package com.zimbra.qa.unittest;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.CliUtil;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Cos;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.accesscontrol.AllowedAttrs;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightManager;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.rmgmt.RemoteMailQueue;
import com.zimbra.cs.util.BuildInfoGenerated;
import com.zimbra.qa.unittest.TestACL;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;

/* loaded from: input_file:com/zimbra/qa/unittest/TestACLRight.class */
public class TestACLRight extends TestACL {
    private static Map<String, Object> ATTRS_IN_SET_SOME_ATTRS_RIGHT;
    private static Map<String, Object> ATTRS_IN_SET_SOME_ATTRS_RIGHT_VIOLATE_CONSTRAINT;
    private static Map<String, Object> ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT;
    private static Right GET_SOME_ATTRS_RIGHT;
    private static Right SET_SOME_ATTRS_RIGHT;
    private static Right GET_ALL_ATTRS_RIGHT;
    private static Right SET_ALL_ATTRS_RIGHT;
    private static Right CONFIGURE_CONSTRAINT_RIGHT;
    private static Right PRESET_RIGHT;
    private static Right COMBO_RIGHT;
    static int zimbraMailQuota_constraint_max = RemoteMailQueue.MAIL_QUEUE_INDEX_FLUSH_THRESHOLD;

    public void testGetSomeAttrs() throws Exception {
        String testName = getTestName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(testName, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(testName, BuildInfoGenerated.RELCLASS));
        Right right = GET_SOME_ATTRS_RIGHT;
        Account createAccount = mProv.createAccount(getEmailAddr(testName, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, GET_SOME_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, GET_ALL_ATTRS_RIGHT, (Map<String, Object>) null, DENY);
    }

    public void testGetAllAttrs() throws Exception {
        String testName = getTestName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(testName, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(testName, BuildInfoGenerated.RELCLASS));
        Right right = SET_SOME_ATTRS_RIGHT;
        Account createAccount = mProv.createAccount(getEmailAddr(testName, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        verify(createAdminAccount, createAccount, GET_SOME_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, GET_ALL_ATTRS_RIGHT, (Map<String, Object>) null, DENY);
    }

    public void testSetSomeAttrs() throws Exception {
        String testName = getTestName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(testName, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(testName, BuildInfoGenerated.RELCLASS));
        Right right = SET_SOME_ATTRS_RIGHT;
        Account createAccount = mProv.createAccount(getEmailAddr(testName, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        Cos cos = mProv.getCOS(createAccount);
        cos.unsetConstraint();
        HashMap hashMap = new HashMap();
        cos.addConstraint("zimbraMailQuota:max=" + zimbraMailQuota_constraint_max, hashMap);
        mProv.modifyAttrs(cos, hashMap);
        verify(createAdminAccount, createAccount, SET_SOME_ATTRS_RIGHT, ATTRS_IN_SET_SOME_ATTRS_RIGHT, ALLOW);
        verify(createAdminAccount, createAccount, SET_SOME_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, SET_SOME_ATTRS_RIGHT, ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT, DENY);
        verify(createAdminAccount, createAccount, SET_SOME_ATTRS_RIGHT, ATTRS_IN_SET_SOME_ATTRS_RIGHT_VIOLATE_CONSTRAINT, DENY);
        verify(createAdminAccount, createAccount, GET_SOME_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, GET_ALL_ATTRS_RIGHT, (Map<String, Object>) null, DENY);
        grantRight(systemAdminAccount, TargetType.cos, cos, GranteeType.GT_USER, createAdminAccount, CONFIGURE_CONSTRAINT_RIGHT, ALLOW);
        verify(createAdminAccount, createAccount, SET_SOME_ATTRS_RIGHT, ATTRS_IN_SET_SOME_ATTRS_RIGHT_VIOLATE_CONSTRAINT, ALLOW);
    }

    public void testSetAllAttrs() throws Exception {
        String testName = getTestName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(testName, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(testName, BuildInfoGenerated.RELCLASS));
        Right right = SET_ALL_ATTRS_RIGHT;
        Account createAccount = mProv.createAccount(getEmailAddr(testName, "TA"), TestUtil.DEFAULT_PASSWORD, null);
        grantRight(systemAdminAccount, TargetType.account, createAccount, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        Cos cos = mProv.getCOS(createAccount);
        cos.unsetConstraint();
        HashMap hashMap = new HashMap();
        cos.addConstraint("zimbraMailQuota:max=" + zimbraMailQuota_constraint_max, hashMap);
        mProv.modifyAttrs(cos, hashMap);
        verify(createAdminAccount, createAccount, SET_ALL_ATTRS_RIGHT, ATTRS_IN_SET_SOME_ATTRS_RIGHT, ALLOW);
        verify(createAdminAccount, createAccount, SET_ALL_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, SET_ALL_ATTRS_RIGHT, ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT, ALLOW);
        verify(createAdminAccount, createAccount, SET_ALL_ATTRS_RIGHT, ATTRS_IN_SET_SOME_ATTRS_RIGHT_VIOLATE_CONSTRAINT, DENY);
        verify(createAdminAccount, createAccount, GET_SOME_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, GET_ALL_ATTRS_RIGHT, (Map<String, Object>) null, ALLOW);
    }

