entityManager3.merge(createNewRoleForSubject4);
                    entityManager3.flush();
                    EnumSet of5 = EnumSet.of(Permission.MANAGE_INVENTORY, Permission.MANAGE_CONTENT, Permission.DELETE_RESOURCE);
                    createNewRoleForSubject5.getPermissions().addAll(of5);
                    entityManager3.merge(createNewRoleForSubject5);
                    entityManager3.flush();
                    EnumSet<Permission> noneOf = EnumSet.noneOf(Permission.class);
                    noneOf.addAll(of4);
                    noneOf.addAll(of5);
                    Set<Permission> explicitGroupPermissions4 = this.authorizationManager.getExplicitGroupPermissions(createNewSubject3, createNewMixedGroupForRole4.getId());
                    if (!$assertionsDisabled && !SessionTestHelper.samePermissions(noneOf, explicitGroupPermissions4)) {
                        throw new AssertionError("Failed to get all 1-role, 2-group permissions");
                    }
                    for (Permission permission4 : noneOf) {
                        if (!$assertionsDisabled && !this.authorizationManager.hasGroupPermission(createNewSubject3, permission4, createNewMixedGroupForRole4.getId())) {
                            throw new AssertionError("Failed to get single single 1-role, 2-group permission " + permission4.toString());
                        }
                    }
                    getTransactionManager().rollback();
                    getTransactionManager().begin();
                    EntityManager entityManager4 = getEntityManager();
                    try {
                        Subject createNewSubject4 = SessionTestHelper.createNewSubject(entityManager4, "testSubject");
                        Role createNewRoleForSubject6 = SessionTestHelper.createNewRoleForSubject(entityManager4, createNewSubject4, "testRole1");
                        Role createNewRoleForSubject7 = SessionTestHelper.createNewRoleForSubject(entityManager4, createNewSubject4, "testRole2");
                        ResourceGroup createNewMixedGroupForRole5 = SessionTestHelper.createNewMixedGroupForRole(entityManager4, createNewRoleForSubject6, "testGroup1", false);
                        createNewRoleForSubject7.getResourceGroups().add(createNewMixedGroupForRole5);
                        createNewMixedGroupForRole5.addRole(createNewRoleForSubject7);
                        entityManager4.merge(createNewRoleForSubject7);
                        entityManager4.merge(createNewMixedGroupForRole5);
                        entityManager4.flush();
                        EnumSet of6 = EnumSet.of(Permission.CONFIGURE_WRITE, Permission.CONTROL, Permission.MANAGE_SECURITY);
                        createNewRoleForSubject6.getPermissions().addAll(of6);
                        entityManager4.merge(createNewRoleForSubject6);
                        entityManager4.flush();
                        EnumSet of7 = EnumSet.of(Permission.MANAGE_INVENTORY, Permission.MANAGE_CONTENT, Permission.DELETE_RESOURCE);
                        createNewRoleForSubject7.getPermissions().addAll(of7);
                        entityManager4.merge(createNewRoleForSubject7);
                        entityManager4.flush();
                        createNewRoleForSubject7.getPermissions().addAll(of6);
                        entityManager4.merge(createNewRoleForSubject7);
                        entityManager4.flush();
                        EnumSet<Permission> noneOf2 = EnumSet.noneOf(Permission.class);
                        noneOf2.addAll(of6);
                        noneOf2.addAll(of7);
                        Set<Permission> explicitGroupPermissions5 = this.authorizationManager.getExplicitGroupPermissions(createNewSubject4, createNewMixedGroupForRole5.getId());
                        if (!$assertionsDisabled && !SessionTestHelper.samePermissions(noneOf2, explicitGroupPermissions5)) {
                            throw new AssertionError("Failed to get all 1-role, 2-group distinct permissions");
                        }
                        for (Permission permission5 : noneOf2) {
                            if (!$assertionsDisabled && !this.authorizationManager.hasGroupPermission(createNewSubject4, permission5, createNewMixedGroupForRole5.getId())) {
                                throw new AssertionError("Failed to get single single 1-role, 2-group distinct permission " + permission5.toString());
                            }
                        }
                        getTransactionManager().rollback();
                    } finally {
                        getTransactionManager().rollback();
                    }
                } finally {
                    getTransactionManager().rollback();
                }
            } finally {
                getTransactionManager().rollback();
            }
