From: Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr>
Date: Wed, 2 Feb 2011 15:34:21 +0000 (+0100)
Subject: do not delete session when node is trying to call a method that it is not allowed to
X-Git-Tag: plcapi-5.0-27~3
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=22703dd5d47683ae2e9634be556d673823d63618;p=plcapi.git

do not delete session when node is trying to call a method that it is not allowed to
---

diff --git a/PLC/Auth.py b/PLC/Auth.py
index 89e5ca1f..37eab0f1 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -132,6 +132,9 @@ class SessionAuth(Auth):
                 node = nodes[0]
 
                 if 'node' not in method.roles:
+                    # using PermissionDenied rather than AuthenticationFailure here because
+                    # if that fails we don't want to delete the session..
+                    raise PLCPermissionDenied, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
                     raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
 
                 method.caller = node