package com.zimbra.qa.unittest;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.CliUtil;
import com.zimbra.common.util.SetUtil;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AttributeClass;
import com.zimbra.cs.account.AttributeManager;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.accesscontrol.AllowedAttrs;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.cs.util.BuildInfoGenerated;
import com.zimbra.qa.unittest.TestACL;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/zimbra/qa/unittest/TestACLAttrRight.class */
public class TestACLAttrRight extends TestACL {
    static Right ATTR_RIGHT_GET_ALL;
    static Right ATTR_RIGHT_GET_SOME;
    static Right ATTR_RIGHT_SET_ALL;
    static Right ATTR_RIGHT_SET_SOME;
    static final Map<String, Object> ATTRS_SOME;
    static final AllowedAttrs EXPECTED_SOME;
    static final AllowedAttrs EXPECTED_SOME_EMPTY;
    static final AllowedAttrs EXPECTED_ALL_MINUS_SOME;
    static final Map<String, Object> ATTRS_SOME_MORE;

    public void oneGrantSome(TestACL.AllowOrDeny allowOrDeny, TestACL.GetOrSet getOrSet, AllowedAttrs allowedAttrs) throws Exception {
        String str = "oneGrantSome-" + allowOrDeny.name() + "-" + getOrSet.name();
        System.out.println("Testing " + str);
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(str, "authed"));
        Account createDelegatedAdminAccount = createDelegatedAdminAccount(getEmailAddr(str, BuildInfoGenerated.RELCLASS));
        Right right = getOrSet.isGet() ? ATTR_RIGHT_GET_SOME : ATTR_RIGHT_SET_SOME;
        Account createAccount = mProv.createAccount(getEmailAddr(str, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createDelegatedAdminAccount, right, allowOrDeny);
        verify(createDelegatedAdminAccount, createAccount, getOrSet, allowedAttrs);
    }

    public void oneGrantAll(TestACL.AllowOrDeny allowOrDeny, TestACL.GetOrSet getOrSet, AllowedAttrs allowedAttrs) throws Exception {
        String str = "oneGrantAll-" + allowOrDeny.name() + "-" + getOrSet.name();
        System.out.println("Testing " + str);
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(str, "authed"));
        Account createDelegatedAdminAccount = createDelegatedAdminAccount(getEmailAddr(str, BuildInfoGenerated.RELCLASS));
        Right right = getOrSet.isGet() ? ATTR_RIGHT_GET_ALL : ATTR_RIGHT_SET_ALL;
        Account createAccount = mProv.createAccount(getEmailAddr(str, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createDelegatedAdminAccount, right, allowOrDeny);
        verify(createDelegatedAdminAccount, createAccount, getOrSet, allowedAttrs);
    }

    private void someAllSameLevel(TestACL.AllowOrDeny allowOrDeny, TestACL.AllowOrDeny allowOrDeny2, TestACL.GetOrSet getOrSet, AllowedAttrs allowedAttrs) throws ServiceException {
        Right right;
        Right right2;
        String str = "someAllSameLevel-" + allowOrDeny.name() + "-some-" + allowOrDeny2.name() + "-all-" + getOrSet.name();
        System.out.println("Testing " + str);
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(str, "authed"));
        Account createDelegatedAdminAccount = createDelegatedAdminAccount(getEmailAddr(str, BuildInfoGenerated.RELCLASS));
        if (getOrSet.isGet()) {
            right = ATTR_RIGHT_GET_SOME;
            right2 = ATTR_RIGHT_GET_ALL;
        } else {
            right = ATTR_RIGHT_SET_SOME;
            right2 = ATTR_RIGHT_SET_ALL;
        }
        Account createAccount = mProv.createAccount(getEmailAddr(str, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createDelegatedAdminAccount, right, allowOrDeny);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createDelegatedAdminAccount, right2, allowOrDeny2);
        verify(createDelegatedAdminAccount, createAccount, getOrSet, allowedAttrs);
    }

    public void someAllDiffLevel(TestACL.AllowOrDeny allowOrDeny, TestACL.AllowOrDeny allowOrDeny2, boolean z, TestACL.GetOrSet getOrSet, AllowedAttrs allowedAttrs) throws Exception {
        Right right;
        Right right2;
        String str = "someAllDiffLevel-" + allowOrDeny.name() + "-some-" + allowOrDeny2.name() + "-all-" + (z ? "someIsCloser" : "allIsCloser") + "-" + getOrSet.name();
        System.out.println("Testing " + str);
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(str, "authed"));
        Account createDelegatedAdminAccount = createDelegatedAdminAccount(getEmailAddr(str, BuildInfoGenerated.RELCLASS));
        DistributionList createAdminGroup = createAdminGroup(getEmailAddr(str, "GG"));
        mProv.addMembers(createAdminGroup, new String[]{createDelegatedAdminAccount.getName()});
        if (getOrSet.isGet()) {
            right = ATTR_RIGHT_GET_SOME;
            right2 = ATTR_RIGHT_GET_ALL;
        } else {
            right = ATTR_RIGHT_SET_SOME;
            right2 = ATTR_RIGHT_SET_ALL;
        }
        Account createAccount = mProv.createAccount(getEmailAddr(str, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        if (z) {
            grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createDelegatedAdminAccount, right, allowOrDeny);
            grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_GROUP, createAdminGroup, right2, allowOrDeny2);
        } else {
            grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createDelegatedAdminAccount, right2, allowOrDeny2);
            grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_GROUP, createAdminGroup, right, allowOrDeny);
        }
        verify(createDelegatedAdminAccount, createAccount, getOrSet, allowedAttrs);
    }

