package com.facebook.presto.tests.hive;

import com.facebook.presto.hive.jdbc.$internal.org.apache.hadoop.hdfs.server.namenode.NamenodeFsck;
import com.facebook.presto.tests.TestGroups;
import com.facebook.presto.tests.utils.QueryExecutors;
import io.prestodb.tempto.BeforeTestWithContext;
import io.prestodb.tempto.ProductTest;
import io.prestodb.tempto.assertions.QueryAssert;
import io.prestodb.tempto.context.ContextDsl;
import io.prestodb.tempto.query.QueryExecutor;
import io.prestodb.tempto.sql.SqlContexts;
import org.testng.annotations.Test;

/* loaded from: input_file:com/facebook/presto/tests/hive/TestSqlStandardAccessControlChecks.class */
public class TestSqlStandardAccessControlChecks extends ProductTest {
    private String tableName;
    private QueryExecutor aliceExecutor;
    private QueryExecutor bobExecutor;

    @BeforeTestWithContext
    public void setup() {
        this.tableName = "alice_owned_table";
        this.aliceExecutor = QueryExecutors.connectToPresto("alice@presto");
        this.bobExecutor = QueryExecutors.connectToPresto("bob@presto");
        this.aliceExecutor.executeQuery(String.format("DROP TABLE IF EXISTS %s", this.tableName), new QueryExecutor.QueryParam[0]);
        this.aliceExecutor.executeQuery(String.format("CREATE TABLE %s(month bigint, day bigint)", this.tableName), new QueryExecutor.QueryParam[0]);
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlSelect() {
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot select from table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlInsert() {
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("INSERT INTO %s VALUES (3, 22)", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot insert into table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("GRANT INSERT ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("INSERT INTO %s VALUES (3, 22)", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlDelete() {
        this.aliceExecutor.executeQuery(String.format("INSERT INTO %s VALUES (4, 13)", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("DELETE FROM %s WHERE day=4", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot delete from table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("GRANT DELETE ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        this.bobExecutor.executeQuery(String.format("DELETE FROM %s", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlCreateTableAsSelect() {
        String str = "bob_create_table_as_select";
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("CREATE TABLE %s AS SELECT * FROM %s", str, this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot select from table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        this.bobExecutor.executeQuery(String.format("CREATE TABLE %s AS SELECT * FROM %s", "bob_create_table_as_select", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", "bob_create_table_as_select"), new QueryExecutor.QueryParam[0])).hasNoRows();
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlDropTable() {
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("DROP TABLE %s", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot drop table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("DROP TABLE %s", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.aliceExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(NamenodeFsck.NONEXISTENT_STATUS);
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlAlterTable() {
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SHOW COLUMNS FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(2);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("ALTER TABLE %s ADD COLUMN year bigint", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot add a column to table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("ALTER TABLE %s ADD COLUMN year bigint", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SHOW COLUMNS FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(3);
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlCreateView() {
        String format = String.format("SELECT * FROM %s", this.tableName);
        String format2 = String.format("CREATE VIEW %s AS %s", "bob_view", format);
        this.bobExecutor.executeQuery(String.format("DROP VIEW IF EXISTS %s", "bob_view"), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(format2, new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot select from table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(format2, new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot create view that selects from default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("REVOKE SELECT ON %s FROM bob", this.tableName), new QueryExecutor.QueryParam[0]);
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO bob WITH GRANT OPTION", this.tableName), new QueryExecutor.QueryParam[0]);
        ContextDsl.executeWith(SqlContexts.createViewAs("bob_view", format, this.bobExecutor), view -> {
            QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", view.getName()), new QueryExecutor.QueryParam[0])).hasNoRows();
        });
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAccessControlDropView() {
        String str = "alice_view_for_drop";
        this.aliceExecutor.executeQuery(String.format("CREATE VIEW %s AS SELECT * FROM %s", "alice_view_for_drop", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("DROP VIEW %s", str), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot drop view default.%s", "alice_view_for_drop"));
        this.aliceExecutor.executeQuery(String.format("DROP VIEW %s", "alice_view_for_drop"), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.aliceExecutor.executeQuery(String.format("SELECT * FROM %s", str), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(NamenodeFsck.NONEXISTENT_STATUS);
    }
}
