From b417898adc3e0ae29a43d858c0b94d87363e9e87 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Mon, 18 Dec 2023 17:17:44 -0300
Subject: [PATCH] permission: fix wildcard when children > 1

---
 src/permission/fs_permission.h               |  8 ++++++++
 test/parallel/test-permission-fs-wildcard.js | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/src/permission/fs_permission.h b/src/permission/fs_permission.h
index 1c818567934f7d..6f35ebc544b04a 100644
--- a/src/permission/fs_permission.h
+++ b/src/permission/fs_permission.h
@@ -78,6 +78,14 @@ class FSPermission final : public PermissionBase {
           return nullptr;
         }
 
+        // wildcard node takes precedence
+        if (children.size() > 1) {
+          auto it = children.find('*');
+          if (it != children.end()) {
+            return it->second;
+          }
+        }
+
         auto it = children.find(path[idx]);
         if (it == children.end()) {
           return nullptr;
diff --git a/test/parallel/test-permission-fs-wildcard.js b/test/parallel/test-permission-fs-wildcard.js
index 0c81ff5da51b87..d3be5ce07d0061 100644
--- a/test/parallel/test-permission-fs-wildcard.js
+++ b/test/parallel/test-permission-fs-wildcard.js
@@ -98,3 +98,21 @@ if (common.isWindows) {
   );
   assert.strictEqual(status, 0, stderr.toString());
 }
+
+{
+  const { status, stderr } = spawnSync(
+    process.execPath,
+    [
+      '--experimental-permission',
+      '--allow-fs-read=/a/b/*',
+      '--allow-fs-read=/a/b/d',
+      '-e',
+      `
+        const assert = require('assert')
+        assert.ok(process.permission.has('fs.read', '/a/b/c'));
+        assert.ok(!process.permission.has('fs.read', '/a/c/c'));
+      `,
+    ]
+  );
+  assert.strictEqual(status, 0, stderr.toString());
+}