package com.evolveum.midpoint.model.intest.rbac;

import com.evolveum.midpoint.model.api.ModelExecuteOptions;
import com.evolveum.midpoint.model.api.context.EvaluatedAssignment;
import com.evolveum.midpoint.model.api.context.EvaluatedAssignmentTarget;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRule;
import com.evolveum.midpoint.model.api.context.EvaluatedPolicyRuleTrigger;
import com.evolveum.midpoint.model.api.context.ModelContext;
import com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest;
import com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.delta.DeltaSetTriple;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.builder.DeltaBuilder;
import com.evolveum.midpoint.prism.util.PrismAsserts;
import com.evolveum.midpoint.schema.constants.ObjectTypes;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyActionsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyConstraintKindType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyExceptionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.io.File;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.function.Consumer;
import javax.xml.namespace.QName;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-intest-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/intest/rbac/TestSegregationOfDuties.class */
public class TestSegregationOfDuties extends AbstractInitializedModelIntegrationTest {
    protected static final String ROLE_PRIZE_GOLD_OID = "bbc22f82-df21-11e6-aa6b-4b1408befd10";
    protected static final String ROLE_PRIZE_GOLD_SHIP = "Gold";
    protected static final String ROLE_PRIZE_GOLD_ENFORCED_OID = "6bff06a9-51b7-4a19-9e77-ee0701c5bfe2";
    protected static final String ROLE_PRIZE_SILVER_OID = "dfb5fffe-df21-11e6-bb4f-ef02bdbc9d71";
    protected static final String ROLE_PRIZE_SILVER_SHIP = "Silver";
    protected static final String ROLE_PRIZE_SILVER_ENFORCED_OID = "0c3b2e44-9387-4c7b-8262-a20fdea434ea";
    protected static final String ROLE_PRIZE_BRONZE_OID = "19f11686-df22-11e6-b0e9-835ed7ca08a5";
    protected static final String ROLE_PRIZE_BRONZE_SHIP = "Bronze";
    protected static final String ROLE_PRIZE_BRONZE_ENFORCED_OID = "702dc3c9-9755-4880-b132-cf82d5845dd9";
    protected static final String ROLE_META_COLOR_OID = "0b759ce2-df29-11e6-a84c-9b213183a815";
    protected static final String ROLE_COLOR_RED_OID = "eaa4ec3e-df28-11e6-9cca-336e0346d5cc";
    protected static final String ROLE_COLOR_RED_SHIP = "Red";
    protected static final String ROLE_COLOR_GREEN_OID = "2fd9e8f4-df29-11e6-9605-cfcedd703b9e";
    protected static final String ROLE_COLOR_GREEN_SHIP = "Green";
    protected static final String ROLE_COLOR_BLUE_OID = "553e8df2-df29-11e6-a7ca-cb7c1f38d89f";
    protected static final String ROLE_COLOR_BLUE_SHIP = "Blue";
    protected static final String ROLE_COLOR_NONE_OID = "662a997e-df2b-11e6-9bb3-5f235d1a8e60";
    protected static final String ROLE_META_EXECUTIVE_OID = "d20aefe6-3ecf-11e7-8068-5f346db1ee00";
    protected static final String ROLE_EXECUTIVE_1_OID = "d20aefe6-3ecf-11e7-8068-5f346db1ee01";
    protected static final String ROLE_EXECUTIVE_2_OID = "d20aefe6-3ecf-11e7-8068-5f346db1ee02";
    protected static final String ROLE_META_CONTROLLING_OID = "d20aefe6-3ecf-11e7-8068-5f346db1cc00";
    protected static final String ROLE_CONTROLLING_1_OID = "d20aefe6-3ecf-11e7-8068-5f346db1cc01";
    protected static final String ROLE_CONTROLLING_2_OID = "d20aefe6-3ecf-11e7-8068-5f346db1cc02";
    protected static final String ROLE_CITIZEN_SK_OID = "88420574-5596-11e7-80e9-7f28005e6b39";
    protected static final String ROLE_CITIZEN_US_OID = "a58c5940-5596-11e7-a3a0-dba800ea7966";
    protected static final String ROLE_MINISTER_OID = "95565b4a-55a3-11e7-918a-3f59a532dbfc";
    protected static final String ROLE_CRIMINAL_OID = "f6deb182-55a3-11e7-b519-27bdcd6d9490";
    protected static final String ROLE_SELF_EXCLUSION_OID = "9577bd6c-dd5d-48e5-bbb1-554bba5db9be";
    protected static final String ROLE_SELF_EXCLUSION_MANAGER_MEMBER_OID = "aeed4751-fad6-4c4e-9ece-c793128e0c13";
    private static final String GLOBAL_POLICY_RULE_SOD_APPROVAL_NAME = "exclusion-global-sod-approval";
    protected static final File TEST_DIR = new File("src/test/resources/rbac/sod");
    protected static final File ROLE_PRIZE_GOLD_FILE = new File(TEST_DIR, "role-prize-gold.xml");
    protected static final File ROLE_PRIZE_GOLD_ENFORCED_FILE = new File(TEST_DIR, "role-prize-gold-enforced.xml");
    protected static final File ROLE_PRIZE_SILVER_FILE = new File(TEST_DIR, "role-prize-silver.xml");
    protected static final File ROLE_PRIZE_SILVER_ENFORCED_FILE = new File(TEST_DIR, "role-prize-silver-enforced.xml");
    protected static final File ROLE_PRIZE_BRONZE_FILE = new File(TEST_DIR, "role-prize-bronze.xml");
    protected static final File ROLE_PRIZE_BRONZE_ENFORCED_FILE = new File(TEST_DIR, "role-prize-bronze-enforced.xml");
    protected static final File ROLE_META_COLOR_FILE = new File(TEST_DIR, "role-meta-color.xml");
    protected static final File ROLE_COLOR_RED_FILE = new File(TEST_DIR, "role-color-red.xml");
    protected static final File ROLE_COLOR_GREEN_FILE = new File(TEST_DIR, "role-color-green.xml");
    protected static final File ROLE_COLOR_BLUE_FILE = new File(TEST_DIR, "role-color-blue.xml");
    protected static final File ROLE_COLOR_NONE_FILE = new File(TEST_DIR, "role-color-none.xml");
    protected static final File ROLE_META_EXECUTIVE_FILE = new File(TEST_DIR, "role-meta-executive.xml");
    protected static final File ROLE_EXECUTIVE_1_FILE = new File(TEST_DIR, "role-executive-1.xml");
    protected static final File ROLE_EXECUTIVE_2_FILE = new File(TEST_DIR, "role-executive-2.xml");
    protected static final File ROLE_META_CONTROLLING_FILE = new File(TEST_DIR, "role-meta-controlling.xml");
    protected static final File ROLE_CONTROLLING_1_FILE = new File(TEST_DIR, "role-controlling-1.xml");
    protected static final File ROLE_CONTROLLING_2_FILE = new File(TEST_DIR, "role-controlling-2.xml");
    protected static final File ROLE_CITIZEN_SK_FILE = new File(TEST_DIR, "role-citizen-sk.xml");
    protected static final File ROLE_CITIZEN_US_FILE = new File(TEST_DIR, "role-citizen-us.xml");
    protected static final File ROLE_MINISTER_FILE = new File(TEST_DIR, "role-minister.xml");
    protected static final File ROLE_CRIMINAL_FILE = new File(TEST_DIR, "role-criminal.xml");
    protected static final File ROLE_SELF_EXCLUSION_FILE = new File(TEST_DIR, "role-self-exclusion.xml");
    protected static final File ROLE_SELF_EXCLUSION_MANAGER_MEMBER_FILE = new File(TEST_DIR, "role-self-exclusion-manager-member.xml");
    private static final File CONFIG_WITH_GLOBAL_RULES_EXCLUSION_FILE = new File(TEST_DIR, "global-policy-rules-exclusion.xml");
    private static final File CONFIG_WITH_GLOBAL_RULES_SOD_APPROVAL_FILE = new File(TEST_DIR, "global-policy-rules-sod-approval.xml");

