package org.geoserver.ows;

import com.google.common.collect.Iterators;
import java.util.Collections;
import org.geoserver.catalog.LayerGroupInfo;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.StyleInfo;
import org.geoserver.catalog.util.CloseableIterator;
import org.geoserver.platform.GeoServerExtensionsHelper;
import org.geoserver.security.CatalogFilterAccessManager;
import org.geoserver.security.SecureCatalogImpl;
import org.geoserver.security.impl.AbstractAuthorizationTest;
import org.geoserver.security.impl.DefaultResourceAccessManager;
import org.geoserver.util.PropertyRule;
import org.geotools.api.filter.Filter;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/geoserver/ows/LocalWorkspaceSecureCatalogTest.class */
public class LocalWorkspaceSecureCatalogTest extends AbstractAuthorizationTest {

    @Rule
    public PropertyRule inheritance = PropertyRule.system("GEOSERVER_GLOBAL_LAYER_GROUP_INHERIT");

    @Override // org.geoserver.security.impl.AbstractAuthorizationTest
    @Before
    public void setUp() throws Exception {
        LocalWorkspaceCatalogFilter.groupInherit = null;
        super.setUp();
        populateCatalog();
    }

    CatalogFilterAccessManager setupAccessManager() throws Exception {
        DefaultResourceAccessManager buildAccessManager = buildAccessManager("wideOpen.properties");
        CatalogFilterAccessManager catalogFilterAccessManager = new CatalogFilterAccessManager();
        catalogFilterAccessManager.setCatalogFilters(Collections.singletonList(new LocalWorkspaceCatalogFilter(this.catalog)));
        catalogFilterAccessManager.setDelegate(buildAccessManager);
        return catalogFilterAccessManager;
    }

    @Test
    public void testAccessToLayer() throws Exception {
        SecureCatalogImpl secureCatalogImpl = new SecureCatalogImpl(this.catalog, setupAccessManager()) { // from class: org.geoserver.ows.LocalWorkspaceSecureCatalogTest.1
        };
        Assert.assertNotNull(secureCatalogImpl.getLayerByName("topp:states"));
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("nurc"));
        Assert.assertNull(secureCatalogImpl.getWorkspaceByName("topp"));
        Assert.assertNull(secureCatalogImpl.getResourceByName("topp:states", ResourceInfo.class));
        Assert.assertNull(secureCatalogImpl.getLayerByName("topp:states"));
    }

    @Test
    public void testAccessToStyle() throws Exception {
        SecureCatalogImpl secureCatalogImpl = new SecureCatalogImpl(this.catalog, setupAccessManager()) { // from class: org.geoserver.ows.LocalWorkspaceSecureCatalogTest.2
            protected boolean isAdmin(Authentication authentication) {
                return false;
            }
        };
        Assert.assertEquals(2L, secureCatalogImpl.getStyles().size());
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("topp"));
        Assert.assertEquals(2L, secureCatalogImpl.getStyles().size());
        LocalWorkspace.remove();
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("nurc"));
        Assert.assertEquals(1L, secureCatalogImpl.getStyles().size());
    }

    @Test
    public void testAccessToLayerGroup() throws Exception {
        SecureCatalogImpl secureCatalogImpl = new SecureCatalogImpl(this.catalog, setupAccessManager()) { // from class: org.geoserver.ows.LocalWorkspaceSecureCatalogTest.3
            protected boolean isAdmin(Authentication authentication) {
                return false;
            }
        };
        Assert.assertEquals(this.catalog.getLayerGroups().size(), secureCatalogImpl.getLayerGroups().size());
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("topp"));
        Assert.assertEquals(getWorkspaceAccessibleGroupSize("topp"), secureCatalogImpl.getLayerGroups().size());
        LocalWorkspace.remove();
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("nurc"));
        Assert.assertEquals(getWorkspaceAccessibleGroupSize("nurc"), secureCatalogImpl.getLayerGroups().size());
        Assert.assertEquals("layerGroup", ((LayerGroupInfo) secureCatalogImpl.getLayerGroups().get(0)).getName());
        LocalWorkspace.remove();
    }

    private long getWorkspaceAccessibleGroupSize(String str) {
        return this.catalog.getLayerGroups().stream().filter(layerGroupInfo -> {
            return layerGroupInfo.getWorkspace() == null || str.equals(layerGroupInfo.getWorkspace().getName());
        }).count();
    }

    @Test
    public void testAccessToLayerGroupNoInheritance() throws Exception {
        CatalogFilterAccessManager catalogFilterAccessManager = setupAccessManager();
        this.inheritance.setValue("false");
        SecureCatalogImpl secureCatalogImpl = new SecureCatalogImpl(this.catalog, catalogFilterAccessManager) { // from class: org.geoserver.ows.LocalWorkspaceSecureCatalogTest.4
            protected boolean isAdmin(Authentication authentication) {
                return false;
            }
        };
        MatcherAssert.assertThat(secureCatalogImpl.getLayerGroups(), Matchers.hasItem(Matchers.equalTo(this.layerGroupGlobal)));
        MatcherAssert.assertThat(secureCatalogImpl.getLayerGroups(), Matchers.hasItem(Matchers.equalTo(this.layerGroupTopp)));
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("topp"));
        MatcherAssert.assertThat(secureCatalogImpl.getLayerGroups(), Matchers.not(Matchers.hasItem(Matchers.equalTo(this.layerGroupGlobal))));
        MatcherAssert.assertThat(secureCatalogImpl.getLayerGroups(), Matchers.hasItem(Matchers.equalTo(this.layerGroupTopp)));
        LocalWorkspace.remove();
        LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("nurc"));
        MatcherAssert.assertThat(secureCatalogImpl.getLayerGroups(), Matchers.not(Matchers.hasItem(Matchers.equalTo(this.layerGroupGlobal))));
        MatcherAssert.assertThat(secureCatalogImpl.getLayerGroups(), Matchers.not(Matchers.hasItem(Matchers.equalTo(this.layerGroupTopp))));
        LocalWorkspace.remove();
    }

    @Test
    public void testAccessToStyleAsIterator() throws Exception {
        SecureCatalogImpl secureCatalogImpl = new SecureCatalogImpl(this.catalog, setupAccessManager()) { // from class: org.geoserver.ows.LocalWorkspaceSecureCatalogTest.5
            protected boolean isAdmin(Authentication authentication) {
                return false;
            }
        };
        GeoServerExtensionsHelper.singleton("secureCatalog", secureCatalogImpl, new Class[]{SecureCatalogImpl.class});
        CloseableIterator list = secureCatalogImpl.list(StyleInfo.class, Filter.INCLUDE);
        try {
            Assert.assertEquals(2L, Iterators.size(list));
            if (list != null) {
                list.close();
            }
            LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("topp"));
            CloseableIterator list2 = secureCatalogImpl.list(StyleInfo.class, Filter.INCLUDE);
            try {
                Assert.assertEquals(2L, Iterators.size(list2));
                if (list2 != null) {
                    list2.close();
                }
                LocalWorkspace.remove();
                LocalWorkspace.set(secureCatalogImpl.getWorkspaceByName("nurc"));
                list = secureCatalogImpl.list(StyleInfo.class, Filter.INCLUDE);
                try {
                    Assert.assertEquals(1L, Iterators.size(list));
                    if (list != null) {
                        list.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            if (list != null) {
                try {
                    list.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        }
    }

    @After
    public void tearDown() throws Exception {
        LocalWorkspace.remove();
    }
}
