fix(authorization): Fix hierarchy filters for superusers

The filter's `isWildcard` flag was always set to `true` for
superusers. This prevented the `containedIn` filter to be applied
correctly. Fix this by taking the presence of a `containedIn` filter into
account.

Signed-off-by: Oliver Heger <[email protected]>

Author: oheger-bosch

components/authorization/backend/src/main/kotlin/service/DbAuthorizationService.kt

@@ -217,7 +217,7 @@ class DbAuthorizationService(
         return HierarchyFilter(
             transitiveIncludes = includes,
             nonTransitiveIncludes = permissions.implicitIncludes().filterContainedIn(containedInId),
-            isWildcard = permissions.isSuperuser()
+            isWildcard = permissions.isSuperuser() && containedInId == null
         )
     }
 

components/authorization/backend/src/test/kotlin/service/DbAuthorizationServiceTest.kt

@@ -1120,6 +1120,7 @@ class DbAuthorizationServiceTest : WordSpec() {
                     containedIn = repositoryCompoundId.productId
                 )
 
+                filter.isWildcard shouldBe false
                 filter.transitiveIncludes.entries.shouldBeSingleton { (key, value) ->
                     key shouldBe CompoundHierarchyId.PRODUCT_LEVEL
                     value shouldBe setOf(repositoryCompoundId.parent)