package org.apache.kylin.rest.controller;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import org.apache.kylin.common.persistence.RootPersistentEntity;
import org.apache.kylin.common.util.JsonUtil;
import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
import org.apache.kylin.common.util.RandomUtil;
import org.apache.kylin.job.constant.JobStatusEnum;
import org.apache.kylin.metadata.model.NDataModel;
import org.apache.kylin.metadata.model.NDataModelManager;
import org.apache.kylin.metadata.project.ProjectInstance;
import org.apache.kylin.rest.request.AccessRequest;
import org.apache.kylin.rest.request.BatchAccessRequest;
import org.apache.kylin.rest.request.GlobalAccessRequest;
import org.apache.kylin.rest.request.GlobalBatchAccessRequest;
import org.apache.kylin.rest.security.AclPermission;
import org.apache.kylin.rest.service.AccessService;
import org.apache.kylin.rest.service.AclTCRService;
import org.apache.kylin.rest.service.ProjectService;
import org.apache.kylin.rest.service.UserAclService;
import org.apache.kylin.rest.service.UserService;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;

/* loaded from: input_file:org/apache/kylin/rest/controller/NAccessControllerTest.class */
public class NAccessControllerTest extends NLocalFileMetadataTestCase {
    private MockMvc mockMvc;

    @Mock
    private AccessService accessService;

    @Mock
    private UserAclService userAclService;

    @Mock
    private UserService userService;

    @Mock
    private AclTCRService aclTCRService;

    @Mock
    private ProjectService projectService;

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @InjectMocks
    private NAccessController nAccessController = (NAccessController) Mockito.spy(new NAccessController());
    private final Authentication authentication = new TestingAuthenticationToken("ADMIN", "ADMIN", new String[]{"ROLE_ADMIN"});
    private String type = "ProjectInstance";
    private String uuid = "u126snk32242152";
    private String sid = "user_g1";

    @Before
    public void setup() {
        MockitoAnnotations.initMocks(this);
        this.mockMvc = MockMvcBuilders.standaloneSetup(new Object[]{this.nAccessController}).defaultRequest(MockMvcRequestBuilders.get("/", new Object[0])).build();
        SecurityContextHolder.getContext().setAuthentication(this.authentication);
        createTestMetadata(new String[0]);
    }

    @After
    public void tearDown() {
        cleanupTestMetadata();
    }

    @Test
    public void testGetUserPermissionInPrj() throws Exception {
        new ArrayList().add(JobStatusEnum.NEW);
        new ArrayList();
        new Integer[1][0] = 4;
        String[] strArr = new String[0];
        Mockito.when(this.accessService.getCurrentNormalUserPermissionInProject("default")).thenReturn("ADMIN");
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/permission/project_permission", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((NAccessController) Mockito.verify(this.nAccessController)).getUserPermissionInPrj("default");
    }

    @Test
    public void testGrantPermissionForValidUser() throws Exception {
        AccessRequest accessRequest = new AccessRequest();
        accessRequest.setSid(this.sid);
        accessRequest.setPrincipal(true);
        RootPersistentEntity aclEntity = this.accessService.getAclEntity(this.type, this.uuid);
        ((UserService) Mockito.doReturn(true).when(this.userService)).userExists(this.sid);
        ((AclTCRService) Mockito.doNothing().when(this.aclTCRService)).updateAclTCR(this.uuid, (List) null);
        ((AccessService) Mockito.doNothing().when(this.accessService)).grant(aclEntity, "1", true, "ADMIN");
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(accessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).grant(this.type, this.uuid, accessRequest);
    }

    @Test
    @Ignore
    public void testGrantPermissionForInvalidUser() throws Exception {
        testGrantPermissionForUser("1/", "User/Group name should only contain alphanumerics and underscores.");
    }

    @Test
    public void testUpdateAcl() throws Exception {
        AccessRequest accessRequest = new AccessRequest();
        accessRequest.setSid(this.sid);
        accessRequest.setPrincipal(true);
        accessRequest.setPermission("OPERATION");
        accessRequest.setAccessEntryId(0);
        ((UserService) Mockito.doReturn(true).when(this.userService)).userExists(this.sid);
        ((AclTCRService) Mockito.doNothing().when(this.aclTCRService)).updateAclTCR(this.uuid, (List) null);
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(accessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).updateAcl(this.type, this.uuid, accessRequest);
    }

    @Test
    public void testRevokeAcl() throws Exception {
        ((UserService) Mockito.doReturn(true).when(this.userService)).userExists(this.sid);
        ((AclTCRService) Mockito.doNothing().when(this.aclTCRService)).revokeAclTCR(this.uuid, true);
        this.mockMvc.perform(MockMvcRequestBuilders.delete("/api/access/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).param("access_entry_id", new String[]{"1"}).param("sid", new String[]{this.sid}).param("principal", new String[]{"true"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).revokeAcl(this.type, this.uuid, 1, this.sid, true);
    }

