package org.fcrepo.auth.roles.basic;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.fcrepo.auth.roles.common.AccessRolesProvider;
import org.fcrepo.http.commons.session.SessionFactory;
import org.fcrepo.http.commons.test.util.TestHelpers;
import org.fcrepo.kernel.impl.testutilities.TestNodeIterator;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.modeshape.jcr.value.Path;

/* loaded from: input_file:org/fcrepo/auth/roles/basic/BasicRolesAuthorizationDelegateRemoveChildrenRecursiveTest.class */
public class BasicRolesAuthorizationDelegateRemoveChildrenRecursiveTest {
    private static final String[] REMOVE_ACTION = {"remove"};
    private BasicRolesAuthorizationDelegate authorizationDelegate;

    @Mock
    private AccessRolesProvider accessRolesProvider;

    @Mock
    private SessionFactory sessionFactory;

    @Mock
    private Session mockSession;

    @Mock
    private Principal principal;
    private Set<Principal> allPrincipals;

    @Mock
    private Path parentPath;

    @Mock
    private Node parentNode;

    @Mock
    private Path writablePath;

    @Mock
    private Node writableNode;

    @Mock
    private Path readablePath;

    @Mock
    private Node readableNode;

    @Mock
    private Path noAclPath;

    @Mock
    private Node noAclNode;

    @Before
    public void setUp() throws RepositoryException {
        MockitoAnnotations.initMocks(this);
        this.authorizationDelegate = new BasicRolesAuthorizationDelegate();
        TestHelpers.setField(this.authorizationDelegate, "accessRolesProvider", this.accessRolesProvider);
        TestHelpers.setField(this.authorizationDelegate, "sessionFactory", this.sessionFactory);
        Mockito.when(this.sessionFactory.getInternalSession()).thenReturn(this.mockSession);
        Mockito.when(this.principal.getName()).thenReturn("user");
        this.allPrincipals = Collections.singleton(this.principal);
        Mockito.when(this.mockSession.getAttribute("fedora-user-principal")).thenReturn(this.principal);
        Mockito.when(this.mockSession.getAttribute("fedora-all-principals")).thenReturn(this.allPrincipals);
        Map singletonMap = Collections.singletonMap("user", Arrays.asList("writer"));
        Map singletonMap2 = Collections.singletonMap("user", Arrays.asList("reader"));
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.parentPath, this.mockSession)).thenReturn(singletonMap);
        Mockito.when(this.accessRolesProvider.getRoles(this.parentNode, false)).thenReturn(singletonMap);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.writablePath, this.mockSession)).thenReturn(singletonMap);
        Mockito.when(this.accessRolesProvider.getRoles(this.writableNode, false)).thenReturn(singletonMap);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.readablePath, this.mockSession)).thenReturn(singletonMap2);
        Mockito.when(this.accessRolesProvider.getRoles(this.readableNode, false)).thenReturn(singletonMap2);
        Mockito.when(this.accessRolesProvider.findRolesForPath(this.noAclPath, this.mockSession)).thenReturn((Object) null);
        Mockito.when(this.accessRolesProvider.getRoles(this.noAclNode, false)).thenReturn((Object) null);
        Mockito.when(this.parentPath.toString()).thenReturn("parent");
        Mockito.when(this.mockSession.getNode("parent")).thenReturn(this.parentNode);
        Mockito.when(this.parentNode.getPath()).thenReturn("parent");
        Mockito.when(this.writablePath.toString()).thenReturn("writable");
        Mockito.when(this.mockSession.getNode("writable")).thenReturn(this.writableNode);
        Mockito.when(this.writableNode.getPath()).thenReturn("writable");
        Mockito.when(this.readablePath.toString()).thenReturn("readable");
        Mockito.when(this.mockSession.getNode("readable")).thenReturn(this.readableNode);
        Mockito.when(this.readableNode.getPath()).thenReturn("readable");
        Mockito.when(this.noAclPath.toString()).thenReturn("noacl");
        Mockito.when(this.mockSession.getNode("noacl")).thenReturn(this.noAclNode);
        Mockito.when(this.noAclNode.getPath()).thenReturn("noacl");
    }

    @Test
    public void shouldPermitForChildlessNode() throws RepositoryException {
        Mockito.when(Boolean.valueOf(this.parentNode.hasNodes())).thenReturn(false);
        Assert.assertTrue("Should permit remove for childless writable node", this.authorizationDelegate.hasPermission(this.mockSession, this.parentPath, REMOVE_ACTION));
    }

    @Test
    public void shouldPermitForWritableChild() throws RepositoryException {
        Mockito.when(Boolean.valueOf(this.parentNode.hasNodes())).thenReturn(true);
        Mockito.when(this.parentNode.getNodes()).thenReturn(TestNodeIterator.nodeIterator(new Node[]{this.writableNode}));
        Assert.assertTrue("Should permit remove for writable node with writable child", this.authorizationDelegate.hasPermission(this.mockSession, this.parentPath, REMOVE_ACTION));
    }

    @Test
    public void shouldDenyForUnwritableChild() throws RepositoryException {
        Mockito.when(Boolean.valueOf(this.parentNode.hasNodes())).thenReturn(true);
        Mockito.when(this.parentNode.getNodes()).thenReturn(TestNodeIterator.nodeIterator(new Node[]{this.writableNode, this.readableNode}));
        Assert.assertFalse("Should deny remove for writable node with unwritable child", this.authorizationDelegate.hasPermission(this.mockSession, this.parentPath, REMOVE_ACTION));
    }

    @Test
    public void shouldInheritParentRolesIfNoAcl() throws RepositoryException {
        Mockito.when(Boolean.valueOf(this.parentNode.hasNodes())).thenReturn(true);
        Mockito.when(this.parentNode.getNodes()).thenReturn(TestNodeIterator.nodeIterator(new Node[]{this.noAclNode}));
        Assert.assertTrue("Should permit remove for writable node with child without an ACL", this.authorizationDelegate.hasPermission(this.mockSession, this.parentPath, REMOVE_ACTION));
    }

    @Test
    public void shouldDenyWithRecursion() throws RepositoryException {
        Mockito.when(Boolean.valueOf(this.parentNode.hasNodes())).thenReturn(true);
        Mockito.when(this.parentNode.getNodes()).thenReturn(TestNodeIterator.nodeIterator(new Node[]{this.writableNode}));
        Mockito.when(Boolean.valueOf(this.writableNode.hasNodes())).thenReturn(true);
        Mockito.when(this.writableNode.getNodes()).thenReturn(TestNodeIterator.nodeIterator(new Node[]{this.readableNode}));
        Assert.assertFalse("Should deny remove for a writable node which has an unwritable child with depth greater than one level", this.authorizationDelegate.hasPermission(this.mockSession, this.parentPath, REMOVE_ACTION));
    }
}
