/*******************************************************************************
 * Copyright (c) 2011-2014 EclipseSource Muenchen GmbH and others.
 * 
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 * 
 * Contributors:
 * Edgar - initial API and implementation
 ******************************************************************************/
package org.eclipse.emf.emfstore.server.accesscontrol.test;

import static org.eclipse.emf.emfstore.client.test.common.util.ProjectUtil.share;
import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.createGroup;
import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.createUser;
import static org.eclipse.emf.emfstore.client.test.common.util.ServerUtil.deleteGroup;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;

import org.eclipse.emf.emfstore.client.test.common.dsl.Roles;
import org.eclipse.emf.emfstore.client.test.common.util.ServerUtil;
import org.eclipse.emf.emfstore.internal.client.model.ProjectSpace;
import org.eclipse.emf.emfstore.internal.client.model.impl.api.ESUsersessionImpl;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges;
import org.eclipse.emf.emfstore.server.exceptions.ESException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/**
 * Tests whether organizational units can be assigned to groups.
 * 
 * @author emueller
 * 
 */
public class AssignOrgUnitToGroupTests extends ProjectAdminTest {

	@BeforeClass
	public static void beforeClass() {
		startEMFStoreWithPAProperties(
			ESProjectAdminPrivileges.ShareProject,
			ESProjectAdminPrivileges.AssignRoleToOrgUnit,
			ESProjectAdminPrivileges.ChangeAssignmentsOfOrgUnits);
	}

	@AfterClass
	public static void afterClass() {
		stopEMFStore();
	}

	@Override
	@After
	public void after() {
		try {
			deleteGroup(getSuperUsersession(), getNewGroupName());
			deleteGroup(getSuperUsersession(), getNewOtherGroupName());
		} catch (final ESException ex) {
			fail(ex.getMessage());
		}
		super.after();
	}

	@Override
	@Before
	public void before() {
		super.before();
	}

	@Test(expected = AccessControlException.class)
	public void addMemberToGroupWhichBelongsToOtherProject() throws ESException {
		makeUserPA();
		share(getSuperUsersession(), getLocalProject());
		final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername());
		final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName());

		share(getUsersession(), getLocalProject());
		final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace());
		share(getSuperUsersession(), clonedProjectSpace.toAPI());

		getSuperAdminBroker().changeRole(clonedProjectSpace.getProjectId(), group, Roles.writer());

		// fails
		getAdminBroker().addMember(group, newUser);
	}

	@Test(expected = AccessControlException.class)
	public void removeMemberFromGroupWhichBelongsToOtherProject() throws ESException {
		makeUserPA();
		share(getSuperUsersession(), getLocalProject());
		final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername());
		final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName());

		share(getUsersession(), getLocalProject());
		final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace());
		share(getSuperUsersession(), clonedProjectSpace.toAPI());

		getSuperAdminBroker().changeRole(clonedProjectSpace.getProjectId(), group, Roles.writer());

		getSuperAdminBroker().addMember(group, newUser);
		getAdminBroker().removeMember(group, newUser);
	}

	@Test
	public void removeMemberFromGroupWithProject() throws ESException {
		makeUserPA();
		share(getUsersession(), getLocalProject());
		final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername());
		final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName());

		getAdminBroker().changeRole(getProjectSpace().getProjectId(), group, Roles.writer());

		getAdminBroker().addMember(group, newUser);
		getAdminBroker().removeMember(group, newUser);
		assertEquals(0, getAdminBroker().getMembers(group).size());
	}

	@Test
	public void addMemberToGroup() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUser = createUser(getSuperUsersession(), getNewUsername());
		final ACOrgUnitId group = createGroup(getSuperUsersession(), getNewGroupName());
		getAdminBroker().addMember(group, newUser);
		assertEquals(1, getAdminBroker().getMembers(group).size());
	}

	@Test
	public void addParticipantAsPA() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size();
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
		assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size());
	}

	@Test
	public void addReaderToDifferentProjectsAsPA() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size();

		final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace());
		share(getUsersession(), clonedProjectSpace.toAPI());

		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
		getAdminBroker().addParticipant(clonedProjectSpace.getProjectId(), newUserId, Roles.reader());
		assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size());
	}

	@Test
	public void addParticipantTwiceAsPA() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size();
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
		assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size());
	}

	@Test(expected = AccessControlException.class)
	public void addParticipantSAasPA() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size();
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.serverAdmin());
		assertEquals(oldSize + 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size());
	}

	@Test(expected = AccessControlException.class)
	public void addParticipantNotPA() throws ESException {
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
	}

	@Test
	public void removeParticipantPA() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
		final int oldSize = getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size();
		getAdminBroker().removeParticipant(getProjectSpace().getProjectId(), newUserId);
		assertEquals(oldSize - 1, getAdminBroker().getParticipants(getProjectSpace().getProjectId()).size());
	}

	@Test(expected = AccessControlException.class)
	public void removeParticipantNotPA() throws ESException {
		makeUserPA();
		final ACOrgUnitId newUserId = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
		share(getUsersession(), getLocalProject());
		getAdminBroker().addParticipant(getProjectSpace().getProjectId(), newUserId, Roles.reader());
		// downgrade project admin
		getAdminBroker().changeRole(getProjectSpace().getProjectId(),
			ESUsersessionImpl.class.cast(getUsersession()).toInternalAPI().getACUser().getId(),
			Roles.writer());
		getAdminBroker().removeParticipant(getProjectSpace().getProjectId(), newUserId);
	}
}