    @Override // com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest, com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
        repoAddObjectFromFile(ROLE_PRIZE_GOLD_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PRIZE_SILVER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PRIZE_BRONZE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PRIZE_GOLD_ENFORCED_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PRIZE_SILVER_ENFORCED_FILE, operationResult);
        repoAddObjectFromFile(ROLE_PRIZE_BRONZE_ENFORCED_FILE, operationResult);
        repoAddObjectFromFile(ROLE_META_COLOR_FILE, operationResult);
        repoAddObjectFromFile(ROLE_COLOR_RED_FILE, operationResult);
        repoAddObjectFromFile(ROLE_COLOR_GREEN_FILE, operationResult);
        repoAddObjectFromFile(ROLE_COLOR_BLUE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_COLOR_NONE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_META_EXECUTIVE_FILE, operationResult);
        repoAddObjectFromFile(ROLE_EXECUTIVE_1_FILE, operationResult);
        repoAddObjectFromFile(ROLE_EXECUTIVE_2_FILE, operationResult);
        repoAddObjectFromFile(ROLE_META_CONTROLLING_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CONTROLLING_1_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CONTROLLING_2_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CITIZEN_SK_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CITIZEN_US_FILE, operationResult);
        repoAddObjectFromFile(ROLE_MINISTER_FILE, operationResult);
        repoAddObjectFromFile(ROLE_CRIMINAL_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_EXCLUSION_FILE, operationResult);
        repoAddObjectFromFile(ROLE_SELF_EXCLUSION_MANAGER_MEMBER_FILE, operationResult);
    }

    @Test
    public void test110SimpleExclusion1() throws Exception {
        displayTestTitle("test110SimpleExclusion1");
        Task createTask = createTask("test110SimpleExclusion1");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        assertSuccess(result);
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
            fail("Expected policy violation after adding judge role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            assertMessage(e, "Violation of SoD policy: Role \"Judge\" excludes role \"Pirate\", they cannot be assigned at the same time");
            result.computeStatus();
            assertFailure(result);
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test112SimpleExclusion1Deprecated() throws Exception {
        displayTestTitle("test112SimpleExclusion1Deprecated");
        Task createTask = createTask("test112SimpleExclusion1Deprecated");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", createTask, result);
            AssertJUnit.fail("Expected policy violation after adding judge role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test120SimpleExclusion2() throws Exception {
        displayTestTitle("test120SimpleExclusion2");
        Task createTask = createTask("test120SimpleExclusion2");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
            AssertJUnit.fail("Expected policy violation after adding pirate role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            assertMessage(e, "Violation of SoD policy: Role \"Judge\" excludes role \"Pirate\", they cannot be assigned at the same time");
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test122SimpleExclusion2Deprecated() throws Exception {
        displayTestTitle("test122SimpleExclusion2Deprecated");
        Task createTask = createTask("test122SimpleExclusion2Deprecated");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", createTask, result);
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
            AssertJUnit.fail("Expected policy violation after adding pirate role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test130SimpleExclusionBoth1() throws Exception {
        displayTestTitle("test130SimpleExclusionBoth1");
        Task createTask = createTask("test130SimpleExclusionBoth1");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Expected policy violation, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test132SimpleExclusionBoth1Deprecated() throws Exception {
        displayTestTitle("test132SimpleExclusionBoth1Deprecated");
        Task createTask = createTask("test132SimpleExclusionBoth1Deprecated");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-d21212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Expected policy violation, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test140SimpleExclusionBoth2() throws Exception {
        displayTestTitle("test140SimpleExclusionBoth2");
        Task createTask = createTask("test140SimpleExclusionBoth2");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Expected policy violation, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test142SimpleExclusionBoth2Deprecated() throws Exception {
        displayTestTitle("test142SimpleExclusionBoth2Deprecated");
        Task createTask = createTask("test142SimpleExclusionBoth2Deprecated");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-d21212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Expected policy violation, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test150SimpleExclusionBothBidirectional1() throws Exception {
        displayTestTitle("test150SimpleExclusionBothBidirectional1");
        Task createTask = createTask("test150SimpleExclusionBothBidirectional1");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("b189fcb8-1ff9-11e5-8912-001e8c717e5b", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Expected policy violation, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test160SimpleExclusionBothBidirectional2() throws Exception {
        displayTestTitle("test160SimpleExclusionBothBidirectional2");
        Task createTask = createTask("test160SimpleExclusionBothBidirectional2");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("b189fcb8-1ff9-11e5-8912-001e8c717e5b", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            AssertJUnit.fail("Expected policy violation, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test171SimpleExclusion1WithPolicyException() throws Exception {
        displayTestTitle("test171SimpleExclusion1WithPolicyException");
        Task createTask = createTask("test171SimpleExclusion1WithPolicyException");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedRoles(getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID), new String[]{"12345111-1111-2222-1111-121212111111", "12345678-d34d-b33f-f00d-555555556666"});
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test172SimpleExclusion2WithPolicyException() throws Exception {
        displayTestTitle("test172SimpleExclusion2WithPolicyException");
        Task createTask = createTask("test172SimpleExclusion2WithPolicyException");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        assertAssignedRoles(getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID), new String[]{"12345111-1111-2222-1111-121212111111", "12345678-d34d-b33f-f00d-555555556666"});
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test173SimpleExclusion3WithPolicyException() throws Exception {
        displayTestTitle("test173SimpleExclusion3WithPolicyException");
        Task createTask = createTask("test173SimpleExclusion3WithPolicyException");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedRoles(getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID), new String[]{"12345111-1111-2222-1111-121212111111", "12345678-d34d-b33f-f00d-555555556666"});
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test174SimpleExclusion4WithPolicyException() throws Exception {
        displayTestTitle("test174SimpleExclusion4WithPolicyException");
        Task createTask = createTask("test174SimpleExclusion4WithPolicyException");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        assertAssignedRoles(getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID), new String[]{"12345111-1111-2222-1111-121212111111", "12345678-d34d-b33f-f00d-555555556666"});
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test180JudgeExceptionalPirateAndThief() throws Exception {
        displayTestTitle("test180JudgeExceptionalPirateAndThief");
        Task createTask = createTask("test180JudgeExceptionalPirateAndThief");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedRoles(getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID), new String[]{"12345111-1111-2222-1111-121212111111", "12345678-d34d-b33f-f00d-555555556666"});
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "b189fcb8-1ff9-11e5-8912-001e8c717e5b", createTask, result);
            AssertJUnit.fail("Expected policy violation after adding thief role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", createTask, result);
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", null, getJudgeExceptionBlock("Pirate"), createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    private Consumer<AssignmentType> getJudgeExceptionBlock(String str) {
        return assignmentType -> {
            PolicyExceptionType policyExceptionType = new PolicyExceptionType();
            policyExceptionType.setRuleName("criminal exclusion: " + str);
            assignmentType.getPolicyException().add(policyExceptionType);
        };
    }

