git://git.onelab.eu / plcapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
do not delete session when node is trying to call a method that it is not allowed to
[plcapi.git] / PLC / Auth.py
diff --git a/PLC/Auth.py b/PLC/Auth.py
index 89e5ca1..37eab0f 100644 (file)
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -132,6 +132,9 @@ class SessionAuth(Auth):
                 node = nodes[0]
 
                 if 'node' not in method.roles:
+                    # using PermissionDenied rather than AuthenticationFailure here because
+                    # if that fails we don't want to delete the session..
+                    raise PLCPermissionDenied, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
                     raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
 
                 method.caller = node
plcapi