package ch.elexis.core.services.internal;

import ch.elexis.core.ac.EvACE;
import ch.elexis.core.ac.Right;
import ch.elexis.core.exceptions.AccessControlException;
import ch.elexis.core.model.Deleteable;
import ch.elexis.core.model.IArticle;
import ch.elexis.core.model.IEncounter;
import ch.elexis.core.model.ILaboratory;
import ch.elexis.core.model.IMandator;
import ch.elexis.core.model.IOrganization;
import ch.elexis.core.model.IPatient;
import ch.elexis.core.model.IPerson;
import ch.elexis.core.model.IRole;
import ch.elexis.core.model.IUser;
import ch.elexis.core.model.Identifiable;
import ch.elexis.core.model.builder.IContactBuilder;
import ch.elexis.core.model.builder.IEncounterBuilder;
import ch.elexis.core.model.builder.IUserBuilder;
import ch.elexis.core.services.AllServiceTests;
import ch.elexis.core.services.IAccessControlService;
import ch.elexis.core.services.IContextService;
import ch.elexis.core.services.IModelService;
import ch.elexis.core.services.INamedQuery;
import ch.elexis.core.services.IQuery;
import ch.elexis.core.services.IUserService;
import ch.elexis.core.services.holder.CoreModelServiceHolder;
import ch.elexis.core.services.holder.StoreToStringServiceHolder;
import ch.elexis.core.services.holder.UserServiceHolder;
import ch.elexis.core.types.Gender;
import ch.elexis.core.utils.OsgiServiceUtil;
import java.time.LocalDate;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:ch/elexis/core/services/internal/RoleBasedAccessControlServiceTest.class */
public class RoleBasedAccessControlServiceTest {
    private IModelService modelService = AllServiceTests.getModelService();
    private static IAccessControlService accessControlService;
    private static IContextService contextService;
    private static IUser medicalPractitioner;
    private static IUser medicalUser;
    private static IUser mpaUser;

    @BeforeClass
    public static void beforeClass() {
        accessControlService = (IAccessControlService) OsgiServiceUtil.getService(IAccessControlService.class).get();
        contextService = (IContextService) OsgiServiceUtil.getService(IContextService.class).get();
        medicalPractitioner = new IUserBuilder(CoreModelServiceHolder.get(), "medicalpractitioner", new IContactBuilder.PersonBuilder(CoreModelServiceHolder.get(), "medical", "practitioner", LocalDate.of(2000, 1, 1), Gender.FEMALE).mandator().buildAndSave()).buildAndSave();
        medicalPractitioner.addRole((IRole) CoreModelServiceHolder.get().load("medical-practitioner", IRole.class).get());
        medicalUser = new IUserBuilder(CoreModelServiceHolder.get(), "medicaluser", new IContactBuilder.PersonBuilder(CoreModelServiceHolder.get(), "medical", "user", LocalDate.of(2000, 1, 1), Gender.FEMALE).mandator().buildAndSave()).buildAndSave();
        medicalUser.addRole((IRole) CoreModelServiceHolder.get().load("medical-user", IRole.class).get());
        mpaUser = new IUserBuilder(CoreModelServiceHolder.get(), "mpauser", new IContactBuilder.PersonBuilder(CoreModelServiceHolder.get(), "mpa", "user", LocalDate.of(2000, 1, 1), Gender.FEMALE).buildAndSave()).buildAndSave();
        mpaUser.addRole((IRole) CoreModelServiceHolder.get().load("mpa", IRole.class).get());
        IUserService iUserService = UserServiceHolder.get();
        iUserService.addOrRemoveExecutiveDoctorWorkingFor(mpaUser, (IMandator) CoreModelServiceHolder.get().load(medicalPractitioner.getAssignedContact().getId(), IMandator.class).get(), true);
        iUserService.addOrRemoveExecutiveDoctorWorkingFor(mpaUser, (IMandator) CoreModelServiceHolder.get().load(medicalUser.getAssignedContact().getId(), IMandator.class).get(), true);
        contextService.getRootContext().setNamed("testAccessControl", Boolean.TRUE);
    }

    @AfterClass
    public static void afterClass() {
        contextService.getRootContext().setNamed("testAccessControl", (Object) null);
        CoreModelServiceHolder.get().remove(mpaUser.getAssignedContact());
        CoreModelServiceHolder.get().remove(mpaUser);
        CoreModelServiceHolder.get().remove(medicalUser.getAssignedContact());
        CoreModelServiceHolder.get().remove(medicalUser);
        CoreModelServiceHolder.get().remove(medicalPractitioner.getAssignedContact());
        CoreModelServiceHolder.get().remove(medicalPractitioner);
    }

    @Test
    public void userHasSystemCommandRightToLogin() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of("ch.elexis.core.ui.login")));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of("some-invalid-command")));
    }

    @Test
    public void userHasNoRightToLoadPatients() {
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPatient.class, Right.READ)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPatient.class, Right.VIEW)));
        Assert.assertTrue(this.modelService.load(AllServiceTests.getPatient().getId(), IPatient.class).isEmpty());
        IQuery query = this.modelService.getQuery(IPatient.class);
        query.limit(10);
        Assert.assertTrue(query.execute().isEmpty());
    }

    @Test(expected = AccessControlException.class)
    public void userHasNoRightToCreatePatient() {
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPatient.class, Right.CREATE)));
        CoreModelServiceHolder.get().create(IPatient.class);
    }

    @Test(expected = AccessControlException.class)
    public void userHasNoRightToRemoveOrganization() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IOrganization.class, Right.READ)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IOrganization.class, Right.REMOVE)));
        CoreModelServiceHolder.get().remove((Identifiable) CoreModelServiceHolder.get().load(AllServiceTests.getLaboratory().getId(), IOrganization.class).get());
    }

