Comments inline:
I think we are getting closer to an understanding.
>
> Try adding the following to your tests:
>
> @Test
> public void testWildcardLeftTermination() {
> WildcardPermission p1, p2;
>
> p1 = new WildcardPermission("one");
> p2 = new WildcardPermission("one:*");
>
> assertTrue( p1.implies(p2));
> assertFalse( p2.implies(p1));
> }
>
> Now I assume the the last statement is correct. but the test will fail.
>
The doc states that `printer` is equivalent to `printer:*:*` so I would
expect your test to fail
>
> Now to your example with JoeCoder
>
> Assume your resource has the permission "newsletter"
>
> Should the user joe with permissions "newsletter:*" be able to access that?
>
Yes
> a user with "newsletter:one" would not.
>
Correct
> So looking at it another way.
>
> given: "newsletter:X" is the set of all permissions in the system that
> start with "newsletter:" followed by any characters excluding ":" and "*".
> then: any user with only the permissions from "newsletter:X" does not have
> access to "newsletter"
>
>
> given that "newsletter:*" is equivalent to the union of "newsletter:X" and
> newsletter:X:X and newsletter:X:X:X ...
>
> then: any user with only the permissions from "newsletter:*" should not
> have access to "newsletter" as you can not imply "newsletter" from any of
> the permissions in the set.
>
But here `newsletter:*` is equivalent to `newsletter` which is missing in
your `given`
> corollary:
>
> if "newsletter:*" implies "newsletter" then for any permission Y the
> permission Y:* implies Y
>
> replacing Y with "newsletter:*" gives newsletter:*:* implies newsletter:*
> and newsletter:* implies newsletter so newsletter:*:* implies newsletter.
> This is false.
>
This was the test I just added: newsletter:*:*:* impiles newsletter
So this is true, not false
>
> so "newsletter:*" should not imply "newsletter"
>
>
> @Test
> public void testWildcardLeftTermination() {
> WildcardPermission p1, p2, p3, p4;
>
> p1 = new WildcardPermission("one");
> p2 = new WildcardPermission("one:*");
> p3 = new WildcardPermission("one:*:*");
>
> assertTrue( p1.implies(p2));
> //assertFalse( p2.implies(p1)); //test 2
> assertTrue( p1.implies(p3));
> assertFalse( p3.implies(p1 )); // test 4
> }
>
> To be consistent test 2 and test 4 must both be true or both false.
>
They are both true (they should be assertTrue). You might have lost me here.
This test currently passes:
@Test
public void testWildcardLeftTermination() {
WildcardPermission p1, p2, p3, p4;
p1 = new WildcardPermission("one");
p2 = new WildcardPermission("one:*");
p3 = new WildcardPermission("one:*:*");
p4 = new WildcardPermission("one:read");
assertTrue(p1.implies(p2));
assertTrue(p1.implies(p3));
assertTrue(p1.implies(p4));
assertTrue(p2.implies(p1));
assertTrue(p2.implies(p3));
assertTrue(p2.implies(p4));
assertTrue(p3.implies(p1));
assertTrue(p3.implies(p2));
assertTrue(p3.implies(p4));
assertFalse(p4.implies(p1));
assertFalse(p4.implies(p2));
assertFalse(p4.implies(p3));
}
