package org.apache.james.mailbox.store;

import java.util.Map;
import javax.mail.Flags;
import org.apache.james.core.Username;
import org.apache.james.events.EventBus;
import org.apache.james.mailbox.MailboxSession;
import org.apache.james.mailbox.MailboxSessionUtil;
import org.apache.james.mailbox.acl.MailboxACLResolver;
import org.apache.james.mailbox.acl.UnionMailboxACLResolver;
import org.apache.james.mailbox.exception.DifferentDomainException;
import org.apache.james.mailbox.exception.MailboxException;
import org.apache.james.mailbox.exception.MailboxNotFoundException;
import org.apache.james.mailbox.exception.UnsupportedRightException;
import org.apache.james.mailbox.fixture.MailboxFixture;
import org.apache.james.mailbox.model.Mailbox;
import org.apache.james.mailbox.model.MailboxACL;
import org.apache.james.mailbox.model.MailboxId;
import org.apache.james.mailbox.model.MailboxPath;
import org.apache.james.mailbox.model.TestId;
import org.apache.james.mailbox.model.UidValidity;
import org.apache.james.mailbox.store.mail.MailboxMapper;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/james/mailbox/store/StoreRightManagerTest.class */
class StoreRightManagerTest {
    static final MailboxId MAILBOX_ID = TestId.of(42);
    static final UidValidity UID_VALIDITY = UidValidity.of(3421);
    StoreRightManager storeRightManager;
    MailboxSession aliceSession;
    MailboxACLResolver mailboxAclResolver;
    MailboxMapper mockedMailboxMapper;

    StoreRightManagerTest() {
    }

    @BeforeEach
    void setup() {
        this.aliceSession = MailboxSessionUtil.create(MailboxFixture.ALICE);
        MailboxSessionMapperFactory mailboxSessionMapperFactory = (MailboxSessionMapperFactory) Mockito.mock(MailboxSessionMapperFactory.class);
        this.mockedMailboxMapper = (MailboxMapper) Mockito.mock(MailboxMapper.class);
        this.mailboxAclResolver = new UnionMailboxACLResolver();
        EventBus eventBus = (EventBus) Mockito.mock(EventBus.class);
        Mockito.when(mailboxSessionMapperFactory.getMailboxMapper(this.aliceSession)).thenReturn(this.mockedMailboxMapper);
        this.storeRightManager = new StoreRightManager(mailboxSessionMapperFactory, this.mailboxAclResolver, eventBus);
    }

    @Test
    void hasRightShouldThrowMailboxNotFoundExceptionWhenMailboxDoesNotExist() {
        MailboxPath forUser = MailboxPath.forUser(MailboxFixture.ALICE, "unexisting mailbox");
        Mockito.when(this.mockedMailboxMapper.pathExists(forUser)).thenReturn(Mono.just(false));
        Assertions.assertThatThrownBy(() -> {
            this.storeRightManager.hasRight(forUser, MailboxACL.Right.Read, this.aliceSession);
        }).isInstanceOf(MailboxNotFoundException.class);
    }

    @Test
    void hasRightShouldReturnTrueWhenTheUserOwnTheMailbox() {
        Assertions.assertThat(this.storeRightManager.hasRight(new Mailbox(MailboxPath.forUser(MailboxFixture.ALICE, "INBOX"), UID_VALIDITY, MAILBOX_ID), MailboxACL.Right.Write, this.aliceSession)).isTrue();
    }

    @Test
    void hasRightShouldReturnTrueWhenTheUserDoesNotOwnTheMailboxButHaveTheCorrectRightOnIt() throws MailboxException {
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.Write})}));
        Assertions.assertThat(this.storeRightManager.hasRight(mailbox, MailboxACL.Right.Write, this.aliceSession)).isTrue();
    }

    @Test
    void hasRightShouldReturnTrueWhenTheUserDoesNotOwnTheMailboxButHasAtLeastTheCorrectRightOnIt() throws MailboxException {
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.Write, MailboxACL.Right.Lookup})}));
        Assertions.assertThat(this.storeRightManager.hasRight(mailbox, MailboxACL.Right.Write, this.aliceSession)).isTrue();
    }

    @Test
    void hasRightShouldReturnFalseWhenTheUserDoesNotOwnTheMailboxAndHasNoRightOnIt() {
        Assertions.assertThat(this.storeRightManager.hasRight(new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID), MailboxACL.Right.Write, this.aliceSession)).isFalse();
    }

    @Test
    void isReadWriteShouldReturnTrueWhenUserHasInsertRightOnMailbox() throws Exception {
        Flags flags = new Flags();
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.Insert})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isTrue();
    }

    @Test
    void isReadWriteShouldReturnTrueWhenUserHasPerformExpungeRightOnMailbox() throws Exception {
        Flags flags = new Flags();
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.PerformExpunge})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isTrue();
    }

    @Test
    void isReadWriteShouldReturnTrueWhenUserHasDeleteMessagesRightOnMailboxAndFlagsContainDeletedFlag() throws Exception {
        Flags flags = new Flags(Flags.Flag.DELETED);
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.DeleteMessages})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isTrue();
    }

    @Test
    void isReadWriteShouldReturnFalseWhenUserHasDeleteMessagesRightOnMailboxButFlagsDoesNotContainDeletedFlag() throws Exception {
        Flags flags = new Flags();
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.DeleteMessages})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isFalse();
    }

    @Test
    void isReadWriteShouldReturnTrueWhenUserHasWriteSeenFlagRightOnMailboxAndFlagsContainSeenFlag() throws Exception {
        Flags flags = new Flags(Flags.Flag.SEEN);
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.WriteSeenFlag})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isTrue();
    }

