package org.alfresco.cmis.acl;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.alfresco.cmis.CMISAccessControlEntriesGroupedByPrincipalId;
import org.alfresco.cmis.CMISAccessControlEntry;
import org.alfresco.cmis.CMISAccessControlFormatEnum;
import org.alfresco.cmis.CMISAccessControlReport;
import org.alfresco.cmis.CMISAccessControlService;
import org.alfresco.cmis.CMISAclCapabilityEnum;
import org.alfresco.cmis.CMISAclPropagationEnum;
import org.alfresco.cmis.CMISConstraintException;
import org.alfresco.cmis.CMISPermissionDefinition;
import org.alfresco.cmis.CMISPermissionMapping;
import org.alfresco.cmis.acl.CMISAccessControlServiceImpl;
import org.alfresco.cmis.mapping.BaseCMISTest;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.search.impl.querymodel.impl.functions.Child;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.QName;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-3.4.a.jar:org/alfresco/cmis/acl/CMISAccessControlServiceTest.class */
public class CMISAccessControlServiceTest extends BaseCMISTest {
    private NodeRef parent;
    private NodeRef child;
    private NodeRef grandParent;

    public void testAclPropagationMode() {
        assertEquals(CMISAclPropagationEnum.PROPAGATE, this.cmisAccessControlService.getAclPropagation());
    }

    public void testAclCapability() {
        assertEquals(CMISAclCapabilityEnum.MANAGE, this.cmisAccessControlService.getAclCapability());
    }

    public void testPermissions() {
        List<CMISPermissionDefinition> repositoryPermissions = this.cmisAccessControlService.getRepositoryPermissions();
        assertEquals(69, repositoryPermissions.size());
        HashSet hashSet = new HashSet();
        hashSet.addAll(repositoryPermissions);
        assertEquals(69, hashSet.size());
    }

    public void testAclReportingCmisPermissionsOnly() throws Exception {
        createTestAcls();
        CMISAccessControlReport acl = this.cmisAccessControlService.getAcl(this.grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
        assertFalse(acl.isExact());
        assertEquals(10, acl.getAccessControlEntries().size());
        assertTrue(checkCounts(acl, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 2));
        assertTrue(checkCounts(acl, PermissionService.ALL_AUTHORITIES, 1, 0));
        assertTrue(checkCounts(acl, "ToMask", 1, 0));
        assertTrue(checkCounts(acl, "Full", 0, 3));
        assertTrue(checkCounts(acl, "Reader", 1, 0));
        assertTrue(checkCounts(acl, "Writer", 1, 0));
        assertTrue(checkAbsent(acl, "SplitRead"));
        assertTrue(checkAbsent(acl, "SplitWrite"));
        assertTrue(checkAbsent(acl, "DuplicateRead"));
        assertTrue(checkAbsent(acl, "Writer2"));
        assertTrue(checkAbsent(acl, "Multi"));
        CMISAccessControlReport acl2 = this.cmisAccessControlService.getAcl(this.parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
        assertFalse(acl2.isExact());
        assertEquals(10, acl2.getAccessControlEntries().size());
        assertTrue(checkCounts(acl2, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 3));
        assertTrue(checkCounts(acl2, PermissionService.ALL_AUTHORITIES, 0, 1));
        assertTrue(checkAbsent(acl2, "ToMask"));
        assertTrue(checkCounts(acl2, "Full", 0, 3));
        assertTrue(checkCounts(acl2, "Reader", 0, 1));
        assertTrue(checkCounts(acl2, "Writer", 0, 1));
        assertTrue(checkAbsent(acl2, "SplitRead"));
        assertTrue(checkAbsent(acl2, "SplitWrite"));
        assertTrue(checkCounts(acl2, "DuplicateRead", 1, 0));
        assertTrue(checkAbsent(acl2, "Writer2"));
        assertTrue(checkAbsent(acl2, "Multi"));
        CMISAccessControlReport acl3 = this.cmisAccessControlService.getAcl(this.child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
        assertFalse(acl3.isExact());
        assertEquals(13, acl3.getAccessControlEntries().size());
        assertTrue(checkCounts(acl3, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 3));
        assertTrue(checkCounts(acl3, PermissionService.ALL_AUTHORITIES, 0, 1));
        assertTrue(checkAbsent(acl3, "ToMask"));
        assertTrue(checkCounts(acl3, "Full", 0, 3));
        assertTrue(checkCounts(acl3, "Reader", 0, 1));
        assertTrue(checkCounts(acl3, "Writer", 0, 1));
        assertTrue(checkAbsent(acl3, "SplitRead"));
        assertTrue(checkAbsent(acl3, "SplitWrite"));
        assertTrue(checkCounts(acl3, "DuplicateRead", 1, 0));
        assertTrue(checkCounts(acl3, "Writer2", 1, 0));
        assertTrue(checkCounts(acl3, "Multi", 2, 0));
    }

