package org.apache.james.mailbox.store;

import java.util.Map;
import javax.mail.Flags;
import org.apache.james.mailbox.acl.GroupMembershipResolver;
import org.apache.james.mailbox.acl.MailboxACLResolver;
import org.apache.james.mailbox.acl.SimpleGroupMembershipResolver;
import org.apache.james.mailbox.acl.UnionMailboxACLResolver;
import org.apache.james.mailbox.exception.DifferentDomainException;
import org.apache.james.mailbox.exception.MailboxException;
import org.apache.james.mailbox.exception.MailboxNotFoundException;
import org.apache.james.mailbox.exception.UnsupportedRightException;
import org.apache.james.mailbox.fixture.MailboxFixture;
import org.apache.james.mailbox.mock.MockMailboxSession;
import org.apache.james.mailbox.model.MailboxACL;
import org.apache.james.mailbox.model.MailboxPath;
import org.apache.james.mailbox.store.event.MailboxEventDispatcher;
import org.apache.james.mailbox.store.mail.MailboxMapper;
import org.apache.james.mailbox.store.mail.model.impl.SimpleMailbox;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/james/mailbox/store/StoreRightManagerTest.class */
public class StoreRightManagerTest {
    private static final long UID_VALIDITY = 3421;
    private StoreRightManager storeRightManager;
    private MockMailboxSession aliceSession;
    private MailboxACLResolver mailboxAclResolver;
    private GroupMembershipResolver groupMembershipResolver;
    private MailboxMapper mockedMailboxMapper;

    @Before
    public void setup() throws MailboxException {
        this.aliceSession = new MockMailboxSession("alice");
        MailboxSessionMapperFactory mailboxSessionMapperFactory = (MailboxSessionMapperFactory) Mockito.mock(MailboxSessionMapperFactory.class);
        this.mockedMailboxMapper = (MailboxMapper) Mockito.mock(MailboxMapper.class);
        this.mailboxAclResolver = new UnionMailboxACLResolver();
        this.groupMembershipResolver = new SimpleGroupMembershipResolver();
        MailboxEventDispatcher mailboxEventDispatcher = (MailboxEventDispatcher) Mockito.mock(MailboxEventDispatcher.class);
        Mockito.when(mailboxSessionMapperFactory.getMailboxMapper(this.aliceSession)).thenReturn(this.mockedMailboxMapper);
        this.storeRightManager = new StoreRightManager(mailboxSessionMapperFactory, this.mailboxAclResolver, this.groupMembershipResolver, mailboxEventDispatcher);
    }

    @Test
    public void hasRightShouldThrowMailboxNotFoundExceptionWhenMailboxDoesNotExist() throws MailboxException {
        MailboxPath forUser = MailboxPath.forUser("alice", "unexisting mailbox");
        Mockito.when(this.mockedMailboxMapper.findMailboxByPath(forUser)).thenThrow(new Throwable[]{new MailboxNotFoundException("")});
        Assertions.assertThatThrownBy(() -> {
            this.storeRightManager.hasRight(forUser, MailboxACL.Right.Read, this.aliceSession);
        }).isInstanceOf(MailboxNotFoundException.class);
    }

    @Test
    public void hasRightShouldReturnTrueWhenTheUserOwnTheMailbox() throws MailboxException {
        Assertions.assertThat(this.storeRightManager.hasRight(new SimpleMailbox(MailboxPath.forUser("alice", "INBOX"), UID_VALIDITY), MailboxACL.Right.Write, this.aliceSession)).isTrue();
    }

    @Test
    public void hasRightShouldReturnTrueWhenTheUserDoesNotOwnTheMailboxButHaveTheCorrectRightOnIt() throws MailboxException {
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.Write})}));
        Assertions.assertThat(this.storeRightManager.hasRight(simpleMailbox, MailboxACL.Right.Write, this.aliceSession)).isTrue();
    }

    @Test
    public void hasRightShouldReturnTrueWhenTheUserDoesNotOwnTheMailboxButHasAtLeastTheCorrectRightOnIt() throws MailboxException {
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.Write, MailboxACL.Right.Lookup})}));
        Assertions.assertThat(this.storeRightManager.hasRight(simpleMailbox, MailboxACL.Right.Write, this.aliceSession)).isTrue();
    }

    @Test
    public void hasRightShouldReturnFalseWhenTheUserDoesNotOwnTheMailboxAndHasNoRightOnIt() throws MailboxException {
        Assertions.assertThat(this.storeRightManager.hasRight(new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY), MailboxACL.Right.Write, this.aliceSession)).isFalse();
    }

    @Test
    public void isReadWriteShouldReturnTrueWhenUserHasInsertRightOnMailbox() throws Exception {
        Flags flags = new Flags();
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.Insert})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isTrue();
    }

    @Test
    public void isReadWriteShouldReturnTrueWhenUserHasPerformExpungeRightOnMailbox() throws Exception {
        Flags flags = new Flags();
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.PerformExpunge})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isTrue();
    }

    @Test
    public void isReadWriteShouldReturnTrueWhenUserHasDeleteMessagesRightOnMailboxAndFlagsContainDeletedFlag() throws Exception {
        Flags flags = new Flags(Flags.Flag.DELETED);
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.DeleteMessages})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isTrue();
    }

