package org.apache.jackrabbit.oak.security.authorization.restriction;

import java.util.Collections;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/restriction/CurrentRestrictionTest.class */
public class CurrentRestrictionTest extends AbstractRestrictionTest {
    @Override // org.apache.jackrabbit.oak.security.authorization.restriction.AbstractRestrictionTest
    boolean addEntry(@NotNull JackrabbitAccessControlList jackrabbitAccessControlList) {
        return false;
    }

    @Test
    public void testDefinedProperties() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/a/d/b/e/c");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true, Collections.emptyMap(), ImmutableMap.of("rep:current", new Value[]{this.vf.createValue("jcr:primaryType"), this.vf.createValue("jcr:mixinTypes")}));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        Root latestRoot = this.testSession.getLatestRoot();
        Assert.assertFalse(latestRoot.getTree("/a").exists());
        Tree tree = latestRoot.getTree("/a/d/b/e/c");
        Assert.assertTrue(tree.exists());
        Assert.assertTrue(tree.hasProperty("jcr:primaryType"));
        Assert.assertTrue(tree.hasProperty("jcr:mixinTypes"));
        Assert.assertFalse(tree.hasProperty("prop"));
        Assert.assertFalse(tree.hasProperty("a"));
        Assert.assertEquals(2L, tree.getPropertyCount());
        Assert.assertEquals(0L, tree.getChildrenCount(1L));
    }

    @Test
    public void testNoProperties() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/a/d/b/e/c");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true, Collections.emptyMap(), Collections.singletonMap("rep:current", new Value[0]));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        Root latestRoot = this.testSession.getLatestRoot();
        Assert.assertFalse(latestRoot.getTree("/a").exists());
        Tree tree = latestRoot.getTree("/a/d/b/e/c");
        Assert.assertTrue(tree.exists());
        Assert.assertEquals(0L, tree.getPropertyCount());
        Assert.assertEquals(0L, tree.getChildrenCount(1L));
    }

    @Test
    public void testAllProperties() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/a/d/b/e/c");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true, Collections.emptyMap(), Collections.singletonMap("rep:current", new Value[]{this.vf.createValue("*")}));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        Root latestRoot = this.testSession.getLatestRoot();
        Assert.assertFalse(latestRoot.getTree("/a").exists());
        Tree tree = latestRoot.getTree("/a/d/b/e/c");
        Assert.assertTrue(tree.exists());
        Assert.assertTrue(tree.hasProperty("jcr:primaryType"));
        Assert.assertTrue(tree.hasProperty("jcr:mixinTypes"));
        Assert.assertTrue(tree.hasProperty("prop"));
        Assert.assertTrue(tree.hasProperty("a"));
        Assert.assertFalse(tree.hasChild("f"));
        Assert.assertEquals(4L, tree.getPropertyCount());
        Assert.assertEquals(0L, tree.getChildrenCount(1L));
    }

    @Test
    public void testSetProperties() throws Exception {
        PropertyState createProperty = PropertyStates.createProperty("prop", "value");
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/a");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:modifyProperties"), true, Collections.emptyMap(), Collections.singletonMap("rep:current", new Value[]{this.vf.createValue("prop")}));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        Root latestRoot = this.testSession.getLatestRoot();
        Tree tree = latestRoot.getTree("/a");
        Assert.assertTrue(tree.exists());
        tree.setProperty(createProperty);
        latestRoot.commit();
        try {
            tree.setProperty(PropertyStates.createProperty("another", "value"));
            latestRoot.commit();
            Assert.fail();
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isAccessViolation());
        }
        Tree tree2 = latestRoot.getTree("/a/d/b/e/c");
        Assert.assertTrue(tree2.exists());
        try {
            tree2.setProperty(createProperty);
            latestRoot.commit();
            Assert.fail();
        } catch (CommitFailedException e2) {
            Assert.assertTrue(e2.isAccessViolation());
        }
    }

    @Test
    public void testAddChildNodes() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/a");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:addChildNodes"), true, Collections.emptyMap(), Collections.singletonMap("rep:current", new Value[0]));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        Root latestRoot = this.testSession.getLatestRoot();
        Tree tree = latestRoot.getTree("/a");
        Assert.assertTrue(tree.exists());
        TreeUtil.addChild(tree, "child", "oak:Unstructured");
        latestRoot.commit();
        Tree tree2 = latestRoot.getTree("/a/d/b/e/c");
        Assert.assertTrue(tree2.exists());
        try {
            TreeUtil.addChild(tree2, "child", "oak:Unstructured");
            latestRoot.commit();
            Assert.fail();
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isAccessViolation());
        }
    }
}