    @Test
    public void test190DifferentRelations() throws Exception {
        displayTestTitle("test190DifferentRelations");
        Task createTask = createTask("test190DifferentRelations");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_APPROVER, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_APPROVER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
            assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        } catch (Throwable th) {
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_APPROVER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
            throw th;
        }
    }

    @Test
    public void test191DifferentRelationsDeprecatedCase1() throws Exception {
        displayTestTitle("test191DifferentRelationsCase1");
        Task createTask = createTask("test191DifferentRelationsCase1");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-d21212111111", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_APPROVER, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, null, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", SchemaConstants.ORG_APPROVER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
            assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        } catch (Throwable th) {
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", SchemaConstants.ORG_APPROVER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
            throw th;
        }
    }

    @Test
    public void test192DifferentRelationsDeprecatedCase2() throws Exception {
        displayTestTitle("test191DifferentRelationsCase1");
        Task createTask = createTask("test191DifferentRelationsCase1");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-d21212111111", RoleType.COMPLEX_TYPE, null, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_APPROVER, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_APPROVER, createTask, result);
            assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        } catch (Throwable th) {
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-d21212111111", createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_APPROVER, createTask, result);
            throw th;
        }
    }

    @Test
    public void test193BothRelationsApprover() throws Exception {
        displayTestTitle("test193BothRelationsApprover");
        Task createTask = createTask("test193BothRelationsApprover");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_APPROVER, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_APPROVER, null, null, true));
        try {
            this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_APPROVER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_APPROVER, createTask, result);
            assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        } catch (Throwable th) {
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_APPROVER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_APPROVER, createTask, result);
            throw th;
        }
    }

    @Test
    public void test194MemberAndManager() throws Exception {
        displayTestTitle("test194MemberAndManager");
        Task createTask = createTask("test194MemberAndManager");
        OperationResult result = createTask.getResult();
        ArrayList arrayList = new ArrayList();
        arrayList.add(createAssignmentModification("12345111-1111-2222-1111-121212111111", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_MANAGER, null, null, true));
        arrayList.add(createAssignmentModification("12345678-d34d-b33f-f00d-555555556666", RoleType.COMPLEX_TYPE, SchemaConstants.ORG_DEFAULT, null, null, true));
        try {
            try {
                this.modelService.executeChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{ObjectDelta.createModifyDelta(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, arrayList, UserType.class, this.prismContext)}), (ModelExecuteOptions) null, createTask, result);
                AssertJUnit.fail("Expected policy violation, but it went well");
                unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_MANAGER, createTask, result);
                unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_DEFAULT, createTask, result);
            } catch (PolicyViolationException e) {
                System.out.println("Got expected exception: " + e.getMessage());
                unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_MANAGER, createTask, result);
                unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_DEFAULT, createTask, result);
            }
            assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
        } catch (Throwable th) {
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345111-1111-2222-1111-121212111111", SchemaConstants.ORG_MANAGER, createTask, result);
            unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", SchemaConstants.ORG_DEFAULT, createTask, result);
            throw th;
        }
    }

    @Test
    public void test200GuybrushAssignRoleGold() throws Exception {
        displayTestTitle("test200GuybrushAssignRoleGold");
        Task createTask = createTask("test200GuybrushAssignRoleGold");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test200GuybrushAssignRoleGold");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_PRIZE_GOLD_OID, createTask, result);
        TestUtil.displayThen("test200GuybrushAssignRoleGold");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_PRIZE_GOLD_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_SILVER_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_BRONZE_OID);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_PRIZE_GOLD_SHIP});
        assertDummyAccountAttribute(null, "guybrush", "drink", new Object[]{"rum"});
    }

    @Test
    public void test202GuybrushAssignRoleSilver() throws Exception {
        displayTestTitle("test202GuybrushAssignRoleSilver");
        Task createTask = createTask("test202GuybrushAssignRoleSilver");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test202GuybrushAssignRoleSilver");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_PRIZE_SILVER_OID, createTask, result);
        TestUtil.displayThen("test202GuybrushAssignRoleSilver");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_PRIZE_GOLD_OID);
        assertAssignedRole(user, ROLE_PRIZE_SILVER_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_BRONZE_OID);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_PRIZE_SILVER_SHIP});
        assertDummyAccountAttribute(null, "guybrush", "drink", new Object[]{"rum"});
    }

    @Test
    public void test204GuybrushAssignRoleSailor() throws Exception {
        displayTestTitle("test204GuybrushAssignRoleSailor");
        Task createTask = createTask("test204GuybrushAssignRoleSailor");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test204GuybrushAssignRoleSailor");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", "12345111-1111-2222-1111-121212111113", createTask, result);
        TestUtil.displayThen("test204GuybrushAssignRoleSailor");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_PRIZE_GOLD_OID);
        assertAssignedRole(user, ROLE_PRIZE_SILVER_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_BRONZE_OID);
        assertAssignedRole(user, "12345111-1111-2222-1111-121212111113");
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_PRIZE_SILVER_SHIP});
        assertDummyAccountAttribute(null, "guybrush", "drink", new Object[]{"rum", "grog"});
    }

