package eu.ehri.project.acl;

import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.tinkerpop.blueprints.Vertex;
import com.tinkerpop.gremlin.java.GremlinPipeline;
import eu.ehri.project.api.Api;
import eu.ehri.project.models.Annotation;
import eu.ehri.project.models.Country;
import eu.ehri.project.models.DocumentaryUnit;
import eu.ehri.project.models.Group;
import eu.ehri.project.models.PermissionGrant;
import eu.ehri.project.models.Repository;
import eu.ehri.project.models.UserProfile;
import eu.ehri.project.models.base.Accessor;
import eu.ehri.project.persistence.Bundle;
import eu.ehri.project.test.GraphTestBase;
import eu.ehri.project.test.TestData;
import eu.ehri.project.utils.GraphInitializer;
import eu.ehri.project.utils.fixtures.FixtureLoader;
import eu.ehri.project.utils.fixtures.FixtureLoaderFactory;
import java.util.List;
import java.util.Map;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:eu/ehri/project/acl/AclManagerTest.class */
public class AclManagerTest extends GraphTestBase {
    private FixtureLoader loader;

    @Override // eu.ehri.project.test.GraphTestBase
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.loader = FixtureLoaderFactory.getInstance(this.graph, false);
        new GraphInitializer(this.graph).initialize();
    }

    @Override // eu.ehri.project.test.GraphTestBase
    @After
    public void tearDown() throws Exception {
        super.tearDown();
    }

    @Test
    public void testIsAdmin() throws Exception {
        Assert.assertTrue(AclManager.belongsToAdmin((Group) this.manager.getEntity("admin", Group.class)));
    }

    @Test
    public void testBelongsToAdmin() throws Exception {
        this.loader.loadTestData();
        Assert.assertTrue(AclManager.belongsToAdmin((UserProfile) this.manager.getEntity("mike", UserProfile.class)));
        Assert.assertTrue(AclManager.belongsToAdmin((UserProfile) this.manager.getEntity("tim", UserProfile.class)));
    }

    @Test
    public void testIsAnonymous() throws Exception {
        Accessor accessor = (Accessor) this.manager.getEntity("admin", Group.class);
        Accessor anonymousAccessor = AnonymousAccessor.getInstance();
        Assert.assertFalse(AclManager.belongsToAdmin(anonymousAccessor));
        Assert.assertTrue(AclManager.isAnonymous(anonymousAccessor));
        Assert.assertFalse(AclManager.isAnonymous(accessor));
    }

    @Test
    public void testGetAccessControl() throws Exception {
        this.loader.loadTestData();
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c1", DocumentaryUnit.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("mike", UserProfile.class);
        UserProfile userProfile2 = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        AclManager aclManager = new AclManager(this.graph);
        Assert.assertTrue(aclManager.canAccess(documentaryUnit, userProfile));
        Assert.assertFalse(aclManager.canAccess(documentaryUnit, userProfile2));
    }

    @Test
    public void testRemoveAccessControl() throws Exception {
        this.loader.loadTestData();
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c1", DocumentaryUnit.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("mike", UserProfile.class);
        AclManager aclManager = new AclManager(this.graph);
        Assert.assertTrue(Iterables.contains(documentaryUnit.getAccessors(), userProfile));
        aclManager.removeAccessControl(documentaryUnit, userProfile);
        Assert.assertFalse(Iterables.contains(documentaryUnit.getAccessors(), userProfile));
    }

    @Test
    public void testSetAccessors() throws Exception {
        this.loader.loadTestData();
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c1", DocumentaryUnit.class);
        Accessor accessor = (UserProfile) this.manager.getEntity("mike", UserProfile.class);
        Accessor accessor2 = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        AclManager aclManager = new AclManager(this.graph);
        Assert.assertTrue(aclManager.canAccess(documentaryUnit, accessor));
        Assert.assertFalse(aclManager.canAccess(documentaryUnit, accessor2));
        aclManager.setAccessors(documentaryUnit, Lists.newArrayList(new Accessor[]{accessor, accessor2}));
        Assert.assertTrue(aclManager.canAccess(documentaryUnit, accessor));
        Assert.assertTrue(aclManager.canAccess(documentaryUnit, accessor2));
    }

