package eu.ehri.project.test;

import eu.ehri.project.acl.AclManager;
import eu.ehri.project.acl.ContentTypes;
import eu.ehri.project.acl.GlobalPermissionSet;
import eu.ehri.project.acl.PermissionType;
import eu.ehri.project.acl.PermissionUtils;
import eu.ehri.project.acl.SystemScope;
import eu.ehri.project.exceptions.PermissionDenied;
import eu.ehri.project.exceptions.ValidationError;
import eu.ehri.project.models.DocumentaryUnit;
import eu.ehri.project.models.EntityClass;
import eu.ehri.project.models.Repository;
import eu.ehri.project.models.UserProfile;
import eu.ehri.project.persistence.Bundle;
import eu.ehri.project.persistence.BundleManager;
import java.util.Map;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:eu/ehri/project/test/PermissionsTest.class */
public class PermissionsTest extends AbstractFixtureTest {
    private UserProfile user;
    private AclManager acl;
    private PermissionUtils viewHelper;

    @Before
    public void createTestUser() throws Exception {
        this.user = new BundleManager(this.graph).create(Bundle.of(EntityClass.USER_PROFILE, (Map) TestData.getTestUserBundle().get("data")), UserProfile.class);
        this.viewHelper = new PermissionUtils(this.graph);
        this.acl = new AclManager(this.graph);
    }

    @Test(expected = PermissionDenied.class)
    public void testCreateAsUserWithBadPerms() throws Exception {
        Assert.assertNotNull(api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
    }

    @Test
    public void testCreateAsUserWithNewPerms() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        Assert.assertNotNull(api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
    }

    @Test(expected = PermissionDenied.class)
    public void testCreateAsUserWithBadScopedPerms() throws Exception {
        this.acl.withScope((Repository) this.manager.getEntity("r1", Repository.class)).grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        Assert.assertNotNull(api(this.user).withScope(SystemScope.getInstance()).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
    }

    @Test
    public void testCreateAsUserWithGoodScopedPerms() throws Exception {
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        this.acl.withScope(repository).grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        Assert.assertNotNull(api(this.user).withScope(repository).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
    }

    @Test
    public void testCreateAsUserWithGoodNestedScopedPerms() throws Exception {
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        this.acl.withScope(repository).grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        DocumentaryUnit create = api(this.user).withScope(repository).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.assertNotNull(api(this.user).withScope(create).create(Bundle.fromData(TestData.getTestDocBundle()).withDataValue("identifier", "some-other-id"), DocumentaryUnit.class));
    }

    @Test
    public void testCreateAsUserWithGoodDoubleNestedScopedPerms() throws Exception {
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        this.acl.withScope(repository).grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        api(this.user).withScope(repository).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.assertNotNull(api(this.user).withScope(repository).create(Bundle.fromData(TestData.getTestDocBundle()).withDataValue("identifier", "some-id"), DocumentaryUnit.class));
    }

    @Test(expected = PermissionDenied.class)
    public void testCreateAsUserWithDifferentScopedPerms() throws Exception {
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        Repository repository2 = (Repository) this.manager.getEntity("r2", Repository.class);
        this.acl.withScope(repository).grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        Assert.assertNotNull(api(this.user).withScope(repository2).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
    }

    @Test(expected = PermissionDenied.class)
    public void testCreateAsUserWithDifferentPerms() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.DELETE, this.user);
        Assert.assertNotNull(api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
    }

    @Test
    public void testDeleteAsUserWithGoodPerms() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.DELETE, this.user);
        DocumentaryUnit create = api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.assertNotNull(create);
        api(this.user).delete(create.getId());
    }

    @Test
    public void testCreateDeleteAsUserWithOwnerPerms() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.OWNER, this.user);
        DocumentaryUnit create = api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.assertNotNull(create);
        api(this.user).delete(create.getId());
    }

    @Test
    public void testCreateDeleteAsCreator() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        DocumentaryUnit create = api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.assertNotNull(create);
        api(this.user).delete(create.getId());
    }

    @Test(expected = PermissionDenied.class)
    public void testCreateDeleteAsUserWithWrongPerms() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.ANNOTATE, this.user);
        DocumentaryUnit create = api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.assertNotNull(create);
        this.acl.revokePermission(create, PermissionType.OWNER, this.user);
        api(this.user).delete(create.getId());
    }

    @Test(expected = ValidationError.class)
    public void testCreateWithoutRevoke() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        Assert.assertNotNull(api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
        api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.fail();
    }

    @Test(expected = PermissionDenied.class)
    public void testCreateAsUserThenRevoke() throws Exception {
        this.acl.grantPermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        Assert.assertNotNull(api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class));
        this.acl.revokePermission(this.viewHelper.getContentTypeNode(EntityClass.DOCUMENTARY_UNIT), PermissionType.CREATE, this.user);
        api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
        Assert.fail();
    }

    @Test
    public void testSetPermissionMatrix() throws Exception {
        GlobalPermissionSet build = GlobalPermissionSet.newBuilder().set(ContentTypes.DOCUMENTARY_UNIT, new PermissionType[]{PermissionType.CREATE, PermissionType.DELETE}).build();
        try {
            api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
            Assert.fail();
        } catch (PermissionDenied e) {
            this.acl.setPermissionMatrix(this.user, build);
            DocumentaryUnit create = api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
            Assert.assertNotNull(create);
            api(this.user).delete(create.getId());
        }
    }

    @Test
    public void testSetScopedPermissionMatrix() throws Exception {
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        GlobalPermissionSet build = GlobalPermissionSet.newBuilder().set(ContentTypes.DOCUMENTARY_UNIT, new PermissionType[]{PermissionType.CREATE, PermissionType.DELETE}).build();
        try {
            api(this.user).withScope(repository).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
            Assert.fail("Should be unable to create an item with scope: " + repository);
        } catch (PermissionDenied e) {
            this.acl.withScope(repository).setPermissionMatrix(this.user, build);
            try {
                api(this.user).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
                Assert.fail("Should be unable to create an item with no scope after setting scoped perms.");
            } catch (PermissionDenied e2) {
                DocumentaryUnit create = api(this.user).withScope(repository).create(Bundle.fromData(TestData.getTestDocBundle()), DocumentaryUnit.class);
                Assert.assertNotNull(create);
                api(this.user).withScope(repository).delete(create.getId());
            }
        }
    }
}
