package com.zimbra.qa.unittest.prov.ldap;

import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Group;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.InlineAttrRight;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightCommand;
import com.zimbra.cs.account.accesscontrol.RightManager;
import com.zimbra.cs.account.accesscontrol.RightModifier;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.account.ldap.LdapProv;
import com.zimbra.qa.QA;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.type.TargetBy;
import java.util.List;
import java.util.SortedMap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/ldap/TestACLEffectiveRights.class */
public class TestACLEffectiveRights extends LdapTest {
    private static Right ADMIN_PRESET_ACCOUNT;
    private static LdapProvTestUtil provUtil;
    private static LdapProv prov;
    private static Domain domain;
    private static String BASE_DOMAIN_NAME;
    private static Account globalAdmin;

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new LdapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName(), null);
        BASE_DOMAIN_NAME = domain.getName();
        globalAdmin = provUtil.createGlobalAdmin("globaladmin", domain);
        ADMIN_PRESET_ACCOUNT = getRight("test-preset-account");
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    private static Right getRight(String str) throws ServiceException {
        return RightManager.getInstance().getRight(str);
    }

    @Test
    public void getEffectiveRights() throws Exception {
        Domain createDomain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart("user"), createDomain);
        Account createDelegatedAdmin = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), createDomain);
        Account account = globalAdmin;
        TargetType targetType = TargetType.getTargetType(createAccount);
        GranteeType granteeType = GranteeType.GT_USER;
        Right right = ADMIN_PRESET_ACCOUNT;
        RightCommand.grantRight(prov, account, targetType.getCode(), TargetBy.name, createAccount.getName(), granteeType.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, right.getName(), (RightModifier) null);
        Assert.assertTrue(RightCommand.getEffectiveRights(prov, TargetType.account.getCode(), TargetBy.name, createAccount.getName(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), false, false).presetRights().contains(right.getName()));
    }

    @Test
    public void getAllEffectiveRights() throws Exception {
        Domain createDomain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart("user"), createDomain);
        Account createDelegatedAdmin = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), createDomain);
        Account account = globalAdmin;
        TargetType targetType = TargetType.getTargetType(createAccount);
        GranteeType granteeType = GranteeType.GT_USER;
        Right right = ADMIN_PRESET_ACCOUNT;
        RightCommand.grantRight(prov, account, targetType.getCode(), TargetBy.name, createAccount.getName(), granteeType.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, right.getName(), (RightModifier) null);
        boolean z = false;
        for (RightCommand.RightAggregation rightAggregation : RightCommand.getAllEffectiveRights((Provisioning) prov, granteeType.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), false, false).rightsByTargetType().get(targetType).entries()) {
            if (rightAggregation.entries().contains(createAccount.getName()) && rightAggregation.effectiveRights().presetRights().contains(right.getName())) {
                z = true;
            }
        }
        Assert.assertTrue(z);
    }

    @QA.Bug(bug = {70206})
    @Test
    public void bug70206() throws Exception {
        Account createDelegatedAdmin = provUtil.createDelegatedAdmin(genAcctNameLocalPart(), domain);
        Group createGroup = provUtil.createGroup(genGroupNameLocalPart(), domain, false);
        Account account = globalAdmin;
        String composeSetRight = InlineAttrRight.composeSetRight(TargetType.dl, "zimbraHideInGal");
        RightCommand.grantRight(prov, account, TargetType.global.getCode(), (TargetBy) null, (String) null, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, RightConsts.RT_adminConsoleDLRights, (RightModifier) null);
        RightCommand.grantRight(prov, account, TargetType.global.getCode(), (TargetBy) null, (String) null, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, RightConsts.RT_deleteDistributionList, RightModifier.RM_DENY);
        RightCommand.grantRight(prov, account, TargetType.dl.getCode(), TargetBy.name, createGroup.getName(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, composeSetRight, (RightModifier) null);
        RightCommand.grantRight(prov, account, TargetType.global.getCode(), (TargetBy) null, (String) null, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, composeSetRight, RightModifier.RM_DENY);
        RightCommand.grantRight(prov, account, TargetType.dl.getCode(), TargetBy.name, createGroup.getName(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), (String) null, RightConsts.RT_deleteDistributionList, (RightModifier) null);
        RightCommand.EffectiveRights effectiveRights = RightCommand.getEffectiveRights(prov, TargetType.dl.getCode(), TargetBy.name, createGroup.getName(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), false, false);
        List<String> presetRights = effectiveRights.presetRights();
        SortedMap<String, RightCommand.EffectiveAttr> canSetAttrs = effectiveRights.canSetAttrs();
        Assert.assertTrue(presetRights.contains(RightConsts.RT_deleteDistributionList));
        Assert.assertTrue(canSetAttrs.containsKey("zimbraHideInGal"));
    }
}
