package com.evolveum.midpoint.web;

import com.evolveum.midpoint.gui.impl.page.self.requestAccess.RequestAccess;
import com.evolveum.midpoint.gui.impl.page.self.requestAccess.ShoppingCartItem;
import com.evolveum.midpoint.gui.test.TestMidPointSpringApplication;
import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentConstraintsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleManagementConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import javax.xml.namespace.QName;
import org.assertj.core.api.Assertions;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ActiveProfiles;
import org.testng.annotations.Test;

@SpringBootTest(classes = {TestMidPointSpringApplication.class})
@ActiveProfiles({"test"})
/* loaded from: input_file:com/evolveum/midpoint/web/RequestAccessTest.class */
public class RequestAccessTest extends AbstractGuiIntegrationTest {
    private static final String ROLE_1_OID = "90000000-0000-0000-0000-000000000011";
    private static final String ROLE_2_OID = "90000000-0000-0000-0000-000000000012";
    private static final String POI_1_OID = "90000000-0000-0000-0000-000000000001";
    private static final ObjectReferenceType POI_1 = new ObjectReferenceType().oid(POI_1_OID).type(UserType.COMPLEX_TYPE);
    private static final String ROLE_EXISTING_OID = "90000000-0000-0000-0000-000000000010";
    private static final ObjectReferenceType ROLE_EXISTING = new ObjectReferenceType().oid(ROLE_EXISTING_OID).type(RoleType.COMPLEX_TYPE).relation(SchemaConstants.ORG_DEFAULT);

    @Test
    public void test100SameRelationAndTargetOidAllowed() throws Exception {
        testSameRelationAndTargetOidAllowed(false);
    }

    @Test
    public void test150SameRelationAndTargetOidAllowedExplicitly() throws Exception {
        testSameRelationAndTargetOidAllowed(true);
    }

    private void testSameRelationAndTargetOidAllowed(boolean z) throws Exception {
        Boolean bool = z ? Boolean.TRUE : null;
        updateSystemConfiguration(bool, bool);
        RequestAccess requestAccess = new RequestAccess();
        requestAccess.addPersonOfInterest(POI_1, List.of(ROLE_EXISTING));
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_DEFAULT, true, 1, 1);
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_APPROVER, true, 2, 1);
        addAndAssertAssignment(requestAccess, ROLE_1_OID, SchemaConstants.ORG_DEFAULT, true, 3, 1);
        addAndAssertAssignment(requestAccess, ROLE_2_OID, SchemaConstants.ORG_APPROVER, true, 4, 1);
    }

    @Test
    public void test200SameRelationNotAllowed() throws Exception {
        updateSystemConfiguration(false, true);
        RequestAccess requestAccess = new RequestAccess();
        requestAccess.addPersonOfInterest(POI_1, List.of(ROLE_EXISTING));
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_DEFAULT, false, 0, 0);
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_APPROVER, true, 1, 1);
        addAndAssertAssignment(requestAccess, ROLE_1_OID, SchemaConstants.ORG_DEFAULT, true, 2, 1);
        addAndAssertAssignment(requestAccess, ROLE_2_OID, SchemaConstants.ORG_APPROVER, true, 3, 1);
    }

    private void addAndAssertAssignment(RequestAccess requestAccess, String str, QName qName, boolean z, int i, int i2) {
        ObjectReferenceType relation = new ObjectReferenceType().oid(str).type(RoleType.COMPLEX_TYPE).relation(qName);
        requestAccess.setRelation(qName);
        boolean canAddTemplateAssignment = requestAccess.canAddTemplateAssignment(relation);
        Assertions.assertThat(canAddTemplateAssignment).withFailMessage("Can add assignment should be " + z + ", but it is " + canAddTemplateAssignment, new Object[0]).isEqualTo(z);
        requestAccess.addAssignments(List.of(new AssignmentType().targetRef(relation)));
        List shoppingCartItems = requestAccess.getShoppingCartItems();
        Assertions.assertThat(shoppingCartItems).withFailMessage("Shopping cart items count should be " + i + ", but it is " + shoppingCartItems.size(), new Object[0]).hasSize(i);
        ShoppingCartItem shoppingCartItem = (ShoppingCartItem) shoppingCartItems.stream().filter(shoppingCartItem2 -> {
            ObjectReferenceType targetRef = shoppingCartItem2.getAssignment().getTargetRef();
            return Objects.equals(targetRef.getOid(), str) && Objects.equals(targetRef.getRelation(), qName);
        }).findFirst().orElse(null);
        int count = shoppingCartItem != null ? shoppingCartItem.getCount() : 0;
        Assertions.assertThat(count).withFailMessage("Shopping cart item count for oid " + str + " and relation " + qName + " should be " + i2 + ", but it is " + count, new Object[0]).isEqualTo(i2);
    }

    @Test
    public void test300SameTargetOidNotAllowed() throws Exception {
        updateSystemConfiguration(true, false);
        RequestAccess requestAccess = new RequestAccess();
        requestAccess.addPersonOfInterest(POI_1, List.of(ROLE_EXISTING));
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_DEFAULT, false, 0, 0);
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_APPROVER, false, 0, 0);
        addAndAssertAssignment(requestAccess, ROLE_1_OID, SchemaConstants.ORG_DEFAULT, true, 1, 1);
        addAndAssertAssignment(requestAccess, ROLE_2_OID, SchemaConstants.ORG_APPROVER, true, 2, 1);
    }

    @Test
    public void test400SameRelationAndTargetOidNotAllowed() throws Exception {
        updateSystemConfiguration(false, false);
        RequestAccess requestAccess = new RequestAccess();
        requestAccess.addPersonOfInterest(POI_1, List.of(ROLE_EXISTING));
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_DEFAULT, false, 0, 0);
        addAndAssertAssignment(requestAccess, ROLE_EXISTING_OID, SchemaConstants.ORG_APPROVER, false, 0, 0);
        addAndAssertAssignment(requestAccess, ROLE_1_OID, SchemaConstants.ORG_DEFAULT, true, 1, 1);
        addAndAssertAssignment(requestAccess, ROLE_2_OID, SchemaConstants.ORG_APPROVER, true, 2, 1);
    }

    private void updateSystemConfiguration(Boolean bool, Boolean bool2) throws Exception {
        AssignmentConstraintsType assignmentConstraintsType = new AssignmentConstraintsType();
        assignmentConstraintsType.setAllowSameRelation(bool);
        assignmentConstraintsType.allowSameTarget(bool2);
        Collection cast = ObjectTypeUtil.cast(this.prismContext.deltaFor(SystemConfigurationType.class).item(new QName[]{SystemConfigurationType.F_ROLE_MANAGEMENT, RoleManagementConfigurationType.F_DEFAULT_ASSIGNMENT_CONSTRAINTS}).replace(new Object[]{assignmentConstraintsType}).asObjectDeltas(SystemObjectsType.SYSTEM_CONFIGURATION.value()));
        Task testTask = getTestTask();
        this.modelService.executeChanges(cast, ModelExecuteOptions.create(), testTask, testTask.getResult());
    }
}
