package com.zimbra.qa.unittest;

import com.zimbra.common.util.CliUtil;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.CalendarResource;
import com.zimbra.cs.account.Config;
import com.zimbra.cs.account.Cos;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.GlobalGrant;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.Zimlet;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.zclient.ZShare;
import com.zimbra.cs.zimlet.ZimletMeta;
import com.zimbra.qa.unittest.TestACL;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/zimbra/qa/unittest/TestACLTarget.class */
public class TestACLTarget extends TestACL {
    public void testTargetAccount() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_ACCOUNT;
        Account createAccount = mProv.createAccount(getEmailAddr(name, ZimletMeta.ZIMLET_TAG_TARGET), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        DistributionList createDistributionList = mProv.createDistributionList(getEmailAddr(name, "group1"), new HashMap());
        DistributionList createDistributionList2 = mProv.createDistributionList(getEmailAddr(name, "group2"), new HashMap());
        mProv.addMembers(createDistributionList, new String[]{createDistributionList2.getName()});
        mProv.addMembers(createDistributionList2, new String[]{createAccount.getName()});
        grantRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        NamedEntry domain = mProv.getDomain(createAccount);
        grantRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetCalendarResource() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_CALENDAR_RESOURCE;
        HashMap hashMap = new HashMap();
        hashMap.put(ZAttrProvisioning.A_displayName, "foo");
        hashMap.put(ZAttrProvisioning.A_zimbraCalResType, "Equipment");
        CalendarResource createCalendarResource = mProv.createCalendarResource(getEmailAddr(name, ZimletMeta.ZIMLET_TAG_TARGET), TestUtil.DEFAULT_PASSWORD, hashMap);
        grantRight(systemAdminAccount, TargetType.calresource, createCalendarResource, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createCalendarResource, right, ALLOW, new TestACL.TestViaGrant(TargetType.calresource, createCalendarResource, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.calresource, createCalendarResource, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        DistributionList createDistributionList = mProv.createDistributionList(getEmailAddr(name, "group1"), new HashMap());
        DistributionList createDistributionList2 = mProv.createDistributionList(getEmailAddr(name, "group2"), new HashMap());
        mProv.addMembers(createDistributionList, new String[]{createDistributionList2.getName()});
        mProv.addMembers(createDistributionList2, new String[]{createCalendarResource.getName()});
        grantRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createCalendarResource, right, ALLOW, new TestACL.TestViaGrant(TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        NamedEntry domain = mProv.getDomain(createCalendarResource);
        grantRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createCalendarResource, right, ALLOW, new TestACL.TestViaGrant(TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createCalendarResource, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetGroup() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_DISTRIBUTION_LIST;
        DistributionList createDistributionList = mProv.createDistributionList(getEmailAddr(name, ZimletMeta.ZIMLET_TAG_TARGET), new HashMap());
        grantRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createDistributionList, right, ALLOW, new TestACL.TestViaGrant(TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        DistributionList createDistributionList2 = mProv.createDistributionList(getEmailAddr(name, "group1"), new HashMap());
        DistributionList createDistributionList3 = mProv.createDistributionList(getEmailAddr(name, "group2"), new HashMap());
        mProv.addMembers(createDistributionList2, new String[]{createDistributionList3.getName()});
        mProv.addMembers(createDistributionList3, new String[]{createDistributionList.getName()});
        grantRight(systemAdminAccount, TargetType.dl, createDistributionList2, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createDistributionList, right, ALLOW, new TestACL.TestViaGrant(TargetType.dl, createDistributionList2, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.dl, createDistributionList2, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        NamedEntry domain = mProv.getDomain(createDistributionList);
        grantRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createDistributionList, right, ALLOW, new TestACL.TestViaGrant(TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createDistributionList, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetDomain() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_DOMAIN;
        Domain domain = mProv.get(Provisioning.DomainBy.name, DOMAIN_NAME);
        grantRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, domain, right, ALLOW, new TestACL.TestViaGrant(TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, domain, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetCos() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_COS;
        Cos cos = mProv.get(Provisioning.CosBy.name, "default");
        grantRight(systemAdminAccount, TargetType.cos, cos, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, cos, right, ALLOW, new TestACL.TestViaGrant(TargetType.cos, cos, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.cos, cos, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, cos, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetServer() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_SERVER;
        Server localServer = mProv.getLocalServer();
        grantRight(systemAdminAccount, TargetType.server, localServer, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, localServer, right, ALLOW, new TestACL.TestViaGrant(TargetType.server, localServer, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.server, localServer, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, localServer, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetZimlet() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_ZIMLET;
        Zimlet zimlet = mProv.getZimlet("com_zimbra_date");
        grantRight(systemAdminAccount, TargetType.zimlet, zimlet, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, zimlet, right, ALLOW, new TestACL.TestViaGrant(TargetType.zimlet, zimlet, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.zimlet, zimlet, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, zimlet, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetConfig() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_CONFIG;
        Config config = mProv.getConfig();
        grantRight(systemAdminAccount, TargetType.config, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, config, right, ALLOW, new TestACL.TestViaGrant(TargetType.config, config, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.config, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, config, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetGlobalGrant() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_GLOBALGRANT;
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, globalGrant, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
    }