    private Set<String> getAllPermissions() {
        HashSet hashSet = new HashSet();
        PermissionReference permissionReference = this.permissionModelDao.getPermissionReference(null, "All");
        Iterator<PermissionReference> it = this.permissionModelDao.getAllPermissions().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().toString());
        }
        hashSet.add(permissionReference.toString());
        hashSet.add(CMISAccessControlService.CMIS_ALL_PERMISSION);
        hashSet.add(CMISAccessControlService.CMIS_READ_PERMISSION);
        hashSet.add(CMISAccessControlService.CMIS_WRITE_PERMISSION);
        return hashSet;
    }

    private boolean checkCounts(CMISAccessControlReport cMISAccessControlReport, String str, int i, int i2) throws Exception {
        Set<String> allPermissions = getAllPermissions();
        Iterator<? extends CMISAccessControlEntry> it = cMISAccessControlReport.getAccessControlEntries().iterator();
        while (it.hasNext()) {
            if (!allPermissions.contains(it.next().getPermission())) {
                return false;
            }
        }
        for (CMISAccessControlEntriesGroupedByPrincipalId cMISAccessControlEntriesGroupedByPrincipalId : cMISAccessControlReport.getAccessControlEntriesGroupedByPrincipalId()) {
            if (cMISAccessControlEntriesGroupedByPrincipalId.getPrincipalId().equals(str)) {
                return cMISAccessControlEntriesGroupedByPrincipalId.getDirectPermissions().size() == i && cMISAccessControlEntriesGroupedByPrincipalId.getIndirectPermissions().size() == i2;
            }
        }
        return false;
    }

    private boolean checkAbsent(CMISAccessControlReport cMISAccessControlReport, String str) throws Exception {
        Iterator<? extends CMISAccessControlEntriesGroupedByPrincipalId> it = cMISAccessControlReport.getAccessControlEntriesGroupedByPrincipalId().iterator();
        while (it.hasNext()) {
            if (it.next().getPrincipalId().equals(str)) {
                return false;
            }
        }
        return true;
    }

