show tagname when permission is denied

diff --git a/PLC/Methods/AddIlink.py b/PLC/Methods/AddIlink.py
index c9d18b1..0a7066a 100644 (file)
--- a/PLC/Methods/AddIlink.py
+++ b/PLC/Methods/AddIlink.py
@@ -65,8 +65,8 @@ class AddIlink(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.interface_belongs_to_person (self.api, src_if, self.caller):
             pass
         elif src_if_id != dst_if_id and AuthorizeHelpers.interface_belongs_to_person (self.api, dst_if, self.caller):

diff --git a/PLC/Methods/AddInterfaceTag.py b/PLC/Methods/AddInterfaceTag.py
index 912e147..8d09fd0 100644 (file)
--- a/PLC/Methods/AddInterfaceTag.py
+++ b/PLC/Methods/AddInterfaceTag.py
@@ -61,8 +61,8 @@ class AddInterfaceTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.interface_belongs_to_person (self.api, interface, self.caller):
             pass
         else:

diff --git a/PLC/Methods/AddNodeTag.py b/PLC/Methods/AddNodeTag.py
index 43e075f..fc64d1e 100644 (file)
--- a/PLC/Methods/AddNodeTag.py
+++ b/PLC/Methods/AddNodeTag.py
@@ -64,8 +64,8 @@ class AddNodeTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
             pass
         else:

diff --git a/PLC/Methods/AddSiteTag.py b/PLC/Methods/AddSiteTag.py
index cde238f..3c59f0b 100644 (file)
--- a/PLC/Methods/AddSiteTag.py
+++ b/PLC/Methods/AddSiteTag.py
@@ -62,8 +62,8 @@ class AddSiteTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.person_belongs_to_site (self.api, self.caller, site):
             pass
         else:

diff --git a/PLC/Methods/DeleteIlink.py b/PLC/Methods/DeleteIlink.py
index 6452b0d..0d07dfe 100644 (file)
--- a/PLC/Methods/DeleteIlink.py
+++ b/PLC/Methods/DeleteIlink.py
@@ -53,8 +53,8 @@ class DeleteIlink(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.interface_belongs_to_person (self.api, src_if, self.caller):
             pass
         elif src_if_id != dst_if_id and AuthorizeHelpers.interface_belongs_to_person (self.api, dst_if, self.caller):

diff --git a/PLC/Methods/DeleteInterfaceTag.py b/PLC/Methods/DeleteInterfaceTag.py
index 187d25e..1bb4aad 100644 (file)
--- a/PLC/Methods/DeleteInterfaceTag.py
+++ b/PLC/Methods/DeleteInterfaceTag.py
@@ -45,8 +45,8 @@ class DeleteInterfaceTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.interface_belongs_to_person (self.api, interface, self.caller):
             pass
         else:

diff --git a/PLC/Methods/DeleteNodeTag.py b/PLC/Methods/DeleteNodeTag.py
index bd99f0e..48b467f 100644 (file)
--- a/PLC/Methods/DeleteNodeTag.py
+++ b/PLC/Methods/DeleteNodeTag.py
@@ -47,8 +47,8 @@ class DeleteNodeTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
             pass
         else:

diff --git a/PLC/Methods/DeleteSiteTag.py b/PLC/Methods/DeleteSiteTag.py
index f0e87c3..3aa8d83 100644 (file)
--- a/PLC/Methods/DeleteSiteTag.py
+++ b/PLC/Methods/DeleteSiteTag.py
@@ -46,8 +46,8 @@ class DeleteSiteTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.person_belongs_to_site (self.api, self.caller, site):
             pass
         else:

diff --git a/PLC/Methods/UpdateIlink.py b/PLC/Methods/UpdateIlink.py
index 05daf17..97b14b6 100644 (file)
--- a/PLC/Methods/UpdateIlink.py
+++ b/PLC/Methods/UpdateIlink.py
@@ -49,8 +49,8 @@ class UpdateIlink(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.interface_belongs_to_person (self.api, src_if, self.caller):
             pass
         elif src_if_id != dst_if_id and AuthorizeHelpers.interface_belongs_to_person (self.api, dst_if, self.caller):

diff --git a/PLC/Methods/UpdateInterfaceTag.py b/PLC/Methods/UpdateInterfaceTag.py
index e29041f..1d52ea3 100644 (file)
--- a/PLC/Methods/UpdateInterfaceTag.py
+++ b/PLC/Methods/UpdateInterfaceTag.py
@@ -46,8 +46,8 @@ class UpdateInterfaceTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.interface_belongs_to_person (self.api, interface, self.caller):
             pass
         else:

diff --git a/PLC/Methods/UpdateNodeTag.py b/PLC/Methods/UpdateNodeTag.py
index 3cc7891..d8b8af7 100644 (file)
--- a/PLC/Methods/UpdateNodeTag.py
+++ b/PLC/Methods/UpdateNodeTag.py
@@ -48,8 +48,8 @@ class UpdateNodeTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
             pass
         else:

diff --git a/PLC/Methods/UpdateSiteTag.py b/PLC/Methods/UpdateSiteTag.py
index 901a875..fadd953 100644 (file)
--- a/PLC/Methods/UpdateSiteTag.py
+++ b/PLC/Methods/UpdateSiteTag.py
@@ -47,8 +47,8 @@ class UpdateSiteTag(Method):
         # check authorizations
         if 'admin' in self.caller['roles']:
             pass
-        elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name
+        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
         elif AuthorizeHelpers.person_belongs_to_site (self.api, self.caller, site):
             pass
         else: