package org.geoserver.security.impl;

import java.util.Properties;
import java.util.Set;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.security.AccessMode;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/geoserver/security/impl/DefaultDataAccessManagerTreeTest.class */
public class DefaultDataAccessManagerTreeTest extends AbstractAuthorizationTest {
    @Before
    public void setupCatalog() {
        populateCatalog();
    }

    private SecureTreeNode buildTree(String str) throws Exception {
        Properties properties = new Properties();
        properties.load(getClass().getResourceAsStream(str));
        return new DefaultResourceAccessManager(new MemoryDataAccessRuleDAO(this.catalog, properties), this.catalog).root;
    }

    @Test
    public void testWideOpen() throws Exception {
        SecureTreeNode buildTree = buildTree("wideOpen.properties");
        Assert.assertEquals(0L, buildTree.children.size());
        Assert.assertEquals(1L, buildTree.getAuthorizedRoles(AccessMode.READ).size());
        Assert.assertEquals(1L, buildTree.getAuthorizedRoles(AccessMode.WRITE).size());
        Assert.assertTrue(buildTree.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertTrue(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
    }

    @Test
    public void testLockedDown() throws Exception {
        SecureTreeNode buildTree = buildTree("lockedDown.properties");
        Assert.assertEquals(0L, buildTree.children.size());
        Set authorizedRoles = buildTree.getAuthorizedRoles(AccessMode.READ);
        Assert.assertEquals(1L, authorizedRoles.size());
        Assert.assertTrue(authorizedRoles.contains("WRITER"));
        Set authorizedRoles2 = buildTree.getAuthorizedRoles(AccessMode.WRITE);
        Assert.assertEquals(1L, authorizedRoles2.size());
        Assert.assertTrue(authorizedRoles2.contains("WRITER"));
        Assert.assertFalse(buildTree.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
        Assert.assertFalse(buildTree.canAccess(this.roUser, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.roUser, AccessMode.WRITE));
        Assert.assertTrue(buildTree.canAccess(this.rwUser, AccessMode.READ));
        Assert.assertTrue(buildTree.canAccess(this.rwUser, AccessMode.WRITE));
    }

    @Test
    public void testPublicRead() throws Exception {
        SecureTreeNode buildTree = buildTree("publicRead.properties");
        Assert.assertEquals(0L, buildTree.children.size());
        Assert.assertEquals(SecureTreeNode.EVERYBODY, buildTree.getAuthorizedRoles(AccessMode.READ));
        Set authorizedRoles = buildTree.getAuthorizedRoles(AccessMode.WRITE);
        Assert.assertEquals(1L, authorizedRoles.size());
        Assert.assertTrue(authorizedRoles.contains("WRITER"));
        Assert.assertTrue(buildTree.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
        Assert.assertTrue(buildTree.canAccess(this.roUser, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.roUser, AccessMode.WRITE));
        Assert.assertTrue(buildTree.canAccess(this.rwUser, AccessMode.READ));
        Assert.assertTrue(buildTree.canAccess(this.rwUser, AccessMode.WRITE));
    }

    @Test
    public void testComplex() throws Exception {
        SecureTreeNode buildTree = buildTree("complex.properties");
        Assert.assertEquals(2L, buildTree.children.size());
        SecureTreeNode child = buildTree.getChild("topp");
        Assert.assertNotNull(child);
        Assert.assertEquals(4L, child.children.size());
        SecureTreeNode child2 = child.getChild("states");
        SecureTreeNode child3 = child.getChild("landmarks");
        SecureTreeNode child4 = child.getChild("bases");
        Assert.assertNotNull(child2);
        Assert.assertNotNull(child3);
        Assert.assertNotNull(child4);
        Assert.assertFalse(buildTree.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
        Assert.assertTrue(child.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertFalse(child2.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertTrue(child3.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertFalse(child3.canAccess(this.anonymous, AccessMode.WRITE));
        Assert.assertFalse(child4.canAccess(this.anonymous, AccessMode.READ));
        Assert.assertTrue(buildTree.canAccess(this.roUser, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.roUser, AccessMode.WRITE));
        Assert.assertTrue(child.canAccess(this.roUser, AccessMode.READ));
        Assert.assertTrue(child2.canAccess(this.roUser, AccessMode.READ));
        Assert.assertTrue(child3.canAccess(this.roUser, AccessMode.READ));
        Assert.assertFalse(child3.canAccess(this.roUser, AccessMode.WRITE));
        Assert.assertFalse(child4.canAccess(this.roUser, AccessMode.READ));
        Assert.assertTrue(buildTree.canAccess(this.rwUser, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.rwUser, AccessMode.WRITE));
        Assert.assertTrue(child.canAccess(this.rwUser, AccessMode.READ));
        Assert.assertTrue(child2.canAccess(this.rwUser, AccessMode.WRITE));
        Assert.assertTrue(child3.canAccess(this.rwUser, AccessMode.READ));
        Assert.assertTrue(child3.canAccess(this.rwUser, AccessMode.WRITE));
        Assert.assertFalse(child4.canAccess(this.rwUser, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.milUser, AccessMode.READ));
        Assert.assertFalse(buildTree.canAccess(this.milUser, AccessMode.WRITE));
        Assert.assertTrue(child.canAccess(this.milUser, AccessMode.READ));
        Assert.assertFalse(child2.canAccess(this.milUser, AccessMode.WRITE));
        Assert.assertTrue(child3.canAccess(this.milUser, AccessMode.READ));
        Assert.assertFalse(child3.canAccess(this.milUser, AccessMode.WRITE));
        Assert.assertTrue(child4.canAccess(this.milUser, AccessMode.READ));
        Assert.assertTrue(child4.canAccess(this.milUser, AccessMode.WRITE));
    }

    @Test
    public void testBuildInFunctionResourceFilter() throws Exception {
        DefaultResourceAccessManager buildManager = buildManager("complex.properties");
        Assert.assertEquals("[[ NOT [ in([id], [arc.grid-id]) = true ] ] AND [ NOT [ in([id], [bases-id]) = true ] ]]", buildManager.buildInFunctionResourceFilter(this.rwUser, ResourceInfo.class).toString());
        Assert.assertEquals("[[ NOT [ in([id], [arc.grid-lid]) = true ] ] AND [ NOT [ in([id], [bases-lid]) = true ] ]]", buildManager.buildInFunctionResourceFilter(this.rwUser, WorkspaceInfo.class).toString());
    }
}
