package org.alfresco.repo.virtual.bundle;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.repo.virtual.VirtualizationIntegrationTest;
import org.alfresco.repo.virtual.store.VirtualStoreImpl;
import org.alfresco.repo.virtual.store.VirtualUserPermissions;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.service.cmr.site.SiteVisibility;
import org.alfresco.util.testing.category.LuceneTests;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
@Category({LuceneTests.class})
/* loaded from: input_file:org/alfresco/repo/virtual/bundle/VirtualPermissionServiceExtensionTest.class */
public class VirtualPermissionServiceExtensionTest extends VirtualizationIntegrationTest {
    private PermissionServiceSPI permissionService;
    private String user1;
    private String user2;
    private NodeRef vf1Node2;
    private NodeRef virtualContent;
    private VirtualStoreImpl smartStore;
    private VirtualUserPermissions savedUserPermissions;
    private SiteService siteService;
    private NodeRef myContentSMF;
    private NodeRef contributionsSMF;
    private NodeRef testSiteFolder = null;
    private NodeRef smartFolder = null;
    private NodeRef contributionDocsFolder = null;
    private String sName = "mytestsite_ace_5162";

    @Override // org.alfresco.repo.virtual.VirtualizationIntegrationTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.smartStore = (VirtualStoreImpl) this.ctx.getBean("smartStore", VirtualStoreImpl.class);
        this.permissionService = (PermissionServiceSPI) this.ctx.getBean("permissionServiceImpl", PermissionServiceSPI.class);
        this.siteService = (SiteService) this.ctx.getBean("siteService", SiteService.class);
        this.user1 = "user1";
        this.user2 = "user2";
        this.vf1Node2 = this.nodeService.getChildByName(this.virtualFolder1NodeRef, ContentModel.ASSOC_CONTAINS, "Node2");
        this.virtualContent = createContent(this.vf1Node2, "virtualContent").getChildRef();
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user1, "DeleteChildren", true);
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user2, "DeleteChildren", false);
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user1, "ReadPermissions", true);
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user2, "ReadPermissions", true);
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user1, "ReadProperties", true);
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user1, "CreateChildren", false);
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user1, "Delete", true);
    }

    protected void setUpTestPermissions() {
        this.savedUserPermissions = this.smartStore.getUserPermissions();
        VirtualUserPermissions virtualUserPermissions = new VirtualUserPermissions(this.savedUserPermissions);
        HashSet hashSet = new HashSet(this.savedUserPermissions.getAllowSmartNodes());
        hashSet.add("CreateChildren");
        virtualUserPermissions.setAllowSmartNodes(hashSet);
        virtualUserPermissions.init();
        this.smartStore.setUserPermissions(virtualUserPermissions);
    }

    @Override // org.alfresco.repo.virtual.VirtualizationIntegrationTest
    @After
    public void tearDown() throws Exception {
        if (this.savedUserPermissions != null) {
            this.smartStore.setUserPermissions(this.savedUserPermissions);
            this.savedUserPermissions = null;
        }
        super.tearDown();
    }

    private AccessStatus hasPermissionAs(final NodeRef nodeRef, final String str, String str2) {
        return (AccessStatus) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<AccessStatus>() { // from class: org.alfresco.repo.virtual.bundle.VirtualPermissionServiceExtensionTest.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public AccessStatus m1765doWork() throws Exception {
                return VirtualPermissionServiceExtensionTest.this.permissionService.hasPermission(nodeRef, str);
            }
        }, str2);
    }

    @Test
    public void testHasPermissionAdherence_actualPath() throws Exception {
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.virtualFolder1NodeRef, "DeleteChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.virtualFolder1NodeRef, "DeleteChildren", this.user2));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.vf1Node2, "DeleteChildren", this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.virtualContent, "DeleteChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.vf1Node2, "DeleteChildren", this.user2));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.virtualContent, "DeleteChildren", this.user2));
        this.permissionService.setPermission(this.virtualFolder1NodeRef, this.user1, "DeleteChildren", false);
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.vf1Node2, "DeleteChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.virtualContent, "DeleteChildren", this.user1));
    }

    @Test
    public void testHasPermissionAdherence_missingFolderPath() throws Exception {
        NodeRef childByName = this.nodeService.getChildByName(createVirtualizedFolder(this.testRootFolder.getNodeRef(), "VirtualFolderT5", "C/org/alfresco/repo/virtual/template/testTemplate5.json"), ContentModel.ASSOC_CONTAINS, "FilingFolder_filing_path");
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, asTypedPermission("Delete"), this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, asTypedPermission("CreateChildren"), this.user1));
    }

