package org.dspace.app.rest.authorization;

import java.io.InputStream;
import org.apache.commons.io.IOUtils;
import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
import org.dspace.builder.BitstreamBuilder;
import org.dspace.builder.BundleBuilder;
import org.dspace.builder.CollectionBuilder;
import org.dspace.builder.CommunityBuilder;
import org.dspace.builder.EPersonBuilder;
import org.dspace.builder.GroupBuilder;
import org.dspace.builder.ItemBuilder;
import org.dspace.builder.ResourcePolicyBuilder;
import org.dspace.content.Bitstream;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.services.ConfigurationService;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;

/* loaded from: input_file:org/dspace/app/rest/authorization/GenericAuthorizationFeatureIT.class */
public class GenericAuthorizationFeatureIT extends AbstractControllerIntegrationTest {

    @Autowired
    ConfigurationService configurationService;
    private Community communityA;
    private Community communityAA;
    private Community communityB;
    private Community communityBB;
    private Collection collectionX;
    private Collection collectionY;
    private Item item1;
    private Item item2;
    private Bundle bundle1;
    private Bundle bundle2;
    private Bitstream bitstream1;
    private Bitstream bitstream2;
    private Group item1AdminGroup;
    private EPerson communityAAdmin;
    private EPerson collectionXAdmin;
    private EPerson item1Admin;
    private EPerson communityAWriter;
    private EPerson collectionXWriter;
    private EPerson item1Writer;

    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.context.turnOffAuthorisationSystem();
        this.communityAAdmin = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityAAdmin@my.edu").withPassword(this.password).build();
        this.collectionXAdmin = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("collectionXAdmin@my.edu").withPassword(this.password).build();
        this.item1Admin = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("item1Admin@my.edu").withPassword(this.password).build();
        this.communityAWriter = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityAWriter@my.edu").withPassword(this.password).build();
        this.collectionXWriter = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("collectionXWriter@my.edu").withPassword(this.password).build();
        this.item1Writer = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("item1Writer@my.edu").withPassword(this.password).build();
        this.communityA = CommunityBuilder.createCommunity(this.context).withName("communityA").withAdminGroup(new EPerson[]{this.communityAAdmin}).build();
        this.communityAA = CommunityBuilder.createCommunity(this.context).withName("communityAA").addParentCommunity(this.context, this.communityA).build();
        this.collectionX = CollectionBuilder.createCollection(this.context, this.communityAA).withName("collectionX").withAdminGroup(new EPerson[]{this.collectionXAdmin}).build();
        this.item1 = ItemBuilder.createItem(this.context, this.collectionX).withTitle("item1").withIssueDate("2020-07-08").withAuthor("Smith, Donald").withAuthor("Doe, John").withSubject("item1Entry").build();
        this.bundle1 = BundleBuilder.createBundle(this.context, this.item1).withName("bundle1").build();
        InputStream inputStream = IOUtils.toInputStream("randomContent", "UTF-8");
        try {
            this.bitstream1 = BitstreamBuilder.createBitstream(this.context, this.bundle1, inputStream).withName("bitstream1").withMimeType("text/plain").build();
            if (inputStream != null) {
                inputStream.close();
            }
            this.item1AdminGroup = GroupBuilder.createGroup(this.context).withName("item1AdminGroup").addMember(this.item1Admin).build();
            ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(11).withGroup(this.item1AdminGroup).build();
            ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityA).withAction(1).withUser(this.communityAWriter).build();
            ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.collectionX).withAction(1).withUser(this.collectionXWriter).build();
            ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(1).withUser(this.item1Writer).build();
            this.communityB = CommunityBuilder.createCommunity(this.context).withName("communityB").build();
            this.communityBB = CommunityBuilder.createCommunity(this.context).withName("communityBB").addParentCommunity(this.context, this.communityB).build();
            this.collectionY = CollectionBuilder.createCollection(this.context, this.communityBB).withName("collectionY").build();
            this.item2 = ItemBuilder.createItem(this.context, this.collectionY).withTitle("item2").withIssueDate("2020-07-08").withAuthor("Smith, Donald").withAuthor("Doe, John").withSubject("item2Entry").build();
            this.bundle2 = BundleBuilder.createBundle(this.context, this.item2).withName("bundle2").build();
            inputStream = IOUtils.toInputStream("randomContent", "UTF-8");
            try {
                this.bitstream2 = BitstreamBuilder.createBitstream(this.context, this.bundle2, inputStream).withName("bitstream2").withMimeType("text/plain").build();
                if (inputStream != null) {
                    inputStream.close();
                }
                this.context.restoreAuthSystemState();
                this.configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", "true");
            } finally {
            }
        } finally {
        }
    }

    private void testAdminsHavePermissionsAllDso(String str) throws Exception {
        String authToken = getAuthToken(this.admin.getEmail(), this.password);
        String authToken2 = getAuthToken(this.communityAAdmin.getEmail(), this.password);
        String authToken3 = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken4 = getAuthToken(this.item1Admin.getEmail(), this.password);
        String uuid = ContentServiceFactory.getInstance().getSiteService().findSite(this.context).getID().toString();
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/sites/" + uuid, new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/sites/" + uuid, new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityB.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionY.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
    }

