From: Thierry Parmentelat Date: Mon, 6 Dec 2010 15:43:49 +0000 (+0100) Subject: more explicit messages in case of missing role X-Git-Tag: plcapi-5.0-21~2 X-Git-Url: http://git.onelab.eu/?p=plcapi.git;a=commitdiff_plain;h=4e63f1d1dd075b9d5ab88f639ee500950f0a9944 more explicit messages in case of missing role --- diff --git a/PLC/Auth.py b/PLC/Auth.py index 8a6db57..b519b1b 100644 --- a/PLC/Auth.py +++ b/PLC/Auth.py @@ -132,7 +132,7 @@ class SessionAuth(Auth): node = nodes[0] if 'node' not in method.roles: - raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method, missing 'node' role" + raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name method.caller = node @@ -143,9 +143,12 @@ class SessionAuth(Auth): person = persons[0] if not set(person['roles']).intersection(method.roles): - raise PLCPermissionDenied, "Not allowed to call method, missing role" + method_message="method %s has roles [%s]"%(method.name,','.join(method.roles)) + person_message="caller has roles [%s]"%','.join(person['roles']) + # not PLCAuthenticationFailure b/c that would end the session.. + raise PLCPermissionDenied, "SessionAuth: missing role, %s -- %s"%(method_message,person_message) - method.caller = persons[0] + method.caller = person else: raise PLCAuthenticationFailure, "SessionAuth: Invalid session" @@ -324,7 +327,9 @@ class PasswordAuth(Auth): raise PLCAuthenticationFailure, "PasswordAuth: Password verification failed" if not set(person['roles']).intersection(method.roles): - raise PLCAuthenticationFailure, "PasswordAuth: Not allowed to call method, missing role" + method_message="method %s has roles [%s]"%(method.name,','.join(method.roles)) + person_message="caller has roles [%s]"%','.join(person['roles']) + raise PLCAuthenticationFailure, "PasswordAuth: missing role, %s -- %s"%(method_message,person_message) method.caller = person