package org.kuali.rice.kew.docsearch;

import java.util.Iterator;
import org.junit.Assert;
import org.junit.Test;
import org.kuali.rice.kew.api.WorkflowDocument;
import org.kuali.rice.kew.api.WorkflowDocumentFactory;
import org.kuali.rice.kew.api.document.attribute.WorkflowAttributeDefinition;
import org.kuali.rice.kew.api.document.search.DocumentSearchCriteria;
import org.kuali.rice.kew.api.document.search.DocumentSearchResults;
import org.kuali.rice.kew.docsearch.service.DocumentSearchService;
import org.kuali.rice.kew.engine.RouteContext;
import org.kuali.rice.kew.service.KEWServiceLocator;
import org.kuali.rice.kew.test.KEWTestCase;
import org.kuali.rice.kim.api.group.Group;
import org.kuali.rice.kim.api.identity.Person;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;

/* loaded from: input_file:org/kuali/rice/kew/docsearch/DocumentSearchSecurityTest.class */
public class DocumentSearchSecurityTest extends KEWTestCase {
    private static final String WORKFLOW_ADMIN_USER_NETWORK_ID = "bmcgough";
    private static final String APPROVER_USER_NETWORK_ID = "user2";
    private static final String STANDARD_USER_NETWORK_ID = "user1";
    DocumentSearchService docSearchService;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.rice.kew.test.KEWTestCase
    public void setUpAfterDataLoad() throws Exception {
        this.docSearchService = (DocumentSearchService) KEWServiceLocator.getService("enDocumentSearchService");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.kuali.rice.kew.test.KEWTestCase
    public void loadTestData() throws Exception {
        loadXmlFile("SearchSecurityConfig.xml");
    }

    @Test
    public void testDocSearchSecurityPermissionDocType() throws Exception {
        WorkflowDocument createDocument = WorkflowDocumentFactory.createDocument(getPrincipalId("arh14"), "SecurityDoc_PermissionOnly");
        createDocument.setTitle("testDocSearch_PermissionSecurity");
        createDocument.route("routing this document.");
        Person personByPrincipalName = KimApiServiceLocator.getPersonService().getPersonByPrincipalName("edna");
        DocumentSearchCriteria.Builder create = DocumentSearchCriteria.Builder.create();
        create.setDocumentTypeName("SecurityDoc_PermissionOnly");
        DocumentSearchResults lookupDocuments = this.docSearchService.lookupDocuments(personByPrincipalName.getPrincipalId(), create.build());
        Assert.assertEquals(0L, lookupDocuments.getNumberOfSecurityFilteredResults());
        Assert.assertEquals("Search returned invalid number of documents", 1L, lookupDocuments.getSearchResults().size());
    }

    @Test
    public void testDocSearchBadPermission() throws Exception {
        WorkflowDocument createDocument = WorkflowDocumentFactory.createDocument(getPrincipalId("arh14"), "SecurityDoc_InvalidPermissionOnly");
        createDocument.setTitle("testDocSearch_PermissionSecurity");
        createDocument.route("routing this document.");
        Person personByPrincipalName = KimApiServiceLocator.getPersonService().getPersonByPrincipalName("edna");
        DocumentSearchCriteria.Builder.create().setDocumentTypeName("SecurityDoc_InvalidPermissionOnly");
        Assert.assertEquals("Search returned invalid number of documents", 0L, this.docSearchService.lookupDocuments(personByPrincipalName.getPrincipalId(), r0.build()).getSearchResults().size());
    }

    @Test
    public void testFilteringInitiator() throws Exception {
        String principalId = getPrincipalId(STANDARD_USER_NETWORK_ID);
        WorkflowDocument createDocument = WorkflowDocumentFactory.createDocument(principalId, "SecurityDoc_InitiatorOnly");
        createDocument.route("");
        Assert.assertFalse("Document should not be in init status after routing", createDocument.isInitiated());
        DocumentSearchCriteria.Builder create = DocumentSearchCriteria.Builder.create();
        create.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments = KEWServiceLocator.getDocumentSearchService().lookupDocuments(principalId, create.build());
        Assert.assertEquals("Should retrive one record from search", 1L, lookupDocuments.getSearchResults().size());
        Assert.assertEquals("No rows should have been filtered due to security", 0L, lookupDocuments.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create2 = DocumentSearchCriteria.Builder.create();
        create2.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments2 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId("user3"), create2.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments2.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments2.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create3 = DocumentSearchCriteria.Builder.create();
        create3.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments3 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(WORKFLOW_ADMIN_USER_NETWORK_ID), create3.build());
        Assert.assertEquals("Should retrive one record from search", 1L, lookupDocuments3.getSearchResults().size());
        Assert.assertEquals("No rows should have been filtered due to security", 0L, lookupDocuments3.getNumberOfSecurityFilteredResults());
    }

