From 8519bb5d11fd72243dae2850b9bbe3555774a527 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Thu, 5 Dec 2019 08:44:33 +0100
Subject: [PATCH] User: Don't return true if any permission is granted and `*`
 is required

---
 library/Icinga/User.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/Icinga/User.php b/library/Icinga/User.php
index 0d237831d..ef5a0ff62 100644
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@@ -579,7 +579,7 @@ class User
                 $wildcard = strpos($grantedPermission, '*');
             }
 
-            if ($wildcard !== false) {
+            if ($wildcard !== false && $wildcard > 0) {
                 if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) {
                     return true;
                 }