package com.atlassian.jira.webtests.ztests.bundledplugins2.rest;

import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.fields.EditFieldConstants;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.permission.ProjectPermissions;
import com.atlassian.jira.rest.api.issue.IssueCreateResponse;
import com.atlassian.jira.rest.api.project.ProjectRoleBean;
import com.atlassian.jira.testkit.beans.PermissionGrantBean;
import com.atlassian.jira.testkit.client.restclient.Comment;
import com.atlassian.jira.testkit.client.restclient.CommentClient;
import com.atlassian.jira.testkit.client.restclient.CommentsWithPaginationBean;
import com.atlassian.jira.testkit.client.restclient.GenericRestClient;
import com.atlassian.jira.testkit.client.restclient.ParsedResponse;
import com.atlassian.jira.testkit.client.restclient.PermissionSchemeRestClient;
import com.atlassian.jira.testkit.client.restclient.ProjectRole;
import com.atlassian.jira.testkit.client.restclient.ProjectRoleClient;
import com.atlassian.jira.testkit.client.restclient.RoleClient;
import com.atlassian.jira.util.json.JSONException;
import com.atlassian.jira.webtests.ztests.bundledplugins2.webhooks.TestUserWebHook;
import java.io.IOException;
import java.net.URI;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.hamcrest.BaseMatcher;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Description;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.TypeSafeMatcher;
import org.hamcrest.collection.IsIterableContainingInOrder;
import org.hamcrest.core.IsEqual;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.xml.sax.SAXException;

@WebTest({Category.FUNC_TEST, Category.REST})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/bundledplugins2/rest/TestRoleResource.class */
public class TestRoleResource extends BaseJiraFuncTest {
    private RoleClient roleClient;
    private PermissionSchemeRestClient permissionSchemeRestClient;
    private CommentClient commentClient;

    @Before
    public void setUpTest() {
        this.backdoor.restoreBlankInstance();
        this.roleClient = new RoleClient(getEnvironmentData());
        this.permissionSchemeRestClient = new PermissionSchemeRestClient(getEnvironmentData());
        this.commentClient = new CommentClient(getEnvironmentData());
    }

    @Test
    public void testGetAllRoles() {
        MatcherAssert.assertThat(this.roleClient.get(), CoreMatchers.hasItems(new Matcher[]{projectRole(10000L, FunctTestConstants.JIRA_USERS_ROLE, "A project role that represents users in a project", "jira-users"), projectRole(Long.valueOf(FunctTestConstants.JIRA_DEV_ROLE_ID), FunctTestConstants.JIRA_DEV_ROLE, "A project role that represents developers in a project", "jira-developers"), projectRole(Long.valueOf(FunctTestConstants.JIRA_ADMIN_ROLE_ID), FunctTestConstants.JIRA_ADMIN_ROLE, "A project role that represents administrators in a project", "jira-administrators")}));
    }

    @Test
    public void testAnonymousGet() {
        assertFailingStatusCode(() -> {
            this.roleClient.anonymous().get();
        }, Response.Status.UNAUTHORIZED);
    }

    @Test
    public void testNormalUserGet() {
        assertFailingStatusCode(() -> {
            this.backdoor.usersAndGroups().addUser(TestUserWebHook.USER_NAME);
            this.roleClient.loginAs(TestUserWebHook.USER_NAME).get();
        }, Response.Status.FORBIDDEN, () -> {
            this.backdoor.usersAndGroups().deleteUser(TestUserWebHook.USER_NAME);
        });
    }