    @Test
    public void isReadWriteShouldReturnFalseWhenUserHasDeleteMessagesRightOnMailboxButFlagsDoesNotContainDeletedFlag() throws Exception {
        Flags flags = new Flags();
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.DeleteMessages})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isFalse();
    }

    @Test
    public void isReadWriteShouldReturnTrueWhenUserHasWriteSeenFlagRightOnMailboxAndFlagsContainSeenFlag() throws Exception {
        Flags flags = new Flags(Flags.Flag.SEEN);
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.WriteSeenFlag})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isTrue();
    }

    @Test
    public void isReadWriteShouldReturnFalseWhenUserHasWriteSeenFlagRightOnMailboxAndFlagsDoesNotContainSeenFlag() throws Exception {
        Flags flags = new Flags();
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.WriteSeenFlag})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isFalse();
    }

    @Test
    public void isReadWriteShouldReturnTrueWhenUserHasWriteRightOnMailboxAndFlagsContainAnsweredFlag() throws Exception {
        Flags flags = new Flags(Flags.Flag.ANSWERED);
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.Write})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, flags)).isTrue();
    }

    @Test
    public void isReadWriteShouldReturnFalseWhenUserDoesNotHaveInsertOrPerformExpungeRightOnMailboxAndNullFlag() throws Exception {
        SimpleMailbox simpleMailbox = new SimpleMailbox(MailboxPath.forUser("bob", "INBOX"), UID_VALIDITY);
        simpleMailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("alice", new MailboxACL.Right[]{MailboxACL.Right.Administer})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, simpleMailbox, new Flags())).isFalse();
    }

    @Test
    public void filteredForSessionShouldBeIdentityWhenOwner() throws UnsupportedRightException {
        MailboxACL apply = new MailboxACL().apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write}).forUser("bob").asAddition()).apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write, MailboxACL.Right.Administer}).forUser("cedric").asAddition());
        Assertions.assertThat(StoreRightManager.filteredForSession(new SimpleMailbox(MailboxFixture.INBOX_ALICE, UID_VALIDITY), apply, this.aliceSession)).isEqualTo(apply);
    }

    @Test
    public void filteredForSessionShouldBeIdentityWhenAdmin() throws UnsupportedRightException {
        MailboxACL apply = new MailboxACL().apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write}).forUser("bob").asAddition()).apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write, MailboxACL.Right.Administer}).forUser("cedric").asAddition());
        Assertions.assertThat(StoreRightManager.filteredForSession(new SimpleMailbox(MailboxFixture.INBOX_ALICE, UID_VALIDITY), apply, new MockMailboxSession("cedric"))).isEqualTo(apply);
    }

    @Test
    public void filteredForSessionShouldContainOnlyLoggedUserWhenReadWriteAccess() throws UnsupportedRightException {
        Assertions.assertThat(StoreRightManager.filteredForSession(new SimpleMailbox(MailboxFixture.INBOX_ALICE, UID_VALIDITY), new MailboxACL().apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write}).forUser("bob").asAddition()).apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write, MailboxACL.Right.Administer}).forUser("cedric").asAddition()), new MockMailboxSession("bob")).getEntries()).containsKey(MailboxACL.EntryKey.createUserEntryKey("bob"));
    }

    @Test
    public void areDomainsDifferentShouldReturnTrueWhenOneHasDomainNotTheOther() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user@domain.org", "otherUser")).isTrue();
    }

    @Test
    public void areDomainsDifferentShouldReturnTrueWhenOtherHasDomainNotTheOne() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user", "otherUser@domain.org")).isTrue();
    }

    @Test
    public void areDomainsDifferentShouldReturnFalseWhenNoDomain() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user", "otherUser")).isFalse();
    }

    @Test
    public void areDomainsDifferentShouldReturnTrueWhenDomainsAreDifferent() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user@domain.org", "otherUser@otherdomain.org")).isTrue();
    }

    @Test
    public void areDomainsDifferentShouldReturnFalseWhenDomainsAreIdentical() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user@domain.org", "otherUser@domain.org")).isFalse();
    }

    @Test
    public void assertSharesBelongsToUserDomainShouldThrowWhenOneDomainIsDifferent() throws Exception {
        MailboxACL mailboxACL = new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("a@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("b@otherdomain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("c@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write})});
        Assertions.assertThatThrownBy(() -> {
            this.storeRightManager.assertSharesBelongsToUserDomain("user@domain.org", mailboxACL.getEntries());
        }).isInstanceOf(DifferentDomainException.class);
    }

    @Test
    public void assertSharesBelongsToUserDomainShouldNotThrowWhenDomainsAreIdentical() throws Exception {
        this.storeRightManager.assertSharesBelongsToUserDomain("user@domain.org", new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("a@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("b@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("c@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write})}).getEntries());
    }

    @Test
    public void applyRightsCommandShouldThrowWhenDomainsAreDifferent() {
        MailboxPath forUser = MailboxPath.forUser("user@domain.org", "mailbox");
        MailboxACL.ACLCommand asAddition = MailboxACL.command().forUser("otherUser@otherdomain.org").rights(MailboxACL.FULL_RIGHTS).asAddition();
        Assertions.assertThatThrownBy(() -> {
            this.storeRightManager.applyRightsCommand(forUser, asAddition, this.aliceSession);
        }).isInstanceOf(DifferentDomainException.class);
    }
}
