package eu.ehri.project.acl;

import com.google.common.collect.Lists;
import eu.ehri.project.acl.GlobalPermissionSet;
import eu.ehri.project.exceptions.ItemNotFound;
import eu.ehri.project.exceptions.PermissionDenied;
import eu.ehri.project.models.DocumentaryUnit;
import eu.ehri.project.models.Group;
import eu.ehri.project.models.Repository;
import eu.ehri.project.models.UserProfile;
import eu.ehri.project.models.base.Accessible;
import eu.ehri.project.models.base.Accessor;
import eu.ehri.project.test.ModelTestBase;
import java.util.Collection;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:eu/ehri/project/acl/AclTest.class */
public class AclTest extends ModelTestBase {
    private AclManager acl;

    @BeforeClass
    public static void setUpBeforeClass() throws Exception {
    }

    @Override // eu.ehri.project.test.ModelTestBase, eu.ehri.project.test.GraphTestBase
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.acl = new AclManager(this.graph);
    }

    @Test
    public void testTheFixturesLoaded() {
        Assert.assertTrue(this.graph.getVertices().iterator().hasNext());
    }

    @Test
    public void testTheAdminGroup() throws ItemNotFound {
        Assert.assertTrue(((Group) this.manager.getEntity("admin", Group.class)).getMembers().iterator().hasNext());
    }

    @Test
    public void testAdminRead() throws ItemNotFound {
        Group group = (Group) this.manager.getEntity("admin", Group.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c3", DocumentaryUnit.class);
        Assert.assertTrue(this.acl.canAccess(documentaryUnit, group));
        Assert.assertFalse(this.acl.canAccess(documentaryUnit, userProfile));
    }

    @Test
    public void testNiodGroup() throws ItemNotFound {
        Group group = (Group) this.manager.getEntity("kcl", Group.class);
        Assert.assertFalse(this.acl.canAccess((DocumentaryUnit) this.manager.getEntity("c1", DocumentaryUnit.class), group));
        Assert.assertTrue(this.acl.canAccess((DocumentaryUnit) this.manager.getEntity("c4", DocumentaryUnit.class), group));
    }

    @Test
    public void testUserGroupPermOverride() throws ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("tim", Accessor.class);
        Assert.assertTrue(this.acl.canAccess((Accessible) this.manager.getEntity("c3", Accessible.class), accessor));
    }

    @Test
    public void testUserCanAccessOwnProfile() throws ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("reto", Accessor.class);
        Accessible accessible = (Accessible) this.manager.getEntity("reto", Accessible.class);
        AclManager aclManager = this.acl;
        Assert.assertFalse(AclManager.belongsToAdmin(accessor));
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
    }

    @Test
    public void testSetUserPermissionsWithScope() throws Exception {
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        Assert.assertFalse(this.acl.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, userProfile));
        Assert.assertFalse(this.acl.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, userProfile));
        Assert.assertFalse(this.acl.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.ANNOTATE, userProfile));
        this.acl.withScope(repository).setPermissionMatrix(userProfile, GlobalPermissionSet.newBuilder().set(ContentTypes.DOCUMENTARY_UNIT, new PermissionType[]{PermissionType.UPDATE, PermissionType.DELETE}).build());
        Assert.assertTrue(this.acl.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, userProfile));
        Assert.assertTrue(this.acl.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, userProfile));
        Assert.assertFalse(this.acl.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.ANNOTATE, userProfile));
    }

    @Test
    public void testUserCannotWriteOtherProfile() throws ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("reto", Accessor.class);
        Assert.assertTrue(this.acl.canAccess((Accessible) this.manager.getEntity("tim", Accessible.class), accessor));
    }

    @Test
    public void testUserAccessAsAnonymous() throws ItemNotFound {
        Assert.assertTrue(this.acl.canAccess((Accessible) this.manager.getEntity("tim", Accessible.class), AnonymousAccessor.getInstance()));
    }

    @Test
    public void testUserCannotChangeGroupJustByBeingAMemberOfIt() throws ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("reto", Accessor.class);
        Accessible accessible = (Accessible) this.manager.getEntity("kcl", Accessible.class);
        AclManager aclManager = this.acl;
        Assert.assertFalse(AclManager.belongsToAdmin(accessor));
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
    }