    @Test
    public void testGetSelfForEachRole() throws IOException, SAXException, JSONException {
        for (ProjectRole projectRole : this.roleClient.get()) {
            ProjectRole projectRole2 = this.roleClient.get(projectRole.id.toString());
            Assert.assertNotNull(projectRole2);
            Assert.assertEquals(projectRole.description, projectRole2.description);
            Assert.assertEquals(projectRole.name, projectRole2.name);
            Assert.assertEquals(projectRole.self, projectRole2.self);
            Assert.assertEquals(projectRole.id, projectRole2.id);
            ParsedResponse parsedResponse = new GenericRestClient().get(URI.create(projectRole.self), ProjectRoleBean.class);
            MatcherAssert.assertThat(Integer.valueOf(parsedResponse.statusCode), IsEqual.equalTo(200));
            ProjectRoleBean projectRoleBean = (ProjectRoleBean) parsedResponse.body;
            Assert.assertEquals(projectRole.description, projectRoleBean.description);
            Assert.assertEquals(projectRole.name, projectRoleBean.name);
            Assert.assertEquals(projectRole.self, projectRoleBean.self.toString());
            Assert.assertEquals(projectRole.id, projectRoleBean.id);
        }
    }

    @Test
    public void testGetNonExistingRole() throws IOException, SAXException {
        assertFailingStatusCode(() -> {
            this.roleClient.get("12312321312");
        }, Response.Status.NOT_FOUND);
    }

    @Test
    public void testCreateRoleWorks() {
        ProjectRole description = new ProjectRole().name("name").description("description");
        ProjectRole create = this.roleClient.create(description.getName(), description.getDescription());
        MatcherAssert.assertThat(create, matchesByNameAndDescription(description));
        ProjectRole projectRole = this.roleClient.get(String.valueOf(create.id));
        MatcherAssert.assertThat(projectRole, matchesByNameAndDescription(description));
        Assert.assertTrue(projectRole.getActors() == null);
    }

    @Test
    public void testCreatingWithExistingNameYieldsConflict() {
        ProjectRole description = new ProjectRole().name("name").description("description");
        this.roleClient.create(description.getName(), description.getDescription());
        assertFailingStatusCode(() -> {
            this.roleClient.create(description.getName(), description.getDescription());
        }, Response.Status.CONFLICT);
    }

    @Test
    public void testNoAccessForAnonymousForCreateRole() {
        assertFailingStatusCode(() -> {
            this.roleClient.anonymous().create("a", "b");
        }, Response.Status.UNAUTHORIZED);
    }

    @Test
    public void testNoAccessForNormalUserForCreateRole() {
        assertFailingStatusCode(() -> {
            this.backdoor.usersAndGroups().addUser(TestUserWebHook.USER_NAME);
            this.roleClient.loginAs(TestUserWebHook.USER_NAME).create("a", "b");
        }, Response.Status.FORBIDDEN, () -> {
            this.backdoor.usersAndGroups().deleteUser(TestUserWebHook.USER_NAME);
        });
    }

    @Test
    public void testBadRequestForCreateRoleWithoutName() {
        assertFailingStatusCode(() -> {
            this.roleClient.create((String) null, "b");
        }, Response.Status.BAD_REQUEST);
    }

    @Test
    public void testRenameRoleWorks() {
        Assert.assertEquals("newName", this.roleClient.updatePartial(this.roleClient.create("role", "").id, "newName", (String) null).getName());
    }

    @Test
    public void testPartialUpdateRoleNeedsNameOrDescription() {
        ProjectRole create = this.roleClient.create("role", "");
        assertFailingStatusCode(() -> {
            this.roleClient.updatePartial(create.id, (String) null, (String) null);
        }, Response.Status.BAD_REQUEST);
    }

    @Test
    public void testFullUpdateRoleNeedsNameAndDescription() {
        ProjectRole create = this.roleClient.create("role", "");
        assertFailingStatusCode(() -> {
            this.roleClient.updateFull(create.id, "a", (String) null);
        }, Response.Status.BAD_REQUEST);
        assertFailingStatusCode(() -> {
            this.roleClient.updateFull(create.id, (String) null, "a");
        }, Response.Status.BAD_REQUEST);
    }

    @Test
    public void testDeleteRoleWorks() {
        ProjectRole create = this.roleClient.create("to-be-deleted", "");
        this.roleClient.deleteProjectRole(create.getId());
        assertFailingStatusCode(() -> {
            this.roleClient.get(String.valueOf(create.getId()));
        }, Response.Status.NOT_FOUND);
    }