    @Test
    public void testRevokeAclWithNotExistSid() throws Exception {
        ((AclTCRService) Mockito.doNothing().when(this.aclTCRService)).revokeAclTCR(this.uuid, false);
        this.mockMvc.perform(MockMvcRequestBuilders.delete("/api/access/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).param("access_entry_id", new String[]{"1"}).param("sid", new String[]{"NotExist"}).param("principal", new String[]{"false"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).revokeAcl(this.type, this.uuid, 1, "NotExist", false);
    }

    @Test
    public void testBatchRevokeAcl() throws Exception {
        AccessRequest accessRequest = new AccessRequest();
        accessRequest.setSid(this.sid);
        ArrayList newArrayList = Lists.newArrayList(new AccessRequest[]{accessRequest});
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/{type}/{uuid}/deletion", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(newArrayList)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).deleteAces(this.type, this.uuid, newArrayList);
    }

    @Test
    public void testGetAvailableUsersForProject() throws Exception {
        ArrayList newArrayList = Lists.newArrayList();
        newArrayList.add(Mockito.mock(ProjectInstance.class));
        ((ProjectService) Mockito.doReturn(newArrayList).when(this.projectService)).getReadableProjects("default", true);
        ((AccessService) Mockito.doReturn(new HashSet()).when(this.accessService)).getProjectAdminUsers("default");
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/available/{entity_type:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).param("model", new String[]{this.uuid}).param("name", new String[]{""}).param("is_case_sensitive", new String[]{"false"}).param("page_offset", new String[]{"0"}).param("page_size", new String[]{"10"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).getAvailableUsers(this.type, "default", this.uuid, "", false, 0, 10);
    }

    @Test
    public void testGetGlobalUserAccessEntities() throws Exception {
        ((UserAclService) Mockito.doReturn(true).when(this.userAclService)).hasUserAclPermission(this.sid, AclPermission.DATA_QUERY);
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/global/permission/{permissionType:.+}/{sid:.+}", new Object[]{this.type, this.sid}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).param("sid", new String[]{this.sid}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).getGlobalUserAccessEntities(this.type, this.sid);
    }

    @Test
    public void testGetAllGlobalUsersAccessEntities() throws Exception {
        ((UserAclService) Mockito.doReturn(Collections.emptyList()).when(this.userAclService)).listUserAcl();
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/global/permission/user_acls", new Object[]{this.type, this.sid}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).param("sid", new String[]{this.sid}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).getAllGlobalUsersAccessEntities();
    }

    @Test
    public void testAddGlobalUserAccessEntities() throws Exception {
        GlobalAccessRequest globalAccessRequest = new GlobalAccessRequest();
        globalAccessRequest.setEnabled(true);
        globalAccessRequest.setQueryPermission(true);
        globalAccessRequest.setUsername(this.sid);
        ((UserAclService) Mockito.doNothing().when(this.userAclService)).grantUserAclPermission(globalAccessRequest, "DATA_QUERY");
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/global/permission/{permissionType:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).content(JsonUtil.writeValueAsString(globalAccessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).addGlobalUserAccessEntities(this.type, globalAccessRequest);
        globalAccessRequest.setEnabled(false);
        ((UserAclService) Mockito.doNothing().when(this.userAclService)).revokeUserAclPermission(globalAccessRequest, "DATA_QUERY");
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/global/permission/{permissionType:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).content(JsonUtil.writeValueAsString(globalAccessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).addGlobalUserAccessEntities(this.type, globalAccessRequest);
    }

    @Test
    public void testAddProjectToUserAcl() throws Exception {
        GlobalAccessRequest globalAccessRequest = new GlobalAccessRequest();
        globalAccessRequest.setUsername(this.sid);
        globalAccessRequest.setProject("default");
        ((UserAclService) Mockito.doNothing().when(this.userAclService)).addProjectToUserAcl(globalAccessRequest, "data_query");
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/global/permission/project/{permissionType:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).content(JsonUtil.writeValueAsString(globalAccessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).addProjectToUserAcl(this.type, globalAccessRequest);
    }

    @Test
    public void testDeleteProjectToUserAcl() throws Exception {
        GlobalAccessRequest globalAccessRequest = new GlobalAccessRequest();
        globalAccessRequest.setUsername(this.sid);
        globalAccessRequest.setProject("default");
        ((UserAclService) Mockito.doNothing().when(this.userAclService)).deleteProjectFromUserAcl(globalAccessRequest, "data_query");
        this.mockMvc.perform(MockMvcRequestBuilders.delete("/api/access/global/permission/project/{permissionType:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).content(JsonUtil.writeValueAsString(globalAccessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).deleteProjectFromUserAcl(this.type, globalAccessRequest);
    }

