Oved Ourfali has posted comments on this change. Change subject: core: Enhanced permissions logging ......................................................................
Patch Set 1: (3 comments) http://gerrit.ovirt.org/#/c/30757/1/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java: Line 923: final VdcObjectType type, Line 924: final boolean ignoreEveryone) { Line 925: // Grant if there is matching permission in the database: Line 926: if (log.isDebugEnabled()) { Line 927: log.debugFormat("Checking whether user {0} has permission on {1} groups with {2} action group on {3} object with {4}", This print is less relevant, although will do no harm. Change it to: Checking whether user {0} or groups {1} have action group {3} on object type {4}. Line 928: userId, Line 929: StringUtils.join(groupIds, ","), Line 930: actionGroup, Line 931: object, Line 993: if (permSubjects == null || permSubjects.isEmpty()) { Line 994: if (log.isDebugEnabled()) { Line 995: log.debugFormat("The set of objects to check is null or empty for action {0}.", getActionType()); Line 996: } Line 997: addCanDoActionMessage(VdcBllMessages.USER_NOT_AUTHORIZED_TO_PERFORM_ACTION); I'd suggest to move it here, and print it also as info, as this is the case in which the operation failed on permissions, so will always be helpful there. Line 998: return false; Line 999: } Line 1000: Line 1001: if (isQuotaDependant()) { Line 1004: Line 1005: if (log.isDebugEnabled()) { Line 1006: StringBuilder builder = getPermissionSubjectsAsStringBuilder(permSubjects); Line 1007: Line 1008: log.debugFormat("Checking whether user {0} has permission on {1}", Checking whether user {0} or one of the groups he is member of, have the following permissions: {1}". Line 1009: getCurrentUser().getId(), Line 1010: builder.toString()); Line 1011: } Line 1012: -- To view, visit http://gerrit.ovirt.org/30757 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4ba8fa00b8d28679b9896fe707623af89ac3c01f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <[email protected]> Gerrit-Reviewer: Michal Skrivanek <[email protected]> Gerrit-Reviewer: Oved Ourfali <[email protected]> Gerrit-Reviewer: Piotr Kliczewski <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
