diff --git a/src/permission/fs_permission.h b/src/permission/fs_permission.h index 1c818567934f7d..6f35ebc544b04a 100644 --- a/src/permission/fs_permission.h +++ b/src/permission/fs_permission.h @@ -78,6 +78,14 @@ class FSPermission final : public PermissionBase { return nullptr; } + // wildcard node takes precedence + if (children.size() > 1) { + auto it = children.find('*'); + if (it != children.end()) { + return it->second; + } + } + auto it = children.find(path[idx]); if (it == children.end()) { return nullptr; diff --git a/test/parallel/test-permission-fs-wildcard.js b/test/parallel/test-permission-fs-wildcard.js index 0c81ff5da51b87..9b2608e99dc84b 100644 --- a/test/parallel/test-permission-fs-wildcard.js +++ b/test/parallel/test-permission-fs-wildcard.js @@ -98,3 +98,23 @@ if (common.isWindows) { ); assert.strictEqual(status, 0, stderr.toString()); } + +{ + if (!common.isWindows) { + const { status, stderr } = spawnSync( + process.execPath, + [ + '--experimental-permission', + '--allow-fs-read=/a/b/*', + '--allow-fs-read=/a/b/d', + '-e', + ` + const assert = require('assert') + assert.ok(process.permission.has('fs.read', '/a/b/c')); + assert.ok(!process.permission.has('fs.read', '/a/c/c')); + `, + ] + ); + assert.strictEqual(status, 0, stderr.toString()); + } +}