    @Test
    public void test206GuybrushAssignRoleBronze() throws Exception {
        displayTestTitle("test206GuybrushAssignRoleBronze");
        Task createTask = createTask("test206GuybrushAssignRoleBronze");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test206GuybrushAssignRoleBronze");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_PRIZE_BRONZE_OID, createTask, result);
        TestUtil.displayThen("test206GuybrushAssignRoleBronze");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_PRIZE_GOLD_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_SILVER_OID);
        assertAssignedRole(user, ROLE_PRIZE_BRONZE_OID);
        assertAssignedRole(user, "12345111-1111-2222-1111-121212111113");
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_PRIZE_BRONZE_SHIP});
        assertDummyAccountAttribute(null, "guybrush", "drink", new Object[]{"rum", "grog"});
    }

    @Test
    public void test208GuybrushUnassignRoleBronze() throws Exception {
        displayTestTitle("test208GuybrushUnassignRoleSilver");
        Task createTask = createTask("test208GuybrushUnassignRoleSilver");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test208GuybrushUnassignRoleSilver");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_PRIZE_BRONZE_OID, createTask, result);
        TestUtil.displayThen("test208GuybrushUnassignRoleSilver");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_PRIZE_GOLD_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_SILVER_OID);
        assertNotAssignedRole(user, ROLE_PRIZE_BRONZE_OID);
        assertAssignedRole(user, "12345111-1111-2222-1111-121212111113");
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "drink", new Object[]{"rum", "grog"});
    }

    @Test
    public void test209GuybrushUnassignRoleSailor() throws Exception {
        displayTestTitle("test209GuybrushUnassignRoleSailor");
        Task createTask = createTask("test209GuybrushUnassignRoleSailor");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test209GuybrushUnassignRoleSailor");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", "12345111-1111-2222-1111-121212111113", createTask, result);
        TestUtil.displayThen("test209GuybrushUnassignRoleSailor");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedNoRole(user);
        assertNoDummyAccount("guybrush");
    }

    @Test
    public void test209aGuybrushAssignRoleGoldAndSilverEnforced() throws Exception {
        displayTestTitle("test209aGuybrushAssignRoleGoldAndSilverEnforced");
        Task createTask = createTask("test209aGuybrushAssignRoleGoldAndSilverEnforced");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test209aGuybrushAssignRoleGoldAndSilverEnforced");
        try {
            executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_ASSIGNMENT}).add(new Object[]{ObjectTypeUtil.createAssignmentTo(ROLE_PRIZE_GOLD_ENFORCED_OID, ObjectTypes.ROLE, this.prismContext), ObjectTypeUtil.createAssignmentTo(ROLE_PRIZE_SILVER_ENFORCED_OID, ObjectTypes.ROLE, this.prismContext)}).asObjectDeltaCast("c0c010c0-d34d-b33f-f00d-111111111116"), null, createTask, result);
            fail("unexpected success");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            assertMessage(e, "Violation of SoD policy: Role \"Prize: Gold (enforced)\" excludes role \"Prize: Silver (enforced)\", they cannot be assigned at the same time; Violation of SoD policy: Role \"Prize: Silver (enforced)\" excludes role \"Prize: Gold (enforced)\", they cannot be assigned at the same time");
            result.computeStatus();
            assertFailure(result);
        }
    }

    @Test
    public void test209bGuybrushAssignRoleGoldAndSilver() throws Exception {
        displayTestTitle("test209bGuybrushAssignRoleGoldAndSilver");
        Task createTask = createTask("test209bGuybrushAssignRoleGoldAndSilver");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test209bGuybrushAssignRoleGoldAndSilver");
        try {
            executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_ASSIGNMENT}).add(new Object[]{ObjectTypeUtil.createAssignmentTo(ROLE_PRIZE_GOLD_OID, ObjectTypes.ROLE, this.prismContext), ObjectTypeUtil.createAssignmentTo(ROLE_PRIZE_SILVER_OID, ObjectTypes.ROLE, this.prismContext)}).asObjectDeltaCast("c0c010c0-d34d-b33f-f00d-111111111116"), null, createTask, result);
            fail("unexpected success");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            assertMessage(e, "Mutually-pruned roles cannot be assigned at the same time: role \"Prize: Silver\" and role \"Prize: Gold\"; Mutually-pruned roles cannot be assigned at the same time: role \"Prize: Gold\" and role \"Prize: Silver\"");
            result.computeStatus();
            assertFailure(result);
        }
    }

    @Test
    public void test210GuybrushAssignRoleRed() throws Exception {
        displayTestTitle("test210GuybrushAssignRoleRed");
        Task createTask = createTask("test210GuybrushAssignRoleRed");
        OperationResult result = createTask.getResult();
        displayWhen("test210GuybrushAssignRoleRed");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_RED_OID, createTask, result);
        displayThen("test210GuybrushAssignRoleRed");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_COLOR_RED_SHIP});
    }

    @Test
    public void test212GuybrushAssignRoleGreen() throws Exception {
        displayTestTitle("test212GuybrushAssignRoleGreen");
        Task createTask = createTask("test212GuybrushAssignRoleGreen");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test212GuybrushAssignRoleGreen");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_GREEN_OID, createTask, result);
        TestUtil.displayThen("test212GuybrushAssignRoleGreen");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_COLOR_RED_OID);
        assertAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_COLOR_GREEN_SHIP});
    }

    @Test
    public void test214GuybrushAssignRoleColorNone() throws Exception {
        displayTestTitle("test214GuybrushAssignRoleColorNone");
        Task createTask = createTask("test214GuybrushAssignRoleColorNone");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test214GuybrushAssignRoleColorNone");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_NONE_OID, createTask, result);
        TestUtil.displayThen("test214GuybrushAssignRoleColorNone");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertNoDummyAccount("guybrush");
    }

    @Test
    public void test216GuybrushAssignRoleBlue() throws Exception {
        displayTestTitle("test216GuybrushAssignRoleBlue");
        Task createTask = createTask("test216GuybrushAssignRoleBlue");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test216GuybrushAssignRoleBlue");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_BLUE_OID, createTask, result);
        TestUtil.displayThen("test216GuybrushAssignRoleBlue");
        result.computeStatus();
        TestUtil.assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_COLOR_BLUE_SHIP});
    }

    @Test
    public void test219GuybrushUnassignRoleBlue() throws Exception {
        displayTestTitle("test219GuybrushUnassignRoleBlue");
        Task createTask = createTask("test219GuybrushUnassignRoleBlue");
        OperationResult result = createTask.getResult();
        displayWhen("test219GuybrushUnassignRoleBlue");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_BLUE_OID, createTask, result);
        displayThen("test219GuybrushUnassignRoleBlue");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertAssignments(user, 0);
        assertNoDummyAccount(null, "guybrush");
    }