    @Test
    public void testGetInheritedEntityPermissions() throws Exception {
        this.loader.loadTestData();
        InheritedItemPermissionSet inheritedItemPermissions = new AclManager(this.graph).getInheritedItemPermissions((DocumentaryUnit) this.manager.getEntity("c4", DocumentaryUnit.class), (UserProfile) this.manager.getEntity("reto", UserProfile.class));
        Assert.assertTrue(inheritedItemPermissions.has(PermissionType.CREATE));
        Assert.assertFalse(inheritedItemPermissions.has(PermissionType.UPDATE));
        Assert.assertFalse(inheritedItemPermissions.has(PermissionType.DELETE));
        Assert.assertFalse(inheritedItemPermissions.has(PermissionType.OWNER));
    }

    @Test
    public void testSetEntityPermissions() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c4", DocumentaryUnit.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        InheritedItemPermissionSet inheritedItemPermissions = aclManager.getInheritedItemPermissions(documentaryUnit, userProfile);
        Assert.assertTrue(inheritedItemPermissions.has(PermissionType.CREATE));
        Assert.assertFalse(inheritedItemPermissions.has(PermissionType.UPDATE));
        Assert.assertFalse(inheritedItemPermissions.has(PermissionType.DELETE));
        Assert.assertFalse(inheritedItemPermissions.has(PermissionType.OWNER));
        aclManager.setItemPermissions(documentaryUnit, userProfile, Sets.newHashSet(new PermissionType[]{PermissionType.DELETE, PermissionType.UPDATE}));
        InheritedItemPermissionSet inheritedItemPermissions2 = aclManager.getInheritedItemPermissions(documentaryUnit, userProfile);
        Assert.assertTrue(inheritedItemPermissions2.has(PermissionType.CREATE));
        Assert.assertTrue(inheritedItemPermissions2.has(PermissionType.UPDATE));
        Assert.assertTrue(inheritedItemPermissions2.has(PermissionType.DELETE));
        Assert.assertFalse(inheritedItemPermissions2.has(PermissionType.OWNER));
    }

    @Test
    public void testSetPermissionMatrix() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        GlobalPermissionSet globalPermissions = aclManager.getGlobalPermissions(userProfile);
        Assert.assertFalse(globalPermissions.has(ContentTypes.COUNTRY, PermissionType.CREATE));
        aclManager.setPermissionMatrix(userProfile, globalPermissions.withPermission(ContentTypes.COUNTRY, new PermissionType[]{PermissionType.CREATE}));
        Assert.assertTrue(aclManager.getGlobalPermissions(userProfile).has(ContentTypes.COUNTRY, PermissionType.CREATE));
    }

    @Test
    public void testGrantPermission() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c4", DocumentaryUnit.class);
        Assert.assertFalse(aclManager.hasPermission(documentaryUnit, PermissionType.OWNER, userProfile));
        PermissionGrant grantPermission = aclManager.grantPermission(documentaryUnit, PermissionType.OWNER, userProfile);
        Assert.assertTrue(aclManager.hasPermission(documentaryUnit, PermissionType.OWNER, userProfile));
        Assert.assertEquals(grantPermission, aclManager.grantPermission(documentaryUnit, PermissionType.OWNER, userProfile));
    }

    @Test
    public void testContentTypeFilterFunction() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        Vertex vertex = this.manager.getVertex("c1");
        Vertex vertex2 = this.manager.getVertex("r1");
        Vertex vertex3 = this.manager.getVertex("cd1");
        List list = new GremlinPipeline(Lists.newArrayList(new Vertex[]{vertex, vertex2, vertex3})).filter(aclManager.getContentTypeFilterFunction()).toList();
        Assert.assertEquals(2L, list.size());
        Assert.assertFalse(list.contains(vertex3));
    }

    @Test
    public void testGetAclFilterFunction() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        Annotation annotation = (Annotation) this.manager.getEntity("ann3", Annotation.class);
        Annotation annotation2 = (Annotation) this.manager.getEntity("ann4", Annotation.class);
        Assert.assertFalse(aclManager.canAccess(annotation, userProfile));
        Assert.assertTrue(aclManager.canAccess(annotation2, userProfile));
        List list = new GremlinPipeline(Lists.newArrayList(new Vertex[]{annotation.asVertex(), annotation2.asVertex()})).filter(AclManager.getAclFilterFunction(userProfile)).toList();
        Assert.assertEquals(1L, list.size());
        Assert.assertFalse(list.contains(annotation.asVertex()));
    }

