package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.OtherPrivilegesLimitations;
import com.evolveum.midpoint.test.AbstractIntegrationTest;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.OtherPrivilegesLimitationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ScriptExpressionEvaluatorType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.WorkItemSelectorType;
import jakarta.xml.bind.JAXBElement;
import java.util.function.Consumer;
import javax.xml.namespace.QName;
import org.assertj.core.api.Assertions;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/impl/security/TestGuiProfiledPrincipalManager.class */
public class TestGuiProfiledPrincipalManager extends AbstractInternalModelIntegrationTest {
    @Test
    public void test100DeputyNoLimits() throws Exception {
        executeDeputyLimitationsTest(OtherPrivilegesLimitations.Limitation.allowingAll(), assignmentType -> {
        });
    }

    @Test
    public void test110DeputyAssignmentDisabled() throws Exception {
        executeDeputyLimitationsTest(null, assignmentType -> {
            assignmentType.setActivation(new ActivationType().administrativeStatus(ActivationStatusType.DISABLED));
        });
    }

    @Test
    public void test120DeputyAssignmentNotValid() throws Exception {
        executeDeputyLimitationsTest(null, assignmentType -> {
            assignmentType.setActivation(new ActivationType().validTo("2017-03-31T00:00:00+01:00"));
        });
    }

    @Test
    public void test130DeputyAssignmentFalseCondition() throws Exception {
        executeDeputyLimitationsTest(null, assignmentType -> {
            assignmentType.beginCondition().beginExpression().expressionEvaluator(new JAXBElement(new QName("script"), ScriptExpressionEvaluatorType.class, new ScriptExpressionEvaluatorType().code("false")));
        });
    }

    @Test
    public void test140DeputyBlockOtherPrivileges() throws Exception {
        executeDeputyLimitationsTest(OtherPrivilegesLimitations.Limitation.allowingNone(), assignmentType -> {
            assignmentType.limitOtherPrivileges(new OtherPrivilegesLimitationType());
        });
    }

    @Test
    public void test150DeputyAllowOnlyCases() throws Exception {
        executeDeputyLimitationsTest(OtherPrivilegesLimitations.Limitation.allowingNone().allow(OtherPrivilegesLimitations.Type.CASES), assignmentType -> {
            assignmentType.limitOtherPrivileges(new OtherPrivilegesLimitationType().caseManagementWorkItems(new WorkItemSelectorType().all(true)));
        });
    }

    @Test
    public void test160DeputyAllowOnlyCasesLegacy() throws Exception {
        executeDeputyLimitationsTest(OtherPrivilegesLimitations.Limitation.allowingNone().allow(OtherPrivilegesLimitations.Type.CASES), assignmentType -> {
            assignmentType.limitOtherPrivileges(new OtherPrivilegesLimitationType().approvalWorkItems(new WorkItemSelectorType().all(true)));
        });
    }

    private void executeDeputyLimitationsTest(OtherPrivilegesLimitations.Limitation limitation, Consumer<AssignmentType> consumer) throws CommonException {
        given();
        AssignmentType targetRef = new AssignmentType().targetRef("c0c010c0-d34d-b33f-f00d-111111111111", UserType.COMPLEX_TYPE, SchemaConstants.ORG_DEPUTY);
        consumer.accept(targetRef);
        UserType assignment = this.prismContext.createObjectable(UserType.class).name("deputy").oid("deputy").assignment(targetRef);
        when();
        AbstractIntegrationTest.display("Logging in as", assignment);
        login(assignment.asPrismObject());
        then();
        OtherPrivilegesLimitations otherPrivilegesLimitations = this.securityContextManager.getPrincipal().getOtherPrivilegesLimitations();
        displayDumpable("other privileges limitations", otherPrivilegesLimitations);
        Assertions.assertThat(otherPrivilegesLimitations.get(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111")).as("limitation for jack", new Object[0]).isEqualTo(limitation);
    }
}
