package com.atlassian.jira.webtests.ztests.admin;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.admin.IssueSecurityLevel;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.rest.api.issue.IssueCreateResponse;
import com.atlassian.jira.rest.api.issue.IssueFields;
import com.atlassian.jira.rest.api.issue.ResourceRef;
import com.atlassian.jira.webtests.LicenseKeys;
import com.google.common.collect.ImmutableList;
import javax.inject.Inject;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.PERMISSIONS})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/TestApplicationRoleBasedPermissions.class */
public class TestApplicationRoleBasedPermissions extends BaseJiraFuncTest {
    private static final String INACCESSIBLE_ISSUE_ID = "";
    private static final String APPLICATION_ROLE_ANY = "";
    private static final String SOFTWARE_ONLY_USER = "dev";
    private static final String CORE_ONLY_USER = "fred";
    private String issueKey;
    private String issueId;

    @Inject
    private Administration administration;

    @Before
    public void setUpTest() {
        this.backdoor.restoreBlankInstance(LicenseKeys.MULTI_ROLE_DC);
        this.backdoor.permissionSchemes().addGroupPermission(0L, ProjectPermissions.SET_ISSUE_SECURITY, "jira-users");
        IssueCreateResponse createIssue = this.backdoor.issues().createIssue("HSP", "A test issue!");
        this.issueKey = createIssue.key;
        this.issueId = createIssue.id;
    }

    @Test
    public void testAnyProjectRoleGrantsAccessToAnyLoggedInUser() {
        removeAllBrowsePermissions();
        assertIssueAccessDenied(this.issueKey);
        grantBrowseAccessToApplicationRole("");
        assertIssueCanBeAccessed(this.issueKey);
    }

    @Test
    public void testSpecificProjectRoleGrantsAccessToRoleMembers() {
        setupSoftwareOnlyUser();
        removeAllBrowsePermissions();
        this.navigation.login(SOFTWARE_ONLY_USER);
        assertIssueAccessDenied(this.issueKey);
        this.navigation.login("admin");
        grantBrowseAccessToApplicationRole("jira-software");
        this.navigation.login(SOFTWARE_ONLY_USER);
        assertIssueCanBeAccessed(this.issueKey);
        this.navigation.login("fred");
        assertIssueAccessDenied(this.issueKey);
    }

    @Test
    public void testIssueSecurityLevelWithAnyProjectRoleGrantsAccessToAnyLoggedInUser() {
        grantBrowseAccessToAnonymous();
        this.navigation.logout();
        assertIssueCanBeAccessed(this.issueKey);
        createAndSetIssueLevelSecurityWithAppliationRole("");
        assertIssueCanBeAccessed(this.issueKey);
        this.navigation.logout();
        assertIssueAccessDenied(this.issueKey);
    }

    @Test
    public void testIssueSecurityLevelWithSpecificProjectRoleGrantsAccessToRoleMembers() {
        setupSoftwareOnlyUser();
        this.navigation.login("fred");
        assertIssueCanBeAccessed(this.issueKey);
        this.navigation.login("admin");
        grantBrowseAccessToApplicationRole("");
        createAndSetIssueLevelSecurityWithAppliationRole("jira-software");
        this.navigation.login("fred");
        assertIssueAccessDenied(this.issueKey);
        this.navigation.login(SOFTWARE_ONLY_USER);
        assertIssueCanBeAccessed(this.issueKey);
    }

    private void createAndSetIssueLevelSecurityWithAppliationRole(String str) {
        this.navigation.login("admin");
        this.administration.issueSecuritySchemes().newScheme("Application Role Scheme", "").newLevel("Application Role Level", "").addIssueSecurity(IssueSecurityLevel.IssueSecurity.APPLICATION_ROLE, str);
        this.administration.project().associateIssueLevelSecurityScheme("homosapien", "Application Role Scheme");
        IssueFields issueFields = new IssueFields();
        issueFields.securityLevel(ResourceRef.withId("10000"));
        this.backdoor.issues().setIssueFields(this.issueKey, issueFields);
    }

    private void setupSoftwareOnlyUser() {
        this.backdoor.applicationRoles().putRoleWithDefaultsSelectedByDefault("jira-software", true, ImmutableList.of("jira-developers"), ImmutableList.of("jira-developers"));
        this.backdoor.usersAndGroups().addUser(SOFTWARE_ONLY_USER);
        this.backdoor.usersAndGroups().addUserToGroup(SOFTWARE_ONLY_USER, "jira-developers");
    }

    private void grantBrowseAccessToAnonymous() {
        this.backdoor.permissionSchemes().addEveryonePermission(0L, ProjectPermissions.BROWSE_PROJECTS);
    }

    private void grantBrowseAccessToApplicationRole(String str) {
        this.backdoor.permissionSchemes().addApplicationRolePermission(0L, ProjectPermissions.BROWSE_PROJECTS, str);
    }

    private void removeAllBrowsePermissions() {
        this.backdoor.permissionSchemes().removeGroupPermission(0L, ProjectPermissions.BROWSE_PROJECTS, "jira-users");
    }

    private void assertIssueAccessDenied(String str) {
        Assert.assertEquals("", this.navigation.issue().viewIssue(str).getIssueId());
    }

    private void assertIssueCanBeAccessed(String str) {
        Assert.assertEquals(this.issueId, this.navigation.issue().viewIssue(str).getIssueId());
    }
}