    @Test
    public void testFiltering_Workgroup() throws Exception {
        String principalId = getPrincipalId(STANDARD_USER_NETWORK_ID);
        WorkflowDocument createDocument = WorkflowDocumentFactory.createDocument(principalId, "SecurityDoc_WorkgroupOnly");
        createDocument.route("");
        Assert.assertFalse("Document should not be in init status after routing", createDocument.isInitiated());
        DocumentSearchCriteria.Builder create = DocumentSearchCriteria.Builder.create();
        create.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments = KEWServiceLocator.getDocumentSearchService().lookupDocuments(principalId, create.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments.getNumberOfSecurityFilteredResults());
        Group groupByNamespaceCodeAndName = KimApiServiceLocator.getGroupService().getGroupByNamespaceCodeAndName("KR-WKFLW", "Test_Security_Group");
        Assert.assertNotNull("Workgroup 'Test_Security_Group' should be valid", groupByNamespaceCodeAndName);
        Iterator it = KimApiServiceLocator.getGroupService().getMemberPrincipalIds(groupByNamespaceCodeAndName.getId()).iterator();
        while (it.hasNext()) {
            Person person = KimApiServiceLocator.getPersonService().getPerson((String) it.next());
            DocumentSearchCriteria.Builder create2 = DocumentSearchCriteria.Builder.create();
            create2.setDocumentId(createDocument.getDocumentId());
            DocumentSearchResults lookupDocuments2 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(person.getPrincipalId(), create2.build());
            Assert.assertEquals("Should retrive one record from search for user " + person, 1L, lookupDocuments2.getSearchResults().size());
            Assert.assertEquals("No rows should have been filtered due to security for user " + person, 0L, lookupDocuments2.getNumberOfSecurityFilteredResults());
        }
        DocumentSearchCriteria.Builder create3 = DocumentSearchCriteria.Builder.create();
        create3.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments3 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId("user3"), create3.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments3.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments3.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create4 = DocumentSearchCriteria.Builder.create();
        create4.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments4 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(WORKFLOW_ADMIN_USER_NETWORK_ID), create4.build());
        Assert.assertEquals("Should retrive one record from search", 1L, lookupDocuments4.getSearchResults().size());
        Assert.assertEquals("No rows should have been filtered due to security", 0L, lookupDocuments4.getNumberOfSecurityFilteredResults());
    }

    @Test
    public void testFiltering_SearchAttribute() throws Exception {
        WorkflowDocument createDocument = WorkflowDocumentFactory.createDocument(getPrincipalId(STANDARD_USER_NETWORK_ID), "SecurityDoc_SearchAttributeOnly");
        WorkflowAttributeDefinition.Builder create = WorkflowAttributeDefinition.Builder.create("UserEmployeeId");
        create.addPropertyDefinition("employeeId", "user3");
        createDocument.addSearchableDefinition(create.build());
        createDocument.route("");
        Assert.assertFalse("Document should not be in init status after routing", createDocument.isInitiated());
        DocumentSearchCriteria.Builder create2 = DocumentSearchCriteria.Builder.create();
        create2.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(STANDARD_USER_NETWORK_ID), create2.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create3 = DocumentSearchCriteria.Builder.create();
        create3.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments2 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId("user3"), create3.build());
        Assert.assertEquals("Should retrive one record from search", 1L, lookupDocuments2.getSearchResults().size());
        Assert.assertEquals("No rows should have been filtered due to security", 0L, lookupDocuments2.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create4 = DocumentSearchCriteria.Builder.create();
        create4.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments3 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(APPROVER_USER_NETWORK_ID), create4.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments3.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments3.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create5 = DocumentSearchCriteria.Builder.create();
        create5.setDocumentId(createDocument.getDocumentId());
        DocumentSearchResults lookupDocuments4 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(WORKFLOW_ADMIN_USER_NETWORK_ID), create5.build());
        Assert.assertEquals("Should retrive one record from search", 1L, lookupDocuments4.getSearchResults().size());
        Assert.assertEquals("No rows should have been filtered due to security", 0L, lookupDocuments4.getNumberOfSecurityFilteredResults());
        RouteContext.clearCurrentRouteContext();
        WorkflowDocument loadDocument = WorkflowDocumentFactory.loadDocument(getPrincipalId(APPROVER_USER_NETWORK_ID), createDocument.getDocumentId());
        loadDocument.clearSearchableContent();
        WorkflowAttributeDefinition.Builder create6 = WorkflowAttributeDefinition.Builder.create("UserEmployeeId");
        create6.addPropertyDefinition("employeeId", APPROVER_USER_NETWORK_ID);
        loadDocument.addSearchableDefinition(create6.build());
        loadDocument.saveDocumentData();
        DocumentSearchCriteria.Builder create7 = DocumentSearchCriteria.Builder.create();
        create7.setDocumentId(loadDocument.getDocumentId());
        DocumentSearchResults lookupDocuments5 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(APPROVER_USER_NETWORK_ID), create7.build());
        Assert.assertEquals("Should retrive one record from search", 1L, lookupDocuments5.getSearchResults().size());
        Assert.assertEquals("No rows should have been filtered due to security", 0L, lookupDocuments5.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create8 = DocumentSearchCriteria.Builder.create();
        create8.setDocumentId(loadDocument.getDocumentId());
        DocumentSearchResults lookupDocuments6 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId("user3"), create8.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments6.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments6.getNumberOfSecurityFilteredResults());
        DocumentSearchCriteria.Builder create9 = DocumentSearchCriteria.Builder.create();
        create9.setDocumentId(loadDocument.getDocumentId());
        DocumentSearchResults lookupDocuments7 = KEWServiceLocator.getDocumentSearchService().lookupDocuments(getPrincipalId(STANDARD_USER_NETWORK_ID), create9.build());
        Assert.assertEquals("Should retrive no records from search", 0L, lookupDocuments7.getSearchResults().size());
        Assert.assertEquals("One row should have been filtered due to security", 1L, lookupDocuments7.getNumberOfSecurityFilteredResults());
    }

    private String getPrincipalId(String str) {
        return KimApiServiceLocator.getIdentityService().getPrincipalByPrincipalName(str).getPrincipalId();
    }
}
