package com.atlassian.confluence.springit.denormalisedpermissions;

import com.atlassian.confluence.internal.security.SpacePermissionContext;
import com.atlassian.confluence.internal.security.ThreadLocalPermissionsCacheInternal;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.spaces.Space;
import com.atlassian.confluence.spaces.SpacesQuery;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.ConfluenceUser;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/atlassian/confluence/springit/denormalisedpermissions/IntegrationTestDenormalisedSpacePermissions.class */
public class IntegrationTestDenormalisedSpacePermissions extends AbstractDenormalisedPermissionsIntegrationTestBase {
    private static final ConfluenceUser anonymousUser = null;
    private static final boolean ALLOWED = true;
    private static final boolean RESTRICTED = false;
    private ConfluenceUser unlicensedUser;
    private ConfluenceUser userX;
    private Space spaceAllowedForUserXOnly;
    private Space spacePermittedForAuthenticatedUsers;
    private Space spaceWithAnonymousAccess;
    private Space spaceWithoutAnonymousAccess;

    @Before
    public void init() throws InterruptedException {
        AuthenticatedUserThreadLocal.set(this.admin);
        enableGlobalAnonymousAccess(false);
        this.denormalisedPermissionStateManager.disableService(true);
        doInTransaction(transactionStatus -> {
            this.unlicensedUser = this.state.makeUser("unlicensed", "Unlicensed");
            this.spacePermissionManager.savePermission(SpacePermission.createUserSpacePermission("USECONFLUENCE", (Space) null, this.unlicensedUser));
            this.spaceAllowedForUserXOnly = this.state.storeAndGetTestSpace("Space without permissions");
            this.spacePermittedForAuthenticatedUsers = this.state.storeAndGetTestSpace("Space permitted for authenticated users");
            this.spacePermissionManager.savePermission(SpacePermission.createAuthenticatedUsersSpacePermission("VIEWSPACE", this.spacePermittedForAuthenticatedUsers));
            this.spaceWithAnonymousAccess = this.state.storeAndGetTestSpace("Space with anonymous access");
            this.spacePermissionManager.savePermission(SpacePermission.createUserSpacePermission("VIEWSPACE", this.spaceWithAnonymousAccess, (ConfluenceUser) null), SpacePermissionContext.createDefault());
            this.spaceWithoutAnonymousAccess = this.state.storeAndGetTestSpace("Space without anonymous access");
            this.userX = this.state.makeUser("user_x", "Space user X");
            this.spacePermissionManager.savePermission(SpacePermission.createUserSpacePermission("USECONFLUENCE", (Space) null, this.userX));
            this.spacePermissionManager.savePermission(SpacePermission.createUserSpacePermission("VIEWSPACE", this.spaceAllowedForUserXOnly, this.userX));
            return null;
        });
    }

    @After
    public void destroy() throws InterruptedException {
        enableGlobalAnonymousAccess(false);
        disableServiceAndWaitUntilItsReady();
    }

    @Test
    public void checkAnonymousAccessWithGlobalAnonymousEnabled() throws InterruptedException {
        enableGlobalAnonymousAccess(true);
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, anonymousUser, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spaceWithoutAnonymousAccess, anonymousUser, "VIEWSPACE", false);
        enableServiceAndWaitUntilItsReady();
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, null, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spaceWithoutAnonymousAccess, null, "VIEWSPACE", false);
    }

    @Test
    public void checkAnonymousAccessWithGlobalAnonymousDisabled() throws InterruptedException {
        enableGlobalAnonymousAccess(false);
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, anonymousUser, "VIEWSPACE", false);
        checkIfSpaceIsAvailableForUser(this.spaceWithoutAnonymousAccess, anonymousUser, "VIEWSPACE", false);
        enableServiceAndWaitUntilItsReady();
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, anonymousUser, "VIEWSPACE", false);
        checkIfSpaceIsAvailableForUser(this.spaceWithoutAnonymousAccess, anonymousUser, "VIEWSPACE", false);
    }

    private void clearUserCache() {
        ThreadLocalPermissionsCacheInternal.flush();
        this.spacePermissionManager.flushCaches();
    }

    @Test
    public void checkAccessForUnlicencedUsers() throws InterruptedException {
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, this.unlicensedUser, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spacePermittedForAuthenticatedUsers, this.unlicensedUser, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spaceAllowedForUserXOnly, this.unlicensedUser, "VIEWSPACE", false);
        enableServiceAndWaitUntilItsReady();
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, this.unlicensedUser, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spacePermittedForAuthenticatedUsers, this.unlicensedUser, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spaceAllowedForUserXOnly, this.unlicensedUser, "VIEWSPACE", false);
    }