    public void testAclReportingAllPermissions() throws Exception {
        createTestAcls();
        CMISAccessControlReport acl = this.cmisAccessControlService.getAcl(this.grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(acl.isExact());
        assertEquals(17, acl.getAccessControlEntries().size());
        assertTrue(checkCounts(acl, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 3));
        assertTrue(checkCounts(acl, PermissionService.ALL_AUTHORITIES, 1, 1));
        assertTrue(checkCounts(acl, "ToMask", 1, 1));
        assertTrue(checkCounts(acl, "Full", 1, 3));
        assertTrue(checkCounts(acl, "Reader", 1, 1));
        assertTrue(checkCounts(acl, "Writer", 1, 1));
        assertTrue(checkAbsent(acl, "SplitRead"));
        assertTrue(checkAbsent(acl, "SplitWrite"));
        assertTrue(checkAbsent(acl, "DuplicateRead"));
        assertTrue(checkAbsent(acl, "Writer2"));
        assertTrue(checkCounts(acl, "Multi", 1, 0));
        CMISAccessControlReport acl2 = this.cmisAccessControlService.getAcl(this.parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(acl2.isExact());
        assertEquals(20, acl2.getAccessControlEntries().size());
        assertTrue(checkCounts(acl2, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 4));
        assertTrue(checkCounts(acl2, PermissionService.ALL_AUTHORITIES, 0, 2));
        assertTrue(checkAbsent(acl2, "ToMask"));
        assertTrue(checkCounts(acl2, "Full", 0, 4));
        assertTrue(checkCounts(acl2, "Reader", 0, 2));
        assertTrue(checkCounts(acl2, "Writer", 0, 2));
        assertTrue(checkCounts(acl2, "SplitRead", 1, 0));
        assertTrue(checkCounts(acl2, "SplitWrite", 1, 0));
        assertTrue(checkCounts(acl2, "DuplicateRead", 1, 1));
        assertTrue(checkAbsent(acl, "Writer2"));
        assertTrue(checkCounts(acl2, "Multi", 1, 1));
        CMISAccessControlReport acl3 = this.cmisAccessControlService.getAcl(this.child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(acl3.isExact());
        assertEquals(29, acl3.getAccessControlEntries().size());
        assertTrue(checkCounts(acl3, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 4));
        assertTrue(checkCounts(acl3, PermissionService.ALL_AUTHORITIES, 0, 2));
        assertTrue(checkAbsent(acl3, "ToMask"));
        assertTrue(checkCounts(acl3, "Full", 0, 4));
        assertTrue(checkCounts(acl3, "Reader", 0, 2));
        assertTrue(checkCounts(acl3, "Writer", 0, 2));
        assertTrue(checkCounts(acl3, "SplitRead", 1, 1));
        assertTrue(checkCounts(acl3, "SplitWrite", 1, 1));
        assertTrue(checkCounts(acl3, "DuplicateRead", 1, 1));
        assertTrue(checkCounts(acl3, "Writer2", 1, 1));
        assertTrue(checkCounts(acl3, "Multi", 3, 4));
    }

    private void createTestAcls() {
        this.grandParent = this.nodeService.createNode(this.rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("cm", Child.ARG_PARENT, this.namespaceService), ContentModel.TYPE_FOLDER).getChildRef();
        this.nodeService.setProperty(this.grandParent, ContentModel.PROP_NAME, "GrandParent");
        this.parent = this.nodeService.createNode(this.grandParent, ContentModel.ASSOC_CHILDREN, QName.createQName("cm", Child.NAME, this.namespaceService), ContentModel.TYPE_FOLDER).getChildRef();
        this.nodeService.setProperty(this.parent, ContentModel.PROP_NAME, Child.ARG_PARENT);
        this.child = this.nodeService.createNode(this.parent, ContentModel.ASSOC_CHILDREN, QName.createQName("cm", Child.NAME, this.namespaceService), ContentModel.TYPE_FOLDER).getChildRef();
        this.nodeService.setProperty(this.child, ContentModel.PROP_NAME, Child.NAME);
        this.permissionService.setPermission(this.grandParent, PermissionService.ADMINISTRATOR_AUTHORITY, "All", true);
        this.permissionService.setPermission(this.grandParent, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
        this.permissionService.setPermission(this.grandParent, "ToMask", PermissionService.READ, true);
        this.permissionService.setPermission(this.grandParent, "Full", PermissionService.FULL_CONTROL, true);
        this.permissionService.setPermission(this.grandParent, "Writer", PermissionService.WRITE, true);
        this.permissionService.setPermission(this.grandParent, "Reader", PermissionService.READ, true);
        this.permissionService.setPermission(this.grandParent, "Multi", PermissionService.DELETE, true);
        this.permissionService.setPermission(this.parent, "ToMask", PermissionService.READ, false);
        this.permissionService.setPermission(this.parent, "SplitRead", PermissionService.READ_PROPERTIES, true);
        this.permissionService.setPermission(this.parent, "SplitWrite", PermissionService.WRITE_CONTENT, true);
        this.permissionService.setPermission(this.parent, "DuplicateRead", PermissionService.READ, true);
        this.permissionService.setPermission(this.parent, "Multi", PermissionService.CREATE_CHILDREN, true);
        this.permissionService.setPermission(this.child, "SplitRead", PermissionService.READ_CONTENT, true);
        this.permissionService.setPermission(this.child, "Writer2", PermissionService.WRITE, true);
        this.permissionService.setPermission(this.child, "SplitWrite", PermissionService.WRITE_PROPERTIES, true);
        this.permissionService.setPermission(this.child, "DuplicateRead", PermissionService.READ, true);
        this.permissionService.setPermission(this.child, "Multi", PermissionService.READ, true);
        this.permissionService.setPermission(this.child, "Multi", PermissionService.WRITE, true);
        this.permissionService.setPermission(this.child, "Multi", PermissionService.SET_OWNER, true);
    }