        } finally {
        }
    }

    @Test
    public void testCanViewResourcesWhenSubjectIsInRole() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Subject createNewSubject = SessionTestHelper.createNewSubject(entityManager, "testSubject");
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "role with subject");
            createNewRoleForSubject.addPermission(Permission.VIEW_RESOURCE);
            ResourceGroup createNewCompatibleGroupForRole = SessionTestHelper.createNewCompatibleGroupForRole(entityManager, createNewRoleForSubject, "accessible group");
            Resource createNewResourceForGroup = SessionTestHelper.createNewResourceForGroup(entityManager, createNewCompatibleGroupForRole, "r1");
            Resource createNewResourceForGroup2 = SessionTestHelper.createNewResourceForGroup(entityManager, createNewCompatibleGroupForRole, "r2");
            entityManager.flush();
            assertTrue("The subject should have permission to view the resources", this.authorizationManager.canViewResources(createNewSubject, Arrays.asList(Integer.valueOf(createNewResourceForGroup.getId()), Integer.valueOf(createNewResourceForGroup2.getId()))));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    @Test
    public void testCanViewResourceWhenSubjectIsInMultipleRolesAndResourcesInMultipleGroups() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Subject createNewSubject = SessionTestHelper.createNewSubject(entityManager, "testSubject");
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "role1");
            createNewRoleForSubject.addPermission(Permission.VIEW_RESOURCE);
            Role createNewRoleForSubject2 = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "role2");
            createNewRoleForSubject2.addPermission(Permission.VIEW_RESOURCE);
            ResourceGroup createNewCompatibleGroupForRole = SessionTestHelper.createNewCompatibleGroupForRole(entityManager, createNewRoleForSubject, "group 1");
            ResourceGroup createNewCompatibleGroupForRole2 = SessionTestHelper.createNewCompatibleGroupForRole(entityManager, createNewRoleForSubject2, "group 2");
            Resource createNewResourceForGroup = SessionTestHelper.createNewResourceForGroup(entityManager, createNewCompatibleGroupForRole, "r1");
            Resource createNewResourceForGroup2 = SessionTestHelper.createNewResourceForGroup(entityManager, createNewCompatibleGroupForRole2, "r2");
            entityManager.flush();
            assertTrue("The subject should have permission to view the resources in different groups since the subject is in roles for those groups", this.authorizationManager.canViewResources(createNewSubject, Arrays.asList(Integer.valueOf(createNewResourceForGroup.getId()), Integer.valueOf(createNewResourceForGroup2.getId()))));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    @Test
    public void testCanViewResourcesWhenSubjectIsNotInRole() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Subject createNewSubject = SessionTestHelper.createNewSubject(entityManager, "testSubject");
            Subject createNewSubject2 = SessionTestHelper.createNewSubject(entityManager, "subjectNotInRole");
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "role with subject");
            createNewRoleForSubject.addPermission(Permission.VIEW_RESOURCE);
            ResourceGroup createNewCompatibleGroupForRole = SessionTestHelper.createNewCompatibleGroupForRole(entityManager, createNewRoleForSubject, "accessible group");
            Resource createNewResourceForGroup = SessionTestHelper.createNewResourceForGroup(entityManager, createNewCompatibleGroupForRole, "r1");
            Resource createNewResourceForGroup2 = SessionTestHelper.createNewResourceForGroup(entityManager, createNewCompatibleGroupForRole, "r2");
            entityManager.flush();
            assertFalse("The subject should not have permission to view the resources", this.authorizationManager.canViewResources(createNewSubject2, Arrays.asList(Integer.valueOf(createNewResourceForGroup.getId()), Integer.valueOf(createNewResourceForGroup2.getId()))));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    @Test(groups = {"integration.session"})
    public void testResourcePermissions() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Subject createNewSubject = SessionTestHelper.createNewSubject(entityManager, "testSubject");
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, createNewSubject, "testRole1");
            ResourceGroup createNewMixedGroupForRole = SessionTestHelper.createNewMixedGroupForRole(entityManager, createNewRoleForSubject, "testGroup1", false);
            Resource createNewResourceForGroup = SessionTestHelper.createNewResourceForGroup(entityManager, createNewMixedGroupForRole, "testResource1");
            Resource createNewResourceForGroup2 = SessionTestHelper.createNewResourceForGroup(entityManager, createNewMixedGroupForRole, "testResource2");