    @Test
    public void testHasPermissionAdherence_folderPath() throws Exception {
        NodeRef childByName = this.nodeService.getChildByName(createVirtualizedFolder(this.testRootFolder.getNodeRef(), "VirtualFolderT5", "C/org/alfresco/repo/virtual/template/testTemplate5.json"), ContentModel.ASSOC_CONTAINS, "FilingFolder_filing_path");
        NodeRef childRef = createFolder(this.rootNodeRef, "FilingFolder").getChildRef();
        this.permissionService.setPermission(childRef, this.user1, "ReadPermissions", true);
        this.permissionService.setPermission(childRef, this.user1, "CreateChildren", true);
        this.permissionService.setPermission(childRef, this.user2, "CreateChildren", false);
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childRef, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(childRef, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childRef, "CreateChildren", this.user2));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, asTypedPermission("Delete"), this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(childByName, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(childByName, asTypedPermission("CreateChildren"), this.user1));
        this.permissionService.setPermission(childRef, this.user1, "DeleteChildren", true);
        this.permissionService.setPermission(childRef, this.user2, "DeleteChildren", false);
        this.permissionService.setPermission(childRef, this.user1, "ReadProperties", true);
        this.permissionService.setPermission(childRef, this.user1, "CreateChildren", false);
        this.permissionService.setPermission(childRef, this.user1, "Delete", true);
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(childRef, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childRef, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, asTypedPermission("Delete"), this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childByName, asTypedPermission("CreateChildren"), this.user1));
    }

    @Test
    public void testHasPermission() throws Exception {
        setUpTestPermissions();
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.virtualFolder1NodeRef, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.virtualFolder1NodeRef, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.vf1Node2, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(this.vf1Node2, asTypedPermission("Delete"), this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.vf1Node2, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.vf1Node2, asTypedPermission("CreateChildren"), this.user1));
    }

    @Test
    public void testReadonlyNodeHasPermission() throws Exception {
        NodeRef childByName = this.nodeService.getChildByName(createVirtualizedFolder(this.testRootFolder.getNodeRef(), "aVFTestTemplate2", "C/org/alfresco/repo/virtual/template/testTemplate2.json"), ContentModel.ASSOC_CONTAINS, "Node2");
        String[] strArr = {"Unlock", "CancelCheckOut", "ChangePermissions", "CreateChildren", "Delete", "Write", "DeleteNode", "WriteProperties", "WriteContent", "CreateAssociations"};
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            if (!AccessStatus.DENIED.equals(hasPermissionAs(childByName, strArr[i], this.user1))) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(strArr[i]);
            }
        }
        Assert.assertTrue("Non-denied permissions on RO virtual nodes : " + ((Object) sb), sb.length() == 0);
    }

    private Map<String, List<? extends PermissionEntry>> mapPermissionsByName(List<? extends PermissionEntry> list) {
        HashMap hashMap = new HashMap();
        for (PermissionEntry permissionEntry : list) {
            String name = permissionEntry.getPermissionReference().getName();
            List list2 = (List) hashMap.get(name);
            if (list2 == null) {
                list2 = new ArrayList();
                hashMap.put(name, list2);
            }
            list2.add(permissionEntry);
        }
        return hashMap;
    }

    private Map<String, List<AccessPermission>> mapAccessPermissionsByName(Set<AccessPermission> set) {
        HashMap hashMap = new HashMap();
        for (AccessPermission accessPermission : set) {
            String permission = accessPermission.getPermission();
            List list = (List) hashMap.get(permission);
            if (list == null) {
                list = new ArrayList();
                hashMap.put(permission, list);
            }
            list.add(accessPermission);
        }
        return hashMap;
    }

    protected void assertUniquePermission(String str, AccessStatus accessStatus, String str2, List<? extends PermissionEntry> list) {
        Map<String, List<? extends PermissionEntry>> mapPermissionsByName = mapPermissionsByName(list);
        Assert.assertNotNull("Not null permission " + str + " expected.", mapPermissionsByName.get(str));
        Assert.assertEquals(1L, mapPermissionsByName.get(str).size());
        PermissionEntry permissionEntry = mapPermissionsByName.get(str).get(0);
        Assert.assertEquals(accessStatus, permissionEntry.getAccessStatus());
        Assert.assertEquals(str2, permissionEntry.getAuthority());
    }