    @Test
    public void testDeleteWorksWithLinkedSchemesAndSwapQueryParam() {
        ProjectRole create = this.roleClient.create("to-be-deleted", "");
        ProjectRole create2 = this.roleClient.create("replacement", "");
        Long createScheme = this.backdoor.permissionSchemes().createScheme("new-scheme", "");
        this.backdoor.permissionSchemes().addProjectRolePermission(createScheme.longValue(), ProjectPermissions.CLOSE_ISSUES, create.getId().longValue());
        this.roleClient.deleteProjectRole(create.getId(), create2.getId());
        MatcherAssert.assertThat(((PermissionSchemeRestClient.PermissionGrantListBean) this.permissionSchemeRestClient.getPermissions(createScheme, new PermissionSchemeRestClient.Expand[0]).body).permissions, IsIterableContainingInOrder.contains(projectRolePermissionGrantBean(create2.getId())));
    }

    @Test
    public void testDeleteFailsWithLinkedSchemesWithoutSwapQueryParam() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        this.backdoor.permissionSchemes().addProjectRolePermission(this.backdoor.permissionSchemes().createScheme("new-scheme", "").longValue(), ProjectPermissions.CLOSE_ISSUES, create.getId().longValue());
        assertFailingStatusCode(() -> {
            this.roleClient.deleteProjectRole(create.getId());
        }, Response.Status.CONFLICT);
    }

    @Test
    public void testDeleteFailsWithProtectedCommentsWithoutSwapQueryParam() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        IssueCreateResponse createIssue = this.backdoor.issues().createIssue("HSP", EditFieldConstants.SUMMARY);
        new ProjectRoleClient(getEnvironmentData()).addActors("HSP", create.getName(), new String[0], new String[]{"admin"});
        this.backdoor.issues().commentIssueWithVisibility(createIssue.key, "restricted-comment", "role", create.getName());
        assertFailingStatusCode(() -> {
            this.roleClient.deleteProjectRole(create.getId());
        }, Response.Status.CONFLICT);
    }

    @Test
    public void testDeleteWorksWithProtectedCommentsWithSwapQueryParam() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        ProjectRole create2 = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        IssueCreateResponse createIssue = this.backdoor.issues().createIssue("HSP", EditFieldConstants.SUMMARY);
        ProjectRoleClient projectRoleClient = new ProjectRoleClient(getEnvironmentData());
        projectRoleClient.addActors("HSP", create.getName(), new String[0], new String[]{"admin"});
        projectRoleClient.addActors("HSP", create2.getName(), new String[0], new String[]{"fred"});
        this.backdoor.issues().commentIssueWithVisibility(createIssue.key, "restricted-comment", "role", create.getName());
        assertCannotSeeCommentsOnIssue("fred", createIssue.key);
        assertCanSeeCommentsOnIssue("admin", createIssue.key);
        this.roleClient.deleteProjectRole(create.getId(), create2.getId());
        assertCannotSeeCommentsOnIssue("admin", createIssue.key);
        assertCanSeeCommentsOnIssue("fred", createIssue.key);
    }

    @Test
    public void testDeleteWorksAndDoesNotModifyGroupRestrictions() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        ProjectRole create2 = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        IssueCreateResponse createIssue = this.backdoor.issues().createIssue("HSP", EditFieldConstants.SUMMARY);
        ProjectRoleClient projectRoleClient = new ProjectRoleClient(getEnvironmentData());
        projectRoleClient.addActors("HSP", create.getName(), new String[0], new String[]{"admin"});
        this.backdoor.issues().commentIssueWithVisibility(createIssue.key, "restricted-comment", "role", create.getName());
        this.backdoor.issues().commentIssueWithVisibility(createIssue.key, "restricted-comment-to-group", "group", "jira-administrators");
        this.roleClient.deleteProjectRole(create.getId(), create2.getId());
        projectRoleClient.addActors("HSP", create2.getName(), new String[0], new String[]{"admin"});
        assertCommentContainsGroupRestriction(createIssue.key, "jira-administrators");
    }

    private void assertCommentContainsGroupRestriction(String str, String str2) {
        List comments = ((CommentsWithPaginationBean) this.commentClient.getComments(str).body).getComments();
        Assert.assertEquals("group", ((Comment) comments.get(1)).visibility.type);
        Assert.assertEquals(str2, ((Comment) comments.get(1)).visibility.value);
    }