    @Test
    public void test220GuybrushAssignRoleBlue() throws Exception {
        displayTestTitle("test220GuybrushAssignRoleBlue");
        Task createTask = createTask("test220GuybrushAssignRoleBlue");
        OperationResult result = createTask.getResult();
        displayWhen("test220GuybrushAssignRoleBlue");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_BLUE_OID, createTask, result);
        displayThen("test220GuybrushAssignRoleBlue");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertLinks(user, 1);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_COLOR_BLUE_SHIP});
    }

    @Test
    public void test221GuybrushDestroyAndRecompute() throws Exception {
        displayTestTitle("test221GuybrushDestroyAndRecompute");
        Task createTask = createTask("test221GuybrushDestroyAndRecompute");
        OperationResult result = createTask.getResult();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        String singleLinkOid = getSingleLinkOid(user);
        removeLinks(user);
        deleteObjectRepo(ShadowType.class, singleLinkOid);
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-111111111116"));
        displayWhen("test221GuybrushDestroyAndRecompute");
        recomputeUser("c0c010c0-d34d-b33f-f00d-111111111116", createTask, result);
        displayThen("test221GuybrushDestroyAndRecompute");
        assertSuccess(result, 2);
        PrismObject user2 = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user2);
        assertAssignedRole(user2, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user2, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user2, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user2, ROLE_COLOR_NONE_OID);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_COLOR_BLUE_SHIP});
    }

    @Test
    public void test222GuybrushDestroyAndAssignRoleRed() throws Exception {
        displayTestTitle("test222GuybrushDestroyAndAssignRoleRed");
        Task createTask = createTask("test222GuybrushDestroyAndAssignRoleRed");
        OperationResult result = createTask.getResult();
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        String singleLinkOid = getSingleLinkOid(user);
        removeLinks(user);
        deleteObjectRepo(ShadowType.class, singleLinkOid);
        display("User before", getUser("c0c010c0-d34d-b33f-f00d-111111111116"));
        displayWhen("test222GuybrushDestroyAndAssignRoleRed");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_RED_OID, createTask, result);
        displayThen("test222GuybrushDestroyAndAssignRoleRed");
        assertSuccess(result, 2);
        PrismObject user2 = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user2);
        assertAssignedRole(user2, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user2, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user2, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user2, ROLE_COLOR_NONE_OID);
        getSingleLinkOid(user2);
        assertDummyAccount(null, "guybrush");
        assertDummyAccountAttribute(null, "guybrush", "ship", new Object[]{ROLE_COLOR_RED_SHIP});
    }

    @Test
    public void test229GuybrushUnassignRoleRed() throws Exception {
        displayTestTitle("test229GuybrushUnassignRoleRed");
        Task createTask = createTask("test229GuybrushUnassignRoleRed");
        OperationResult result = createTask.getResult();
        displayWhen("test229GuybrushUnassignRoleRed");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_COLOR_RED_OID, createTask, result);
        displayThen("test229GuybrushUnassignRoleRed");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_COLOR_RED_OID);
        assertNotAssignedRole(user, ROLE_COLOR_GREEN_OID);
        assertNotAssignedRole(user, ROLE_COLOR_BLUE_OID);
        assertNotAssignedRole(user, ROLE_COLOR_NONE_OID);
        assertLinks(user, 0);
        assertNoDummyAccount(null, "guybrush");
    }

    @Test
    public void test230GuybrushAssignRoleRedAndBlueAndGreen() throws Exception {
        displayTestTitle("test230GuybrushAssignRoleRedAndBlueAndGreen");
        Task createTask = createTask("test230GuybrushAssignRoleRedAndBlueAndGreen");
        OperationResult result = createTask.getResult();
        TestUtil.displayWhen("test230GuybrushAssignRoleRedAndBlueAndGreen");
        try {
            executeChanges(DeltaBuilder.deltaFor(UserType.class, this.prismContext).item(new QName[]{UserType.F_ASSIGNMENT}).add(new Object[]{ObjectTypeUtil.createAssignmentTo(ROLE_COLOR_RED_OID, ObjectTypes.ROLE, this.prismContext), ObjectTypeUtil.createAssignmentTo(ROLE_COLOR_BLUE_OID, ObjectTypes.ROLE, this.prismContext), ObjectTypeUtil.createAssignmentTo(ROLE_COLOR_GREEN_OID, ObjectTypes.ROLE, this.prismContext)}).asObjectDeltaCast("c0c010c0-d34d-b33f-f00d-111111111116"), null, createTask, result);
            fail("unexpected success");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            assertMessage(e, "Mutually-pruned roles cannot be assigned at the same time: role \"Color: Green\" and role \"Color: Red\"; Mutually-pruned roles cannot be assigned at the same time: role \"Color: Green\" and role \"Color: Blue\"; Mutually-pruned roles cannot be assigned at the same time: role \"Color: Red\" and role \"Color: Green\"; Mutually-pruned roles cannot be assigned at the same time: role \"Color: Red\" and role \"Color: Blue\"; Mutually-pruned roles cannot be assigned at the same time: role \"Color: Blue\" and role \"Color: Red\"; Mutually-pruned roles cannot be assigned at the same time: role \"Color: Blue\" and role \"Color: Green\"");
            result.computeStatus();
            assertFailure(result);
        }
    }

    @Test
    public void test240GuybrushAssignRoleExecutiveOne() throws Exception {
        displayTestTitle("test240GuybrushAssignRoleExecutiveOne");
        Task createTask = createTask("test240GuybrushAssignRoleExecutiveOne");
        OperationResult result = createTask.getResult();
        displayWhen("test240GuybrushAssignRoleExecutiveOne");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_EXECUTIVE_1_OID, createTask, result);
        displayThen("test240GuybrushAssignRoleExecutiveOne");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_EXECUTIVE_1_OID);
    }

    @Test
    public void test242GuybrushAssignRoleControllingOne() throws Exception {
        displayTestTitle("test242GuybrushAssignRoleControllingOne");
        Task createTask = createTask("test242GuybrushAssignRoleControllingOne");
        assertAssignedRole(assignRolePolicyFailure("test242GuybrushAssignRoleControllingOne", "c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CONTROLLING_1_OID, createTask, createTask.getResult()), ROLE_EXECUTIVE_1_OID);
    }

    @Test
    public void test244GuybrushAssignRoleExecutiveTwo() throws Exception {
        displayTestTitle("test244GuybrushAssignRoleExecutiveTwo");
        Task createTask = createTask("test244GuybrushAssignRoleExecutiveTwo");
        OperationResult result = createTask.getResult();
        displayWhen("test244GuybrushAssignRoleExecutiveTwo");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_EXECUTIVE_2_OID, createTask, result);
        displayThen("test244GuybrushAssignRoleExecutiveTwo");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_EXECUTIVE_1_OID);
        assertAssignedRole(user, ROLE_EXECUTIVE_2_OID);
    }