    @Test
    public void testBatchAddGlobalUserAccessEntities() throws Exception {
        GlobalBatchAccessRequest globalBatchAccessRequest = new GlobalBatchAccessRequest();
        globalBatchAccessRequest.setEnabled(true);
        globalBatchAccessRequest.setQueryPermission(true);
        globalBatchAccessRequest.setUsernameList(Arrays.asList(this.sid, "user_g2"));
        ((UserAclService) Mockito.doNothing().when(this.userAclService)).grantUserAclPermission(globalBatchAccessRequest, "DATA_QUERY");
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/global/batch/permission/{permissionType:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).content(JsonUtil.writeValueAsString(globalBatchAccessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).batchAddGlobalUserAccessEntities(this.type, globalBatchAccessRequest);
        globalBatchAccessRequest.setEnabled(false);
        ((UserAclService) Mockito.doNothing().when(this.userAclService)).revokeUserAclPermission(globalBatchAccessRequest, "DATA_QUERY");
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/global/batch/permission/{permissionType:.+}", new Object[]{this.type}).contentType(MediaType.APPLICATION_JSON).param("permissionType", new String[]{this.type}).content(JsonUtil.writeValueAsString(globalBatchAccessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).batchAddGlobalUserAccessEntities(this.type, globalBatchAccessRequest);
    }

    @Test
    public void testGetProjectUsersAndGroups() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/{uuid:.+}/all", new Object[]{this.uuid}).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).getProjectUsersAndGroups(this.uuid);
    }

    @Test
    public void testGetAvailableUsersForModel() throws Exception {
        NDataModelManager nDataModelManager = (NDataModelManager) Mockito.mock(NDataModelManager.class);
        ((NDataModelManager) Mockito.doReturn((NDataModel) Mockito.mock(NDataModel.class)).when(nDataModelManager)).getDataModelDesc(this.uuid);
        ((ProjectService) Mockito.doReturn(nDataModelManager).when(this.projectService)).getManager(NDataModelManager.class, "default");
        ((AccessService) Mockito.doReturn(new HashSet()).when(this.accessService)).getProjectManagementUsers("default");
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/available/{entity_type:.+}", new Object[]{"NDataModel"}).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).param("model", new String[]{this.uuid}).param("name", new String[]{""}).param("is_case_sensitive", new String[]{"false"}).param("page_offset", new String[]{"0"}).param("page_size", new String[]{"10"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).getAvailableUsers("NDataModel", "default", this.uuid, "", false, 0, 10);
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/available/{entity_type:.+}", new Object[]{"NDataModel"}).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).param("model", new String[]{RandomUtil.randomUUIDStr()}).param("name", new String[]{""}).param("is_case_sensitive", new String[]{"false"}).param("page_offset", new String[]{"0"}).param("page_size", new String[]{"10"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isInternalServerError());
        ((NAccessController) Mockito.verify(this.nAccessController)).getAvailableUsers("NDataModel", "default", this.uuid, "", false, 0, 10);
    }

    private void testGrantPermissionForUser(String str, String str2) throws Exception {
        AccessRequest accessRequest = new AccessRequest();
        accessRequest.setSid(str);
        ((AccessService) Mockito.doNothing().when(this.accessService)).grant(this.accessService.getAclEntity(this.type, this.uuid), "1", true, "ADMIN");
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(accessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.content().string(CoreMatchers.containsString(str2)));
        ((NAccessController) Mockito.verify(this.nAccessController)).grant(this.type, this.uuid, accessRequest);
    }

    @Test
    public void testBatchGrant() throws Exception {
        BatchAccessRequest batchAccessRequest = new BatchAccessRequest();
        batchAccessRequest.setSids(Lists.newArrayList(new String[]{this.sid}));
        batchAccessRequest.setPrincipal(true);
        ArrayList newArrayList = Lists.newArrayList(new BatchAccessRequest[]{batchAccessRequest});
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/batch/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(newArrayList)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).batchGrant(this.type, this.uuid, true, newArrayList);
    }

    @Test
    public void testBatchGrantDuplicateName() throws Exception {
        BatchAccessRequest batchAccessRequest = new BatchAccessRequest();
        batchAccessRequest.setSids(Lists.newArrayList(new String[]{this.sid, this.sid}));
        batchAccessRequest.setPrincipal(true);
        ArrayList newArrayList = Lists.newArrayList(new BatchAccessRequest[]{batchAccessRequest});
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/batch/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(newArrayList)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isInternalServerError());
        ((NAccessController) Mockito.verify(this.nAccessController)).batchGrant(this.type, this.uuid, true, newArrayList);
    }

    @Test
    public void testupdateExtensionAcl() throws Exception {
        AccessRequest accessRequest = new AccessRequest();
        accessRequest.setSid(this.sid);
        accessRequest.setPrincipal(true);
        accessRequest.setExtPermissions(Collections.singletonList("DATA_QUERY"));
        ((UserService) Mockito.doReturn(true).when(this.userService)).userExists(this.sid);
        ((AclTCRService) Mockito.doNothing().when(this.aclTCRService)).updateAclTCR(this.uuid, (List) null);
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/extension/{type}/{uuid}", new Object[]{this.type, this.uuid}).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(accessRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4+json")})).andExpect(MockMvcResultMatchers.status().isOk());
        ((NAccessController) Mockito.verify(this.nAccessController)).updateExtensionAcl(this.type, this.uuid, accessRequest);
    }
}
