Quering users::permission with wildcard permissions (via roles) is not working as expected

[mehrizi]

Hello and thanks for the great package.

I have a user which has a.* permission assigned via role (That is I have a role with permission a.* which that user has the role).
But when I do the following query:
User::permission('a.b.c')->get()
nothing returns!

I have all set of a.* , a.b.*, a.b.c` created already!

I am using ver 4.3.0 as composer.lock says. (I just updated it from 4.2), PHP 8, Mysql 8 and Win10 (using apache via xampp)

Thanks in advance

[erikn69]

with 4.2 was it working?
Can you make a simple test for look at the fail?

laravel-permission/tests/WildcardHasPermissionsTest.php

Lines 13 to 30 in 78eaa5e

	public function it_can_check_wildcard_permission()
	{
	app('config')->set('permission.enable_wildcard_permission', true);
	$user1 = User::create(['email' => '[email protected]']);
	$permission1 = Permission::create(['name' => 'articles.edit,view,create']);
	$permission2 = Permission::create(['name' => 'news.*']);
	$permission3 = Permission::create(['name' => 'posts.*']);
	$user1->givePermissionTo([$permission1, $permission2, $permission3]);
	$this->assertTrue($user1->hasPermissionTo('posts.create'));
	$this->assertTrue($user1->hasPermissionTo('posts.create.123'));
	$this->assertTrue($user1->hasPermissionTo('posts.*'));
	$this->assertTrue($user1->hasPermissionTo('articles.view'));
	$this->assertFalse($user1->hasPermissionTo('projects.view'));
	}

I tried on 4.2 and User::permission('a.b.c')->get() nothing returns too
maybe $user->hasPermissionTo('a.b.c') instead of User::permission('a.b.c')->get()

[erikn69]

I made a test and User::permission('a.b.c')->get() is always empty(4.2 and 4.3)

/** @test */
  public function it_can_check_wildcard_permission2()
  {
      app('config')->set('permission.enable_wildcard_permission', true);
      $user1 = User::create(['email' => '[email protected]']);
      $role = Role::create(['name' => 'RoleWild']);
      $permission1 = Permission::create(['name' => 'a.b.c']);
      $permission2 = Permission::create(['name' => 'a.*']);
      $permission3 = Permission::create(['name' => 'a.b.*']);

      //via direct permission
      $user1->givePermissionTo($permission2);
      $this->assertTrue($user1->hasPermissionTo('a.*'));
      $this->assertTrue($user1->hasPermissionTo('a.b.*'));
      $this->assertTrue($user1->hasPermissionTo('a.b.c'));
      $this->assertSame([], User::permission('a.b.c')->get()->toArray());
      // revoke direct permission
      $user1->revokePermissionTo($permission2);
      $this->assertFalse($user1->hasPermissionTo('a.*'));
      $this->assertFalse($user1->hasPermissionTo('a.b.c'));
      
      //via role
      $role->givePermissionTo($permission2);
      $user1->assignRole($role);
      $this->assertTrue($user1->hasPermissionTo('a.*'));
      $this->assertTrue($user1->hasPermissionTo('a.b.*'));
      $this->assertTrue($user1->hasPermissionTo('a.b.c'));
      $this->assertSame([], User::permission('a.b.c')->get()->toArray());
      // with 'a.*' i get a result user
      $this->assertSame([['id' => 2, 'email' => '[email protected]', 'deleted_at' => null]], User::permission('a.*')->get()->toArray());
      // revoke role
      $user1->removeRole($role);
      $this->assertFalse($user1->hasPermissionTo('a.*'));
      $this->assertFalse($user1->hasPermissionTo('a.b.c'));
  }

[erikn69]

Maybe guard_name is not the same on user and permission

laravel-permission/tests/HasPermissionsTest.php

Lines 191 to 200 in 5b3ea6b

	public function it_throws_an_exception_when_trying_to_scope_a_permission_from_another_guard()
	{
	$this->expectException(PermissionDoesNotExist::class);
	User::permission('testAdminPermission')->get();
	$this->expectException(GuardDoesNotMatch::class);
	User::permission($this->testAdminPermission)->get();
	}

[lk77]

For me the logic in WildcardPermission::implies is too complex and prone to errors,
i think this should be replaced with a simple preg match :

if (is_string($permission)) {
        $permission = new self($permission);
}

return preg_match('/'.str_replace('*', '.*?', $permission->permission).'/', $this->permission);

something along those lines, i've not tested it a lot, it's more of a thought that a real implementation/solution.

in the current state i can not get wildcards to work, i think it's better to rely on php builtins regex capabilites.

for example this does not work :

$user->hasPermissionTo('*')

but i have 71 permissions that match that in db.

It seems thath WildcardPermission::containsAll does not work as intended :

it does not handle wildcards (*)