package org.apache.kylin.rest.controller.open;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.persistence.AclEntity;
import org.apache.kylin.common.persistence.RootPersistentEntity;
import org.apache.kylin.common.util.JsonUtil;
import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
import org.apache.kylin.metadata.project.NProjectManager;
import org.apache.kylin.rest.request.AccessRequest;
import org.apache.kylin.rest.request.BatchProjectPermissionRequest;
import org.apache.kylin.rest.request.ProjectPermissionRequest;
import org.apache.kylin.rest.response.AccessEntryResponse;
import org.apache.kylin.rest.security.AclEntityFactory;
import org.apache.kylin.rest.security.AclPermission;
import org.apache.kylin.rest.service.AccessService;
import org.apache.kylin.rest.service.AclTCRService;
import org.apache.kylin.rest.service.ProjectService;
import org.apache.kylin.rest.service.UserService;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.http.MediaType;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;

/* loaded from: input_file:org/apache/kylin/rest/controller/open/OpenAccessControllerTest.class */
public class OpenAccessControllerTest extends NLocalFileMetadataTestCase {
    private MockMvc mockMvc;

    @Mock
    private AccessService accessService;

    @Mock
    private UserService userService;

    @Mock
    private AclTCRService aclTCRService;

    @Mock
    private ProjectService projectService;

    @InjectMocks
    private OpenAccessController openAccessController = (OpenAccessController) Mockito.spy(new OpenAccessController());
    private final Authentication authentication = new TestingAuthenticationToken("ADMIN", "ADMIN", new String[]{"ROLE_ADMIN"});

    @Before
    public void setup() {
        MockitoAnnotations.initMocks(this);
        this.mockMvc = MockMvcBuilders.standaloneSetup(new Object[]{this.openAccessController}).defaultRequest(MockMvcRequestBuilders.get("/", new Object[0])).build();
        SecurityContextHolder.getContext().setAuthentication(this.authentication);
        createTestMetadata(new String[0]);
    }

    @After
    public void tearDown() {
        cleanupTestMetadata();
    }

    @Test
    public void testGetProjectAccessPermissions() throws Exception {
        ((AccessService) Mockito.doNothing().when(this.accessService)).grant(this.accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b"), "1", true, "ADMIN");
        PrincipalSid principalSid = new PrincipalSid("user1");
        Permission permission = BasePermission.ADMINISTRATION;
        AccessEntryResponse accessEntryResponse = new AccessEntryResponse("1L", principalSid, permission, false);
        ArrayList arrayList = new ArrayList();
        arrayList.add(accessEntryResponse);
        arrayList.add(new AccessEntryResponse("1L", new GrantedAuthoritySid("group1"), permission, false));
        Mockito.when(this.accessService.generateAceResponsesByFuzzMatching((AclEntity) null, "test", false)).thenReturn(arrayList);
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/project", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).param("name", new String[]{"test"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).getProjectAccessPermissions("default", "test", false, 0, 10);
    }

    @Test
    public void testGrantProjectPermission() throws Exception {
        BatchProjectPermissionRequest batchProjectPermissionRequest = new BatchProjectPermissionRequest();
        batchProjectPermissionRequest.setProject("default");
        batchProjectPermissionRequest.setType("user");
        batchProjectPermissionRequest.setPermission("QUERY");
        batchProjectPermissionRequest.setNames(Lists.newArrayList(new String[]{"test"}));
        this.mockMvc.perform(MockMvcRequestBuilders.post("/api/access/project", new Object[0]).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(batchProjectPermissionRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).grantProjectPermission(batchProjectPermissionRequest);
    }

    @Test
    public void testUpdateProjectPermission() throws Exception {
        ProjectPermissionRequest projectPermissionRequest = new ProjectPermissionRequest();
        projectPermissionRequest.setProject("default");
        projectPermissionRequest.setType("user");
        projectPermissionRequest.setPermission("QUERY");
        projectPermissionRequest.setName("test");
        this.mockMvc.perform(MockMvcRequestBuilders.put("/api/access/project", new Object[0]).contentType(MediaType.APPLICATION_JSON).content(JsonUtil.writeValueAsString(projectPermissionRequest)).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).updateProjectPermission(projectPermissionRequest);
    }