    public void testOneGrantSome() throws Exception {
        oneGrantSome(ALLOW, SET, EXPECTED_SOME);
        oneGrantSome(DENY, SET, EXPECTED_SOME_EMPTY);
        oneGrantSome(ALLOW, GET, EXPECTED_SOME);
        oneGrantSome(DENY, GET, EXPECTED_SOME_EMPTY);
    }

    public void testOneGrantAll() throws Exception {
        oneGrantAll(ALLOW, SET, AllowedAttrs.ALLOW_ALL_ATTRS());
        oneGrantAll(DENY, SET, AllowedAttrs.DENY_ALL_ATTRS());
        oneGrantAll(ALLOW, GET, AllowedAttrs.ALLOW_ALL_ATTRS());
        oneGrantAll(DENY, GET, AllowedAttrs.DENY_ALL_ATTRS());
    }

    public void testTwoGrantsSameLevel() throws Exception {
        someAllSameLevel(ALLOW, ALLOW, SET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllSameLevel(DENY, ALLOW, SET, EXPECTED_ALL_MINUS_SOME);
        someAllSameLevel(ALLOW, DENY, SET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllSameLevel(DENY, DENY, SET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllSameLevel(ALLOW, ALLOW, GET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllSameLevel(DENY, ALLOW, GET, EXPECTED_ALL_MINUS_SOME);
        someAllSameLevel(ALLOW, DENY, GET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllSameLevel(DENY, DENY, GET, AllowedAttrs.DENY_ALL_ATTRS());
    }

    public void testTwoGrantsDiffLevel() throws Exception {
        someAllDiffLevel(ALLOW, ALLOW, true, SET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllDiffLevel(DENY, ALLOW, true, SET, EXPECTED_ALL_MINUS_SOME);
        someAllDiffLevel(ALLOW, DENY, true, SET, EXPECTED_SOME);
        someAllDiffLevel(DENY, DENY, true, SET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllDiffLevel(ALLOW, ALLOW, false, SET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllDiffLevel(DENY, ALLOW, false, SET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllDiffLevel(ALLOW, DENY, false, SET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllDiffLevel(DENY, DENY, false, SET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllDiffLevel(ALLOW, ALLOW, true, GET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllDiffLevel(DENY, ALLOW, true, GET, EXPECTED_ALL_MINUS_SOME);
        someAllDiffLevel(ALLOW, DENY, true, GET, EXPECTED_SOME);
        someAllDiffLevel(DENY, DENY, true, GET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllDiffLevel(ALLOW, ALLOW, false, GET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllDiffLevel(DENY, ALLOW, false, GET, AllowedAttrs.ALLOW_ALL_ATTRS());
        someAllDiffLevel(ALLOW, DENY, false, GET, AllowedAttrs.DENY_ALL_ATTRS());
        someAllDiffLevel(DENY, DENY, false, GET, AllowedAttrs.DENY_ALL_ATTRS());
    }

    public static void main(String[] strArr) throws Exception {
        CliUtil.toolSetup("INFO");
        TestUtil.runTest(TestACLAttrRight.class);
    }

    static {
        HashSet hashSet = new HashSet();
        ATTRS_SOME = new HashMap();
        ATTRS_SOME.put(ZAttrProvisioning.A_zimbraMailQuota, "123");
        ATTRS_SOME.put(ZAttrProvisioning.A_zimbraQuotaWarnPercent, "123");
        ATTRS_SOME.put(ZAttrProvisioning.A_zimbraQuotaWarnInterval, "123");
        ATTRS_SOME.put(ZAttrProvisioning.A_zimbraQuotaWarnMessage, "123");
        ATTRS_SOME_MORE = new HashMap(ATTRS_SOME);
        ATTRS_SOME_MORE.put(ZAttrProvisioning.A_zimbraFeatureMailEnabled, "TRUE");
        ATTRS_SOME_MORE.put(ZAttrProvisioning.A_zimbraFeatureCalendarEnabled, "TRUE");
        ATTRS_SOME_MORE.put(ZAttrProvisioning.A_zimbraPrefLocale, DavElements.LANG_EN_US);
        Set<String> set = null;
        try {
            set = AttributeManager.getInstance().getAllAttrsInClass(AttributeClass.account);
            ATTR_RIGHT_GET_ALL = TestACL.getRight(RightConsts.RT_getAccount);
            ATTR_RIGHT_GET_SOME = TestACL.getRight("test-getAttrs-account-2");
            ATTR_RIGHT_SET_ALL = TestACL.getRight(RightConsts.RT_modifyAccount);
            ATTR_RIGHT_SET_SOME = TestACL.getRight("test-setAttrs-account-2");
        } catch (ServiceException e) {
            System.exit(1);
        }
        Set subtract = SetUtil.subtract(set, ATTRS_SOME.keySet());
        EXPECTED_SOME = AllowedAttrs.ALLOW_SOME_ATTRS(ATTRS_SOME.keySet());
        EXPECTED_SOME_EMPTY = AllowedAttrs.ALLOW_SOME_ATTRS(hashSet);
        EXPECTED_ALL_MINUS_SOME = AllowedAttrs.ALLOW_SOME_ATTRS(subtract);
    }
}
