package io.trino.execution;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import io.trino.Session;
import io.trino.common.Randoms;
import io.trino.connector.MockConnectorFactory;
import io.trino.connector.MockConnectorPlugin;
import io.trino.connector.MockConnectorTableHandle;
import io.trino.connector.MutableGrants;
import io.trino.spi.connector.SchemaTableName;
import io.trino.spi.security.Identity;
import io.trino.spi.security.PrincipalType;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.TrinoPrincipal;
import io.trino.sql.query.QueryAssertions;
import io.trino.testing.DistributedQueryRunner;
import io.trino.testing.TestingSession;
import java.util.EnumSet;
import org.assertj.core.api.Assertions;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/execution/TestRevokeOnTable.class */
public class TestRevokeOnTable {
    private static final Session admin = sessionOf("admin");
    private static final Session userWithAllPrivileges = sessionOf(Randoms.randomUsername());
    private static final Session userWithSelect = sessionOf(Randoms.randomUsername());
    private DistributedQueryRunner queryRunner;
    private QueryAssertions assertions;

    @BeforeClass
    public void initClass() throws Exception {
        SchemaTableName schemaTableName = new SchemaTableName("default", "table_one");
        this.queryRunner = DistributedQueryRunner.builder(userWithAllPrivileges).build();
        MutableGrants mutableGrants = new MutableGrants();
        mutableGrants.grant(new TrinoPrincipal(PrincipalType.USER, admin.getUser()), schemaTableName, EnumSet.allOf(Privilege.class), true);
        mutableGrants.grant(new TrinoPrincipal(PrincipalType.USER, userWithAllPrivileges.getUser()), schemaTableName, EnumSet.allOf(Privilege.class), true);
        mutableGrants.grant(new TrinoPrincipal(PrincipalType.USER, userWithSelect.getUser()), schemaTableName, ImmutableSet.of(Privilege.SELECT), true);
        this.queryRunner.installPlugin(new MockConnectorPlugin(MockConnectorFactory.builder().withListSchemaNames(connectorSession -> {
            return ImmutableList.of("default");
        }).withListTables((connectorSession2, str) -> {
            return "default".equalsIgnoreCase(str) ? ImmutableList.of(schemaTableName) : ImmutableList.of();
        }).withGetTableHandle((connectorSession3, schemaTableName2) -> {
            if (schemaTableName2.equals(schemaTableName)) {
                return new MockConnectorTableHandle(schemaTableName2);
            }
            return null;
        }).withSchemaGrants(new MutableGrants()).withTableGrants(mutableGrants).build()));
        this.queryRunner.createCatalog("local", "mock");
        this.assertions = new QueryAssertions(this.queryRunner);
    }

    @AfterClass(alwaysRun = true)
    public void teardown() {
        this.assertions.close();
        this.assertions = null;
    }

    @Test(dataProvider = "privilegesAndUsers")
    public void testRevokeOnSchema(String str, Session session) {
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(session, "SHOW TABLES FROM default"))).matches("VALUES (VARCHAR 'table_one')");
        this.queryRunner.execute(admin, String.format("REVOKE %s ON TABLE table_one FROM %s", str, session.getUser()));
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(session, "SHOW TABLES FROM default"))).returnsEmptyResult();
    }

    @Test(dataProvider = "privilegesAndUsers")
    public void testRevokeOnNonExistingCatalog(String str, Session session) {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE %s ON TABLE missing_catalog.missing_schema.missing_table FROM %s", str, session.getUser()));
        }).hasMessageContaining("Table 'missing_catalog.missing_schema.missing_table' does not exist");
    }

    @Test(dataProvider = "privilegesAndUsers")
    public void testRevokeOnNonExistingSchema(String str, Session session) {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE %s ON TABLE missing_schema.missing_table FROM %s", str, session.getUser()));
        }).hasMessageContaining("Table 'local.missing_schema.missing_table' does not exist");
    }

    @Test(dataProvider = "privilegesAndUsers")
    public void testRevokeOnNonExistingTable(String str, Session session) {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE %s ON TABLE default.missing_table FROM %s", str, session.getUser()));
        }).hasMessageContaining("Table 'local.default.missing_table' does not exist");
    }

    @Test(dataProvider = "privileges")
    public void testAccessDenied(String str) {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(sessionOf(Randoms.randomUsername()), String.format("REVOKE %s ON SCHEMA default FROM %s", str, Randoms.randomUsername()));
        }).hasMessageContaining("Access Denied: Cannot revoke privilege SELECT on schema default");
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "privilegesAndUsers")
    public static Object[][] privilegesAndUsers() {
        return new Object[]{new Object[]{"SELECT", userWithSelect}, new Object[]{"ALL PRIVILEGES", userWithAllPrivileges}};
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "privileges")
    public static Object[][] privileges() {
        return new Object[]{new Object[]{"SELECT"}, new Object[]{"ALL PRIVILEGES"}};
    }

    private static Session sessionOf(String str) {
        return TestingSession.testSessionBuilder().setIdentity(Identity.ofUser(str)).setCatalog("local").setSchema("default").build();
    }
}
