I'm still not clear here, by both true, I mean they should have both been `assertTrue`
As in this: https://github.com/apache/shiro/pull/78/commits/77ab27dcddf4ca96ff64b11aad939a5d10168f4d What did you mean by both be true or both be false? -Brian On Thu, Jan 25, 2018 at 12:08 PM, Claude Warren <[email protected]> wrote: > >@Test > >> public void testWildcardLeftTermination() { > >> WildcardPermission p1, p2, p3, p4; > >> > >> p1 = new WildcardPermission("one"); > >> p2 = new WildcardPermission("one:*"); > >> p3 = new WildcardPermission("one:*:*"); > >> > >> assertTrue( p1.implies(p2)); > >> //assertFalse( p2.implies(p1)); //test 2 > >> assertTrue( p1.implies(p3)); > >> assertFalse( p3.implies(p1 )); // test 4 > >> } > >> > >> To be consistent test 2 and test 4 must both be true or both false. > >> > > >They are both true (they should be assertTrue). You might have lost me > here. > > Copy the code into your tests. I think you will find that they are not > both true nor both false. > > assertFalse( p2.implies(p1)); //test 2 <-- this one fails - hence it is > commented out. > > An that is what I have been saying it should not fail. > > So I think we agree. > > Claude > > On Thu, Jan 25, 2018 at 4:02 PM, Brian Demers <[email protected]> > wrote: > > > Comments inline: > > > > I think we are getting closer to an understanding. > > > > > > Try adding the following to your tests: > > > > > > @Test > > > public void testWildcardLeftTermination() { > > > WildcardPermission p1, p2; > > > > > > p1 = new WildcardPermission("one"); > > > p2 = new WildcardPermission("one:*"); > > > > > > assertTrue( p1.implies(p2)); > > > assertFalse( p2.implies(p1)); > > > } > > > > > > Now I assume the the last statement is correct. but the test will > fail. > > > > > > > The doc states that `printer` is equivalent to `printer:*:*` so I would > > expect your test to fail > > > > > > > > > > Now to your example with JoeCoder > > > > > > Assume your resource has the permission "newsletter" > > > > > > Should the user joe with permissions "newsletter:*" be able to access > > that? > > > > > > > Yes > > > > > > > a user with "newsletter:one" would not. > > > > > > > Correct > > > > > > > > > So looking at it another way. > > > > > > given: "newsletter:X" is the set of all permissions in the system that > > > start with "newsletter:" followed by any characters excluding ":" and > > "*". > > > > > > > then: any user with only the permissions from "newsletter:X" does not > > have > > > access to "newsletter" > > > > > > > > > > > given that "newsletter:*" is equivalent to the union of "newsletter:X" > > and > > > newsletter:X:X and newsletter:X:X:X ... > > > > > > then: any user with only the permissions from "newsletter:*" should not > > > have access to "newsletter" as you can not imply "newsletter" from any > of > > > the permissions in the set. > > > > > > > But here `newsletter:*` is equivalent to `newsletter` which is missing in > > your `given` > > > > > > > corollary: > > > > > > if "newsletter:*" implies "newsletter" then for any permission Y the > > > permission Y:* implies Y > > > > > > replacing Y with "newsletter:*" gives newsletter:*:* implies > > newsletter:* > > > and newsletter:* implies newsletter so newsletter:*:* implies > newsletter. > > > This is false. > > > > > > > This was the test I just added: newsletter:*:*:* impiles newsletter > > So this is true, not false > > > > > > > > > > so "newsletter:*" should not imply "newsletter" > > > > > > > > > @Test > > > public void testWildcardLeftTermination() { > > > WildcardPermission p1, p2, p3, p4; > > > > > > p1 = new WildcardPermission("one"); > > > p2 = new WildcardPermission("one:*"); > > > p3 = new WildcardPermission("one:*:*"); > > > > > > assertTrue( p1.implies(p2)); > > > //assertFalse( p2.implies(p1)); //test 2 > > > assertTrue( p1.implies(p3)); > > > assertFalse( p3.implies(p1 )); // test 4 > > > } > > > > > > To be consistent test 2 and test 4 must both be true or both false. > > > > > > > They are both true (they should be assertTrue). You might have lost me > > here. > > > > > > This test currently passes: > > > > @Test > > public void testWildcardLeftTermination() { > > WildcardPermission p1, p2, p3, p4; > > > > p1 = new WildcardPermission("one"); > > p2 = new WildcardPermission("one:*"); > > p3 = new WildcardPermission("one:*:*"); > > p4 = new WildcardPermission("one:read"); > > > > assertTrue(p1.implies(p2)); > > assertTrue(p1.implies(p3)); > > assertTrue(p1.implies(p4)); > > > > assertTrue(p2.implies(p1)); > > assertTrue(p2.implies(p3)); > > assertTrue(p2.implies(p4)); > > > > assertTrue(p3.implies(p1)); > > assertTrue(p3.implies(p2)); > > assertTrue(p3.implies(p4)); > > > > assertFalse(p4.implies(p1)); > > assertFalse(p4.implies(p2)); > > assertFalse(p4.implies(p3)); > > } > > > > > > -- > I like: Like Like - The likeliest place on the web > <http://like-like.xenei.com> > LinkedIn: http://www.linkedin.com/in/claudewarren >