    @Test
    public void checkAccessForRegularUsers() throws InterruptedException {
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, this.userX, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spacePermittedForAuthenticatedUsers, this.userX, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spaceAllowedForUserXOnly, this.userX, "VIEWSPACE", true);
        enableServiceAndWaitUntilItsReady();
        checkIfSpaceIsAvailableForUser(this.spaceWithAnonymousAccess, this.userX, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spacePermittedForAuthenticatedUsers, this.userX, "VIEWSPACE", true);
        checkIfSpaceIsAvailableForUser(this.spaceAllowedForUserXOnly, this.userX, "VIEWSPACE", true);
    }

    @Test
    public void adminShouldBeAbleToViewRestrictedSpaces() throws InterruptedException {
        Space[] spaceArr = {this.spaceAllowedForUserXOnly, this.spacePermittedForAuthenticatedUsers, this.spaceWithAnonymousAccess, this.spaceWithoutAnonymousAccess};
        int length = spaceArr.length;
        for (int i = RESTRICTED; i < length; i += ALLOWED) {
            checkIfSpaceIsAvailableForUser(spaceArr[i], this.admin, "VIEWSPACE", true);
        }
        enableServiceAndWaitUntilItsReady();
        int length2 = spaceArr.length;
        for (int i2 = RESTRICTED; i2 < length2; i2 += ALLOWED) {
            checkIfSpaceIsAvailableForUser(spaceArr[i2], this.admin, "VIEWSPACE", true);
        }
    }

    @Test
    public void allSpaceKeysShouldBeVisibleForAdmin() throws InterruptedException {
        Space[] spaceArr = {this.spaceAllowedForUserXOnly, this.spacePermittedForAuthenticatedUsers, this.spaceWithAnonymousAccess, this.spaceWithoutAnonymousAccess};
        doInTransaction(transactionStatus -> {
            Map allSpaceKeysWithPermissionStatuses = this.bulkPermissionService.getAllSpaceKeysWithPermissionStatuses(this.admin, "VIEWSPACE");
            Assert.assertEquals(spaceArr.length, allSpaceKeysWithPermissionStatuses.size());
            Assert.assertEquals(spaceArr.length, allSpaceKeysWithPermissionStatuses.values().stream().filter(bool -> {
                return bool.booleanValue();
            }).count());
            return null;
        });
        enableServiceAndWaitUntilItsReady();
        doInTransaction(transactionStatus2 -> {
            Map allSpaceKeysWithPermissionStatuses = this.bulkPermissionService.getAllSpaceKeysWithPermissionStatuses(this.admin, "VIEWSPACE");
            Assert.assertEquals(spaceArr.length, allSpaceKeysWithPermissionStatuses.size());
            Assert.assertEquals(spaceArr.length, allSpaceKeysWithPermissionStatuses.values().stream().filter(bool -> {
                return bool.booleanValue();
            }).count());
            return null;
        });
    }

    private SpacePermission findExistingGlobalPermission() {
        for (SpacePermission spacePermission : this.spacePermissionManager.getGlobalPermissions()) {
            if (spacePermission.getUserSubject() == null && spacePermission.isGlobalPermission() && "USECONFLUENCE".equals(spacePermission.getType())) {
                return spacePermission;
            }
        }
        return null;
    }

    private void enableGlobalAnonymousAccess(boolean z) {
        doInTransaction(transactionStatus -> {
            SpacePermission findExistingGlobalPermission = findExistingGlobalPermission();
            if (z) {
                if (findExistingGlobalPermission != null) {
                    return null;
                }
                this.spacePermissionManager.savePermission(SpacePermission.createUserSpacePermission("USECONFLUENCE", (Space) null, (ConfluenceUser) null));
                return null;
            }
            if (findExistingGlobalPermission == null) {
                return null;
            }
            this.spacePermissionManager.removePermission(findExistingGlobalPermission);
            return null;
        });
        clearUserCache();
    }

    private void checkIfSpaceIsAvailableForUser(Space space, ConfluenceUser confluenceUser, String str, boolean z) {
        doInTransaction(transactionStatus -> {
            MatcherAssert.assertThat(this.bulkPermissionService.getAllSpaceKeysWithPermissionStatuses(confluenceUser, str).get(space.getKey()), CoreMatchers.is(Boolean.valueOf(z)));
            SpacesQuery build = SpacesQuery.newQuery().withPermission(str).forUser(confluenceUser).build();
            List permittedSpaces = this.bulkPermissionService.getPermittedSpaces(build, RESTRICTED, 2147483646);
            MatcherAssert.assertThat(Boolean.valueOf(((Set) permittedSpaces.stream().map((v0) -> {
                return v0.getKey();
            }).collect(Collectors.toSet())).contains(space.getKey())), CoreMatchers.is(Boolean.valueOf(z)));
            Assert.assertEquals(permittedSpaces.stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()), this.bulkPermissionService.getPermittedSpaceIds(build.getUser(), (Set) this.spaceDao.findAll().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet()), str));
            return null;
        });
    }
}