    public void testAccessEntryOrdering() {
        createTestAcls();
        new HashSet().addAll(this.cmisAccessControlService.getRepositoryPermissions());
        Set<AccessPermission> allSetPermissions = this.permissionService.getAllSetPermissions(this.child);
        ArrayList arrayList = new ArrayList();
        CMISAccessControlServiceImpl.AccessPermissionComparator accessPermissionComparator = new CMISAccessControlServiceImpl.AccessPermissionComparator();
        for (AccessPermission accessPermission : allSetPermissions) {
            int binarySearch = Collections.binarySearch(arrayList, accessPermission, accessPermissionComparator);
            if (binarySearch < 0) {
                arrayList.add((-binarySearch) - 1, accessPermission);
            }
        }
        assertEquals(4, ((AccessPermission) arrayList.get(0)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(0)).getAccessStatus());
        assertEquals("Full", ((AccessPermission) arrayList.get(0)).getAuthority());
        int i = 0 + 1;
        assertEquals(4, ((AccessPermission) arrayList.get(i)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i)).getAccessStatus());
        assertEquals(PermissionService.ALL_AUTHORITIES, ((AccessPermission) arrayList.get(i)).getAuthority());
        int i2 = i + 1;
        assertEquals(4, ((AccessPermission) arrayList.get(i2)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i2)).getAccessStatus());
        assertEquals("Multi", ((AccessPermission) arrayList.get(i2)).getAuthority());
        int i3 = i2 + 1;
        assertEquals(4, ((AccessPermission) arrayList.get(i3)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i3)).getAccessStatus());
        assertEquals(PermissionService.ADMINISTRATOR_AUTHORITY, ((AccessPermission) arrayList.get(i3)).getAuthority());
        int i4 = i3 + 1;
        assertEquals(4, ((AccessPermission) arrayList.get(i4)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i4)).getAccessStatus());
        assertEquals("Reader", ((AccessPermission) arrayList.get(i4)).getAuthority());
        int i5 = i4 + 1;
        assertEquals(4, ((AccessPermission) arrayList.get(i5)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i5)).getAccessStatus());
        assertEquals("ToMask", ((AccessPermission) arrayList.get(i5)).getAuthority());
        int i6 = i5 + 1;
        assertEquals(4, ((AccessPermission) arrayList.get(i6)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i6)).getAccessStatus());
        assertEquals("Writer", ((AccessPermission) arrayList.get(i6)).getAuthority());
        int i7 = i6 + 1;
        assertEquals(2, ((AccessPermission) arrayList.get(i7)).getPosition());
        assertEquals(AccessStatus.DENIED, ((AccessPermission) arrayList.get(i7)).getAccessStatus());
        assertEquals("ToMask", ((AccessPermission) arrayList.get(i7)).getAuthority());
        int i8 = i7 + 1;
        assertEquals(2, ((AccessPermission) arrayList.get(i8)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i8)).getAccessStatus());
        assertEquals("DuplicateRead", ((AccessPermission) arrayList.get(i8)).getAuthority());
        int i9 = i8 + 1;
        assertEquals(2, ((AccessPermission) arrayList.get(i9)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i9)).getAccessStatus());
        assertEquals("Multi", ((AccessPermission) arrayList.get(i9)).getAuthority());
        int i10 = i9 + 1;
        assertEquals(2, ((AccessPermission) arrayList.get(i10)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i10)).getAccessStatus());
        assertEquals("SplitRead", ((AccessPermission) arrayList.get(i10)).getAuthority());
        int i11 = i10 + 1;
        assertEquals(2, ((AccessPermission) arrayList.get(i11)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i11)).getAccessStatus());
        assertEquals("SplitWrite", ((AccessPermission) arrayList.get(i11)).getAuthority());
        int i12 = i11 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i12)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i12)).getAccessStatus());
        assertEquals("DuplicateRead", ((AccessPermission) arrayList.get(i12)).getAuthority());
        int i13 = i12 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i13)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i13)).getAccessStatus());
        assertEquals("Multi", ((AccessPermission) arrayList.get(i13)).getAuthority());
        int i14 = i13 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i14)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i14)).getAccessStatus());
        assertEquals("Multi", ((AccessPermission) arrayList.get(i14)).getAuthority());
        int i15 = i14 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i15)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i15)).getAccessStatus());
        assertEquals("Multi", ((AccessPermission) arrayList.get(i15)).getAuthority());
        int i16 = i15 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i16)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i16)).getAccessStatus());
        assertEquals("SplitRead", ((AccessPermission) arrayList.get(i16)).getAuthority());
        int i17 = i16 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i17)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i17)).getAccessStatus());
        assertEquals("SplitWrite", ((AccessPermission) arrayList.get(i17)).getAuthority());
        int i18 = i17 + 1;
        assertEquals(0, ((AccessPermission) arrayList.get(i18)).getPosition());
        assertEquals(AccessStatus.ALLOWED, ((AccessPermission) arrayList.get(i18)).getAccessStatus());
        assertEquals("Writer2", ((AccessPermission) arrayList.get(i18)).getAuthority());
    }