            Resource createNewResourceForGroup3 = SessionTestHelper.createNewResourceForGroup(entityManager, createNewMixedGroupForRole, "testResource3");
            EnumSet<Permission> allOf = EnumSet.allOf(Permission.class);
            createNewRoleForSubject.getPermissions().addAll(allOf);
            entityManager.merge(createNewRoleForSubject);
            entityManager.flush();
            Set<Permission> explicitResourcePermissions = this.authorizationManager.getExplicitResourcePermissions(createNewSubject, createNewResourceForGroup.getId());
            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(allOf, explicitResourcePermissions)) {
                throw new AssertionError("Failed to get all 1-role, 1-group, 1-resource permissions");
            }
            for (Permission permission : allOf) {
                if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject, permission, createNewResourceForGroup.getId())) {
                    throw new AssertionError("Failed to get single 1-role, 1-group, 1-resource permission");
                }
            }
            Collection<Integer> resourceList = SessionTestHelper.getResourceList(createNewResourceForGroup, createNewResourceForGroup2, createNewResourceForGroup3);
            for (Permission permission2 : allOf) {
                if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject, permission2, resourceList)) {
                    throw new AssertionError("Failed to get every positive 1-role, 1-group, resource-list permission");
                }
            }
            getTransactionManager().begin();
            EntityManager entityManager2 = getEntityManager();
            try {
                Subject createNewSubject2 = SessionTestHelper.createNewSubject(entityManager2, "testSubject");
                Role createNewRoleForSubject2 = SessionTestHelper.createNewRoleForSubject(entityManager2, createNewSubject2, "testRole1");
                ResourceGroup createNewMixedGroupForRole2 = SessionTestHelper.createNewMixedGroupForRole(entityManager2, createNewRoleForSubject2, "testGroup1", false);
                Resource createNewResourceForGroup4 = SessionTestHelper.createNewResourceForGroup(entityManager2, createNewMixedGroupForRole2, "testResource1");
                Resource createNewResourceForGroup5 = SessionTestHelper.createNewResourceForGroup(entityManager2, createNewMixedGroupForRole2, "testResource2");
                Resource createNewResourceForGroup6 = SessionTestHelper.createNewResourceForGroup(entityManager2, createNewMixedGroupForRole2, "testResource3");
                Role createNewRoleForSubject3 = SessionTestHelper.createNewRoleForSubject(entityManager2, createNewSubject2, "testRole2");
                createNewRoleForSubject3.getResourceGroups().add(createNewMixedGroupForRole2);
                createNewMixedGroupForRole2.addRole(createNewRoleForSubject3);
                entityManager2.merge(createNewRoleForSubject3);
                entityManager2.merge(createNewMixedGroupForRole2);
                entityManager2.flush();
                EnumSet of = EnumSet.of(Permission.CONFIGURE_WRITE);
                EnumSet of2 = EnumSet.of(Permission.CONTROL);
                createNewRoleForSubject2.getPermissions().addAll(of);
                createNewRoleForSubject3.getPermissions().addAll(of2);
                entityManager2.merge(createNewRoleForSubject2);
                entityManager2.merge(createNewRoleForSubject3);
                entityManager2.flush();
                EnumSet<Permission> noneOf = EnumSet.noneOf(Permission.class);
                noneOf.addAll(of);
                noneOf.addAll(of2);
                Set<Permission> explicitResourcePermissions2 = this.authorizationManager.getExplicitResourcePermissions(createNewSubject2, createNewResourceForGroup4.getId());
                if (!$assertionsDisabled && !SessionTestHelper.samePermissions(noneOf, explicitResourcePermissions2)) {
                    throw new AssertionError("Failed to get all 2-role, 1-group, 1-resource permissions");
                }
                for (Permission permission3 : noneOf) {
                    if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject2, permission3, createNewResourceForGroup4.getId())) {
                        throw new AssertionError("Failed to get single 2-role, 1-group, 1-resource permission");
                    }
                }
                Collection<Integer> resourceList2 = SessionTestHelper.getResourceList(createNewResourceForGroup4, createNewResourceForGroup5, createNewResourceForGroup6);
                for (Permission permission4 : noneOf) {
                    if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject2, permission4, resourceList2)) {