    @Test
    public void testRevokePermission() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        DocumentaryUnit documentaryUnit = (DocumentaryUnit) this.manager.getEntity("c4", DocumentaryUnit.class);
        Assert.assertFalse(aclManager.hasPermission(documentaryUnit, PermissionType.OWNER, userProfile));
        aclManager.grantPermission(documentaryUnit, PermissionType.OWNER, userProfile);
        Assert.assertTrue(aclManager.hasPermission(documentaryUnit, PermissionType.OWNER, userProfile));
        aclManager.revokePermission(documentaryUnit, PermissionType.OWNER, userProfile);
        Assert.assertFalse(aclManager.hasPermission(documentaryUnit, PermissionType.OWNER, userProfile));
    }

    @Test
    public void testRevokePermissionGrant() throws Exception {
        this.loader.loadTestData();
        AclManager aclManager = new AclManager(this.graph);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("reto", UserProfile.class);
        Repository repository = (Repository) this.manager.getEntity("r1", Repository.class);
        PermissionGrant permissionGrant = (PermissionGrant) this.manager.getEntity("retoKclWriteGrant", PermissionGrant.class);
        Assert.assertFalse(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile));
        Assert.assertTrue(aclManager.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile));
        aclManager.revokePermissionGrant(permissionGrant);
        Assert.assertFalse(aclManager.withScope(repository).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile));
    }

    @Test
    public void testGetAdminPermissions() throws Exception {
        this.loader.loadTestData();
        GlobalPermissionSet globalPermissions = new AclManager(this.graph).getGlobalPermissions((Accessor) this.manager.getEntity("admin", Accessor.class));
        for (ContentTypes contentTypes : ContentTypes.values()) {
            for (PermissionType permissionType : PermissionType.values()) {
                Assert.assertTrue(globalPermissions.has(contentTypes, permissionType));
            }
        }
    }

    @Test
    public void testGetInheritedGlobalPermissions() throws Exception {
        this.loader.loadTestData("permissions.yaml");
        Group group = (Group) this.manager.getEntity("group1", Group.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("user1", UserProfile.class);
        AclManager aclManager = new AclManager(this.graph);
        List serialize = aclManager.getInheritedGlobalPermissions(userProfile).serialize();
        Assert.assertEquals(2L, serialize.size());
        Assert.assertEquals(GlobalPermissionSet.empty(), ((Map) serialize.get(0)).get(userProfile.getId()));
        Assert.assertEquals(aclManager.getGlobalPermissions(group), ((Map) serialize.get(1)).get(group.getId()));
    }

    @Test
    public void testGetGlobalPermissions() throws Exception {
        this.loader.loadTestData("permissions.yaml");
        Group group = (Group) this.manager.getEntity("group1", Group.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("user1", UserProfile.class);
        Assert.assertEquals(GlobalPermissionSet.newBuilder().set(ContentTypes.DOCUMENTARY_UNIT, new PermissionType[]{PermissionType.CREATE, PermissionType.UPDATE, PermissionType.DELETE}).build(), new AclManager(this.graph).getGlobalPermissions(group));
        Assert.assertEquals(GlobalPermissionSet.empty(), new AclManager(this.graph).getGlobalPermissions(userProfile));
    }

    @Test
    public void testCountryScopeScenario() throws Exception {
        this.loader.loadTestData("country-permissions.yaml");
        Country country = (Country) this.manager.getEntity("gb", Country.class);
        Country country2 = (Country) this.manager.getEntity("nl", Country.class);
        UserProfile userProfile = (UserProfile) this.manager.getEntity("gbuser", UserProfile.class);
        UserProfile userProfile2 = (UserProfile) this.manager.getEntity("nluser", UserProfile.class);
        AclManager aclManager = new AclManager(this.graph);
        Assert.assertTrue(aclManager.withScope(country).hasPermission(ContentTypes.REPOSITORY, PermissionType.CREATE, userProfile));
        Assert.assertFalse(aclManager.withScope(country2).hasPermission(ContentTypes.REPOSITORY, PermissionType.CREATE, userProfile));
        Repository create = api(userProfile).withScope(country).create(Bundle.fromData(TestData.getTestAgentBundle()), Repository.class);
        Repository create2 = api(userProfile2).withScope(country2).create(Bundle.fromData(TestData.getTestAgentBundle()), Repository.class);
        Assert.assertTrue(aclManager.withScope(create).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile));
        Assert.assertTrue(aclManager.withScope(create).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, userProfile));
        Assert.assertTrue(aclManager.withScope(create).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, userProfile));
        Assert.assertFalse(aclManager.withScope(create2).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile));
        Assert.assertFalse(aclManager.withScope(create2).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, userProfile));
        Assert.assertFalse(aclManager.withScope(create2).hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, userProfile));
    }