    @Test
    public void testDeleteFailsWhenRoleUsedInWorkflowWithoutSwapQueryParam() {
        long j = 10610L;
        this.backdoor.restoreDataFromResource("xml/TestRoleResourceSwapRoleInWorkflows.xml");
        assertFailingStatusCode(() -> {
            this.roleClient.deleteProjectRole(j);
        }, Response.Status.CONFLICT);
    }

    @Test
    public void testDeleteWorksWhenRoleUsedInWorkflowWithSwapQueryParam() {
        this.backdoor.restoreDataFromResource("xml/TestRoleResourceSwapRoleInWorkflows.xml");
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        this.roleClient.deleteProjectRole(10610L, create.getId());
        verifyReplacementWorked(create);
    }

    @Test
    public void getDefaultActorsOfNewRoleReturnsEmpty() {
        MatcherAssert.assertThat(this.roleClient.getDefaultActorsForRole(this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "").getId()).getActors(), Matchers.empty());
    }

    @Test
    public void getDefaultActorsOfNonExistingRoleReturnsNotFound() {
        assertFailingStatusCode(() -> {
            this.roleClient.getDefaultActorsForRole(999L);
        }, Response.Status.NOT_FOUND);
    }

    @Test
    public void addDefaultActorsToNewRoleWorks() {
        MatcherAssert.assertThat(this.roleClient.addDefaultActorsToRole(this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "").getId(), new String[]{"admin"}, (String[]) null).getActors(), Matchers.contains(actor("admin")));
    }

    @Test
    public void addDefaultActorsRequiresUserOrGroup() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        assertFailingStatusCode(() -> {
            this.roleClient.addDefaultActorsToRole(create.getId(), (String[]) null, (String[]) null);
        }, Response.Status.BAD_REQUEST);
    }

    @Test
    public void addNonExistentActorFails() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        assertFailingStatusCode(() -> {
            this.roleClient.addDefaultActorsToRole(create.getId(), new String[]{"nonexistent"}, (String[]) null);
        }, Response.Status.BAD_REQUEST);
    }

    @Test
    public void addNonExistentActorFailsAndLeavesDefaultActorsAsIs() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        assertFailingStatusCode(() -> {
            this.roleClient.addDefaultActorsToRole(create.getId(), new String[]{"nonexistent", "admin"}, new String[]{"jira-users"});
        }, Response.Status.BAD_REQUEST);
        MatcherAssert.assertThat(this.roleClient.getDefaultActorsForRole(create.getId()).getActors(), Matchers.empty());
    }

    @Test
    public void deleteDefaultActorsFromNewRoleWorks() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        MatcherAssert.assertThat(this.roleClient.addDefaultActorsToRole(create.getId(), new String[]{"admin"}, (String[]) null).getActors(), Matchers.contains(actor("admin")));
        MatcherAssert.assertThat(this.roleClient.deleteDefaultActorsToRole(create.getId(), "admin", (String) null).getActors(), Matchers.empty());
    }

    @Test
    public void deleteDefaultActorsRequiresUserOrGroup() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        assertFailingStatusCode(() -> {
            this.roleClient.deleteDefaultActorsToRole(create.getId(), (String) null, (String) null);
        }, Response.Status.BAD_REQUEST);
    }

    @Test
    public void deleteDefaultActorsFailsWhenGivenBothUserAndGroup() {
        ProjectRole create = this.roleClient.create(RandomStringUtils.randomAlphabetic(6), "");
        assertFailingStatusCode(() -> {
            this.roleClient.deleteDefaultActorsToRole(create.getId(), "admin", "jira-users");
        }, Response.Status.BAD_REQUEST);
    }

    private Matcher<? super ProjectRole.Actor> actor(final String str) {
        return new TypeSafeMatcher<ProjectRole.Actor>() { // from class: com.atlassian.jira.webtests.ztests.bundledplugins2.rest.TestRoleResource.1
            /* JADX INFO: Access modifiers changed from: protected */
            public boolean matchesSafely(ProjectRole.Actor actor) {
                return actor.name.equals(str);
            }

