package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.collect.ImmutableMap;
import java.util.Iterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/AdministrativePermissionProviderTest.class */
public class AdministrativePermissionProviderTest extends AbstractSecurityTest {
    private static final String ADMINISTRATOR_GROUP = "admins";
    private ContentSession testSession;
    private PermissionProvider permissionProvider;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        getUserManager(this.root).createGroup(ADMINISTRATOR_GROUP).addMember(getTestUser());
        this.root.commit();
        this.testSession = createTestSession();
        this.permissionProvider = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.testSession.getLatestRoot(), this.testSession.getWorkspaceName(), this.testSession.getAuthInfo().getPrincipals());
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            this.testSession.close();
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(ADMINISTRATOR_GROUP);
            if (authorizable != null) {
                authorizable.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("administrativePrincipals", new String[]{ADMINISTRATOR_GROUP})));
    }

    @Test
    public void testRepositoryPermissions() {
        Assert.assertSame(RepositoryPermission.ALL, this.permissionProvider.getRepositoryPermission());
    }

    @Test
    public void testRootTreePermissions() {
        Root latestRoot = this.testSession.getLatestRoot();
        Assert.assertTrue(latestRoot.getTree(IdentifierManagerTest.ID_ROOT).exists());
        Assert.assertSame(TreePermission.ALL, this.permissionProvider.getTreePermission(latestRoot.getTree(IdentifierManagerTest.ID_ROOT), TreePermission.EMPTY));
    }

    @Test
    public void testReadPaths() {
        Root latestRoot = this.testSession.getLatestRoot();
        Iterator it = PermissionConstants.DEFAULT_READ_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = latestRoot.getTree((String) it.next());
            Assert.assertTrue(tree.exists());
            Assert.assertSame(TreePermission.ALL, this.permissionProvider.getTreePermission(tree, TreePermission.EMPTY));
        }
    }

    @Test
    public void testIsGrantedNonExistingLocation() {
        Assert.assertTrue(this.permissionProvider instanceof AggregatedPermissionProvider);
        Assert.assertTrue(this.permissionProvider.isGranted(TreeLocation.create(this.testSession.getLatestRoot(), "/test/non/existing/tree"), 2097151L));
        Assert.assertTrue(this.permissionProvider.isGranted(TreeLocation.create(this.testSession.getLatestRoot(), "/non/existing/tree"), 2097151L));
    }

    @Test
    public void testIsGrantedNonExistingVersionStoreLocation() {
        Assert.assertTrue(this.permissionProvider instanceof AggregatedPermissionProvider);
        Assert.assertTrue(this.permissionProvider.isGranted(TreeLocation.create(this.testSession.getLatestRoot(), "/jcr:system/jcr:versionStorage/non/existing/tree"), 2097151L));
    }
}
