Piotr Kliczewski has posted comments on this change. Change subject: core: Enhanced permissions logging ......................................................................
Patch Set 4: (2 comments) http://gerrit.ovirt.org/#/c/30757/4/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java: Line 996: if (log.isDebugEnabled()) { Line 997: log.debugFormat("The set of objects to check is null or empty for action {0}.", getActionType()); Line 998: } Line 999: addCanDoActionMessage(VdcBllMessages.USER_NOT_AUTHORIZED_TO_PERFORM_ACTION); Line 1000: > I'd print it here, but printing on CheckPermissions seems right as well. Up I think that at this level we only getPermissionCheckSubjects and return false it returns null or empty collection. This is not really permission check. I think that correct way is to have it when checkSimplePermission return false. Line 1001: return false; Line 1002: } Line 1003: Line 1004: if (isQuotaDependant()) { Line 1019: Line 1020: protected boolean checkPermissions(final List<PermissionSubject> permSubjects) { Line 1021: for (PermissionSubject permSubject : permSubjects) { Line 1022: if (!checkSinglePermission(permSubject, getReturnValue().getCanDoActionMessages())) { Line 1023: log.infoFormat("No permission found for user {0} or one of the groups he is member of, when running action {1}," > it makes a bit more understandable indeed Done Line 1024: + " on object {2} for {3} with id {4}.", Line 1025: getCurrentUser().getId(), Line 1026: getActionType(), Line 1027: permSubject.getObjectType().getVdcObjectTranslation(), -- To view, visit http://gerrit.ovirt.org/30757 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4ba8fa00b8d28679b9896fe707623af89ac3c01f Gerrit-PatchSet: 4 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <piotr.kliczew...@gmail.com> Gerrit-Reviewer: Michal Skrivanek <michal.skriva...@redhat.com> Gerrit-Reviewer: Michal Skrivanek <mskri...@redhat.com> Gerrit-Reviewer: Omer Frenkel <ofren...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczew...@gmail.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