    public void testCheckComboRight() throws Exception {
        String testName = getTestName();
        Account systemAdminAccount = getSystemAdminAccount(getEmailAddr(testName, "authed"));
        Account createAdminAccount = createAdminAccount(getEmailAddr(testName, BuildInfoGenerated.RELCLASS));
        Right right = getRight("test-combo-account-domain");
        String subDomainName = getSubDomainName(testName);
        Domain createDomain = mProv.createDomain(subDomainName, new HashMap());
        grantRight(systemAdminAccount, TargetType.domain, createDomain, GranteeType.GT_USER, createAdminAccount, right, ALLOW);
        Account createAccount = mProv.createAccount("user1@" + subDomainName, TestUtil.DEFAULT_PASSWORD, null);
        new TestACL.TestViaGrant(TargetType.account, createDomain, GranteeType.GT_USER, createAdminAccount.getName(), right, false);
        verify(createAdminAccount, createDomain, getRight("test-preset-account"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createAccount, getRight("test-preset-account"), (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createDomain, getRight("test-preset-domain"), (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, getRight("test-preset-domain"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createDomain, getRight("test-preset-cos"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createDomain, getRight("test-setAttrs-account"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createAccount, getRight("test-setAttrs-account"), (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createDomain, getRight("test-setAttrs-distributionlist"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createAccount, getRight("test-setAttrs-distributionlist"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createDomain, getRight("test-setAttrs-domain"), (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, getRight("test-setAttrs-domain"), (Map<String, Object>) null, DENY);
        verify(createAdminAccount, createDomain, getRight("test-setAttrs-accountDomain"), (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createAccount, getRight("test-setAttrs-accountDomain"), (Map<String, Object>) null, ALLOW);
        verify(createAdminAccount, createDomain, getRight(RightConsts.RT_modifyServer), (Map<String, Object>) null, DENY);
        HashSet hashSet = new HashSet();
        hashSet.add(ZAttrProvisioning.A_zimbraMailStatus);
        hashSet.add(ZAttrProvisioning.A_zimbraMailQuota);
        hashSet.add(ZAttrProvisioning.A_zimbraQuotaWarnPercent);
        hashSet.add(ZAttrProvisioning.A_zimbraQuotaWarnInterval);
        hashSet.add(ZAttrProvisioning.A_zimbraQuotaWarnMessage);
        hashSet.add(ZAttrProvisioning.A_displayName);
        hashSet.add("description");
        verify(createAdminAccount, createAccount, SET, AllowedAttrs.ALLOW_SOME_ATTRS(hashSet));
        HashSet hashSet2 = new HashSet();
        hashSet2.add("description");
        hashSet2.add(ZAttrProvisioning.A_zimbraMailStatus);
        hashSet2.add(ZAttrProvisioning.A_zimbraGalMode);
        verify(createAdminAccount, createDomain, SET, AllowedAttrs.ALLOW_SOME_ATTRS(hashSet2));
    }

    public static void main(String[] strArr) throws Exception {
        CliUtil.toolSetup("INFO");
        TestUtil.runTest(TestACLRight.class);
    }

    static {
        try {
            GET_SOME_ATTRS_RIGHT = TestACL.getRight("test-getAttrs-account-2");
            SET_SOME_ATTRS_RIGHT = TestACL.getRight("test-setAttrs-account-2");
            GET_ALL_ATTRS_RIGHT = TestACL.getRight(RightConsts.RT_getAccount);
            SET_ALL_ATTRS_RIGHT = TestACL.getRight(RightConsts.RT_modifyAccount);
            CONFIGURE_CONSTRAINT_RIGHT = RightManager.getInstance().getRight(RightConsts.RT_configureCosConstraint);
            PRESET_RIGHT = TestACL.getRight(RightConsts.RT_modifyAccount);
            COMBO_RIGHT = TestACL.getRight("test-combo-MultiTargetTypes-top");
            ATTRS_IN_SET_SOME_ATTRS_RIGHT = new HashMap();
            ATTRS_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraMailQuota, OperationContextData.GranteeNames.EMPTY_NAME + (zimbraMailQuota_constraint_max - 1));
            ATTRS_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraQuotaWarnPercent, "20");
            ATTRS_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraQuotaWarnInterval, "1d");
            ATTRS_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraQuotaWarnMessage, "foo");
            ATTRS_IN_SET_SOME_ATTRS_RIGHT_VIOLATE_CONSTRAINT = new HashMap();
            ATTRS_IN_SET_SOME_ATTRS_RIGHT_VIOLATE_CONSTRAINT.put(ZAttrProvisioning.A_zimbraMailQuota, OperationContextData.GranteeNames.EMPTY_NAME + (zimbraMailQuota_constraint_max + 1));
            ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT = new HashMap();
            ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraMailQuota, "100");
            ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraQuotaWarnPercent, "20");
            ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraQuotaWarnInterval, "1d");
            ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT.put(ZAttrProvisioning.A_zimbraQuotaWarnMessage, "foo");
            ATTRS_NOT_IN_SET_SOME_ATTRS_RIGHT.put("zimbraId", "blahblah");
        } catch (ServiceException e) {
            System.exit(1);
        }
    }
}