                        throw new AssertionError("Failed to get every positive 2-role, 1-group, resource-list permission");
                    }
                }
                getTransactionManager().rollback();
                getTransactionManager().begin();
                EntityManager entityManager3 = getEntityManager();
                try {
                    Subject createNewSubject3 = SessionTestHelper.createNewSubject(entityManager3, "testSubject");
                    Role createNewRoleForSubject4 = SessionTestHelper.createNewRoleForSubject(entityManager3, createNewSubject3, "testRole1");
                    ResourceGroup createNewMixedGroupForRole3 = SessionTestHelper.createNewMixedGroupForRole(entityManager3, createNewRoleForSubject4, "testGroup1", false);
                    Resource createNewResourceForGroup7 = SessionTestHelper.createNewResourceForGroup(entityManager3, createNewMixedGroupForRole3, "testResource1");
                    Resource createNewResourceForGroup8 = SessionTestHelper.createNewResourceForGroup(entityManager3, createNewMixedGroupForRole3, "testResource2");
                    Resource createNewResourceForGroup9 = SessionTestHelper.createNewResourceForGroup(entityManager3, createNewMixedGroupForRole3, "testResource3");
                    Role createNewRoleForSubject5 = SessionTestHelper.createNewRoleForSubject(entityManager3, createNewSubject3, "testRole2");
                    ResourceGroup createNewMixedGroupForRole4 = SessionTestHelper.createNewMixedGroupForRole(entityManager3, createNewRoleForSubject5, "testGroup2", false);
                    createNewMixedGroupForRole4.addExplicitResource(createNewResourceForGroup7);
                    createNewResourceForGroup7.getExplicitGroups().add(createNewMixedGroupForRole4);
                    createNewMixedGroupForRole4.addImplicitResource(createNewResourceForGroup7);
                    createNewResourceForGroup7.getImplicitGroups().add(createNewMixedGroupForRole4);
                    entityManager3.merge(createNewMixedGroupForRole4);
                    entityManager3.merge(createNewResourceForGroup7);
                    entityManager3.flush();
                    EnumSet<Permission> of3 = EnumSet.of(Permission.MANAGE_CONTENT);
                    EnumSet<Permission> of4 = EnumSet.of(Permission.MANAGE_SECURITY);
                    createNewRoleForSubject4.getPermissions().addAll(of3);
                    createNewRoleForSubject5.getPermissions().addAll(of4);
                    entityManager3.merge(createNewRoleForSubject4);
                    entityManager3.merge(createNewRoleForSubject5);
                    entityManager3.flush();
                    EnumSet<Permission> noneOf2 = EnumSet.noneOf(Permission.class);
                    noneOf2.addAll(of3);
                    noneOf2.addAll(of4);
                    Set<Permission> explicitResourcePermissions3 = this.authorizationManager.getExplicitResourcePermissions(createNewSubject3, createNewResourceForGroup7.getId());
                    if (!$assertionsDisabled && !SessionTestHelper.samePermissions(noneOf2, explicitResourcePermissions3)) {
                        throw new AssertionError("Failed to get all 2-role, 2-group, 1-resource permissions");
                    }
                    for (Permission permission5 : noneOf2) {
                        if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject3, permission5, createNewResourceForGroup7.getId())) {
                            throw new AssertionError("Failed to get single 2-role, 2-group, 1-resource permission");
                        }
                    }
                    Collection<Integer> resourceList3 = SessionTestHelper.getResourceList(createNewResourceForGroup7, createNewResourceForGroup8, createNewResourceForGroup9);
                    for (Permission permission6 : of3) {
                        if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject3, permission6, resourceList3)) {
                            throw new AssertionError("Failed to get every positive 2-role, 2-group, resource-list permission");
                        }
                    }
                    for (Permission permission7 : of4) {
                        if (!$assertionsDisabled && this.authorizationManager.hasResourcePermission(createNewSubject3, permission7, resourceList3)) {
                            throw new AssertionError("Failed to get every negative 2-role, 2-group, resource-list permission");
                        }
                    }
                    getTransactionManager().rollback();
                    getTransactionManager().begin();
                    EntityManager entityManager4 = getEntityManager();
                    try {
                        Subject createNewSubject4 = SessionTestHelper.createNewSubject(entityManager4, "testSubject");
