- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
comment->ConvertTo(NULLPTR);
Admin
TRWTF is Remy again, missing the most obvious things:
Admin
Maybe you miss the point ... aka the round brackets around Role_4?
Admin
If I had a penny for every time I'd seen if (boolexpr) { return true; } else { return false; } (or occasionally return boolexpr ? true; false) I'd be a very rich man
Admin
P: Your point 1 is invalid, since the code passes in a constant string to build the regex.
This is just inefficient code. Since when is that a WTF?
Admin
I assume people do that because the expanded form is easier to debug. I know there are conditional breakpoints in modern debuggers, but they were a pain in the past.
Admin
Point 1 is very valid: assume you supply the constant string "admin[GUI]" (when you go a bit more offroad you can also supply stuff like ".*")...
Admin
if (boolexpr) { return true; } else { return false; }
can actually be useful for setting simple breakpoints.
Admin
I'm into role playing, too. #SaveTheFurries
Admin
And if I had a penny for every time I'd seen these copy-and-paste code duplications, like "role.trim()", I'd be a very rich man, too! Falsehood programmers believe that these duplications always can be optimized away by the compiler, and that this unnecessary code clutter is easier and faster to read.
Admin
Like with music, repetition makes code more beautiful. (Except that it doesn't.)
Admin
I'm pretty sure the WTF here is that they rolled their own role system and it's insane. Why have generic names like ROLE_4_STRING when the fourth role is obviously treated special, while the other three are all treated the same? Why only allow one role, with hard-coded precedence?
Also, the insistence of single-exit style turned five lines of code into eleven.
Admin
This is what you get when you use strings instead of enums, and maybe a table with columns that indicate what each role can do.
if (error)
goto fail;
goto fail;
Admin
I don't know the language, but seems like Pattern.compile might do that, no?
Admin
It's useful for setting breakpoints? So is "volatile int x; x=0;" and it's a lot shorter.
Admin
trtrtrtrtrwtf is not using some kind of identity management library/system which exists for like, every imaginable language and framework in the year of our dark lady two thousand nineteen
Admin
The compiled regex is not quite right. It would actually be ^.(role_4).$ , as there's a toLowerCase in there.
Addendum 2019-11-25 11:04: I mean ^.*(ROLE_4).*$
I guess comments here us markup. Or markdown.
Addendum 2019-11-25 11:04: Make that ^.*(role_4).*$
Admin
When asked, the original coder replied, "Hey, that's just the way I role."
Admin
Speaking of "personal roles", I've been in a company where authorizations were granted by roles. Sounds good, except when you start reading the user "John Doe" is assigned the role "John Doe".
Admin
That's the mechanism PostgreSQL uses. The only difference between CREATE USER and CREATE ROLE is that the former defaults to granting login privileges while the latter doesn't. John Doe does what John Doe does.
Admin
admin[GUI] would match adminG, adminU or adminI. Since we are not being told what role4 looks like, only that it is very mysterious, I would not dismiss the possibility that it is really the expected behaviour.
Admin
xkcd 927 applies in its corollary: just as with passworm damagers, the field is so large by now that it's easier to write your own than make a qualified product decision about existing products. (Plus, brownfield permissions management is 1F92E 1F4A9)
Admin
It seems Nohemi's coworker is not exactly a role model…
Admin
Is role management that complicated? After the whole leftpad debacle (and the security implications of large projects depending on thousands of such small libraries, some of which may suddenly contain malicious code if the wrong GitHub account gets compromised) I'm careful with the whole "should have used a library" thing. But then, I am working with Fortran where the built-in way of using strings are fixed size character arrays padded with spaces and a LOT of trim() calls. (The varying_string module would solve this. Sadly, while it is standardized, it isn't required by the standard.)
Admin
Nobody's commented yet on the repetition of role.trim() rather than set up a variable at the start and set it to that. And then directly return if empty.
Admin
@LBT: Other than Jaime you're correct. ;)
Admin
Depending on which human languages are involved here, another subtle glitch is that roles 1-3 are compared using IgnoreCase, while the regex/contains comparison is done using toLowerCase.
Those two transforms are not always equivalent.
Admin
And in case you do want to find a pattern within a string then
Matcher#find(): booleanis your friend. It is often forgotten as it has no direct convenience method inStringassigned to it. So there is absolutely no reason to useMatcher#matches()for this.Of course, in case that you do want to directly use specific characters in your regexp you can use
"\Q"and"\E"or, in case you want to include a string from a variable thenPattern.quote(String)is the method to look at.Admin
TRWTF is this phrase: "This isn't even the right way to do this is regular expressions..."