package com.atlassian.jira.webtests.ztests.render;

import com.atlassian.integrationtesting.runner.restore.Restore;
import com.atlassian.jira.functest.framework.BaseJiraRestTest;
import com.atlassian.jira.functest.framework.backdoor.Backdoor;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.functest.rule.Rules;
import com.atlassian.jira.functest.rule.SinceBuildRule;
import com.atlassian.jira.testkit.client.restclient.ParsedResponse;
import java.util.Arrays;
import java.util.Collection;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestRule;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
@WebTest({Category.FUNC_TEST, Category.REST})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/render/TestRenderEndpointSecurityWithAnonymousFlagEnabled.class */
public class TestRenderEndpointSecurityWithAnonymousFlagEnabled extends BaseJiraRestTest {
    private static final String ADMIN = "admin";
    private static final String ANONYMOUS = "anonymous";
    private static final String BOB = "bob";
    private static final int OK = Response.Status.OK.getStatusCode();
    private static final int NOT_FOUND = Response.Status.NOT_FOUND.getStatusCode();
    private static final String ACCESS_WITH_FLAG = "should access an issue in a project because 'browse project permission' is not checked as a feature flag for it is active.";
    private static final String ACCESS_PUBLIC = "should access an issue in a project which has browse project permission granted to anyone.";
    private static final String ACCESS_AS_ADMIN = "should access an issue in a project which has browse project permission granted to jira-administrators.";
    private static final String ACCESS_AS_USER = "should access an issue in a project which has browse project permission granted to logged in users.";
    private static final String ACCESS_404 = "should get a 404 [Not Found] HTTP error when accessing an issue that doesn't exist.";

    @Rule
    public TestRule copyAttachmentsRule = Rules.prepareAttachments(this::getEnvironmentData, this::getBackdoor, "TestRenderEndpointSecurity/attachments");
    private final String username;
    private final String issueKey;
    private final int expectedStatusCode;
    private final String testMessage;