    @Test
    public void testChangingItemAccessibility() throws PermissionDenied, ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("reto", Accessor.class);
        Accessible accessible = (Accessible) this.manager.getEntity("kcl", Accessible.class);
        AclManager aclManager = this.acl;
        Assert.assertFalse(AclManager.belongsToAdmin(accessor));
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
        this.acl.setAccessors(accessible, Lists.newArrayList(new Accessor[]{accessor}));
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
    }

    @Test
    public void testRemovingItemAccessibility() throws PermissionDenied, ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("reto", Accessor.class);
        Accessible accessible = (Accessible) this.manager.getEntity("kcl", Accessible.class);
        AclManager aclManager = this.acl;
        Assert.assertFalse(AclManager.belongsToAdmin(accessor));
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
        this.acl.setAccessors(accessible, Lists.newArrayList(new Accessor[]{accessor}));
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
        this.acl.removeAccessControl(accessible, accessor);
        Assert.assertTrue(this.acl.canAccess(accessible, accessor));
    }

    @Test
    public void testGlobalPermissionMatrix() throws PermissionDenied, ItemNotFound {
        Accessor accessor = (Accessor) this.manager.getEntity("linda", Accessor.class);
        AclManager aclManager = this.acl;
        Assert.assertFalse(AclManager.belongsToAdmin(accessor));
        Assert.assertTrue(this.acl.getGlobalPermissions(accessor).get(ContentTypes.DOCUMENTARY_UNIT).contains(PermissionType.CREATE));
    }

    @Test
    public void testPermissionSet() throws PermissionDenied, ItemNotFound {
        PermissionType[] permissionTypeArr = {PermissionType.CREATE, PermissionType.DELETE, PermissionType.UPDATE, PermissionType.GRANT, PermissionType.ANNOTATE};
        ContentTypes[] contentTypesArr = {ContentTypes.DOCUMENTARY_UNIT, ContentTypes.USER_PROFILE, ContentTypes.REPOSITORY, ContentTypes.GROUP};
        GlobalPermissionSet.Builder newBuilder = GlobalPermissionSet.newBuilder();
        for (ContentTypes contentTypes : contentTypesArr) {
            newBuilder.set(contentTypes, permissionTypeArr);
        }
        GlobalPermissionSet build = newBuilder.build();
        Accessor accessor = (Accessor) this.manager.getEntity("reto", Accessor.class);
        AclManager aclManager = this.acl;
        Assert.assertFalse(AclManager.belongsToAdmin(accessor));
        GlobalPermissionSet globalPermissions = this.acl.getGlobalPermissions(accessor);
        for (ContentTypes contentTypes2 : contentTypesArr) {
            Assert.assertTrue(globalPermissions.get(contentTypes2).isEmpty());
        }
        AclManager aclManager2 = new AclManager(this.graph);
        aclManager2.setPermissionMatrix(accessor, build);
        GlobalPermissionSet globalPermissions2 = aclManager2.getGlobalPermissions(accessor);
        for (ContentTypes contentTypes3 : contentTypesArr) {
            Collection collection = globalPermissions2.get(contentTypes3);
            Assert.assertNotNull(collection);
            for (PermissionType permissionType : permissionTypeArr) {
                Assert.assertTrue(collection.contains(permissionType));
            }
        }
    }

    @Test(expected = PermissionDenied.class)
    public void testPermissionSetForAdmin() throws PermissionDenied, ItemNotFound {
        GlobalPermissionSet build = GlobalPermissionSet.newBuilder().set(ContentTypes.DOCUMENTARY_UNIT, new PermissionType[]{PermissionType.CREATE}).build();
        Accessor accessor = (Accessor) this.manager.getEntity("admin", Accessor.class);
        AclManager aclManager = this.acl;
        Assert.assertTrue(AclManager.belongsToAdmin(accessor));
        Assert.assertFalse(this.acl.getGlobalPermissions(accessor).get(ContentTypes.DOCUMENTARY_UNIT).isEmpty());
        new AclManager(this.graph).setPermissionMatrix(accessor, build);
        Assert.fail();
    }
}