    public void testApplyAcl() throws Exception {
        this.grandParent = this.nodeService.createNode(this.rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("cm", Child.ARG_PARENT, this.namespaceService), ContentModel.TYPE_FOLDER).getChildRef();
        this.nodeService.setProperty(this.grandParent, ContentModel.PROP_NAME, "GrandParent");
        this.parent = this.nodeService.createNode(this.grandParent, ContentModel.ASSOC_CHILDREN, QName.createQName("cm", Child.NAME, this.namespaceService), ContentModel.TYPE_FOLDER).getChildRef();
        this.nodeService.setProperty(this.parent, ContentModel.PROP_NAME, Child.ARG_PARENT);
        this.child = this.nodeService.createNode(this.parent, ContentModel.ASSOC_CHILDREN, QName.createQName("cm", Child.NAME, this.namespaceService), ContentModel.TYPE_CONTENT).getChildRef();
        this.nodeService.setProperty(this.child, ContentModel.PROP_NAME, Child.NAME);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CMISAccessControlEntryImpl(PermissionService.ADMINISTRATOR_AUTHORITY, "All"));
        arrayList.add(new CMISAccessControlEntryImpl(PermissionService.ALL_AUTHORITIES, PermissionService.READ));
        arrayList.add(new CMISAccessControlEntryImpl("ToMask", PermissionService.READ));
        arrayList.add(new CMISAccessControlEntryImpl("Full", PermissionService.FULL_CONTROL));
        arrayList.add(new CMISAccessControlEntryImpl("Writer", PermissionService.WRITE));
        arrayList.add(new CMISAccessControlEntryImpl("Reader", PermissionService.READ));
        CMISAccessControlReport applyAcl = this.cmisAccessControlService.applyAcl(this.grandParent, null, arrayList, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl.isExact());
        assertEquals(16, applyAcl.getAccessControlEntries().size());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new CMISAccessControlEntryImpl("ToMask", PermissionService.READ));
        CMISAccessControlReport applyAcl2 = this.cmisAccessControlService.applyAcl(this.grandParent, arrayList2, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl2.isExact());
        assertEquals(14, applyAcl2.getAccessControlEntries().size());
        try {
            this.cmisAccessControlService.applyAcl(this.grandParent, arrayList2, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
            fail("A non existent ACE should not be removable");
        } catch (CMISConstraintException e) {
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(new CMISAccessControlEntryImpl("SplitRead", this.permissionModelDao.getPermissionReference(null, PermissionService.READ_PROPERTIES).toString()));
        arrayList3.add(new CMISAccessControlEntryImpl("SplitWrite", this.permissionModelDao.getPermissionReference(null, PermissionService.WRITE_CONTENT).toString()));
        arrayList3.add(new CMISAccessControlEntryImpl("DuplicateRead", this.permissionModelDao.getPermissionReference(null, PermissionService.READ).toString()));
        CMISAccessControlReport applyAcl3 = this.cmisAccessControlService.applyAcl(this.parent, null, arrayList3, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl3.isExact());
        assertEquals(18, applyAcl3.getAccessControlEntries().size());
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(new CMISAccessControlEntryImpl("SplitRead", PermissionService.READ_CONTENT));