    @Test
    void isReadWriteShouldReturnFalseWhenUserHasWriteSeenFlagRightOnMailboxAndFlagsDoesNotContainSeenFlag() throws Exception {
        Flags flags = new Flags();
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.WriteSeenFlag})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isFalse();
    }

    @Test
    void isReadWriteShouldReturnTrueWhenUserHasWriteRightOnMailboxAndFlagsContainAnsweredFlag() throws Exception {
        Flags flags = new Flags(Flags.Flag.ANSWERED);
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.Write})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, flags)).isTrue();
    }

    @Test
    void isReadWriteShouldReturnFalseWhenUserDoesNotHaveInsertOrPerformExpungeRightOnMailboxAndNullFlag() throws Exception {
        Mailbox mailbox = new Mailbox(MailboxPath.forUser(MailboxFixture.BOB, "INBOX"), UID_VALIDITY, MAILBOX_ID);
        mailbox.setACL(new MailboxACL(new Map.Entry[]{new MailboxACL.Entry(MailboxFixture.ALICE.asString(), new MailboxACL.Right[]{MailboxACL.Right.Administer})}));
        Assertions.assertThat(this.storeRightManager.isReadWrite(this.aliceSession, mailbox, new Flags())).isFalse();
    }

    @Test
    void filteredForSessionShouldBeIdentityWhenOwner() throws UnsupportedRightException {
        MailboxACL apply = new MailboxACL().apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write}).forUser(MailboxFixture.BOB).asAddition()).apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write, MailboxACL.Right.Administer}).forUser(MailboxFixture.CEDRIC).asAddition());
        Assertions.assertThat(StoreRightManager.filteredForSession(new Mailbox(MailboxFixture.INBOX_ALICE, UID_VALIDITY, MAILBOX_ID), apply, this.aliceSession)).isEqualTo(apply);
    }

    @Test
    void filteredForSessionShouldBeIdentityWhenAdmin() throws UnsupportedRightException {
        MailboxACL apply = new MailboxACL().apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write}).forUser(MailboxFixture.BOB).asAddition()).apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write, MailboxACL.Right.Administer}).forUser(MailboxFixture.CEDRIC).asAddition());
        Assertions.assertThat(StoreRightManager.filteredForSession(new Mailbox(MailboxFixture.INBOX_ALICE, UID_VALIDITY, MAILBOX_ID), apply, MailboxSessionUtil.create(MailboxFixture.CEDRIC))).isEqualTo(apply);
    }

    @Test
    void filteredForSessionShouldContainOnlyLoggedUserWhenReadWriteAccess() throws UnsupportedRightException {
        Assertions.assertThat(StoreRightManager.filteredForSession(new Mailbox(MailboxFixture.INBOX_ALICE, UID_VALIDITY, MAILBOX_ID), new MailboxACL().apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write}).forUser(MailboxFixture.BOB).asAddition()).apply(MailboxACL.command().rights(new MailboxACL.Right[]{MailboxACL.Right.Read, MailboxACL.Right.Write, MailboxACL.Right.Administer}).forUser(MailboxFixture.CEDRIC).asAddition()), MailboxSessionUtil.create(MailboxFixture.BOB)).getEntries()).containsKey(MailboxACL.EntryKey.createUserEntryKey(MailboxFixture.BOB));
    }

    @Test
    void areDomainsDifferentShouldReturnTrueWhenOneHasDomainNotTheOther() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user@domain.org", Username.of("otherUser"))).isTrue();
    }

    @Test
    void areDomainsDifferentShouldReturnTrueWhenOtherHasDomainNotTheOne() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user", Username.of("otherUser@domain.org"))).isTrue();
    }

    @Test
    void areDomainsDifferentShouldReturnFalseWhenNoDomain() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user", Username.of("otherUser"))).isFalse();
    }

    @Test
    void areDomainsDifferentShouldReturnTrueWhenDomainsAreDifferent() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user@domain.org", Username.of("otherUser@otherdomain.org"))).isTrue();
    }

    @Test
    void areDomainsDifferentShouldReturnFalseWhenDomainsAreIdentical() {
        Assertions.assertThat(this.storeRightManager.areDomainsDifferent("user@domain.org", Username.of("otherUser@domain.org"))).isFalse();
    }

    @Test
    void assertSharesBelongsToUserDomainShouldThrowWhenOneDomainIsDifferent() throws Exception {
        MailboxACL mailboxACL = new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("a@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("b@otherdomain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("c@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write})});
        Assertions.assertThatThrownBy(() -> {
            this.storeRightManager.assertSharesBelongsToUserDomain(Username.of("user@domain.org"), mailboxACL.getEntries());
        }).isInstanceOf(DifferentDomainException.class);
    }

    @Test
    void assertSharesBelongsToUserDomainShouldNotThrowWhenDomainsAreIdentical() throws Exception {
        this.storeRightManager.assertSharesBelongsToUserDomain(Username.of("user@domain.org"), new MailboxACL(new Map.Entry[]{new MailboxACL.Entry("a@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("b@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write}), new MailboxACL.Entry("c@domain.org", new MailboxACL.Right[]{MailboxACL.Right.Write})}).getEntries());
    }

    @Test
    void applyRightsCommandShouldThrowWhenDomainsAreDifferent() {
        MailboxPath forUser = MailboxPath.forUser(Username.of("user@domain.org"), "mailbox");
        MailboxACL.ACLCommand asAddition = MailboxACL.command().forUser(Username.of("otherUser@otherdomain.org")).rights(MailboxACL.FULL_RIGHTS).asAddition();
        Assertions.assertThatThrownBy(() -> {
            this.storeRightManager.applyRightsCommand(forUser, asAddition, this.aliceSession);
        }).isInstanceOf(DifferentDomainException.class);
    }
}