                        Role createNewRoleForSubject6 = SessionTestHelper.createNewRoleForSubject(entityManager4, createNewSubject4, "testRole1");
                        ResourceGroup createNewMixedGroupForRole5 = SessionTestHelper.createNewMixedGroupForRole(entityManager4, createNewRoleForSubject6, "testGroup1", false);
                        Resource createNewResourceForGroup10 = SessionTestHelper.createNewResourceForGroup(entityManager4, createNewMixedGroupForRole5, "testResource1");
                        Resource createNewResourceForGroup11 = SessionTestHelper.createNewResourceForGroup(entityManager4, createNewMixedGroupForRole5, "testResource2");
                        Resource createNewResourceForGroup12 = SessionTestHelper.createNewResourceForGroup(entityManager4, createNewMixedGroupForRole5, "testResource3");
                        ResourceGroup createNewMixedGroupForRole6 = SessionTestHelper.createNewMixedGroupForRole(entityManager4, createNewRoleForSubject6, "testGroup2", false);
                        createNewMixedGroupForRole6.addExplicitResource(createNewResourceForGroup10);
                        createNewResourceForGroup10.getExplicitGroups().add(createNewMixedGroupForRole6);
                        createNewMixedGroupForRole6.addImplicitResource(createNewResourceForGroup10);
                        createNewResourceForGroup10.getImplicitGroups().add(createNewMixedGroupForRole6);
                        entityManager4.merge(createNewMixedGroupForRole6);
                        entityManager4.merge(createNewResourceForGroup10);
                        entityManager4.flush();
                        EnumSet<Permission> of5 = EnumSet.of(Permission.MANAGE_SETTINGS, Permission.MANAGE_ALERTS);
                        createNewRoleForSubject6.getPermissions().addAll(of5);
                        entityManager4.merge(createNewRoleForSubject6);
                        entityManager4.flush();
                        Set<Permission> explicitResourcePermissions4 = this.authorizationManager.getExplicitResourcePermissions(createNewSubject4, createNewResourceForGroup10.getId());
                        if (!$assertionsDisabled && !SessionTestHelper.samePermissions(of5, explicitResourcePermissions4)) {
                            throw new AssertionError("Failed to get all 1-role, 2-group, 1-resource permissions");
                        }
                        for (Permission permission8 : of5) {
                            if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject4, permission8, createNewResourceForGroup10.getId())) {
                                throw new AssertionError("Failed to get single 1-role, 2-group, 1-resource permission");
                            }
                        }
                        Collection<Integer> resourceList4 = SessionTestHelper.getResourceList(createNewResourceForGroup10, createNewResourceForGroup11, createNewResourceForGroup12);
                        for (Permission permission9 : of5) {
                            if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject4, permission9, resourceList4)) {
                                throw new AssertionError("Failed to get every positive 1-role, 2-group, resource-list permission");
                            }
                        }
                        getTransactionManager().rollback();
                        getTransactionManager().begin();
                        EntityManager entityManager5 = getEntityManager();
                        try {
                            Subject createNewSubject5 = SessionTestHelper.createNewSubject(entityManager5, "testSubject");
                            Role createNewRoleForSubject7 = SessionTestHelper.createNewRoleForSubject(entityManager5, createNewSubject5, "testRole1");
                            ResourceGroup createNewMixedGroupForRole7 = SessionTestHelper.createNewMixedGroupForRole(entityManager5, createNewRoleForSubject7, "testGroup1", false);
                            Resource createNewResourceForGroup13 = SessionTestHelper.createNewResourceForGroup(entityManager5, createNewMixedGroupForRole7, "testResource1");
                            Resource createNewResourceForGroup14 = SessionTestHelper.createNewResourceForGroup(entityManager5, createNewMixedGroupForRole7, "testResource2");
                            Resource createNewResourceForGroup15 = SessionTestHelper.createNewResourceForGroup(entityManager5, createNewMixedGroupForRole7, "testResource3");
                            Role createNewRoleForSubject8 = SessionTestHelper.createNewRoleForSubject(entityManager5, createNewSubject5, "testRole2");
                            ResourceGroup createNewMixedGroupForRole8 = SessionTestHelper.createNewMixedGroupForRole(entityManager5, createNewRoleForSubject8, "testGroup2", false);
                            createNewMixedGroupForRole8.addRole(createNewRoleForSubject7);