    @Test
    public void testRevokeProjectPermission() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AccessEntryResponse());
        Mockito.when(this.accessService.generateAceResponsesByFuzzMatching((AclEntity) null, "test", false)).thenReturn(arrayList);
        ((AccessService) Mockito.doNothing().when(this.accessService)).grant(this.accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b"), "1", true, "ADMIN");
        this.mockMvc.perform(MockMvcRequestBuilders.delete("/api/access/project", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).param("type", new String[]{"user"}).param("name", new String[]{"test"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).revokeProjectPermission("default", "user", "test");
    }

    @Test
    public void testRevokeProjectPermissionWithException() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.delete("/api/access/project", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("project", new String[]{"default"}).param("type", new String[]{"user"}).param("name", new String[]{"test"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isInternalServerError()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).revokeProjectPermission("default", "user", "test");
    }

    @Test
    public void testGetUserOrGroupAclPermissions() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/acls", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("type", new String[]{"user"}).param("name", new String[]{"test"}).param("project", new String[]{"default"}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).getUserOrGroupAclPermissions("user", "test", "default");
    }

    @Test
    public void testGetUserOrGroupAclPermissionsWithProjectBlank() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/acls", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("type", new String[]{"user"}).param("name", new String[]{"test"}).param("project", new String[]{""}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isOk()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).getUserOrGroupAclPermissions("user", "test", "");
    }

    @Test
    public void testGetUserOrGroupAclPermissionsWithTypeError() throws Exception {
        this.mockMvc.perform(MockMvcRequestBuilders.get("/api/access/acls", new Object[0]).contentType(MediaType.APPLICATION_JSON).param("type", new String[]{"error"}).param("name", new String[]{"test"}).param("project", new String[]{""}).accept(new MediaType[]{MediaType.parseMediaType("application/vnd.apache.kylin-v4-public+json")})).andExpect(MockMvcResultMatchers.status().isInternalServerError()).andReturn();
        ((OpenAccessController) Mockito.verify(this.openAccessController)).getUserOrGroupAclPermissions("error", "test", "");
    }

    @Test
    public void testConvertAccessRequests() {
        RootPersistentEntity createAclEntity = AclEntityFactory.createAclEntity("ProjectInstance", NProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject("default").getUuid());
        BatchProjectPermissionRequest batchProjectPermissionRequest = new BatchProjectPermissionRequest();
        batchProjectPermissionRequest.setNames(Lists.newArrayList(new String[]{"U5", "newUser"}));
        batchProjectPermissionRequest.setPermission("ADMIN");
        batchProjectPermissionRequest.setProject("default");
        batchProjectPermissionRequest.setType("user");
        List convertBatchPermissionRequestToAccessRequests = this.openAccessController.convertBatchPermissionRequestToAccessRequests(createAclEntity, batchProjectPermissionRequest);
        Assert.assertEquals("U5", ((AccessRequest) convertBatchPermissionRequestToAccessRequests.get(0)).getSid());
        Assert.assertEquals("newUser", ((AccessRequest) convertBatchPermissionRequestToAccessRequests.get(1)).getSid());
        batchProjectPermissionRequest.setType("group");
        batchProjectPermissionRequest.setNames(Lists.newArrayList(new String[]{"newGroup"}));
        Assert.assertEquals("newGroup", ((AccessRequest) this.openAccessController.convertBatchPermissionRequestToAccessRequests(createAclEntity, batchProjectPermissionRequest).get(0)).getSid());
    }

    @Test
    public void testConvertAceResponseToProjectPermissionResponse() throws Exception {
        ProjectPermissionRequest projectPermissionRequest = new ProjectPermissionRequest();
        projectPermissionRequest.setProject("default");
        projectPermissionRequest.setType("user");
        projectPermissionRequest.setPermission("OPERATION");
        projectPermissionRequest.setName("test");
        this.openAccessController.updateProjectPermission(projectPermissionRequest);
        ProjectPermissionRequest projectPermissionRequest2 = new ProjectPermissionRequest();
        projectPermissionRequest2.setProject("default");
        projectPermissionRequest2.setType("group");
        projectPermissionRequest2.setPermission("OPERATION");
        projectPermissionRequest2.setName("ALL_USERS");
        this.openAccessController.updateProjectPermission(projectPermissionRequest2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AccessEntryResponse("1L", new PrincipalSid("test"), AclPermission.OPERATION, false));
        arrayList.add(new AccessEntryResponse("2L", new GrantedAuthoritySid("ALL_USERS"), AclPermission.MANAGEMENT, false));
        NProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject("default");
        Assert.assertEquals(2L, ((List) ReflectionTestUtils.invokeMethod(this.openAccessController, "convertAceResponseToProjectPermissionResponse", new Object[]{arrayList})).size());
    }
}