    public void testTargetPrecedence() throws Exception {
        String name = getName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(name, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(name, ZShare.E_GRANTEE));
        Right right = ADMIN_RIGHT_ACCOUNT;
        Account createAccount = mProv.createAccount(getEmailAddr(name, ZimletMeta.ZIMLET_TAG_TARGET), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        DistributionList createDistributionList = mProv.createDistributionList(getEmailAddr(name, "group1"), new HashMap());
        DistributionList createDistributionList2 = mProv.createDistributionList(getEmailAddr(name, "group2"), new HashMap());
        mProv.addMembers(createDistributionList, new String[]{createDistributionList2.getName()});
        mProv.addMembers(createDistributionList2, new String[]{createAccount.getName()});
        grantRight(systemAdminAccount, TargetType.dl, createDistributionList2, GranteeType.GT_USER, createAdminAccount, right, DENY);
        grantRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        NamedEntry domain = mProv.getDomain(createAccount);
        grantRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, DENY);
        GlobalGrant globalGrant = mProv.getGlobalGrant();
        grantRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, DENY, new TestACL.TestViaGrant(TargetType.dl, createDistributionList2, GranteeType.GT_USER, createAdminAccount.getName(), right, true));
        revokeRight(systemAdminAccount, TargetType.dl, createDistributionList2, GranteeType.GT_USER, createAdminAccount, right, DENY);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.dl, createDistributionList, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, right, DENY, new TestACL.TestViaGrant(TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount.getName(), right, true));
        revokeRight(systemAdminAccount, TargetType.domain, domain, GranteeType.GT_USER, createAdminAccount, right, DENY);
        verify(createAdminAccount, createAccount, right, ALLOW, new TestACL.TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, createAdminAccount.getName(), right, false));
        revokeRight(systemAdminAccount, TargetType.global, null, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verifyDefault(createAdminAccount, createAccount, right);
    }

    public void testGroupExpansion() throws Exception {
        String name = getName();
        Account createAccount = mProv.createAccount(getEmailAddr(name, "account"), TestUtil.DEFAULT_PASSWORD, null);
        DistributionList createDistributionList = mProv.createDistributionList(getEmailAddr(name, "A"), new HashMap());
        DistributionList createDistributionList2 = mProv.createDistributionList(getEmailAddr(name, "B"), new HashMap());
        DistributionList createDistributionList3 = mProv.createDistributionList(getEmailAddr(name, "C"), new HashMap());
        DistributionList createDistributionList4 = mProv.createDistributionList(getEmailAddr(name, "D"), new HashMap());
        DistributionList createDistributionList5 = mProv.createDistributionList(getEmailAddr(name, "E"), new HashMap());
        DistributionList createDistributionList6 = mProv.createDistributionList(getEmailAddr(name, "F"), new HashMap());
        DistributionList createDistributionList7 = mProv.createDistributionList(getEmailAddr(name, "G"), new HashMap());
        DistributionList createDistributionList8 = mProv.createDistributionList(getEmailAddr(name, "H"), new HashMap());
        mProv.addMembers(createDistributionList, new String[]{createAccount.getName()});
        mProv.addMembers(createDistributionList2, new String[]{createAccount.getName()});
        mProv.addMembers(createDistributionList3, new String[]{createDistributionList.getName()});
        mProv.addMembers(createDistributionList4, new String[]{createAccount.getName(), createDistributionList2.getName()});
        mProv.addMembers(createDistributionList5, new String[]{createAccount.getName(), createDistributionList4.getName()});
        mProv.addMembers(createDistributionList6, new String[]{createDistributionList4.getName()});
        mProv.addMembers(createDistributionList7, new String[]{createDistributionList5.getName()});
        mProv.addMembers(createDistributionList8, new String[]{createDistributionList6.getName()});
        HashMap hashMap = new HashMap();
        Iterator<DistributionList> it = mProv.getDistributionLists(createAccount, false, (Map<String, String>) hashMap).iterator();
        while (it.hasNext()) {
            int i = 0;
            String name2 = it.next().getName();
            String str = name2;
            do {
                str = (String) hashMap.get(str);
                i++;
            } while (str != null);
            if (name2.equals(createDistributionList.getName())) {
                assertEquals(1, i);
            } else if (name2.equals(createDistributionList2.getName())) {
                assertEquals(1, i);
            } else if (name2.equals(createDistributionList3.getName())) {
                assertEquals(2, i);
            } else if (name2.equals(createDistributionList4.getName())) {
                assertEquals(1, i);
            } else if (name2.equals(createDistributionList5.getName())) {
                assertEquals(1, i);
            } else if (name2.equals(createDistributionList6.getName())) {
                assertEquals(2, i);
            } else if (name2.equals(createDistributionList7.getName())) {
                assertEquals(2, i);
            } else if (name2.equals(createDistributionList8.getName())) {
                assertEquals(3, i);
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        CliUtil.toolSetup("INFO");
        TestUtil.runTest(TestACLTarget.class);
    }
}
