User: Consider the required permission more important if it has a wildcard

refs #9202
2025-07-31 01:34:09 +02:00 · 2015-06-02 12:01:02 +02:00 · 2015-06-02 12:01:02 +02:00 · 267e71f38b
commit 267e71f38b
parent 7213379cac
2 changed files with 4 additions and 2 deletions
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@ -426,7 +426,7 @@ class User
        // matches
        $any = strpos($requiredPermission, '*');
        foreach ($this->permissions as $grantedPermission) {
-            if ($any !== false && strpos($grantedPermission, '*') === false) {
+            if ($any !== false) {
                $wildcard = $any;
            } else {
                // If the permit contains a wildcard, grant the permission if it's related to the permit
--- a/test/php/library/Icinga/UserTest.php
+++ b/test/php/library/Icinga/UserTest.php
@ -67,13 +67,15 @@ class UserTest extends BaseTestCase
            'test',
            'test/some/specific',
            'test/more/*',
-            'test/wildcard-with-wildcard/*'
+            'test/wildcard-with-wildcard/*',
+            'test/even-more/specific-with-wildcard/*'
        ));
        $this->assertTrue($user->can('test'));
        $this->assertTrue($user->can('test/some/specific'));
        $this->assertTrue($user->can('test/more/everything'));
        $this->assertTrue($user->can('test/wildcard-with-wildcard/*'));
        $this->assertTrue($user->can('test/wildcard-with-wildcard/sub/sub'));
+        $this->assertTrue($user->can('test/even-more/*'));
        $this->assertFalse($user->can('not/test'));
        $this->assertFalse($user->can('test/some/not/so/specific'));
        $this->assertFalse($user->can('test/wildcard2/*'));