    protected void assertUniqueAccessPermission(String str, AccessStatus accessStatus, String str2, Set<AccessPermission> set) {
        Map<String, List<AccessPermission>> mapAccessPermissionsByName = mapAccessPermissionsByName(set);
        Assert.assertNotNull("Not null permission " + str + " expected.", mapAccessPermissionsByName.get(str));
        Assert.assertEquals("Expected single AccessPermission but found " + mapAccessPermissionsByName.get(str), 1L, r0.size());
        AccessPermission accessPermission = mapAccessPermissionsByName.get(str).get(0);
        Assert.assertEquals(accessStatus, accessPermission.getAccessStatus());
        Assert.assertEquals(str2, accessPermission.getAuthority());
    }

    @Test
    public void testGetAllSetPermissions() throws Exception {
        setUpTestPermissions();
        Set<AccessPermission> allSetPermissions = this.permissionService.getAllSetPermissions(this.virtualFolder1NodeRef);
        AccessPermission accessPermission = mapAccessPermissionsByName(allSetPermissions).get("ReadProperties").get(0);
        assertUniqueAccessPermission("Delete", AccessStatus.ALLOWED, this.user1, allSetPermissions);
        assertUniqueAccessPermission("CreateChildren", AccessStatus.DENIED, this.user1, allSetPermissions);
        Set<AccessPermission> allSetPermissions2 = this.permissionService.getAllSetPermissions(this.vf1Node2);
        assertUniqueAccessPermission("Delete", AccessStatus.DENIED, "GROUP_EVERYONE", allSetPermissions2);
        assertUniqueAccessPermission("CreateChildren", AccessStatus.ALLOWED, "GROUP_EVERYONE", allSetPermissions2);
        assertUniqueAccessPermission("ReadProperties", accessPermission.getAccessStatus(), accessPermission.getAuthority(), allSetPermissions2);
    }

    @Test
    public void testGetSetPermissions() throws Exception {
        setUpTestPermissions();
        NodePermissionEntry setPermissions = this.permissionService.getSetPermissions(this.virtualFolder1NodeRef);
        Assert.assertEquals(this.virtualFolder1NodeRef, setPermissions.getNodeRef());
        List<? extends PermissionEntry> permissionEntries = setPermissions.getPermissionEntries();
        assertUniquePermission("Delete", AccessStatus.ALLOWED, this.user1, permissionEntries);
        assertUniquePermission("CreateChildren", AccessStatus.DENIED, this.user1, permissionEntries);
        NodePermissionEntry setPermissions2 = this.permissionService.getSetPermissions(this.vf1Node2);
        Assert.assertEquals(this.vf1Node2, setPermissions2.getNodeRef());
        List<? extends PermissionEntry> permissionEntries2 = setPermissions2.getPermissionEntries();
        assertUniquePermission("Delete", AccessStatus.DENIED, "GROUP_EVERYONE", permissionEntries2);
        assertUniquePermission("CreateChildren", AccessStatus.ALLOWED, "GROUP_EVERYONE", permissionEntries2);
    }

    @Test
    public void testNodes_WithfilingPath_withNoReadPermissions_hasReadonlyPermission() throws Exception {
        String[] strArr = {"Unlock", "CancelCheckOut", "ChangePermissions", "CreateChildren", "Delete", "Write", "DeleteNode", "WriteProperties", "WriteContent", "CreateAssociations"};
        NodeRef childByName = this.nodeService.getChildByName(createVirtualizedFolder(this.testRootFolder.getNodeRef(), "VirtualFolderT5", "C/org/alfresco/repo/virtual/template/testTemplate5.json"), ContentModel.ASSOC_CONTAINS, "FilingFolder_filing_path");
        NodeRef childRef = createFolder(this.rootNodeRef, "FilingFolder").getChildRef();
        this.permissionService.setPermission(childRef, this.user1, "ReadPermissions", false);
        this.permissionService.setPermission(childRef, this.user1, "CreateChildren", true);
        this.permissionService.setPermission(childRef, this.user2, "CreateChildren", false);
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childRef, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(childRef, "CreateChildren", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childRef, "CreateChildren", this.user2));
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            if (!AccessStatus.DENIED.equals(hasPermissionAs(childByName, strArr[i], this.user1))) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append(strArr[i]);
            }
        }
        Assert.assertTrue("Non-denied permissions on RO virtual nodes : " + ((Object) sb), sb.length() == 0);
        this.permissionService.setPermission(childRef, this.user1, "DeleteChildren", true);
        this.permissionService.setPermission(childRef, this.user2, "DeleteChildren", false);
        this.permissionService.setPermission(childRef, this.user1, "ReadProperties", true);
        this.permissionService.setPermission(childRef, this.user1, "CreateChildren", false);
        this.permissionService.setPermission(childRef, this.user1, "Delete", true);
        Assert.assertEquals(AccessStatus.ALLOWED, hasPermissionAs(childRef, "Delete", this.user1));
        Assert.assertEquals(AccessStatus.DENIED, hasPermissionAs(childRef, "CreateChildren", this.user1));
        StringBuilder sb2 = new StringBuilder();
        for (int i2 = 0; i2 < strArr.length; i2++) {
            if (!AccessStatus.DENIED.equals(hasPermissionAs(childByName, strArr[i2], this.user1))) {
                if (sb2.length() > 0) {
                    sb2.append(",");
                }
                sb2.append(strArr[i2]);
            }
        }
        Assert.assertTrue("Non-denied permissions on RO virtual nodes : " + ((Object) sb2), sb2.length() == 0);
    }