                            createNewRoleForSubject7.getResourceGroups().add(createNewMixedGroupForRole8);
                            createNewMixedGroupForRole7.addRole(createNewRoleForSubject8);
                            createNewRoleForSubject8.getResourceGroups().add(createNewMixedGroupForRole7);
                            createNewMixedGroupForRole8.addExplicitResource(createNewResourceForGroup13);
                            createNewResourceForGroup13.getExplicitGroups().add(createNewMixedGroupForRole8);
                            createNewMixedGroupForRole8.addImplicitResource(createNewResourceForGroup13);
                            createNewResourceForGroup13.getImplicitGroups().add(createNewMixedGroupForRole8);
                            entityManager5.merge(createNewMixedGroupForRole7);
                            entityManager5.merge(createNewMixedGroupForRole8);
                            entityManager5.merge(createNewRoleForSubject7);
                            entityManager5.merge(createNewRoleForSubject8);
                            entityManager5.merge(createNewResourceForGroup13);
                            entityManager5.flush();
                            EnumSet of6 = EnumSet.of(Permission.CONFIGURE_WRITE, Permission.CONTROL, Permission.MANAGE_INVENTORY);
                            EnumSet of7 = EnumSet.of(Permission.CONTROL, Permission.MANAGE_SECURITY, Permission.MANAGE_INVENTORY);
                            createNewRoleForSubject7.getPermissions().addAll(of6);
                            createNewRoleForSubject8.getPermissions().addAll(of7);
                            entityManager5.merge(createNewRoleForSubject7);
                            entityManager5.merge(createNewRoleForSubject8);
                            entityManager5.flush();
                            EnumSet<Permission> noneOf3 = EnumSet.noneOf(Permission.class);
                            noneOf3.addAll(of6);
                            noneOf3.addAll(of7);
                            Set<Permission> explicitResourcePermissions5 = this.authorizationManager.getExplicitResourcePermissions(createNewSubject5, createNewResourceForGroup13.getId());
                            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(noneOf3, explicitResourcePermissions5)) {
                                throw new AssertionError("Failed to get all 2-role crossed 2-group, 1-resource distinct permissions");
                            }
                            for (Permission permission10 : noneOf3) {
                                if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject5, permission10, createNewResourceForGroup13.getId())) {
                                    throw new AssertionError("Failed to get single 2-role crossed 2-group, 1-resource distinct permission");
                                }
                            }
                            Collection<Integer> resourceList5 = SessionTestHelper.getResourceList(createNewResourceForGroup13, createNewResourceForGroup14, createNewResourceForGroup15);
                            for (Permission permission11 : noneOf3) {
                                if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject5, permission11, resourceList5)) {
                                    throw new AssertionError("Failed to get every positive 2-role crossed 2-group, resource-list permission");
                                }
                            }
                            getTransactionManager().rollback();
                            getTransactionManager().begin();
                            EntityManager entityManager6 = getEntityManager();
                            try {
                                Subject createNewSubject6 = SessionTestHelper.createNewSubject(entityManager6, "testSubject");
                                Role createNewRoleForSubject9 = SessionTestHelper.createNewRoleForSubject(entityManager6, createNewSubject6, "testRole1");
                                Role createNewRoleForSubject10 = SessionTestHelper.createNewRoleForSubject(entityManager6, createNewSubject6, "testRole2");
                                ResourceGroup createNewMixedGroupForRole9 = SessionTestHelper.createNewMixedGroupForRole(entityManager6, createNewRoleForSubject9, "testGroup1", false);
                                ResourceGroup createNewMixedGroupForRole10 = SessionTestHelper.createNewMixedGroupForRole(entityManager6, createNewRoleForSubject10, "testGroup2", false);
                                Resource createNewResourceForGroup16 = SessionTestHelper.createNewResourceForGroup(entityManager6, createNewMixedGroupForRole9, "testResource1");
                                Resource createNewResourceForGroup17 = SessionTestHelper.createNewResourceForGroup(entityManager6, createNewMixedGroupForRole10, "testResource2");