    public Backdoor getBackdoor() {
        return this.backdoor;
    }

    @Parameterized.Parameters(name = "{3}")
    public static Collection<Object[]> params() {
        return Arrays.asList(new Object[]{"anonymous", "PUB-1", Integer.valueOf(OK), format(null, ACCESS_PUBLIC)}, new Object[]{"anonymous", "PUB-2", Integer.valueOf(OK), format(null, ACCESS_PUBLIC)}, new Object[]{"anonymous", "PUB-3", Integer.valueOf(NOT_FOUND), format(null, ACCESS_404)}, new Object[]{"anonymous", "PRIV-1", Integer.valueOf(OK), format(null, ACCESS_WITH_FLAG)}, new Object[]{"anonymous", "PRIV-2", Integer.valueOf(OK), format(null, ACCESS_WITH_FLAG)}, new Object[]{"anonymous", "PRIV-3", Integer.valueOf(NOT_FOUND), format(null, ACCESS_404)}, new Object[]{"anonymous", "OTH-1", Integer.valueOf(OK), format(null, ACCESS_WITH_FLAG)}, new Object[]{"anonymous", "OTH-2", Integer.valueOf(OK), format(null, ACCESS_WITH_FLAG)}, new Object[]{"anonymous", "OTH-3", Integer.valueOf(OK), format(null, ACCESS_WITH_FLAG)}, new Object[]{"anonymous", "OTH-4", Integer.valueOf(OK), format(null, ACCESS_WITH_FLAG)}, new Object[]{"anonymous", "OTH-5", Integer.valueOf(NOT_FOUND), format(null, ACCESS_404)}, new Object[]{"admin", "PUB-1", Integer.valueOf(OK), format("admin", ACCESS_PUBLIC)}, new Object[]{"admin", "PUB-2", Integer.valueOf(OK), format("admin", ACCESS_PUBLIC)}, new Object[]{"admin", "PUB-3", Integer.valueOf(NOT_FOUND), format("admin", ACCESS_404)}, new Object[]{"admin", "PRIV-1", Integer.valueOf(OK), format("admin", ACCESS_AS_ADMIN)}, new Object[]{"admin", "PRIV-2", Integer.valueOf(OK), format("admin", ACCESS_AS_ADMIN)}, new Object[]{"admin", "PRIV-3", Integer.valueOf(NOT_FOUND), format("admin", ACCESS_404)}, new Object[]{"admin", "OTH-1", Integer.valueOf(OK), format("admin", ACCESS_AS_ADMIN)}, new Object[]{"admin", "OTH-2", Integer.valueOf(OK), format("admin", ACCESS_AS_ADMIN)}, new Object[]{"admin", "OTH-3", Integer.valueOf(OK), format("admin", ACCESS_AS_USER)}, new Object[]{"admin", "OTH-4", Integer.valueOf(OK), format("admin", ACCESS_AS_USER)}, new Object[]{"admin", "OTH-5", Integer.valueOf(NOT_FOUND), format("admin", ACCESS_404)}, new Object[]{"bob", "PUB-1", Integer.valueOf(OK), format("bob", ACCESS_PUBLIC)}, new Object[]{"bob", "PUB-2", Integer.valueOf(OK), format("bob", ACCESS_PUBLIC)}, new Object[]{"bob", "PUB-3", Integer.valueOf(NOT_FOUND), format("bob", ACCESS_404)}, new Object[]{"bob", "PRIV-1", Integer.valueOf(OK), format("bob", ACCESS_WITH_FLAG)}, new Object[]{"bob", "PRIV-2", Integer.valueOf(OK), format("bob", ACCESS_WITH_FLAG)}, new Object[]{"bob", "PRIV-3", Integer.valueOf(NOT_FOUND), format("bob", ACCESS_404)}, new Object[]{"bob", "OTH-1", Integer.valueOf(OK), format("bob", ACCESS_WITH_FLAG)}, new Object[]{"bob", "OTH-2", Integer.valueOf(OK), format("bob", ACCESS_WITH_FLAG)}, new Object[]{"bob", "OTH-3", Integer.valueOf(OK), format("bob", ACCESS_AS_USER)}, new Object[]{"bob", "OTH-4", Integer.valueOf(OK), format("bob", ACCESS_AS_USER)}, new Object[]{"bob", "OTH-5", Integer.valueOf(NOT_FOUND), format("bob", ACCESS_404)});
    }

    public TestRenderEndpointSecurityWithAnonymousFlagEnabled(String str, String str2, int i, String str3) {
        this.username = str;
        this.issueKey = str2;
        this.expectedStatusCode = i;
        this.testMessage = str3;
    }

    private static String format(String str, String str2) {
        return str == null ? String.format("Anonymous user %s", str2) : String.format("User '%s' %s", str, str2);
    }

    private RenderersClient getClient() {
        return ("admin".equals(this.username) || "bob".equals(this.username)) ? (RenderersClient) new RenderersClient(getEnvironmentData()).loginAs(this.username) : (RenderersClient) new RenderersClient(getEnvironmentData()).anonymous();
    }

    @Before
    public void enableFlagForLegacyPermissionCheckSkip() {
        getBackdoor().darkFeatures().enableForSite("CONTENT_RENDER_ANONYMOUS");
    }

    @Test
    @Restore("TestRenderEndpointSecurity.xml")
    @SinceBuildRule.SinceBuild(buildNumber = 804000)
    public void checkRenderEndpoint() {
        ParsedResponse render = getClient().render(ContentToRender.fromWikiMarkup(String.format("[^%s.txt]", this.issueKey.toLowerCase()), this.issueKey));
        Assert.assertEquals(this.testMessage, this.expectedStatusCode, render.statusCode);
        if (this.expectedStatusCode == NOT_FOUND) {
            Assert.assertEquals("Render endpoint should give a proper message when responding with 404.", "<h1>You can't view this issue</h1><p><span class=\"error\">It may have been deleted or you don't have permission to view it.</span></p>", render.entity.errorMessages.get(0));
        }
    }
}