    @Test
    public void test245GuybrushAssignRoleControllingTwo() throws Exception {
        displayTestTitle("test245GuybrushAssignRoleControllingTwo");
        Task createTask = createTask("test245GuybrushAssignRoleControllingTwo");
        PrismObject<UserType> assignRolePolicyFailure = assignRolePolicyFailure("test245GuybrushAssignRoleControllingTwo", "c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CONTROLLING_2_OID, createTask, createTask.getResult());
        assertAssignedRole(assignRolePolicyFailure, ROLE_EXECUTIVE_1_OID);
        assertAssignedRole(assignRolePolicyFailure, ROLE_EXECUTIVE_2_OID);
        assertNotAssignedRole(assignRolePolicyFailure, ROLE_CONTROLLING_1_OID);
    }

    @Test
    public void test246GuybrushUnassignRoleExecutiveOne() throws Exception {
        displayTestTitle("test246GuybrushUnassignRoleExecutiveOne");
        Task createTask = createTask("test246GuybrushUnassignRoleExecutiveOne");
        OperationResult result = createTask.getResult();
        displayWhen("test246GuybrushUnassignRoleExecutiveOne");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_EXECUTIVE_1_OID, createTask, result);
        displayThen("test246GuybrushUnassignRoleExecutiveOne");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_EXECUTIVE_2_OID);
    }

    @Test
    public void test247GuybrushAssignRoleControllingOne() throws Exception {
        displayTestTitle("test247GuybrushAssignRoleControllingOne");
        Task createTask = createTask("test247GuybrushAssignRoleControllingOne");
        PrismObject<UserType> assignRolePolicyFailure = assignRolePolicyFailure("test247GuybrushAssignRoleControllingOne", "c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CONTROLLING_1_OID, createTask, createTask.getResult());
        assertNotAssignedRole(assignRolePolicyFailure, ROLE_EXECUTIVE_1_OID);
        assertAssignedRole(assignRolePolicyFailure, ROLE_EXECUTIVE_2_OID);
        assertNotAssignedRole(assignRolePolicyFailure, ROLE_CONTROLLING_2_OID);
    }

    @Test
    public void test249GuybrushUnassignRoleExecutiveTwo() throws Exception {
        displayTestTitle("test249GuybrushUnassignRoleExecutiveTwo");
        Task createTask = createTask("test249GuybrushUnassignRoleExecutiveTwo");
        OperationResult result = createTask.getResult();
        displayWhen("test249GuybrushUnassignRoleExecutiveTwo");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_EXECUTIVE_2_OID, createTask, result);
        displayThen("test249GuybrushUnassignRoleExecutiveTwo");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_EXECUTIVE_1_OID);
        assertNotAssignedRole(user, ROLE_EXECUTIVE_2_OID);
        assertNotAssignedRole(user, ROLE_CONTROLLING_1_OID);
        assertNotAssignedRole(user, ROLE_CONTROLLING_2_OID);
    }

    @Test
    public void test250GuybrushAssignRoleControllingOne() throws Exception {
        displayTestTitle("test250GuybrushAssignRoleControllingOne");
        Task createTask = createTask("test250GuybrushAssignRoleControllingOne");
        OperationResult result = createTask.getResult();
        displayWhen("test250GuybrushAssignRoleControllingOne");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CONTROLLING_1_OID, createTask, result);
        displayThen("test250GuybrushAssignRoleControllingOne");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_CONTROLLING_1_OID);
    }

    @Test
    public void test252GuybrushAssignRoleExecutiveOne() throws Exception {
        displayTestTitle("test252GuybrushAssignRoleExecutiveOne");
        Task createTask = createTask("test252GuybrushAssignRoleExecutiveOne");
        assertAssignedRole(assignRolePolicyFailure("test252GuybrushAssignRoleExecutiveOne", "c0c010c0-d34d-b33f-f00d-111111111116", ROLE_EXECUTIVE_1_OID, createTask, createTask.getResult()), ROLE_CONTROLLING_1_OID);
    }

    @Test
    public void test259GuybrushUnassignRoleControllingOne() throws Exception {
        displayTestTitle("test259GuybrushUnassignRoleControllingOne");
        Task createTask = createTask("test259GuybrushUnassignRoleControllingOne");
        OperationResult result = createTask.getResult();
        displayWhen("test259GuybrushUnassignRoleControllingOne");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CONTROLLING_1_OID, createTask, result);
        displayThen("test259GuybrushUnassignRoleControllingOne");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_EXECUTIVE_1_OID);
        assertNotAssignedRole(user, ROLE_EXECUTIVE_2_OID);
        assertNotAssignedRole(user, ROLE_CONTROLLING_1_OID);
        assertNotAssignedRole(user, ROLE_CONTROLLING_2_OID);
    }

    @Test
    public void test800ApplyGlobalPolicyRulesExclusion() throws Exception {
        displayTestTitle("test800ApplyGlobalPolicyRulesExclusion");
        Task createTask = createTask("test800ApplyGlobalPolicyRulesExclusion");
        OperationResult result = createTask.getResult();
        displayWhen("test800ApplyGlobalPolicyRulesExclusion");
        transplantGlobalPolicyRulesAdd(CONFIG_WITH_GLOBAL_RULES_EXCLUSION_FILE, createTask, result);
        displayThen("test800ApplyGlobalPolicyRulesExclusion");
        assertSuccess(result);
        List globalPolicyRule = getSystemConfiguration().getGlobalPolicyRule();
        display("Global policy rules", globalPolicyRule);
        AssertJUnit.assertEquals("Wrong number of global policy rules", 8, globalPolicyRule.size());
    }

    @Test
    public void test810GuybrushAssignRoleCitizenSk() throws Exception {
        displayTestTitle("test810GuybrushAssignRoleCitizenSk");
        Task createTask = createTask("test810GuybrushAssignRoleCitizenSk");
        OperationResult result = createTask.getResult();
        displayWhen("test810GuybrushAssignRoleCitizenSk");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CITIZEN_SK_OID, createTask, result);
        displayThen("test810GuybrushAssignRoleCitizenSk");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_CITIZEN_SK_OID);
    }

    @Test
    public void test812GuybrushAssignRoleCitizenUs() throws Exception {
        displayTestTitle("test812GuybrushAssignRoleCitizenUs");
        Task createTask = createTask("test812GuybrushAssignRoleCitizenUs");
        assertAssignedRole(assignRolePolicyFailure("test812GuybrushAssignRoleCitizenUs", "c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CITIZEN_US_OID, createTask, createTask.getResult()), ROLE_CITIZEN_SK_OID);
    }

