package io.camunda.zeebe.engine.processing.authorization;

import io.camunda.zeebe.engine.util.EngineRule;
import io.camunda.zeebe.protocol.record.RecordAssert;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.protocol.record.value.AuthorizationOwnerType;
import io.camunda.zeebe.protocol.record.value.AuthorizationRecordValue;
import io.camunda.zeebe.protocol.record.value.AuthorizationResourceType;
import io.camunda.zeebe.protocol.record.value.PermissionAction;
import io.camunda.zeebe.protocol.record.value.PermissionType;
import io.camunda.zeebe.test.util.record.RecordingExporterTestWatcher;
import java.util.List;
import java.util.function.Function;
import org.assertj.core.api.Assertions;
import org.assertj.core.groups.Tuple;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestWatcher;

/* loaded from: input_file:io/camunda/zeebe/engine/processing/authorization/AddPermissionAuthorizationTest.class */
public class AddPermissionAuthorizationTest {

    @Rule
    public final EngineRule engine = EngineRule.singlePartition();

    @Rule
    public final TestWatcher recordingExporterTestWatcher = new RecordingExporterTestWatcher();

    @Test
    public void shouldAddPermission() {
        long key = this.engine.user().newUser("foo").withEmail("foo@bar").withName("Foo Bar").withPassword("zabraboof").create().getKey();
        AuthorizationRecordValue value = this.engine.authorization().permission().withAction(PermissionAction.ADD).withOwnerKey(Long.valueOf(key)).withResourceType(AuthorizationResourceType.DEPLOYMENT).withPermission(PermissionType.CREATE, "foo").withPermission(PermissionType.DELETE, "bar").add().getValue();
        Assertions.assertThat(value).extracting(new Function[]{(v0) -> {
            return v0.getAction();
        }, (v0) -> {
            return v0.getOwnerKey();
        }, (v0) -> {
            return v0.getOwnerType();
        }, (v0) -> {
            return v0.getResourceType();
        }}).containsExactly(new Object[]{PermissionAction.ADD, Long.valueOf(key), AuthorizationOwnerType.USER, AuthorizationResourceType.DEPLOYMENT});
        Assertions.assertThat(value.getPermissions()).extracting(new Function[]{(v0) -> {
            return v0.getPermissionType();
        }, (v0) -> {
            return v0.getResourceIds();
        }}).containsExactly(new Tuple[]{Assertions.tuple(new Object[]{PermissionType.CREATE, List.of("foo")}), Assertions.tuple(new Object[]{PermissionType.DELETE, List.of("bar")})});
    }

    @Test
    public void shouldRejectIfNoOwnerExists() {
        ((RecordAssert) io.camunda.zeebe.protocol.record.Assertions.assertThat(this.engine.authorization().permission().withAction(PermissionAction.ADD).withOwnerKey(1L).withResourceType(AuthorizationResourceType.DEPLOYMENT).withPermission(PermissionType.CREATE, "foo").expectRejection().add()).describedAs("Owner is not found", new Object[0])).hasRejectionType(RejectionType.NOT_FOUND).hasRejectionReason("Expected to find owner with key: '%d', but none was found".formatted(1L));
    }
}