                                EnumSet of8 = EnumSet.of(Permission.MANAGE_ALERTS, Permission.MANAGE_SETTINGS);
                                EnumSet of9 = EnumSet.of(Permission.MANAGE_ALERTS, Permission.MANAGE_CONTENT);
                                createNewRoleForSubject9.getPermissions().addAll(of8);
                                createNewRoleForSubject10.getPermissions().addAll(of9);
                                entityManager6.merge(createNewRoleForSubject9);
                                entityManager6.merge(createNewRoleForSubject10);
                                entityManager6.flush();
                                EnumSet<Permission> copyOf = EnumSet.copyOf((Collection) of8);
                                copyOf.retainAll(of9);
                                EnumSet<Permission> copyOf2 = EnumSet.copyOf((Collection) of8);
                                copyOf2.addAll(of9);
                                copyOf2.removeAll(copyOf);
                                Collection<Integer> resourceList6 = SessionTestHelper.getResourceList(createNewResourceForGroup16, createNewResourceForGroup17);
                                for (Permission permission12 : copyOf) {
                                    if (!$assertionsDisabled && !this.authorizationManager.hasResourcePermission(createNewSubject6, permission12, resourceList6)) {
                                        throw new AssertionError("Failed to get every positive 2-role independent 2-group, resource-list permission");
                                    }
                                }
                                for (Permission permission13 : copyOf2) {
                                    if (!$assertionsDisabled && this.authorizationManager.hasResourcePermission(createNewSubject6, permission13, resourceList6)) {
                                        throw new AssertionError("Failed to get every negative 2-role independent 2-group, resource-list permission");
                                    }
                                }
                                getTransactionManager().rollback();
                            } finally {
                                getTransactionManager().rollback();
                            }
                        } finally {
                            getTransactionManager().rollback();
                        }
                    } finally {
                        getTransactionManager().rollback();
                    }
                } finally {
                    getTransactionManager().rollback();
                }
            } finally {
                getTransactionManager().rollback();
            }
        } finally {
        }
    }

    @Test(groups = {"integration.session"})
    public void testSetPermission() throws Exception {
        getTransactionManager().begin();
        EntityManager entityManager = getEntityManager();
        try {
            Role createNewRoleForSubject = SessionTestHelper.createNewRoleForSubject(entityManager, SessionTestHelper.createNewSubject(entityManager, "testSubject"), "testRole");
            RoleManagerLocal roleManager = LookupUtil.getRoleManager();
            Subject overlord = LookupUtil.getSubjectManager().getOverlord();
            Set<Permission> allGlobalPerms = SessionTestHelper.getAllGlobalPerms();
            roleManager.setPermissions(overlord, Integer.valueOf(createNewRoleForSubject.getId()), allGlobalPerms);
            entityManager.refresh(createNewRoleForSubject);
            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(createNewRoleForSubject.getPermissions(), allGlobalPerms)) {
                throw new AssertionError("Failed to set global permissions");
            }
            Set<Permission> allResourcePerms = SessionTestHelper.getAllResourcePerms();
            roleManager.setPermissions(overlord, Integer.valueOf(createNewRoleForSubject.getId()), allResourcePerms);
            entityManager.refresh(createNewRoleForSubject);
            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(createNewRoleForSubject.getPermissions(), allResourcePerms)) {
                throw new AssertionError("Failed to set resource permissions");
            }
            EnumSet noneOf = EnumSet.noneOf(Permission.class);
            roleManager.setPermissions(overlord, Integer.valueOf(createNewRoleForSubject.getId()), noneOf);
            entityManager.refresh(createNewRoleForSubject);
            if (!$assertionsDisabled && !SessionTestHelper.samePermissions(createNewRoleForSubject.getPermissions(), noneOf)) {
                throw new AssertionError("Failed to set empty list of permissions");
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    static {
        $assertionsDisabled = !AuthorizationManagerBeanTest.class.desiredAssertionStatus();
    }
}