    @Test
    public void test814GuybrushAssignRoleEmpty() throws Exception {
        displayTestTitle("test814GuybrushAssignRoleEmpty");
        Task createTask = createTask("test814GuybrushAssignRoleEmpty");
        OperationResult result = createTask.getResult();
        displayWhen("test814GuybrushAssignRoleEmpty");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", "12345111-1111-2222-1111-121212111112", createTask, result);
        displayThen("test814GuybrushAssignRoleEmpty");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_CITIZEN_SK_OID);
        assertAssignedRole(user, "12345111-1111-2222-1111-121212111112");
    }

    @Test
    public void test818GuybrushUnassignRoleCitizenSk() throws Exception {
        displayTestTitle("test818GuybrushUnassignRoleCitizenSk");
        Task createTask = createTask("test818GuybrushUnassignRoleCitizenSk");
        OperationResult result = createTask.getResult();
        displayWhen("test818GuybrushUnassignRoleCitizenSk");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CITIZEN_SK_OID, createTask, result);
        displayThen("test818GuybrushUnassignRoleCitizenSk");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_CITIZEN_SK_OID);
        assertNotAssignedRole(user, ROLE_CITIZEN_US_OID);
        assertAssignedRole(user, "12345111-1111-2222-1111-121212111112");
        assertAssignments(user, 1);
    }

    @Test
    public void test819GuybrushUnassignRoleEmpty() throws Exception {
        displayTestTitle("test818GuybrushUnassignRoleCitizenSk");
        Task createTask = createTask("test818GuybrushUnassignRoleCitizenSk");
        OperationResult result = createTask.getResult();
        displayWhen("test818GuybrushUnassignRoleCitizenSk");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", "12345111-1111-2222-1111-121212111112", createTask, result);
        displayThen("test818GuybrushUnassignRoleCitizenSk");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignments(user, 0);
    }

    @Test
    public void test820GuybrushAssignRoleCriminal() throws Exception {
        displayTestTitle("test820GuybrushAssignRoleCriminal");
        Task createTask = createTask("test820GuybrushAssignRoleCriminal");
        OperationResult result = createTask.getResult();
        displayWhen("test820GuybrushAssignRoleCriminal");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CRIMINAL_OID, createTask, result);
        displayThen("test820GuybrushAssignRoleCriminal");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_CRIMINAL_OID);
    }

    @Test
    public void test822GuybrushAssignRoleMinister() throws Exception {
        displayTestTitle("test822GuybrushAssignRoleMinister");
        Task createTask = createTask("test822GuybrushAssignRoleMinister");
        OperationResult result = createTask.getResult();
        displayWhen("test822GuybrushAssignRoleMinister");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_MINISTER_OID, createTask, result);
        displayThen("test822GuybrushAssignRoleMinister");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_CRIMINAL_OID);
        assertAssignedRole(user, ROLE_MINISTER_OID);
    }

    @Test
    public void test826GuybrushUnassignRoleCriminal() throws Exception {
        displayTestTitle("test826GuybrushUnassignRoleCriminal");
        Task createTask = createTask("test826GuybrushUnassignRoleCriminal");
        OperationResult result = createTask.getResult();
        displayWhen("test826GuybrushUnassignRoleCriminal");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CRIMINAL_OID, createTask, result);
        displayThen("test826GuybrushUnassignRoleCriminal");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_CRIMINAL_OID);
        assertAssignedRole(user, ROLE_MINISTER_OID);
    }

    @Test
    public void test829GuybrushUnassignRoleMinister() throws Exception {
        displayTestTitle("test829GuybrushUnassignRoleMinister");
        Task createTask = createTask("test829GuybrushUnassignRoleMinister");
        OperationResult result = createTask.getResult();
        displayWhen("test829GuybrushUnassignRoleMinister");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_MINISTER_OID, createTask, result);
        displayThen("test829GuybrushUnassignRoleMinister");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_CRIMINAL_OID);
        assertNotAssignedRole(user, ROLE_MINISTER_OID);
    }

    @Test
    public void test900ApplyGlobalPolicyRulesSoDApproval() throws Exception {
        displayTestTitle("test900ApplyGlobalPolicyRulesSoDApproval");
        Task createTask = createTask("test900ApplyGlobalPolicyRulesSoDApproval");
        OperationResult result = createTask.getResult();
        displayWhen("test900ApplyGlobalPolicyRulesSoDApproval");
        transplantGlobalPolicyRulesAdd(CONFIG_WITH_GLOBAL_RULES_SOD_APPROVAL_FILE, createTask, result);
        displayThen("test900ApplyGlobalPolicyRulesSoDApproval");
        assertSuccess(result);
        AssertJUnit.assertEquals("Wrong number of global policy rules", 9, getSystemConfiguration().getGlobalPolicyRule().size());
    }

    @Test
    public void test920GuybrushAssignRoleCriminal() throws Exception {
        displayTestTitle("test920GuybrushAssignRoleCriminal");
        Task createTask = createTask("test920GuybrushAssignRoleCriminal");
        OperationResult result = createTask.getResult();
        displayWhen("test920GuybrushAssignRoleCriminal");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CRIMINAL_OID, createTask, result);
        displayThen("test920GuybrushAssignRoleCriminal");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertAssignedRole(user, ROLE_CRIMINAL_OID);
        assertAssignments(user, 1);
    }