        arrayList4.add(new CMISAccessControlEntryImpl("Writer2", PermissionService.WRITE));
        arrayList4.add(new CMISAccessControlEntryImpl("SplitWrite", PermissionService.WRITE_PROPERTIES));
        arrayList4.add(new CMISAccessControlEntryImpl("DuplicateRead", PermissionService.READ));
        CMISAccessControlReport applyAcl4 = this.cmisAccessControlService.applyAcl(this.child, null, arrayList4, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl4.isExact());
        assertEquals(22, applyAcl4.getAccessControlEntries().size());
        CMISAccessControlReport acl = this.cmisAccessControlService.getAcl(this.grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
        assertFalse(acl.isExact());
        assertEquals(9, acl.getAccessControlEntries().size());
        CMISAccessControlReport acl2 = this.cmisAccessControlService.getAcl(this.parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
        assertFalse(acl2.isExact());
        assertEquals(10, acl2.getAccessControlEntries().size());
        CMISAccessControlReport acl3 = this.cmisAccessControlService.getAcl(this.child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
        assertFalse(acl3.isExact());
        assertEquals(11, acl3.getAccessControlEntries().size());
        CMISAccessControlReport acl4 = this.cmisAccessControlService.getAcl(this.grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(acl4.isExact());
        assertEquals(14, acl4.getAccessControlEntries().size());
        CMISAccessControlReport acl5 = this.cmisAccessControlService.getAcl(this.parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(acl5.isExact());
        assertEquals(18, acl5.getAccessControlEntries().size());
        CMISAccessControlReport acl6 = this.cmisAccessControlService.getAcl(this.child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(acl6.isExact());
        assertEquals(22, acl6.getAccessControlEntries().size());
        ArrayList arrayList5 = new ArrayList();
        arrayList5.add(new CMISAccessControlEntryImpl("CMISReader", CMISAccessControlService.CMIS_READ_PERMISSION));
        arrayList5.add(new CMISAccessControlEntryImpl("CMISWriter", CMISAccessControlService.CMIS_WRITE_PERMISSION));
        arrayList5.add(new CMISAccessControlEntryImpl("CMISAll", CMISAccessControlService.CMIS_ALL_PERMISSION));
        CMISAccessControlReport applyAcl5 = this.cmisAccessControlService.applyAcl(this.child, null, arrayList5, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl5.isExact());
        assertEquals(30, applyAcl5.getAccessControlEntries().size());
        CMISAccessControlReport applyAcl6 = this.cmisAccessControlService.applyAcl(this.child, arrayList5, arrayList5, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl6.isExact());
        assertEquals(30, applyAcl6.getAccessControlEntries().size());
        CMISAccessControlReport applyAcl7 = this.cmisAccessControlService.applyAcl(this.child, arrayList5, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
        assertFalse(applyAcl7.isExact());
        assertEquals(22, applyAcl7.getAccessControlEntries().size());
        try {
            this.cmisAccessControlService.applyAcl(this.child, arrayList5, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
            fail("A non existent ACE should not be removable");
        } catch (CMISConstraintException e2) {
        }
    }