    @Test
    public void userHasRightToLoadOrganizationAndLaboratory() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IOrganization.class, Right.READ)));
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IOrganization.class, Right.VIEW)));
        Assert.assertTrue(this.modelService.load(AllServiceTests.getLaboratory().getId(), ILaboratory.class).isPresent());
    }

    @Test(expected = AccessControlException.class)
    public void userHasNoRightToDeleteLaboratory() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(ILaboratory.class, Right.READ)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(ILaboratory.class, Right.DELETE)));
        CoreModelServiceHolder.get().delete((Deleteable) CoreModelServiceHolder.get().load(AllServiceTests.getLaboratory().getId(), ILaboratory.class).get());
    }

    @Test
    public void userHasNoRightToLoadPerson() {
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPerson.class, Right.READ)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPerson.class, Right.VIEW)));
        Assert.assertFalse(CoreModelServiceHolder.get().load(AllServiceTests.getPatient().getId(), IPerson.class).isPresent());
    }

    @Test(expected = AccessControlException.class)
    public void userHasNoRightToUpdateArticle() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IArticle.class, Right.READ)));
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IArticle.class, Right.VIEW)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IArticle.class, Right.UPDATE)));
        IArticle iArticle = (IArticle) CoreModelServiceHolder.get().load(AllServiceTests.getEigenartikel().getId(), IArticle.class).get();
        iArticle.setName("this-should-not-work");
        CoreModelServiceHolder.get().save(iArticle);
        CoreModelServiceHolder.get().touch(iArticle);
    }

    @Test(expected = AccessControlException.class)
    public void userHasNoRightToTouchArticle() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IArticle.class, Right.READ)));
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IArticle.class, Right.VIEW)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IArticle.class, Right.UPDATE)));
        CoreModelServiceHolder.get().touch((IArticle) CoreModelServiceHolder.get().load(AllServiceTests.getEigenartikel().getId(), IArticle.class).get());
    }

    @Test
    public void namedQueryExecution() {
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPatient.class, Right.READ)));
        INamedQuery namedQuery = CoreModelServiceHolder.get().getNamedQuery(IPatient.class, new String[]{"code"});
        Assert.assertTrue(namedQuery.executeWithParameters(namedQuery.getParameterMap(new Object[]{"code", AllServiceTests.getPatient().getPatientNr()})).isEmpty());
    }

    @Test
    public void executePrivileged() {
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPatient.class, Right.READ)));
        accessControlService.doPrivileged(() -> {
            INamedQuery namedQuery = CoreModelServiceHolder.get().getNamedQuery(IPatient.class, new String[]{"code"});
            Assert.assertFalse(namedQuery.executeWithParameters(namedQuery.getParameterMap(new Object[]{"code", AllServiceTests.getPatient().getPatientNr()})).isEmpty());
        });
        INamedQuery namedQuery = CoreModelServiceHolder.get().getNamedQuery(IPatient.class, new String[]{"code"});
        Assert.assertTrue(namedQuery.executeWithParameters(namedQuery.getParameterMap(new Object[]{"code", AllServiceTests.getPatient().getPatientNr()})).isEmpty());
    }

    @Test
    public void medicalPractitionerRole() {
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IRole.class, Right.READ)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IPerson.class, Right.READ)));
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IEncounter.class, Right.READ)));
        IRole iRole = (IRole) CoreModelServiceHolder.get().load("medical-practitioner", IRole.class).get();
        IUser iUser = (IUser) contextService.getActiveUser().get();
        iUser.addRole(iRole);
        accessControlService.refresh(iUser);
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IPerson.class, Right.READ)));
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IEncounter.class, Right.READ)));
        iUser.removeRole(iRole);
    }

    @Test
    public void aobo() {
        IUser iUser = (IUser) contextService.getActiveUser().get();
        contextService.setActiveUser(medicalPractitioner);
        IEncounter buildAndSave = new IEncounterBuilder(CoreModelServiceHolder.get(), AllServiceTests.getCoverage(), (IMandator) CoreModelServiceHolder.get().load(medicalPractitioner.getAssignedContact().getId(), IMandator.class).get()).buildAndSave();
        contextService.setActiveUser(mpaUser);
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IEncounter.class, Right.READ, StoreToStringServiceHolder.getStoreToString(buildAndSave))));
        contextService.setActiveUser(medicalUser);
        Assert.assertFalse(accessControlService.evaluate(EvACE.of(IEncounter.class, Right.READ, StoreToStringServiceHolder.getStoreToString(buildAndSave))));
        contextService.setActiveUser(medicalUser);
        IMandator iMandator = (IMandator) CoreModelServiceHolder.get().load(medicalUser.getAssignedContact().getId(), IMandator.class).get();
        IEncounter buildAndSave2 = new IEncounterBuilder(CoreModelServiceHolder.get(), AllServiceTests.getCoverage(), iMandator).buildAndSave();
        iMandator.setActive(false);
        CoreModelServiceHolder.get().save(iMandator);
        UserServiceHolder.get().addOrRemoveExecutiveDoctorWorkingFor(mpaUser, (IMandator) CoreModelServiceHolder.get().load(medicalUser.getAssignedContact().getId(), IMandator.class).get(), true);
        contextService.setActiveUser(mpaUser);
        Assert.assertTrue(accessControlService.evaluate(EvACE.of(IEncounter.class, Right.READ, StoreToStringServiceHolder.getStoreToString(buildAndSave2))));
        accessControlService.doPrivileged(() -> {
            CoreModelServiceHolder.get().remove(buildAndSave);
            CoreModelServiceHolder.get().remove(buildAndSave2);
        });
        contextService.setActiveUser(iUser);
    }
}
