package org.apache.jackrabbit.oak.jcr.security.authorization;

import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/IndexManagementTest.class */
public class IndexManagementTest extends AbstractEvaluationTest {
    public void testDefaultSetup() throws RepositoryException {
        assertFalse(this.testSession.hasPermission(this.path, Permissions.getString(1048576L)));
    }

    public void testAddOakIndexDefinition() throws Exception {
        allow(this.path, privilegesFromName("rep:indexDefinitionManagement"));
        this.testSession.getNode(this.path).addNode("oak:index");
        this.testSession.save();
    }

    public void testAddOakIndexWithoutPermission() throws Exception {
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).addNode("oak:index");
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to add oak:index node.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testAddIndexDefinition() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index");
        this.superuser.save();
        allow(this.path, privilegesFromNames(new String[]{"rep:indexDefinitionManagement", "jcr:nodeTypeManagement"}));
        this.testSession.getNode(this.path).getNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.testSession.save();
    }

    public void testAddIndexDefinitionWithoutPermission() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to add index definition node.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testModifyIndexDefinition() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:indexDefinitionManagement"));
        this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").setProperty("someProperty", "val");
        this.testSession.save();
    }

    public void testModifyIndexDefinitionWithoutPermission() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").setProperty("someProperty", "val");
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to add index definition property.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testModifyIndexDefinitionWithoutPermission2() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").addNode("customNode");
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to add index definition node.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testModifyIndexDefinitionWithoutPermission3() throws Exception {
        Node addNode = this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition");
        addNode.setProperty("type", "myType");
        addNode.setProperty("customProp", "val");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").getProperty("customProp").setValue("val2");
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to modify index definition property.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testModifyIndexDefinitionWithoutPermission4() throws Exception {
        Node addNode = this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition");
        addNode.setProperty("type", "myType");
        addNode.setProperty("customProp", "val");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").getProperty("customProp").remove();
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to remove index definition property.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRemoveIndexDefinition() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:indexDefinitionManagement"));
        this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").remove();
        this.testSession.save();
    }

    public void testRemoveIndexDefinitionWithoutPermission() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").getNode("myIndex").remove();
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to remove index definition node.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRemoveOakIndex() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:indexDefinitionManagement"));
        this.testSession.getNode(this.path).getNode("oak:index").remove();
        this.testSession.save();
    }

    public void testRemoveOakIndexWithoutPermission() throws Exception {
        this.superuser.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition").setProperty("type", "myType");
        this.superuser.save();
        allow(this.path, privilegesFromName("rep:write"));
        try {
            this.testSession.getNode(this.path).getNode("oak:index").remove();
            this.testSession.save();
            fail("AccessDeniedException expected. Test session is not allowed to remove oak:index.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testAddAccessControlToIndexDefinition() throws Exception {
        allow(this.path, privilegesFromNames(new String[]{"rep:indexDefinitionManagement", "jcr:nodeTypeManagement"}));
        try {
            Node addNode = this.testSession.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition");
            addNode.setProperty("type", "myType");
            AccessControlUtils.addAccessControlEntry(this.testSession, addNode.getPath(), this.testUser.getPrincipal(), new String[]{"jcr:all"}, true);
            this.testSession.save();
            fail("Missing rep:modifyAccessControl privilege");
        } catch (AccessDeniedException e) {
        }
    }

    public void testVersionableIndexDefinition() throws Exception {
        allow(this.path, privilegesFromNames(new String[]{"rep:indexDefinitionManagement", "jcr:nodeTypeManagement"}));
        try {
            Node addNode = this.testSession.getNode(this.path).addNode("oak:index").addNode("myIndex", "oak:QueryIndexDefinition");
            addNode.setProperty("type", "myType");
            addNode.addMixin("mix:versionable");
            this.testSession.save();
            fail("Missing rep:versionManagement privilege");
        } catch (AccessDeniedException e) {
        }
    }
}
