Claude, I think I see what you are saying, but it looks like this is what this test does: https://github.com/apache/shiro/blob/master/core/src/test/java/org/apache/shiro/authz/permission/WildcardPermissionTest.java#L182-L189
Maybe this is something a tweak to the doc can fix? On Tue, Jan 23, 2018 at 5:13 PM, Claude Warren <[email protected]> wrote: > Brian, > > thanks for the response, but the document cited does not cover the question > nor do the test cases. > > > If we take the first two examples in the missing parts section: > > it clearly states that ( assume the symbol => means implies) > > printer:print => printer:print:* > > > but says noting about > > printer:print:* => printer:print > > I think that this statement is false. Logically the addition of the ":*" > should indicate that permissions are grated to things under "printer:print" > but not to "printer:print" itself. > > > I hope this makes sense. > > Claude > > > > > > > On Tue, Jan 23, 2018 at 2:48 PM, Brian Demers <[email protected]> > wrote: > > > Hey Claude, I thought someone responded to this already (sorry) > > > > To me, this seems in line with the doc: > > https://shiro.apache.org/permissions.html#missing-parts > > At first glance, there are similar test cases in `WildcardPermissionTest > > <https://github.com/apache/shiro/blob/master/core/src/ > > test/java/org/apache/shiro/authz/permission/WildcardPermissionTest.java# > > L143> > > ` > > > > Does that help clear things up? If not maybe a PR to that test class > would > > help clarify the point? > > > > Thanks! > > -Brian > > > > > > On Tue, Jan 23, 2018 at 5:36 AM, [email protected] < > > [email protected]> wrote: > > > > > Not seeing any discussion of this and seeing no tests in the test cases > > > that perform any tests of this issue. I will open a defect and work on > > > that. > > > > > > > > > Claude > > > > > > ________________________________ > > > From: Claude Warren (Product Engineering Service) > > > Sent: Friday, January 12, 2018 12:52:52 PM > > > To: [email protected] > > > Subject: Defect in WildcardPermission evaluation? > > > > > > > > > Currently the WildcardPermission.implies() method contains the > following > > > code snippet and comment. > > > > > > > > > // If this permission has less parts than the other permission, > > everything > > > after the number of parts contained > > > // in this permission is automatically implied, so return true > > > .... > > > > > > > > > // If this permission has more parts than the other parts, only imply > it > > > if all of the other parts are wildcards > > > for (; i < getParts().size(); i++) { > > > Set<String> part = getParts().get(i); > > > if (!part.contains(WILDCARD_TOKEN)) { > > > return false; > > > } > > > } > > > > > > > > > This means that If you have (User perms in first col, testing against > > > across columns) > > > {noformat} > > > > > > > > > A A:* A:B A:B:* A:B:C A:B:C:* > > > A t t t t t t > > > A:* T > > > t t t t t > > > A:B f f t t t t > > > A:B:* f f T t t t > > > A:B:C f f f f t t > > > A:B:C:* f f f f T t > > > > > > {noformat} > > > > > > I think the issues are where the upper case "T"s are. I believe that > > > those should be "F" > > > > > > The logic being that once a separator (:) is presented it should no > > longer > > > match anything shorter than that. > > > > > > Thoughts? > > > Claude > > > > > > > > > The information contained in this electronic message and any > attachments > > > to this message are intended for the exclusive use of the addressee(s) > > and > > > may contain proprietary, confidential or privileged information. If you > > are > > > not the intended recipient, you should not disseminate, distribute or > > copy > > > this e-mail. Please notify the sender immediately and destroy all > copies > > of > > > this message and any attachments. WARNING: Computer viruses can be > > > transmitted via email. The recipient should check this email and any > > > attachments for the presence of viruses. The company accepts no > liability > > > for any damage caused by any virus transmitted by this email. > > > www.wipro.com > > > > > > ______________________________________________________________________ > > > This email has been scanned by the Symantec Email Security.cloud > service. > > > For more information please visit http://www.symanteccloud.com > > > ______________________________________________________________________ > > > > > > > > > -- > I like: Like Like - The likeliest place on the web > <http://like-like.xenei.com> > LinkedIn: http://www.linkedin.com/in/claudewarren >
