package io.jenkins.plugins.casc;

import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebRequest;
import hudson.security.Permission;
import hudson.security.csrf.CrumbIssuer;
import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
import java.io.IOException;
import java.net.URL;
import jenkins.model.Jenkins;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;

/* loaded from: input_file:io/jenkins/plugins/casc/Security1290Test.class */
public class Security1290Test {

    @Rule
    public JenkinsConfiguredWithCodeRule j = new JenkinsConfiguredWithCodeRule();

    @Test
    public void configurationAsCodePagesPermissions() throws Exception {
        this.j.jenkins.setCrumbIssuer((CrumbIssuer) null);
        this.j.jenkins.setSecurityRealm(this.j.createDummySecurityRealm());
        this.j.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(new Permission[]{Jenkins.ADMINISTER}).everywhere().to(new String[]{"admin"}).grant(new Permission[]{Jenkins.READ}).everywhere().to(new String[]{"user"}));
        JenkinsRule.WebClient createWebClient = this.j.createWebClient();
        createWebClient.login("admin");
        JenkinsRule.WebClient withThrowExceptionOnFailingStatusCode = this.j.createWebClient().withThrowExceptionOnFailingStatusCode(false);
        withThrowExceptionOnFailingStatusCode.login("user");
        assertRightPermissionConfigurations("configuration-as-code/schema", createWebClient, withThrowExceptionOnFailingStatusCode);
        assertRightPermissionConfigurations("configuration-as-code/reference", createWebClient, withThrowExceptionOnFailingStatusCode);
    }

    private void assertRightPermissionConfigurations(String str, JenkinsRule.WebClient webClient, JenkinsRule.WebClient webClient2) throws IOException {
        WebRequest webRequest = new WebRequest(new URL(this.j.getURL() + str), HttpMethod.GET);
        Assert.assertEquals(200L, webClient.getPage(webRequest).getWebResponse().getStatusCode());
        Assert.assertEquals(403L, webClient2.getPage(webRequest).getWebResponse().getStatusCode());
    }
}
