package org.apache.paimon.privilege;

import java.nio.file.Path;
import java.util.function.Predicate;
import org.apache.paimon.catalog.CatalogContext;
import org.apache.paimon.catalog.Identifier;
import org.apache.paimon.fs.FileIO;
import org.apache.paimon.utils.TraceableFileIO;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/apache/paimon/privilege/FileBasedPrivilegeManagerTest.class */
public class FileBasedPrivilegeManagerTest {
    private static final String PASSWORD_ROOT = "123456";

    @TempDir
    public Path tempPath;
    private org.apache.paimon.fs.Path warehouse;

    @BeforeEach
    public void beforeEach() {
        this.warehouse = new org.apache.paimon.fs.Path("traceable://" + this.tempPath.toString());
    }

    @AfterEach
    public void afterEach() {
        Predicate predicate = path -> {
            return path.toString().contains(this.tempPath.toString());
        };
        Assertions.assertThat(TraceableFileIO.openInputStreams(predicate)).isEmpty();
        Assertions.assertThat(TraceableFileIO.openOutputStreams(predicate)).isEmpty();
    }

    @Test
    public void testInitializeMultipleTimes() throws Exception {
        initPrivilege();
        org.junit.jupiter.api.Assertions.assertThrows(IllegalStateException.class, this::initPrivilege);
    }

    @Test
    public void testUsers() throws Exception {
        initPrivilege();
        FileBasedPrivilegeManager privilegeManager = getPrivilegeManager("root", PASSWORD_ROOT);
        privilegeManager.createUser("test", "passwd");
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            privilegeManager.createUser("test", "changed");
        });
        FileBasedPrivilegeManager privilegeManager2 = getPrivilegeManager("test", "passwd");
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            getPrivilegeManager("test", "wrong").getPrivilegeChecker();
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeManager2.createUser("test2", "passwd");
        });
        privilegeManager.dropUser("test");
        privilegeManager.dropUser("test");
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            getPrivilegeManager("test", "passwd").getPrivilegeChecker();
        });
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            privilegeManager.dropUser("root");
        });
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            privilegeManager.dropUser("anonymous");
        });
    }

    @Test
    public void testGrantAndRevoke() throws Exception {
        initPrivilege();
        FileBasedPrivilegeManager privilegeManager = getPrivilegeManager("root", PASSWORD_ROOT);
        privilegeManager.createUser("test", "passwd");
        privilegeManager.grant("test", "my_db", PrivilegeType.SELECT);
        privilegeManager.grant("test", "another_db.my_tbl", PrivilegeType.SELECT);
        privilegeManager.grant("test", "another_db.my_tbl", PrivilegeType.INSERT);
        privilegeManager.grant("test", "another_db.another_tbl", PrivilegeType.INSERT);
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            privilegeManager.grant("test2", "my_db", PrivilegeType.SELECT);
        });
        FileBasedPrivilegeManager privilegeManager2 = getPrivilegeManager("test", "passwd");
        PrivilegeChecker privilegeChecker = privilegeManager2.getPrivilegeChecker();
        privilegeChecker.assertCanSelect(Identifier.create("my_db", "my_tbl"));
        privilegeChecker.assertCanSelect(Identifier.create("my_db", "another_tbl"));
        privilegeChecker.assertCanSelect(Identifier.create("another_db", "my_tbl"));
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker.assertCanSelect(Identifier.create("another_db", "another_tbl"));
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker.assertCanInsert(Identifier.create("my_db", "my_tbl"));
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker.assertCanInsert(Identifier.create("my_db", "another_tbl"));
        });
        privilegeChecker.assertCanInsert(Identifier.create("another_db", "my_tbl"));
        privilegeChecker.assertCanInsert(Identifier.create("another_db", "another_tbl"));
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeManager2.grant("test", "another_db.another_tbl", PrivilegeType.SELECT);
        });
        privilegeManager.revoke("test", "another_db", PrivilegeType.INSERT);
        org.junit.jupiter.api.Assertions.assertThrows(IllegalArgumentException.class, () -> {
            privilegeManager.revoke("test2", "another_db", PrivilegeType.INSERT);
        });
        PrivilegeChecker privilegeChecker2 = privilegeManager2.getPrivilegeChecker();
        privilegeChecker2.assertCanSelect(Identifier.create("my_db", "my_tbl"));
        privilegeChecker2.assertCanSelect(Identifier.create("my_db", "another_tbl"));
        privilegeChecker2.assertCanSelect(Identifier.create("another_db", "my_tbl"));
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker2.assertCanSelect(Identifier.create("another_db", "another_tbl"));
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker2.assertCanInsert(Identifier.create("my_db", "my_tbl"));
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker2.assertCanInsert(Identifier.create("my_db", "another_tbl"));
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker2.assertCanInsert(Identifier.create("another_db", "my_tbl"));
        });
        org.junit.jupiter.api.Assertions.assertThrows(NoPrivilegeException.class, () -> {
            privilegeChecker2.assertCanInsert(Identifier.create("another_db", "another_tbl"));
        });
    }

    private void initPrivilege() throws Exception {
        getPrivilegeManager("anonymous", "anonymous").initializePrivilege(PASSWORD_ROOT);
    }

    private FileBasedPrivilegeManager getPrivilegeManager(String str, String str2) throws Exception {
        return new FileBasedPrivilegeManager(this.warehouse.toString(), FileIO.get(this.warehouse, CatalogContext.create(this.warehouse)), str, str2);
    }
}
