package org.apache.jackrabbit.oak.security.authorization.permission;

import java.security.Principal;
import java.util.Collections;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.class */
public class TreePermissionImplTest extends AbstractSecurityTest implements AccessControlConstants {
    private static final String TEST_PATH = "/test";
    private AuthorizationConfiguration config;
    private Principal testPrincipal;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "test", "nt:unstructured");
        this.root.commit();
        this.config = (AuthorizationConfiguration) getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
        this.testPrincipal = getTestUser().getPrincipal();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.getTree(TEST_PATH).remove();
            if (this.root.hasPendingChanges()) {
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    private TreePermission getTreePermission() throws Exception {
        ContentSession createTestSession = createTestSession();
        return this.config.getPermissionProvider(createTestSession.getLatestRoot(), createTestSession.getWorkspaceName(), createTestSession.getAuthInfo().getPrincipals()).getTreePermission(this.root.getTree(TEST_PATH), TreePermission.EMPTY);
    }

    @Test
    public void testCanReadProperties() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, TEST_PATH);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("rep:readProperties"), false);
        accessControlManager.setPolicy(TEST_PATH, accessControlList);
        this.root.commit();
        TreePermission treePermission = getTreePermission();
        Assert.assertFalse(treePermission.canReadProperties());
        Assert.assertTrue(treePermission.canRead());
        Assert.assertFalse(treePermission.canReadProperties());
    }

    @Test
    public void testCanReadProperties2() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, TEST_PATH);
        accessControlList.addEntry(getTestUser().getPrincipal(), privilegesFromNames("jcr:read"), true);
        accessControlManager.setPolicy(TEST_PATH, accessControlList);
        this.root.commit();
        Tree addChild = TreeUtil.addChild(this.root.getTree("/test/rep:policy"), "ace2", "rep:DenyACE");
        addChild.setProperty("rep:privileges", Collections.singleton("rep:readProperties"), Type.NAMES);
        addChild.setProperty("rep:principalName", getTestUser().getPrincipal().getName());
        this.root.commit();
        TreePermission treePermission = getTreePermission();
        Assert.assertFalse(treePermission.canReadProperties());
        Assert.assertTrue(treePermission.canRead());
        Assert.assertFalse(treePermission.canReadProperties());
    }

    @Test
    public void testCanReadAll() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, TEST_PATH);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:all"), true);
        accessControlManager.setPolicy(TEST_PATH, accessControlList);
        this.root.commit();
        TreePermission treePermission = getTreePermission();
        Assert.assertFalse(treePermission.canReadAll());
        Assert.assertTrue(treePermission.canRead());
        Assert.assertFalse(treePermission.canReadAll());
    }
}