    public void testAllowableActionsAndPermissionMapping() {
        List<? extends CMISPermissionMapping> permissionMappings = this.cmisAccessControlService.getPermissionMappings();
        assertEquals(29, permissionMappings.size());
        assertTrue(contains(permissionMappings, "canGetDescendents.Folder", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadChildren"));
        assertTrue(contains(permissionMappings, "canGetChildren.Folder", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadChildren"));
        assertTrue(contains(permissionMappings, "canGetParents.Folder", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadProperties"));
        assertTrue(contains(permissionMappings, "canGetFolderParent.Object", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadProperties"));
        assertTrue(contains(permissionMappings, "canCreateDocument.Folder", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.CreateChildren"));
        assertTrue(contains(permissionMappings, "canCreateFolder.Folder", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.CreateChildren"));
        assertTrue(contains(permissionMappings, "canGetProperties.Object", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadProperties"));
        assertTrue(contains(permissionMappings, "canViewContent.Object", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadContent"));
        assertTrue(contains(permissionMappings, "canUpdateProperties.Object", CMISAccessControlService.CMIS_WRITE_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.WriteProperties"));
        assertTrue(contains(permissionMappings, "canMove.Object", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.DeleteNode"));
        assertTrue(contains(permissionMappings, "canMove.Target", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.CreateChildren"));
        assertTrue(contains(permissionMappings, "canDelete.Object", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.DeleteNode"));
        assertTrue(contains(permissionMappings, "canSetContent.Document", CMISAccessControlService.CMIS_WRITE_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.WriteContent"));
        assertTrue(contains(permissionMappings, "canDeleteContent.Document", CMISAccessControlService.CMIS_WRITE_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.WriteContent"));
        assertTrue(contains(permissionMappings, "canDeleteTree.Folder", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.DeleteNode"));
        assertTrue(contains(permissionMappings, "canAddToFolder.Object", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadProperties"));
        assertTrue(contains(permissionMappings, "canAddToFolder.Folder", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.CreateChildren"));
        assertTrue(contains(permissionMappings, "canRemoveFromFolder.Object", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.DeleteNode"));
        assertTrue(contains(permissionMappings, "canCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}lockable.CheckOut"));
        assertTrue(contains(permissionMappings, "canCancelCheckout.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}lockable.CancelCheckOut"));
        assertTrue(contains(permissionMappings, "canCheckin.Document", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/content/1.0}lockable.CheckIn"));
        assertTrue(contains(permissionMappings, "canGetAllVersions.VersionSeries", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.Read"));
        assertTrue(contains(permissionMappings, "canAddPolicy.Object", CMISAccessControlService.CMIS_WRITE_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.Write"));
        assertTrue(contains(permissionMappings, "canAddPolicy.Policy", CMISAccessControlService.CMIS_READ_PERMISSION));
        assertTrue(contains(permissionMappings, "canRemovePolicy.Object", CMISAccessControlService.CMIS_WRITE_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.Write"));
        assertTrue(contains(permissionMappings, "canRemovePolicy.Policy", CMISAccessControlService.CMIS_READ_PERMISSION));
        assertTrue(contains(permissionMappings, "canGetAppliedPolicies.Object", CMISAccessControlService.CMIS_READ_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadProperties"));
        assertTrue(contains(permissionMappings, "canGetACL.Object", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ReadPermissions"));
        assertTrue(contains(permissionMappings, "canApplyACL.Object", CMISAccessControlService.CMIS_ALL_PERMISSION, "{http://www.alfresco.org/model/system/1.0}base.ChangePermissions"));
    }

    private boolean contains(List<? extends CMISPermissionMapping> list, String str, String... strArr) {
        for (CMISPermissionMapping cMISPermissionMapping : list) {
            if (cMISPermissionMapping.getKey().equals(str)) {
                Set<String> allPermissions = getAllPermissions();
                Iterator<String> it = cMISPermissionMapping.getPermissions().iterator();
                while (it.hasNext()) {
                    if (!allPermissions.contains(it.next())) {
                        return false;
                    }
                }
                if (strArr.length <= 0) {
                    return true;
                }
                if (cMISPermissionMapping.getPermissions().size() == strArr.length) {
                    for (String str2 : strArr) {
                        if (!cMISPermissionMapping.getPermissions().contains(str2)) {
                            return false;
                        }
                    }
                    return true;
                }
            }
        }
        return false;
    }
}
