#
# Author:: Daniel DeLeo (<dan@chef.io>)
# Copyright:: Copyright 2013-2016, Chef Software Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require "spec_helper"

unless Chef::Platform.windows?
  class Chef
    module ReservedNames
      module Win32
        module Security
          ACL = Object.new
          SecurableObject = Object.new
        end
      end
    end
  end
end

require "chef/file_content_management/deploy/mv_windows"

describe Chef::FileContentManagement::Deploy::MvWindows do

  let(:content_deployer) { described_class.new }
  let(:target_file_path) { "/etc/my_app.conf" }

  describe "creating the file" do

    it "touches the file to create it" do
      expect(FileUtils).to receive(:touch).with(target_file_path)
      content_deployer.create(target_file_path)
    end
  end

  describe "updating the file" do

    let(:staging_file_path) { "/tmp/random-dir/staging-file.tmp" }

    let(:target_file_security_object) do
      double "Securable Object for target file"
    end

    let(:updated_target_security_object) do
      double "Securable Object for target file after staging file deploy"
    end

    before do
      allow(Chef::ReservedNames::Win32::Security::SecurableObject)
        .to receive(:new)
        .with(target_file_path)
        .and_return(target_file_security_object, updated_target_security_object)

    end

    context "when run without adminstrator privileges" do
      before do
        expect(target_file_security_object).to receive(:security_descriptor).and_raise(Chef::Exceptions::Win32APIError)
      end

      it "errors out with a WindowsNotAdmin error" do
        expect { content_deployer.deploy(staging_file_path, target_file_path) }.to raise_error(Chef::Exceptions::WindowsNotAdmin)
      end

    end

    context "when run with administrator privileges" do

      let(:original_target_file_owner) { double("original target file owner") }
      let(:original_target_file_group) { double("original target file group") }

      let(:target_file_security_descriptor) do
        double "security descriptor for target file",
             group: original_target_file_group,
             owner: original_target_file_owner
      end

      let(:updated_target_security_descriptor) do
        double "security descriptor for target file"
      end

      before do
        allow(target_file_security_object).to receive(:security_descriptor).and_return(target_file_security_descriptor)

        expect(FileUtils).to receive(:mv).with(staging_file_path, target_file_path)

        expect(updated_target_security_object).to receive(:group=).with(original_target_file_group)
        expect(updated_target_security_object).to receive(:owner=).with(original_target_file_owner)
      end

      context "and the target file has no dacl or sacl" do

        before do
          allow(target_file_security_descriptor).to receive(:dacl_present?).and_return(false)
          allow(target_file_security_descriptor).to receive(:sacl_present?).and_return(false)
        end

        it "fixes up permissions and moves the file into place" do
          content_deployer.deploy(staging_file_path, target_file_path)
        end

      end

      context "and the target file has null dacl and sacl" do

        before do
          allow(target_file_security_descriptor).to receive(:dacl_present?).and_return(true)
          allow(target_file_security_descriptor).to receive(:dacl).and_return(nil)
          allow(target_file_security_descriptor).to receive(:dacl_inherits?).and_return(false)

          allow(target_file_security_descriptor).to receive(:sacl_present?).and_return(true)
          allow(target_file_security_descriptor).to receive(:sacl).and_return(nil)
          allow(target_file_security_descriptor).to receive(:sacl_inherits?).and_return(false)

          expect(updated_target_security_object).to receive(:set_dacl).with(nil, false)
          expect(updated_target_security_object).to receive(:set_sacl).with(nil, false)
        end

        it "fixes up permissions and moves the file into place" do
          content_deployer.deploy(staging_file_path, target_file_path)
        end

      end

      context "and the target has an empty dacl and sacl" do
        let(:original_target_file_dacl) { [] }
        let(:original_target_file_sacl) { [] }

        let(:empty_dacl) { double("Windows ACL with no dacl ACEs") }
        let(:empty_sacl) { double("Windows ACL with no sacl ACEs") }

        before do
          allow(target_file_security_descriptor).to receive(:dacl_present?).and_return(true)
          allow(target_file_security_descriptor).to receive(:dacl_inherits?).and_return(false)

          allow(target_file_security_descriptor).to receive(:dacl).and_return(original_target_file_dacl)
          expect(Chef::ReservedNames::Win32::Security::ACL)
            .to receive(:create)
            .with([])
            .and_return(empty_dacl)

          allow(target_file_security_descriptor).to receive(:sacl_present?).and_return(true)
          allow(target_file_security_descriptor).to receive(:sacl_inherits?).and_return(false)

          allow(target_file_security_descriptor).to receive(:sacl).and_return(original_target_file_sacl)
          expect(Chef::ReservedNames::Win32::Security::ACL)
            .to receive(:create)
            .with([])
            .and_return(empty_sacl)

          expect(updated_target_security_object).to receive(:set_dacl).with(empty_dacl, false)
          expect(updated_target_security_object).to receive(:set_sacl).with(empty_sacl, false)
        end

        it "fixes up permissions and moves the file into place" do
          content_deployer.deploy(staging_file_path, target_file_path)
        end
      end

      context "and the target has a dacl and sacl" do
        let(:inherited_dacl_ace) { double("Windows dacl ace (inherited)", inherited?: true) }
        let(:not_inherited_dacl_ace) { double("Windows dacl ace (not inherited)", inherited?: false) }

        let(:original_target_file_dacl) { [inherited_dacl_ace, not_inherited_dacl_ace] }

        let(:inherited_sacl_ace) { double("Windows sacl ace (inherited)", inherited?: true) }
        let(:not_inherited_sacl_ace) { double("Windows sacl ace (not inherited)", inherited?: false) }
        let(:original_target_file_sacl) { [inherited_sacl_ace, not_inherited_sacl_ace] }

        let(:custom_dacl) { double("Windows ACL for non-inherited dacl aces") }
        let(:custom_sacl) { double("Windows ACL for non-inherited sacl aces") }

        before do
          allow(target_file_security_descriptor).to receive(:dacl_present?).and_return(true)
          allow(target_file_security_descriptor).to receive(:dacl_inherits?).and_return(dacl_inherits?)

          allow(target_file_security_descriptor).to receive(:dacl).and_return(original_target_file_dacl)
          expect(Chef::ReservedNames::Win32::Security::ACL)
            .to receive(:create)
            .with([not_inherited_dacl_ace])
            .and_return(custom_dacl)

          allow(target_file_security_descriptor).to receive(:sacl_present?).and_return(true)
          allow(target_file_security_descriptor).to receive(:sacl_inherits?).and_return(sacl_inherits?)

          allow(target_file_security_descriptor).to receive(:sacl).and_return(original_target_file_sacl)
          expect(Chef::ReservedNames::Win32::Security::ACL)
            .to receive(:create)
            .with([not_inherited_sacl_ace])
            .and_return(custom_sacl)

          expect(updated_target_security_object).to receive(:set_dacl).with(custom_dacl, dacl_inherits?)
          expect(updated_target_security_object).to receive(:set_sacl).with(custom_sacl, sacl_inherits?)
        end

        context "and the dacl and sacl don't inherit" do
          let(:dacl_inherits?) { false }
          let(:sacl_inherits?) { false }

          it "fixes up permissions and moves the file into place" do
            content_deployer.deploy(staging_file_path, target_file_path)
          end
        end

        context "and the dacl and sacl inherit" do
          let(:dacl_inherits?) { true }
          let(:sacl_inherits?) { true }

          it "fixes up permissions and moves the file into place" do
            content_deployer.deploy(staging_file_path, target_file_path)
          end
        end

      end

    end

  end
end