package org.nuxeo.ecm.core.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.jmock.integration.junit4.JUnit4Mockery;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.nuxeo.ecm.core.CoreUTConstants;
import org.nuxeo.ecm.core.api.Lock;
import org.nuxeo.ecm.core.api.impl.UserPrincipal;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.core.api.security.Access;
import org.nuxeo.ecm.core.model.Document;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.test.NXRuntimeTestCase;

/* loaded from: input_file:org/nuxeo/ecm/core/security/TestSecurityPolicyService.class */
public class TestSecurityPolicyService extends NXRuntimeTestCase {
    private SecurityPolicyService service;
    protected Mockery mockery = new JUnit4Mockery();
    static final String creator = "Bodie";
    static final Principal creatorPrincipal = new UserPrincipal(creator, new ArrayList(), false, false);
    static final String user = "Bubbles";
    static final Principal userPrincipal = new UserPrincipal(user, new ArrayList(), false, false);

    @Before
    public void setUp() throws Exception {
        super.setUp();
        deployContrib(CoreUTConstants.CORE_BUNDLE, "OSGI-INF/SecurityService.xml");
        deployContrib(CoreUTConstants.CORE_BUNDLE, "OSGI-INF/permissions-contrib.xml");
        deployContrib(CoreUTConstants.CORE_BUNDLE, "OSGI-INF/security-policy-contrib.xml");
        this.service = (SecurityPolicyService) Framework.getService(SecurityPolicyService.class);
        Assert.assertNotNull(this.service);
    }

    @After
    public void tearDown() throws Exception {
        super.tearDown();
        this.service = null;
    }

    @Test
    public void testPolicies() throws Exception {
        String[] strArr = {"Write"};
        final Document document = (Document) this.mockery.mock(Document.class, "document1");
        this.mockery.checking(new Expectations() { // from class: org.nuxeo.ecm.core.security.TestSecurityPolicyService.1
            {
                ((Document) allowing(document)).getLock();
                will(returnValue(null));
            }
        });
        Assert.assertSame(Access.UNKNOWN, this.service.checkPermission(document, (ACP) null, creatorPrincipal, "Write", strArr, (String[]) null));
        Assert.assertSame(Access.UNKNOWN, this.service.checkPermission(document, (ACP) null, userPrincipal, "Write", strArr, (String[]) null));
        final Lock lock = new Lock(user, new GregorianCalendar());
        final Document document2 = (Document) this.mockery.mock(Document.class, "document2");
        this.mockery.checking(new Expectations() { // from class: org.nuxeo.ecm.core.security.TestSecurityPolicyService.2
            {
                ((Document) allowing(document2)).getLock();
                will(returnValue(lock));
                ((Document) allowing(document2)).getPropertyValue("dc:creator");
                will(returnValue(TestSecurityPolicyService.creator));
            }
        });
        Assert.assertSame(Access.DENY, this.service.checkPermission(document2, (ACP) null, creatorPrincipal, "Write", strArr, (String[]) null));
        Assert.assertSame(Access.UNKNOWN, this.service.checkPermission(document2, (ACP) null, userPrincipal, "Write", strArr, (String[]) null));
        deployContrib(CoreUTConstants.CORE_TESTS_BUNDLE, "test-security-policy-contrib.xml");
        Assert.assertSame(Access.GRANT, this.service.checkPermission(document2, (ACP) null, creatorPrincipal, "Write", strArr, (String[]) null));
        Assert.assertSame(Access.UNKNOWN, this.service.checkPermission(document2, (ACP) null, userPrincipal, "Write", strArr, (String[]) null));
    }

    @Test
    public void testCheckOutPolicy() throws Exception {
        String[] strArr = {"Write", "WriteProperties"};
        final Document document = (Document) this.mockery.mock(Document.class, "document3");
        this.mockery.checking(new Expectations() { // from class: org.nuxeo.ecm.core.security.TestSecurityPolicyService.3
            {
                ((Document) allowing(document)).getLock();
                will(returnValue(null));
                ((Document) allowing(document)).isVersion();
                will(returnValue(Boolean.FALSE));
                ((Document) allowing(document)).isProxy();
                will(returnValue(Boolean.FALSE));
                ((Document) allowing(document)).isCheckedOut();
                will(returnValue(Boolean.TRUE));
            }
        });
        Assert.assertSame(Access.UNKNOWN, this.service.checkPermission(document, (ACP) null, creatorPrincipal, "Write", strArr, (String[]) null));
        final Document document2 = (Document) this.mockery.mock(Document.class, "document4");
        this.mockery.checking(new Expectations() { // from class: org.nuxeo.ecm.core.security.TestSecurityPolicyService.4
            {
                ((Document) allowing(document2)).getLock();
                will(returnValue(null));
                ((Document) allowing(document2)).isVersion();
                will(returnValue(Boolean.FALSE));
                ((Document) allowing(document2)).isProxy();
                will(returnValue(Boolean.FALSE));
                ((Document) allowing(document2)).isCheckedOut();
                will(returnValue(Boolean.FALSE));
            }
        });
        Assert.assertSame(Access.UNKNOWN, this.service.checkPermission(document2, (ACP) null, creatorPrincipal, "Write", strArr, (String[]) null));
        deployContrib(CoreUTConstants.CORE_TESTS_BUNDLE, "test-security-policy2-contrib.xml");
        Assert.assertSame(Access.DENY, this.service.checkPermission(document2, (ACP) null, creatorPrincipal, "Write", strArr, (String[]) null));
    }
}