    @Test
    public void testPerm_ace_5162() throws Exception {
        String[] strArr = {"Unlock", "CancelCheckOut", "ChangePermissions", "CreateChildren", "Delete", "Write", "DeleteNode", "WriteProperties", "WriteContent", "CreateAssociations"};
        try {
            this.siteService.createSite("testSitePreset", this.sName, this.sName, this.sName, SiteVisibility.PUBLIC);
            this.testSiteFolder = this.siteService.createContainer(this.sName, "TestSiteFolder", ContentModel.TYPE_FOLDER, (Map) null);
            this.smartFolder = createVirtualizedFolder(this.testSiteFolder, "SmartFolder", "C/org/alfresco/repo/virtual/template/testTemplate7.json");
            this.contributionDocsFolder = createFolder(this.testSiteFolder, "Contribution Docs").getChildRef();
            this.permissionService.setInheritParentPermissions(this.contributionDocsFolder, false);
            this.myContentSMF = this.nodeService.getChildByName(this.smartFolder, ContentModel.ASSOC_CONTAINS, "My content");
            Assert.assertNotNull(this.myContentSMF);
            this.contributionsSMF = this.nodeService.getChildByName(this.myContentSMF, ContentModel.ASSOC_CONTAINS, "Contributions");
            Assert.assertNotNull(this.contributionsSMF);
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < strArr.length; i++) {
                if (!AccessStatus.DENIED.equals(hasPermissionAs(this.contributionsSMF, strArr[i], this.user1))) {
                    if (sb.length() > 0) {
                        sb.append(",");
                    }
                    sb.append(strArr[i]);
                }
            }
            Assert.assertTrue("Non-denied permissions on RO virtual nodes : " + ((Object) sb), sb.length() == 0);
            prepareMocks("cm:Contribution", this.smartStore.materializeIfPossible(this.fileAndFolderService.create(this.contributionsSMF, "T1", ContentModel.TYPE_CONTENT).getNodeRef()));
            Assert.assertNotNull(this.nodeService.getChildByName(this.contributionsSMF, ContentModel.ASSOC_CONTAINS, "T1"));
            Assert.assertTrue(this.nodeService.getChildAssocs(this.contributionsSMF).size() > 0);
            Assert.assertFalse(((Boolean) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>() { // from class: org.alfresco.repo.virtual.bundle.VirtualPermissionServiceExtensionTest.2
                /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
                public Boolean m1766doWork() throws Exception {
                    return VirtualPermissionServiceExtensionTest.this.nodeService.getChildAssocs(VirtualPermissionServiceExtensionTest.this.contributionsSMF).size() > 0;
                }
            }, this.user1)).booleanValue());
        } finally {
            resetMocks();
            if (this.contributionDocsFolder != null) {
                this.nodeService.deleteNode(this.contributionDocsFolder);
            }
            if (this.smartFolder != null) {
                this.nodeService.deleteNode(this.smartFolder);
            }
            if (this.testSiteFolder != null) {
                this.nodeService.deleteNode(this.testSiteFolder);
            }
            this.siteService.deleteSite(this.sName);
        }
    }

    private String asTypedPermission(String str) {
        return this.smartStore.getUserPermissions().getPermissionTypeQName() + "." + str;
    }
}
