From 3e7f6cc98d75ddeb52a4fe1fd2dce7242267470a Mon Sep 17 00:00:00 2001
From: SunilSamra <sunil-samra@nsc.co.uk>
Date: Mon, 17 Jul 2023 10:27:56 +0100
Subject: [PATCH] #901 - Added check in access_control_list.py which sets
 implicit permission to NA if boolean is False - Changed the defaults in
 training_config.py so that each scenario has an EXPLICIT ALLOW rule as
 default implicit rule - Updated the test_seeding_and_deterministic_session.py
 because of change no2 adds an extra rule to that scenario

---
 src/primaite/acl/access_control_list.py       | 14 ++++++++-----
 src/primaite/config/training_config.py        |  4 ++--
 .../test_seeding_and_deterministic_session.py | 20 +++++++++----------
 3 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/src/primaite/acl/access_control_list.py b/src/primaite/acl/access_control_list.py
index c9674e48..cee78664 100644
--- a/src/primaite/acl/access_control_list.py
+++ b/src/primaite/acl/access_control_list.py
@@ -17,12 +17,11 @@ class AccessControlList:
         # Bool option in main_config to decide to use implicit rule or not
         self.apply_implicit_rule: bool = apply_implicit_rule
         # Implicit ALLOW or DENY firewall spec
+        if self.apply_implicit_rule:
+            self.acl_implicit_permission = implicit_permission
+        else:
+            self.acl_implicit_permission = "NA"
         # Last rule in the ACL list
-        self.acl_implicit_permission = implicit_permission
-        # Maximum number of ACL Rules in ACL
-        self.max_acl_rules: int = max_acl_rules
-        # A list of ACL Rules
-        self._acl: List[Union[ACLRule, None]] = [None] * (self.max_acl_rules - 1)
         # Implicit rule
         self.acl_implicit_rule = None
         if self.apply_implicit_rule:
@@ -31,6 +30,11 @@ class AccessControlList:
             elif self.acl_implicit_permission == RulePermissionType.ALLOW:
                 self.acl_implicit_rule = ACLRule("ALLOW", "ANY", "ANY", "ANY", "ANY")
 
+        # Maximum number of ACL Rules in ACL
+        self.max_acl_rules: int = max_acl_rules
+        # A list of ACL Rules
+        self._acl: List[Union[ACLRule, None]] = [None] * (self.max_acl_rules - 1)
+
     @property
     def acl(self):
         """Public access method for private _acl.
diff --git a/src/primaite/config/training_config.py b/src/primaite/config/training_config.py
index 84b790fd..d74f5993 100644
--- a/src/primaite/config/training_config.py
+++ b/src/primaite/config/training_config.py
@@ -100,10 +100,10 @@ class TrainingConfig:
     "Stable Baselines3 learn/eval output verbosity level"
 
     # Access Control List/Rules
-    apply_implicit_rule: str = False
+    apply_implicit_rule: str = True
     "User choice to have Implicit ALLOW or DENY."
 
-    implicit_acl_rule: RulePermissionType = RulePermissionType.DENY
+    implicit_acl_rule: RulePermissionType = RulePermissionType.ALLOW
     "ALLOW or DENY implicit firewall rule to go at the end of list of ACL list."
 
     max_number_acl_rules: int = 30
diff --git a/tests/test_seeding_and_deterministic_session.py b/tests/test_seeding_and_deterministic_session.py
index 685e4c3e..200eea93 100644
--- a/tests/test_seeding_and_deterministic_session.py
+++ b/tests/test_seeding_and_deterministic_session.py
@@ -26,16 +26,16 @@ def test_seeded_learning(temp_primaite_session):
         now work. If not, then you've got a bug :).
     """
     expected_mean_reward_per_episode = {
-        1: -30.703125,
-        2: -29.94140625,
-        3: -27.91015625,
-        4: -29.66796875,
-        5: -32.44140625,
-        6: -30.33203125,
-        7: -26.25,
-        8: -22.44140625,
-        9: -30.3125,
-        10: -28.359375,
+        1: -90.703125,
+        2: -91.15234375,
+        3: -87.5,
+        4: -92.2265625,
+        5: -94.6875,
+        6: -91.19140625,
+        7: -88.984375,
+        8: -88.3203125,
+        9: -112.79296875,
+        10: -100.01953125,
     }
 
     with temp_primaite_session as session: