package org.kie.workbench.security;

import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.event.Event;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.uberfire.backend.authz.AuthorizationPolicyStorage;
import org.uberfire.backend.events.AuthorizationPolicyDeployedEvent;
import org.uberfire.backend.server.authz.AuthorizationPolicyDeployer;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.AuthorizationResult;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionCollection;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.impl.authz.DefaultPermissionManager;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/kie/workbench/security/WorkbenchACLTest.class */
public class WorkbenchACLTest {
    static final String HOME_PERSPECTIVE = "HomePerspective";
    static final List<String> DEFAULT_DENIED = Arrays.asList("perspective.read", "perspective.create", "perspective.delete", "perspective.update", "project.create", "project.build", "project.read", "project.update", "project.delete", "orgunit.create", "orgunit.read", "orgunit.update", "orgunit.delete", "repository.create", "repository.read", "repository.update", "repository.delete", "dataobject.edit", "asset.promote", "project.release", "repository.configure", "planner.available");
    static final List<String> DEVELOPER_DENIED = Arrays.asList("perspective.read.AdministrationPerspective", "perspective.read.AppsPerspective", "perspective.read.PlugInAuthoringPerspective", "perspective.read.DataSetAuthoringPerspective", "perspective.read.DataSourceManagementPerspective", "perspective.read.TaskAdmin", "orgunit.create", "orgunit.update", "orgunit.delete");
    static final List<String> ANALYST_DENIED = Arrays.asList("perspective.read.AdministrationPerspective", "perspective.read.AppsPerspective", "perspective.read.PlugInAuthoringPerspective", "perspective.read.DataSetAuthoringPerspective", "perspective.read.DataSourceManagementPerspective", "perspective.read.GuvnorM2RepoPerspective", "perspective.read.ProvisioningManagementPerspective", "perspective.read.ServerManagementPerspective", "perspective.read.TaskAdmin", "perspective.read.ExecutionErrors", "orgunit.create", "orgunit.update", "orgunit.delete", "dataobject.edit");
    static final List<String> MANAGER_GRANTED = Arrays.asList("perspective.read.HomePerspective", "perspective.read.ProcessDashboardPerspective", "perspective.read.TaskDashboardPerspective", "dashboard.manage");
    static final List<String> USER_GRANTED = Arrays.asList("perspective.read.HomePerspective", "perspective.read.UserHomePagePerspective", "perspective.read.ProcessDefinitions", "perspective.read.ProcessInstances", "perspective.read.Tasks", "perspective.read.ProcessDashboardPerspective", "perspective.read.TaskDashboardPerspective", "dashboard.manage");
    static final List<String> PROCESS_ADMIN_GRANTED = Arrays.asList("perspective.read.HomePerspective", "perspective.read.UserHomePagePerspective", "perspective.read.ProcessDefinitions", "perspective.read.ProcessInstances", "perspective.read.Tasks", "perspective.read.TaskAdmin", "perspective.read.ExecutionErrors", "perspective.read.ProcessDashboardPerspective", "perspective.read.TaskDashboardPerspective", "dashboard.manage");

    @Mock
    AuthorizationPolicyStorage storage;

    @Mock
    Event<AuthorizationPolicyDeployedEvent> deployedEvent;
    AuthorizationPolicyDeployer deployer;
    PermissionManager permissionManager;
    AuthorizationPolicy policy;

    @Before
    public void setUp() throws Exception {
        this.permissionManager = new DefaultPermissionManager();
        this.deployer = new AuthorizationPolicyDeployer(this.storage, this.permissionManager, this.deployedEvent);
        this.deployer.deployPolicy(Paths.get(Thread.currentThread().getContextClassLoader().getResource("security-policy.properties").toURI()).getParent());
        ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationPolicy.class);
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).loadPolicy();
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).savePolicy((AuthorizationPolicy) forClass.capture());
        this.policy = (AuthorizationPolicy) forClass.getValue();
    }

    @Test
    public void testPolicyDeployment() {
        Assert.assertNotNull(this.policy);
        Assert.assertEquals(this.policy.getRoles().size(), 6L);
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).savePolicy(this.policy);
        ((Event) Mockito.verify(this.deployedEvent)).fire(Mockito.any());
    }

    @Test
    public void testDefaultPermissions() {
        Assert.assertEquals(this.policy.getHomePerspective(), HOME_PERSPECTIVE);
        PermissionCollection permissions = this.policy.getPermissions();
        Iterator<String> it = DEFAULT_DENIED.iterator();
        while (it.hasNext()) {
            Permission permission = permissions.get(it.next());
            Assert.assertNotNull(permission);
            Assert.assertEquals(permission.getResult(), AuthorizationResult.ACCESS_DENIED);
        }
    }

    @Test
    public void testAdminPermissions() {
        testPermissions(new RoleImpl("admin"), null, HOME_PERSPECTIVE, AuthorizationResult.ACCESS_GRANTED, null);
    }

    @Test
    public void testDeveloperPermissions() {
        testPermissions(new RoleImpl("developer"), DEVELOPER_DENIED, HOME_PERSPECTIVE, AuthorizationResult.ACCESS_GRANTED, AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testAnalystPermissions() {
        testPermissions(new RoleImpl("analyst"), ANALYST_DENIED, HOME_PERSPECTIVE, AuthorizationResult.ACCESS_GRANTED, AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testManagerPermissions() {
        testPermissions(new RoleImpl("manager"), MANAGER_GRANTED, HOME_PERSPECTIVE, AuthorizationResult.ACCESS_DENIED, AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testUserPermissions() {
        testPermissions(new RoleImpl("user"), USER_GRANTED, HOME_PERSPECTIVE, AuthorizationResult.ACCESS_DENIED, AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testProcessAdminPermissions() {
        testPermissions(new RoleImpl("process-admin"), PROCESS_ADMIN_GRANTED, HOME_PERSPECTIVE, AuthorizationResult.ACCESS_DENIED, AuthorizationResult.ACCESS_GRANTED);
    }

    public void testPermissions(Role role, List<String> list, String str, AuthorizationResult authorizationResult, AuthorizationResult authorizationResult2) {
        Assert.assertEquals(role != null ? this.policy.getHomePerspective(role) : this.policy.getHomePerspective(), str);
        PermissionCollection permissions = this.policy.getPermissions(role);
        for (String str2 : DEFAULT_DENIED) {
            if (list == null || !list.contains(str2)) {
                Permission permission = permissions.get(str2);
                Assert.assertNotNull(permission);
                Assert.assertEquals(permission.getResult(), authorizationResult);
            }
        }
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                Permission permission2 = permissions.get(it.next());
                Assert.assertNotNull(permission2);
                Assert.assertEquals(permission2.getResult(), authorizationResult2);
            }
        }
    }
}
