package org.apache.jackrabbit.oak.jcr.security.authorization;

import javax.jcr.AccessDeniedException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.test.api.util.Text;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/WriteRestrictionTest.class */
public class WriteRestrictionTest extends AbstractEvaluationTest {
    private String nodePath3;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.nodePath3 = this.superuser.getNode(this.childNPath).addNode(this.nodeName3).getPath();
        this.superuser.save();
        this.testSession.refresh(false);
    }

    @Test
    public void testGlobRestriction() throws Exception {
        String actions = getActions("add_node", "remove", "set_property");
        allow(this.path, this.repWritePrivileges, createGlobRestriction("/*" + this.nodeName3));
        assertFalse(this.testAcMgr.hasPrivileges(this.path, this.repWritePrivileges));
        assertFalse(this.testSession.hasPermission(this.path, "set_property"));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.repWritePrivileges));
        assertFalse(this.testSession.hasPermission(this.childNPath, "set_property"));
        assertTrue(this.testAcMgr.hasPrivileges(this.childNPath2, this.repWritePrivileges));
        assertTrue(this.testSession.hasPermission(this.childNPath2, "set_property"));
        assertFalse(this.testSession.hasPermission(this.childNPath2, actions));
        assertTrue(this.testAcMgr.hasPrivileges(this.nodePath3, this.repWritePrivileges));
    }

    @Test
    public void testGlobRestriction2() throws Exception {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode");
        allow(this.path, this.repWritePrivileges, createGlobRestriction("/*/" + this.nodeName3));
        assertFalse(this.testAcMgr.hasPrivileges(this.path, this.repWritePrivileges));
        assertFalse(this.testAcMgr.hasPrivileges(this.path, privilegesFromName2));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, privilegesFromName));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath2, this.repWritePrivileges));
        assertTrue(this.testAcMgr.hasPrivileges(this.nodePath3, this.repWritePrivileges));
    }

    @Test
    public void testGlobRestriction3() throws Exception {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        allow(this.path, this.repWritePrivileges, createGlobRestriction("/*/" + this.nodeName3));
        allow(this.path, privilegesFromName);
        assertFalse(this.testAcMgr.hasPrivileges(this.path, this.repWritePrivileges));
        assertTrue(this.testAcMgr.hasPrivileges(this.path, privilegesFromName));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.repWritePrivileges));
        assertTrue(this.testAcMgr.hasPrivileges(this.childNPath, privilegesFromName));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath2, this.repWritePrivileges));
        assertTrue(this.testAcMgr.hasPrivileges(this.nodePath3, this.repWritePrivileges));
    }

    @Test
    public void testGlobRestriction4() throws Exception {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        allow(this.path, this.repWritePrivileges, createGlobRestriction("/*" + this.nodeName3));
        deny(this.childNPath2, privilegesFromName);
        assertFalse(this.testAcMgr.hasPrivileges(this.path, this.repWritePrivileges));
        assertFalse(this.testSession.hasPermission(this.path, "remove"));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.repWritePrivileges));
        assertFalse(this.testSession.hasPermission(this.childNPath, "remove"));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath2, this.repWritePrivileges));
        assertTrue(this.testAcMgr.hasPrivileges(this.nodePath3, this.repWritePrivileges));
    }

    @Test
    public void testRemoveSubTreeWithRestriction() throws Exception {
        allow(this.path, this.testUser.getPrincipal(), this.readWritePrivileges);
        deny(this.path, privilegesFromName("jcr:removeNode"), createGlobRestriction("*/" + this.nodeName3));
        this.testSession.getNode(this.childNPath).getNode(this.nodeName3).remove();
        try {
            this.testSession.save();
            fail("Removing child node must be denied.");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testRemoveSubTreeWithRestriction2() throws Exception {
        allow(this.path, this.testUser.getPrincipal(), this.readWritePrivileges);
        deny(this.path, privilegesFromName("jcr:removeChildNodes"), createGlobRestriction("*/" + Text.getName(this.childNPath)));
        this.testSession.getNode(this.childNPath).getNode(this.nodeName3).remove();
        try {
            this.testSession.save();
            fail("Removing child node must be denied.");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testAddSubTreeWithRestriction() throws Exception {
        allow(this.path, this.testUser.getPrincipal(), this.readWritePrivileges);
        deny(this.path, privilegesFromName("jcr:addChildNodes"), createGlobRestriction("*/" + this.nodeName3));
        this.testSession.getNode(this.nodePath3).addNode(this.nodeName4);
        try {
            this.testSession.save();
            fail("Adding child node must be denied.");
        } catch (AccessDeniedException e) {
        }
    }
}
