package org.apache.jackrabbit.oak.security.authorization.permission;

import java.security.Principal;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.class */
public class TreePermissionImplTest extends AbstractSecurityTest implements AccessControlConstants {
    private AuthorizationConfiguration config;
    private Principal testPrincipal;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).addChild(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, "nt:unstructured");
        this.root.commit();
        this.config = (AuthorizationConfiguration) getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
        this.testPrincipal = getTestUser().getPrincipal();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.getTree("/test").remove();
            if (this.root.hasPendingChanges()) {
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    private TreePermission getTreePermission(String str) throws Exception {
        ContentSession createTestSession = createTestSession();
        return this.config.getPermissionProvider(createTestSession.getLatestRoot(), createTestSession.getWorkspaceName(), createTestSession.getAuthInfo().getPrincipals()).getTreePermission(this.root.getTree(str), TreePermission.EMPTY);
    }

    @Test
    public void testCanReadProperties() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/test");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("rep:readProperties"), false);
        accessControlManager.setPolicy("/test", accessControlList);
        this.root.commit();
        TreePermission treePermission = getTreePermission("/test");
        Assert.assertFalse(treePermission.canReadProperties());
        Assert.assertTrue(treePermission.canRead());
        Assert.assertFalse(treePermission.canReadProperties());
    }

    @Test
    public void testCanReadProperties2() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/test");
        accessControlList.addEntry(getTestUser().getPrincipal(), privilegesFromNames("jcr:read"), true);
        accessControlManager.setPolicy("/test", accessControlList);
        this.root.commit();
        NodeUtil addChild = new NodeUtil(this.root.getTree("/test/rep:policy")).addChild("ace2", "rep:DenyACE");
        addChild.setNames("rep:privileges", new String[]{"rep:readProperties"});
        addChild.setString("rep:principalName", getTestUser().getPrincipal().getName());
        this.root.commit();
        TreePermission treePermission = getTreePermission("/test");
        Assert.assertFalse(treePermission.canReadProperties());
        Assert.assertTrue(treePermission.canRead());
        Assert.assertFalse(treePermission.canReadProperties());
    }
}
