Default Permission.implies method in core/authz/authz.py

[lhmatt]

Line 123-125:

if self.targets != {self.WILDCARD_TOKEN}:
            if not self.actions >= permission.actions:
                return False

This appears to be a copy+paste error. Line 124 is evaluating the actions part of the permission instead of the targets part. This causes permission checks to fail. Modifying it to evaluate self.targets seems to fix everything.

[Dowwie]

Good catch. Would you mind submitting a PR for this?

[lhmatt]

A proper patch should include fixing whatever tests allowed this to slip through. I'm afraid I don't have time to setup the test suite and comb through them.