node = nodes[0]
if 'node' not in method.roles:
- raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method, missing 'node' role"
+ raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
method.caller = node
elif session['person_id'] is not None and session['expires'] > time.time():
persons = Persons(method.api, {'person_id': session['person_id'], 'enabled': True, 'peer_id': None})
if not persons:
- raise PLCAuthenticationFailure, "SessionAuth: No such account"
+ raise PLCAuthenticationFailure, "SessionAuth: No such enabled account"
person = persons[0]
if not set(person['roles']).intersection(method.roles):
- raise PLCPermissionDenied, "Not allowed to call method, missing role"
+ method_message="method %s has roles [%s]"%(method.name,','.join(method.roles))
+ person_message="caller %s has roles [%s]"%(person['email'],','.join(person['roles']))
+ # not PLCAuthenticationFailure b/c that would end the session..
+ raise PLCPermissionDenied, "SessionAuth: missing role, %s -- %s"%(method_message,person_message)
- method.caller = persons[0]
+ method.caller = person
else:
raise PLCAuthenticationFailure, "SessionAuth: Invalid session"
raise PLCAuthenticationFailure, "PasswordAuth: Password verification failed"
if not set(person['roles']).intersection(method.roles):
- raise PLCAuthenticationFailure, "PasswordAuth: Not allowed to call method, missing role"
+ method_message="method %s has roles [%s]"%(method.name,','.join(method.roles))
+ person_message="caller %s has roles [%s]"%(person['email'],','.join(person['roles']))
+ raise PLCAuthenticationFailure, "PasswordAuth: missing role, %s -- %s"%(method_message,person_message)
method.caller = person