            public void describeTo(Description description) {
                description.appendText("actor with name").appendValue(str);
            }
        };
    }

    private int getNumberOfVisibleCommentsForUser(String str, String str2) {
        return ((CommentsWithPaginationBean) this.commentClient.loginAs(str).getComments(str2).body).getTotal().intValue();
    }

    private void assertCanSeeCommentsOnIssue(String str, String str2) {
        Assert.assertTrue(getNumberOfVisibleCommentsForUser(str, str2) != 0);
    }

    private void assertCannotSeeCommentsOnIssue(String str, String str2) {
        Assert.assertTrue(getNumberOfVisibleCommentsForUser(str, str2) == 0);
    }

    private void verifyReplacementWorked(ProjectRole projectRole) {
        assertFailingStatusCode(() -> {
            this.roleClient.deleteProjectRole(projectRole.getId());
        }, Response.Status.CONFLICT);
    }

    private Matcher<PermissionGrantBean> projectRolePermissionGrantBean(final Long l) {
        return new TypeSafeMatcher<PermissionGrantBean>() { // from class: com.atlassian.jira.webtests.ztests.bundledplugins2.rest.TestRoleResource.2
            /* JADX INFO: Access modifiers changed from: protected */
            public boolean matchesSafely(PermissionGrantBean permissionGrantBean) {
                return permissionGrantBean.getHolder().getType().equals("projectRole") && permissionGrantBean.getHolder().getParameter().equals(l.toString());
            }

            public void describeTo(Description description) {
                description.appendText("permission grant bean with role type and id equal to").appendValue(l);
            }
        };
    }

    private void assertFailingStatusCode(Runnable runnable, Response.Status status) {
        assertFailingStatusCode(runnable, status, () -> {
        });
    }

    private void assertFailingStatusCode(Runnable runnable, Response.Status status, Runnable runnable2) {
        try {
            try {
                runnable.run();
                Assert.fail("Should result in " + status.toString());
                runnable2.run();
            } catch (WebApplicationException e) {
                Assert.assertEquals(status.getStatusCode(), e.getResponse().getStatus());
                runnable2.run();
            }
        } catch (Throwable th) {
            runnable2.run();
            throw th;
        }
    }

    private Matcher<ProjectRole> matchesByNameAndDescription(final ProjectRole projectRole) {
        return new TypeSafeMatcher<ProjectRole>() { // from class: com.atlassian.jira.webtests.ztests.bundledplugins2.rest.TestRoleResource.3
            public void describeTo(Description description) {
                description.appendText("name: ").appendValue(projectRole.getName()).appendText("description: ").appendValue(projectRole.getDescription());
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public boolean matchesSafely(ProjectRole projectRole2) {
                return new EqualsBuilder().append(projectRole2.getName(), projectRole.getName()).append(projectRole2.getDescription(), projectRole.getDescription()).isEquals();
            }
        };
    }

    private BaseMatcher<ProjectRole> projectRole(@Nonnull final Long l, @Nonnull final String str, @Nonnull final String str2, @Nonnull final String str3) {
        return new BaseMatcher<ProjectRole>() { // from class: com.atlassian.jira.webtests.ztests.bundledplugins2.rest.TestRoleResource.4
            public boolean matches(Object obj) {
                if (!(obj instanceof ProjectRole)) {
                    return false;
                }
                ProjectRole projectRole = (ProjectRole) obj;
                return str.equals(projectRole.name) && l.equals(projectRole.id) && str2.equals(projectRole.description) && containsActor(projectRole.actors, str3);
            }

            public void describeTo(Description description) {
                description.appendText(new ProjectRole().name(str).id(l).description(str2).toString());
            }

            private boolean containsActor(List<ProjectRole.Actor> list, String str4) {
                Iterator<ProjectRole.Actor> it = list.iterator();
                while (it.hasNext()) {
                    if (str4.equalsIgnoreCase(it.next().name)) {
                        return true;
                    }
                }
                return false;
            }
        };
    }
}
