X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FAuth.py;h=50e8b8e33afe6b76f448e29a55550909ad45ffc6;hb=46651233d0d79514f57571b2420e489c01ee3ee5;hp=8a6db57278f3c1e74d3f5d6d8043bb77b060b5c8;hpb=50081fe11fb0d7510607a544a22c597f805ed5f0;p=plcapi.git

diff --git a/PLC/Auth.py b/PLC/Auth.py
index 8a6db57..50e8b8e 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -132,20 +132,23 @@ class SessionAuth(Auth):
                 node = nodes[0]
 
                 if 'node' not in method.roles:
-                    raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method, missing 'node' role"
+                    raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
 
                 method.caller = node
 
             elif session['person_id'] is not None and session['expires'] > time.time():
                 persons = Persons(method.api, {'person_id': session['person_id'], 'enabled': True, 'peer_id': None})
                 if not persons:
-                    raise PLCAuthenticationFailure, "SessionAuth: No such account"
+                    raise PLCAuthenticationFailure, "SessionAuth: No such enabled account"
                 person = persons[0]
 
                 if not set(person['roles']).intersection(method.roles):
-                    raise PLCPermissionDenied, "Not allowed to call method, missing role"
+                    method_message="method %s has roles [%s]"%(method.name,','.join(method.roles))
+                    person_message="caller %s has roles [%s]"%(person['email'],','.join(person['roles']))
+                    # not PLCAuthenticationFailure b/c that would end the session..
+                    raise PLCPermissionDenied, "SessionAuth: missing role, %s -- %s"%(method_message,person_message)
 
-                method.caller = persons[0]
+                method.caller = person
 
             else:
                 raise PLCAuthenticationFailure, "SessionAuth: Invalid session"
@@ -324,7 +327,9 @@ class PasswordAuth(Auth):
                 raise PLCAuthenticationFailure, "PasswordAuth: Password verification failed"
 
         if not set(person['roles']).intersection(method.roles):
-            raise PLCAuthenticationFailure, "PasswordAuth: Not allowed to call method, missing role"
+            method_message="method %s has roles [%s]"%(method.name,','.join(method.roles))
+            person_message="caller %s has roles [%s]"%(person['email'],','.join(person['roles']))
+            raise PLCAuthenticationFailure, "PasswordAuth: missing role, %s -- %s"%(method_message,person_message)
 
         method.caller = person