    private void testAdminsHavePermissionsItem(String str) throws Exception {
        String authToken = getAuthToken(this.admin.getEmail(), this.password);
        String authToken2 = getAuthToken(this.communityAAdmin.getEmail(), this.password);
        String authToken3 = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken4 = getAuthToken(this.item1Admin.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
    }

    private void testWriteUsersHavePermissionsAllDso(String str, boolean z) throws Exception {
        String authToken = getAuthToken(this.communityAWriter.getEmail(), this.password);
        String authToken2 = getAuthToken(this.collectionXWriter.getEmail(), this.password);
        String authToken3 = getAuthToken(this.item1Writer.getEmail(), this.password);
        if (z) {
            getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        } else {
            getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        }
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        if (z) {
            getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        } else {
            getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        }
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        if (z) {
            getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        } else {
            getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        }
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityB.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionY.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
    }

    private void testWriteUsersHavePermissionsItem(String str, boolean z) throws Exception {
        String authToken = getAuthToken(this.communityAWriter.getEmail(), this.password);
        String authToken2 = getAuthToken(this.collectionXWriter.getEmail(), this.password);
        String authToken3 = getAuthToken(this.item1Writer.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        if (z) {
            getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).exists());
        } else {
            getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
        }
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='" + str + "')]", new Object[0]).doesNotExist());
    }

    @Test
    public void testCanManagePoliciesAdmin() throws Exception {
        testWriteUsersHavePermissionsAllDso("canManagePolicies", false);
    }

    @Test
    public void testCanManagePoliciesWriter() throws Exception {
        testWriteUsersHavePermissionsAllDso("canManagePolicies", false);
    }

    @Test
    public void testCanEditMetadataAdmin() throws Exception {
        testAdminsHavePermissionsAllDso("canEditMetadata");
    }

    @Test
    public void testCanEditMetadataWriter() throws Exception {
        testWriteUsersHavePermissionsAllDso("canEditMetadata", true);
    }

    @Test
    public void testCanMoveAdmin() throws Exception {
        String authToken = getAuthToken(this.item1Writer.getEmail(), this.password);
        String authToken2 = getAuthToken(this.admin.getEmail(), this.password);
        String authToken3 = getAuthToken(this.communityAAdmin.getEmail(), this.password);
        String authToken4 = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken5 = getAuthToken(this.item1Admin.getEmail(), this.password);
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).exists());
        getClient(authToken5).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.collectionX).withAction(4).withUser(this.item1Writer).build();
        this.context.restoreAuthSystemState();
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).exists());
    }

    @Test
    public void testCanMoveWriter() throws Exception {
        testWriteUsersHavePermissionsItem("canMove", false);
        this.context.turnOffAuthorisationSystem();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.collectionX).withAction(4).withUser(this.item1Writer).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(this.item1Writer.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]", new Object[0]).exists());
    }

    @Test
    public void testCanMakePrivateAdmin() throws Exception {
        testAdminsHavePermissionsItem("canMakePrivate");
    }

    @Test
    public void testCanMakePrivateWriter() throws Exception {
        testWriteUsersHavePermissionsItem("canMakePrivate", true);
    }

    @Test
    public void testCanMakeDiscoverableAdmin() throws Exception {
        testAdminsHavePermissionsItem("canMakeDiscoverable");
    }

    @Test
    public void testCanMakeDiscoverableWriter() throws Exception {
        testWriteUsersHavePermissionsItem("canMakeDiscoverable", true);
    }

    @Test
    public void testCanDeleteAdmin() throws Exception {
        String authToken = getAuthToken(this.admin.getEmail(), this.password);
        String authToken2 = getAuthToken(this.communityAAdmin.getEmail(), this.password);
        String authToken3 = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken4 = getAuthToken(this.item1Admin.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/sites/" + ContentServiceFactory.getInstance().getSiteService().findSite(this.context).getID().toString(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        this.context.turnOffAuthorisationSystem();
        EPerson build = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityAAAdmin@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityAA).withAction(11).withUser(build).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityB.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionY.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
    }

    @Test
    public void testCanDeleteAdminParent() throws Exception {
        String authToken = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken2 = getAuthToken(this.item1Admin.getEmail(), this.password);
        this.context.turnOffAuthorisationSystem();
        EPerson build = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityAAAdmin@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityA).withAction(4).withUser(build).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        this.context.turnOffAuthorisationSystem();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityAA).withAction(4).withUser(this.collectionXAdmin).build();
        this.context.restoreAuthSystemState();
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        this.context.turnOffAuthorisationSystem();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.collectionX).withAction(4).withUser(this.item1Admin).build();
        this.context.restoreAuthSystemState();
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
    }

    @Test
    public void testCanDeleteWriter() throws Exception {
        testWriteUsersHavePermissionsAllDso("canManagePolicies", false);
    }