    @Test
    public void test922GuybrushPreviewAssignRoleMinister() throws Exception {
        displayTestTitle("test922GuybrushPreviewAssignRoleMinister");
        Task createTask = createTask("test922GuybrushPreviewAssignRoleMinister");
        OperationResult result = createTask.getResult();
        ObjectDelta createAssignmentFocusDelta = createAssignmentFocusDelta(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111116", ROLE_MINISTER_OID, RoleType.COMPLEX_TYPE, null, null, null, true);
        displayWhen("test922GuybrushPreviewAssignRoleMinister");
        ModelContext previewChanges = this.modelInteractionService.previewChanges(MiscSchemaUtil.createCollection(new ObjectDelta[]{createAssignmentFocusDelta}), (ModelExecuteOptions) null, createTask, result);
        displayThen("test922GuybrushPreviewAssignRoleMinister");
        assertSuccess(result);
        display("Preview context", previewChanges);
        DeltaSetTriple evaluatedAssignmentTriple = previewChanges.getEvaluatedAssignmentTriple();
        AssertJUnit.assertEquals("Wrong number of evaluated assignments (zero)", 1, evaluatedAssignmentTriple.getZeroSet().size());
        PrismAsserts.assertTripleNoMinus(evaluatedAssignmentTriple);
        Collection plusSet = evaluatedAssignmentTriple.getPlusSet();
        AssertJUnit.assertEquals("Wrong number of evaluated assignments (plus)", 1, plusSet.size());
        EvaluatedAssignment evaluatedAssignment = (EvaluatedAssignment) plusSet.iterator().next();
        DeltaSetTriple roles = evaluatedAssignment.getRoles();
        PrismAsserts.assertTripleNoPlus(roles);
        PrismAsserts.assertTripleNoMinus(roles);
        Collection<? extends EvaluatedAssignmentTarget> zeroSet = roles.getZeroSet();
        AssertJUnit.assertEquals("Wrong number of evaluated role", 1, zeroSet.size());
        assertEvaluatedRole(zeroSet, ROLE_MINISTER_OID);
        Collection<EvaluatedPolicyRule> allTargetsPolicyRules = evaluatedAssignment.getAllTargetsPolicyRules();
        display("Evaluated policy rules", allTargetsPolicyRules);
        AssertJUnit.assertEquals("Wrong number of evaluated policy rules", 2, allTargetsPolicyRules.size());
        EvaluatedPolicyRule evaluatedPolicyRule = getEvaluatedPolicyRule(allTargetsPolicyRules, GLOBAL_POLICY_RULE_SOD_APPROVAL_NAME);
        display("Own trigger", getSinglePolicyRuleTrigger(evaluatedPolicyRule, evaluatedPolicyRule.getTriggers()));
        assertEvaluatedPolicyRuleTriggers(evaluatedPolicyRule, evaluatedPolicyRule.getAllTriggers(), 2);
        display("Situation trigger", getEvaluatedPolicyRuleTrigger(evaluatedPolicyRule, evaluatedPolicyRule.getAllTriggers(), PolicyConstraintKindType.SITUATION));
        display("Actions", evaluatedPolicyRule.getActions());
        assertPolicyActionApproval(evaluatedPolicyRule);
    }

    private void assertPolicyActionApproval(EvaluatedPolicyRule evaluatedPolicyRule) {
        PolicyActionsType actions = evaluatedPolicyRule.getActions();
        AssertJUnit.assertNotNull("No policy actions in " + evaluatedPolicyRule, actions);
        AssertJUnit.assertFalse("No approval action in " + evaluatedPolicyRule, actions.getApproval().isEmpty());
    }

    private void assertEvaluatedPolicyRuleTriggers(EvaluatedPolicyRule evaluatedPolicyRule, Collection<EvaluatedPolicyRuleTrigger<?>> collection, int i) {
        AssertJUnit.assertEquals("Wrong number of triggers in evaluated policy rule " + evaluatedPolicyRule.getName(), i, collection.size());
    }

    private EvaluatedPolicyRuleTrigger<?> getSinglePolicyRuleTrigger(EvaluatedPolicyRule evaluatedPolicyRule, Collection<EvaluatedPolicyRuleTrigger<?>> collection) {
        assertEvaluatedPolicyRuleTriggers(evaluatedPolicyRule, collection, 1);
        return collection.iterator().next();
    }

    private EvaluatedPolicyRuleTrigger getEvaluatedPolicyRuleTrigger(EvaluatedPolicyRule evaluatedPolicyRule, Collection<EvaluatedPolicyRuleTrigger<?>> collection, PolicyConstraintKindType policyConstraintKindType) {
        return collection.stream().filter(evaluatedPolicyRuleTrigger -> {
            return policyConstraintKindType.equals(evaluatedPolicyRuleTrigger.getConstraintKind());
        }).findFirst().get();
    }

    private EvaluatedPolicyRule getEvaluatedPolicyRule(Collection<EvaluatedPolicyRule> collection, String str) {
        return collection.stream().filter(evaluatedPolicyRule -> {
            return str.equals(evaluatedPolicyRule.getName());
        }).findFirst().get();
    }

    @Test
    public void test929GuybrushUnassignRoleCriminal() throws Exception {
        displayTestTitle("test929GuybrushUnassignRoleCriminal");
        Task createTask = createTask("test929GuybrushUnassignRoleCriminal");
        OperationResult result = createTask.getResult();
        displayWhen("test929GuybrushUnassignRoleCriminal");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", ROLE_CRIMINAL_OID, createTask, result);
        displayThen("test929GuybrushUnassignRoleCriminal");
        assertSuccess(result);
        PrismObject user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, ROLE_CRIMINAL_OID);
        assertNotAssignedRole(user, ROLE_MINISTER_OID);
    }

    @Test(enabled = false)
    public void test950JackSelfExclusion() throws Exception {
        displayTestTitle("test950JackSelfExclusion");
        Task createTask = createTask("test950JackSelfExclusion");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_APPROVER, createTask, result);
        assertSuccess(result);
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_OWNER, new ModelExecuteOptions(), createTask, result);
            fail("Expected policy violation after adding second self-exclusion role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            result.computeStatus();
            assertFailure(result);
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, ROLE_SELF_EXCLUSION_OID, SchemaConstants.ORG_APPROVER, createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    @Test
    public void test952JackSelfExclusionManagerMember() throws Exception {
        displayTestTitle("test952JackSelfExclusionManagerMember");
        Task createTask = createTask("test952JackSelfExclusionManagerMember");
        OperationResult result = createTask.getResult();
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, ROLE_SELF_EXCLUSION_MANAGER_MEMBER_OID, SchemaConstants.ORG_DEFAULT, createTask, result);
        assertSuccess(result);
        try {
            assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, ROLE_SELF_EXCLUSION_MANAGER_MEMBER_OID, SchemaConstants.ORG_MANAGER, createTask, result);
            fail("Expected policy violation after adding second self-exclusion role, but it went well");
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            result.computeStatus();
            assertFailure(result);
        }
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, ROLE_SELF_EXCLUSION_MANAGER_MEMBER_OID, SchemaConstants.ORG_DEFAULT, createTask, result);
        assertAssignedNoRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, createTask, result);
    }

    private PrismObject<UserType> assignRolePolicyFailure(String str, String str2, String str3, Task task, OperationResult operationResult) throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, SecurityViolationException {
        try {
            displayWhen(str);
            assignRole(str2, str3, task, operationResult);
            assertNotReached();
        } catch (PolicyViolationException e) {
            System.out.println("Got expected exception: " + e.getMessage());
            displayThen(str);
            assertFailure(operationResult);
        }
        PrismObject<UserType> user = getUser("c0c010c0-d34d-b33f-f00d-111111111116");
        display("User after", user);
        assertNotAssignedRole(user, str3);
        return user;
    }

    private void assertPolicySituation(PrismObject<UserType> prismObject, String str, String... strArr) {
        for (AssignmentType assignmentType : prismObject.asObjectable().getAssignment()) {
            ObjectReferenceType targetRef = assignmentType.getTargetRef();
            if (targetRef != null && str.equals(targetRef.getOid())) {
                PrismAsserts.assertSets("Wrong policy situation for target " + str + " in " + prismObject, assignmentType.getPolicySituation(), strArr);
            }
        }
    }
}
