package info.magnolia.cms.security;

import info.magnolia.cms.core.AggregationState;
import info.magnolia.context.MgnlContext;
import info.magnolia.context.WebContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:info/magnolia/cms/security/ContentSecurityFilterTest.class */
public class ContentSecurityFilterTest {
    private HttpServletRequest request;
    private HttpServletResponse response;

    @Before
    public void setUp() {
        AggregationState aggregationState = (AggregationState) Mockito.mock(AggregationState.class);
        WebContext webContext = (WebContext) Mockito.mock(WebContext.class);
        MgnlContext.setInstance(webContext);
        Mockito.when(webContext.getAggregationState()).thenReturn(aggregationState);
        Mockito.when(aggregationState.getRepository()).thenReturn("repo");
        AccessManager accessManager = (AccessManager) Mockito.mock(AccessManager.class);
        Mockito.when(webContext.getAccessManager("repo")).thenReturn(accessManager);
        Mockito.when(Boolean.valueOf(accessManager.isGranted((String) null, PermissionUtil.convertPermissions("read")))).thenReturn(false);
        Mockito.when(webContext.getUser()).thenReturn((User) Mockito.mock(User.class));
        this.request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        this.response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    }

    @Test
    public void testIsAllowedForAnonymous() throws Exception {
        Mockito.when(MgnlContext.getUser().getName()).thenReturn("anonymous");
        Mockito.when(this.request.getMethod()).thenReturn("GET");
        Assert.assertEquals(false, Boolean.valueOf(new ContentSecurityFilter().isAllowed(this.request, this.response)));
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(401);
    }

    @Test
    public void testIsAllowedForOther() throws Exception {
        Mockito.when(MgnlContext.getUser().getName()).thenReturn("AnyAuthenticatedUser");
        Mockito.when(this.request.getMethod()).thenReturn("GET");
        Assert.assertEquals(false, Boolean.valueOf(new ContentSecurityFilter().isAllowed(this.request, this.response)));
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(403);
    }
}