    @Test
    public void testCanDeleteMinimalPermissions() throws Exception {
        this.context.turnOffAuthorisationSystem();
        EPerson build = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityADeleter@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityA).withAction(2).withUser(build).build();
        this.context.restoreAuthSystemState();
        String authToken = getAuthToken(build.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build2 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityARemover@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityA).withAction(4).withUser(build2).build();
        this.context.restoreAuthSystemState();
        String authToken2 = getAuthToken(build2.getEmail(), this.password);
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build3 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityAARemover@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.communityAA).withAction(4).withUser(build3).build();
        this.context.restoreAuthSystemState();
        String authToken3 = getAuthToken(build3.getEmail(), this.password);
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/communities/" + this.communityAA.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build4 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("communityXRemover@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.collectionX).withAction(4).withUser(build4).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build4.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build5 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("item1Deleter@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(2).withUser(build5).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build5.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build6 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("collectionXDeleter@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.collectionX).withAction(4).withUser(build6).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(2).withUser(build6).build();
        this.context.restoreAuthSystemState();
        String authToken4 = getAuthToken(build6.getEmail(), this.password);
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/collections/" + this.collectionX.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build7 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("item1Remover@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(4).withUser(build7).build();
        this.context.restoreAuthSystemState();
        String authToken5 = getAuthToken(build7.getEmail(), this.password);
        getClient(authToken5).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).exists());
        getClient(authToken5).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        getClient(authToken5).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build8 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("bundle1Remover@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.bundle1).withAction(4).withUser(build8).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build8.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build9 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("bundle1item1Remover@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.bundle1).withAction(4).withUser(build9).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(4).withUser(build9).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build9.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bitstreams/" + this.bitstream1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canDelete')]", new Object[0]).doesNotExist());
    }

    @Test
    public void testCanReorderBitstreamsAdmin() throws Exception {
        String authToken = getAuthToken(this.admin.getEmail(), this.password);
        String authToken2 = getAuthToken(this.communityAAdmin.getEmail(), this.password);
        String authToken3 = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken4 = getAuthToken(this.item1Admin.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).doesNotExist());
    }

    @Test
    public void testCanReorderBitstreamsWriter() throws Exception {
        String authToken = getAuthToken(this.communityAWriter.getEmail(), this.password);
        String authToken2 = getAuthToken(this.collectionXWriter.getEmail(), this.password);
        String authToken3 = getAuthToken(this.item1Writer.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).doesNotExist());
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canReorderBitstreams')]", new Object[0]).doesNotExist());
    }

    @Test
    public void testCanCreateBitstreamAdmin() throws Exception {
        String authToken = getAuthToken(this.admin.getEmail(), this.password);
        String authToken2 = getAuthToken(this.communityAAdmin.getEmail(), this.password);
        String authToken3 = getAuthToken(this.collectionXAdmin.getEmail(), this.password);
        String authToken4 = getAuthToken(this.item1Admin.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).exists());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).exists());
        getClient(authToken4).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).exists());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle2.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).doesNotExist());
    }

    @Test
    public void testCanCreateBitstreamWriter() throws Exception {
        String authToken = getAuthToken(this.communityAWriter.getEmail(), this.password);
        String authToken2 = getAuthToken(this.collectionXWriter.getEmail(), this.password);
        String authToken3 = getAuthToken(this.item1Writer.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("bundle1Writer@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.bundle1).withAction(1).withUser(build).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build2 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("bundle1Adder@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.bundle1).withAction(3).withUser(build2).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build2.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build3 = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("bundle1WriterAdder@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.bundle1).withAction(3).withUser(build3).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.bundle1).withAction(1).withUser(build3).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(3).withUser(build3).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(1).withUser(build3).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build3.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/bundles/" + this.bundle1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBitstream')]", new Object[0]).exists());
    }

    @Test
    public void testCanCreateBundleAdmin() throws Exception {
        testAdminsHavePermissionsItem("canCreateBundle");
    }

    @Test
    public void testCanCreateBundleWriter() throws Exception {
        String authToken = getAuthToken(this.communityAWriter.getEmail(), this.password);
        String authToken2 = getAuthToken(this.collectionXWriter.getEmail(), this.password);
        String authToken3 = getAuthToken(this.item1Writer.getEmail(), this.password);
        getClient(authToken).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBundle')]", new Object[0]).doesNotExist());
        getClient(authToken2).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBundle')]", new Object[0]).doesNotExist());
        getClient(authToken3).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBundle')]", new Object[0]).doesNotExist());
        this.context.turnOffAuthorisationSystem();
        EPerson build = EPersonBuilder.createEPerson(this.context).withNameInMetadata("Jhon", "Brown").withEmail("item1AdderWriter@my.edu").withPassword(this.password).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(3).withUser(build).build();
        ResourcePolicyBuilder.createResourcePolicy(this.context).withDspaceObject(this.item1).withAction(1).withUser(build).build();
        this.context.restoreAuthSystemState();
        getClient(getAuthToken(build.getEmail(), this.password)).perform(MockMvcRequestBuilders.get("/api/authz/authorizations/search/object?embed=feature&uri=http://localhost/api/core/items/" + this.item1.getID(), new Object[0])).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canCreateBundle')]", new Object[0]).exists());
    }
}
