package org.nuxeo.ecm.core.api;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import javax.inject.Inject;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.nuxeo.ecm.core.api.impl.DataModelImpl;
import org.nuxeo.ecm.core.api.impl.DocumentModelImpl;
import org.nuxeo.ecm.core.api.impl.UserPrincipal;
import org.nuxeo.ecm.core.api.security.UserEntry;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl;
import org.nuxeo.ecm.core.test.CoreFeature;
import org.nuxeo.ecm.core.test.annotations.Granularity;
import org.nuxeo.ecm.core.test.annotations.RepositoryConfig;
import org.nuxeo.runtime.test.runner.Features;
import org.nuxeo.runtime.test.runner.FeaturesRunner;
import org.nuxeo.runtime.test.runner.LocalDeploy;
import org.nuxeo.runtime.test.runner.RuntimeHarness;

@RepositoryConfig(cleanup = Granularity.METHOD)
@LocalDeploy({"org.nuxeo.ecm.core.test.tests:test-CoreExtensions.xml", "org.nuxeo.ecm.core.test.tests:test-security-policy-contrib.xml"})
@RunWith(FeaturesRunner.class)
@Features({CoreFeature.class})
/* loaded from: input_file:org/nuxeo/ecm/core/api/TestSecurityPolicyService.class */
public class TestSecurityPolicyService {

    @Inject
    protected CoreFeature coreFeature;

    @Inject
    protected RuntimeHarness harness;

    private void setTestPermissions(String str, String... strArr) {
        CoreSession openCoreSession = this.coreFeature.openCoreSession("system");
        Throwable th = null;
        try {
            try {
                DocumentModel rootDocument = openCoreSession.getRootDocument();
                ACPImpl acp = rootDocument.getACP();
                if (acp == null) {
                    acp = new ACPImpl();
                }
                UserEntry userEntryImpl = new UserEntryImpl(str);
                for (String str2 : strArr) {
                    userEntryImpl.addPrivilege(str2);
                }
                acp.setRules("test", new UserEntry[]{userEntryImpl});
                rootDocument.setACP(acp, true);
                openCoreSession.save();
                if (openCoreSession != null) {
                    if (0 == 0) {
                        openCoreSession.close();
                        return;
                    }
                    try {
                        openCoreSession.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (openCoreSession != null) {
                if (th != null) {
                    try {
                        openCoreSession.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    openCoreSession.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testNewSecurityPolicy() throws Exception {
        CoreSession openCoreSession = this.coreFeature.openCoreSession("Administrator");
        Throwable th = null;
        try {
            setTestPermissions("anonymous", "Read");
            DocumentModel createDocumentModel = openCoreSession.createDocumentModel(openCoreSession.getRootDocument().getPathAsString(), "folder#1", "Folder");
            createDocumentModel.setProperty("secupolicy", "securityLevel", 4L);
            DocumentRef ref = openCoreSession.createDocument(createDocumentModel).getRef();
            openCoreSession.save();
            UserPrincipal userPrincipal = new UserPrincipal("foo", new ArrayList(), false, false);
            Assert.assertFalse(openCoreSession.hasPermission(userPrincipal, ref, "Read"));
            Assert.assertTrue(openCoreSession.filterGrantedPermissions(userPrincipal, ref, Arrays.asList("Read")).isEmpty());
            setTestPermissions(userPrincipal.getName(), "Read");
            Assert.assertTrue(openCoreSession.hasPermission(userPrincipal, ref, "Read"));
            Assert.assertEquals(openCoreSession.filterGrantedPermissions(userPrincipal, ref, Arrays.asList("Read")), Arrays.asList("Read"));
            if (openCoreSession != null) {
                if (0 != 0) {
                    try {
                        openCoreSession.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openCoreSession.close();
                }
            }
            CoreSession openCoreSession2 = this.coreFeature.openCoreSession("anonymous");
            Throwable th3 = null;
            try {
                DocumentModelImpl documentModelImpl = new DocumentModelImpl("User");
                HashMap hashMap = new HashMap();
                hashMap.put("accessLevel", 3L);
                documentModelImpl.addDataModel(new DataModelImpl("user", hashMap));
                openCoreSession2.getPrincipal().setModel(documentModelImpl);
                Assert.assertFalse(openCoreSession2.hasPermission(ref, "Read"));
                openCoreSession2.getPrincipal().getModel().setProperty("user", "accessLevel", 5L);
                Assert.assertTrue(openCoreSession2.hasPermission(ref, "Read"));
                openCoreSession2.save();
                if (openCoreSession2 != null) {
                    if (0 == 0) {
                        openCoreSession2.close();
                        return;
                    }
                    try {
                        openCoreSession2.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (openCoreSession2 != null) {
                    if (0 != 0) {
                        try {
                            openCoreSession2.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        openCoreSession2.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (openCoreSession != null) {
                if (0 != 0) {
                    try {
                        openCoreSession.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    openCoreSession.close();
                }
            }
            throw th7;
        }
    }
}
