From 22ba89ae4fd6b028581c83ede43393e4ba0bf8fc Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Tue, 11 Oct 2022 11:51:12 -0400
Subject: [PATCH] use percents instead of asterisks to better support db syntax
 w/ burnettk

---
 src/spiffworkflow_backend/models/permission_target.py       | 2 +-
 src/spiffworkflow_backend/services/authorization_service.py | 1 -
 tests/spiffworkflow_backend/unit/test_permission_target.py  | 6 +++---
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/spiffworkflow_backend/models/permission_target.py b/src/spiffworkflow_backend/models/permission_target.py
index 988a2be7..a9c738e6 100644
--- a/src/spiffworkflow_backend/models/permission_target.py
+++ b/src/spiffworkflow_backend/models/permission_target.py
@@ -19,7 +19,7 @@ class PermissionTargetModel(SpiffworkflowBaseDBModel):
 
     @validates("uri")
     def validate_uri(self, key: str, value: str) -> str:
-        if re.search(r"\*.", value):
+        if re.search(r"%.", value):
             raise InvalidPermissionTargetUri(
                 f"Invalid Permission Target Uri: {value}"
             )
diff --git a/src/spiffworkflow_backend/services/authorization_service.py b/src/spiffworkflow_backend/services/authorization_service.py
index a2167da5..5d0bc80b 100644
--- a/src/spiffworkflow_backend/services/authorization_service.py
+++ b/src/spiffworkflow_backend/services/authorization_service.py
@@ -65,7 +65,6 @@ class AuthorizationService:
             principals.append(group.principal)
 
         return cls.has_permission(principals, permission, target_uri)
-        # return False
 
     # def refresh_token(self, token: str) -> str:
     #     """Refresh_token."""
diff --git a/tests/spiffworkflow_backend/unit/test_permission_target.py b/tests/spiffworkflow_backend/unit/test_permission_target.py
index d21ac799..f8398bcb 100644
--- a/tests/spiffworkflow_backend/unit/test_permission_target.py
+++ b/tests/spiffworkflow_backend/unit/test_permission_target.py
@@ -12,7 +12,7 @@ class TestPermissionTarget(BaseTest):
     def test_asterisk_must_go_at_the_end_of_uri(
         self, app: Flask, with_db_and_bpmn_file_cleanup: None
     ) -> None:
-        permission_target = PermissionTargetModel(uri="/test_group/*")
+        permission_target = PermissionTargetModel(uri="/test_group/%")
         db.session.add(permission_target)
         db.session.commit()
 
@@ -21,7 +21,7 @@ class TestPermissionTarget(BaseTest):
         db.session.commit()
 
         with pytest.raises(InvalidPermissionTargetUri) as exception:
-            PermissionTargetModel(uri="/test_group/*/model")
+            PermissionTargetModel(uri="/test_group/%/model")
         assert (
-            str(exception.value) == "Invalid Permission Target Uri: /test_group/*/model"
+            str(exception.value) == "Invalid Permission Target Uri: /test_group/%/model"
         )