    @Test
    public void testCreateOwnerScenario() throws Exception {
        this.loader.loadTestData("archivist-permissions.yaml");
        UserProfile userProfile = (UserProfile) this.manager.getEntity("hauser", UserProfile.class);
        UserProfile userProfile2 = (UserProfile) this.manager.getEntity("auser1", UserProfile.class);
        UserProfile userProfile3 = (UserProfile) this.manager.getEntity("auser2", UserProfile.class);
        Group group = (Group) this.manager.getEntity("head-archivists", Group.class);
        Group group2 = (Group) this.manager.getEntity("archivists", Group.class);
        Repository repository = (Repository) this.manager.getEntity("repo", Repository.class);
        AclManager aclManager = new AclManager(this.graph, repository);
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, group));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, group));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, group));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, group2));
        Assert.assertFalse(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, group2));
        Assert.assertFalse(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, group2));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, userProfile));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, userProfile));
        Assert.assertTrue(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.CREATE, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.UPDATE, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(ContentTypes.DOCUMENTARY_UNIT, PermissionType.DELETE, userProfile2));
        Api withScope = anonApi().withScope(repository);
        DocumentaryUnit create = withScope.withAccessor(userProfile).create(Bundle.fromData(TestData.getTestDocBundle()).withDataValue("identifier", "head-doc"), DocumentaryUnit.class);
        DocumentaryUnit create2 = withScope.withAccessor(userProfile2).create(Bundle.fromData(TestData.getTestDocBundle()).withDataValue("identifier", "user-doc-1"), DocumentaryUnit.class);
        DocumentaryUnit create3 = withScope.withAccessor(userProfile3).create(Bundle.fromData(TestData.getTestDocBundle()).withDataValue("identifier", "user-doc-2"), DocumentaryUnit.class);
        Assert.assertTrue(aclManager.hasPermission(create2, PermissionType.UPDATE, group));
        Assert.assertTrue(aclManager.hasPermission(create2, PermissionType.DELETE, group));
        Assert.assertFalse(aclManager.hasPermission(create2, PermissionType.OWNER, group));
        Assert.assertTrue(aclManager.getInheritedItemPermissions(create2, userProfile2).has(PermissionType.OWNER));
        Assert.assertFalse(aclManager.getInheritedItemPermissions(create3, userProfile2).has(PermissionType.OWNER));
        Assert.assertTrue(aclManager.getInheritedItemPermissions(create3, userProfile3).has(PermissionType.OWNER));
        Assert.assertFalse(aclManager.getInheritedItemPermissions(create2, userProfile3).has(PermissionType.OWNER));
        Assert.assertTrue(aclManager.hasPermission(create2, PermissionType.OWNER, userProfile2));
        Assert.assertTrue(aclManager.hasPermission(create2, PermissionType.UPDATE, userProfile2));
        Assert.assertTrue(aclManager.hasPermission(create2, PermissionType.DELETE, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(create, PermissionType.OWNER, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(create, PermissionType.UPDATE, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(create, PermissionType.DELETE, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(create, PermissionType.OWNER, userProfile3));
        Assert.assertFalse(aclManager.hasPermission(create, PermissionType.UPDATE, userProfile3));
        Assert.assertFalse(aclManager.hasPermission(create, PermissionType.DELETE, userProfile3));
        Assert.assertFalse(aclManager.hasPermission(create2, PermissionType.OWNER, userProfile3));
        Assert.assertFalse(aclManager.hasPermission(create2, PermissionType.UPDATE, userProfile3));
        Assert.assertFalse(aclManager.hasPermission(create2, PermissionType.DELETE, userProfile3));
        Assert.assertFalse(aclManager.hasPermission(create3, PermissionType.OWNER, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(create3, PermissionType.UPDATE, userProfile2));
        Assert.assertFalse(aclManager.hasPermission(create3, PermissionType.DELETE, userProfile2));
    }
}
