Piotr Kliczewski has uploaded a new change for review. Change subject: core: Enhanced permissions logging ......................................................................
core: Enhanced permissions logging During permission check when logging level is set to DEBUG there is more information about which user is being checked and on which objects. Bug-Url: https://bugzilla.redhat.com/1121617 Change-Id: I4ba8fa00b8d28679b9896fe707623af89ac3c01f Signed-off-by: pkliczewski <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java 2 files changed, 43 insertions(+), 14 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/57/30757/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java index a9308c4..fd5ae5a 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java @@ -923,6 +923,14 @@ final VdcObjectType type, final boolean ignoreEveryone) { // Grant if there is matching permission in the database: + if (log.isDebugEnabled()) { + log.debugFormat("Checking whether user {0} has permission on {1} groups with {2} action group on {3} object with {4}", + userId, + StringUtils.join(groupIds, ","), + actionGroup, + object, + type.name()); + } final Guid permId = getPermissionDAO().getEntityPermissionsForUserAndGroups(userId, StringUtils.join(groupIds, ","), actionGroup, object, type, ignoreEveryone); if (permId != null) { @@ -992,6 +1000,14 @@ if (isQuotaDependant()) { addQuotaPermissionSubject(permSubjects); + } + + if (log.isDebugEnabled()) { + StringBuilder builder = getPermissionSubjectsAsStringBuilder(permSubjects); + + log.debugFormat("Checking whether user {0} has permission on {1}", + getCurrentUser().getId(), + builder.toString()); } // If we are here then we should grant the permission: @@ -1217,20 +1233,7 @@ // Log if there is entry in the permission map. if (permissionSubjectList != null && !permissionSubjectList.isEmpty()) { // Build entities string for entities affected by this operation. - StringBuilder logEntityIdsInfo = new StringBuilder(); - - // Iterate all over the entities , which should be affected. - for (PermissionSubject permSubject : permissionSubjectList) { - if (permSubject.getObjectId() != null) { - // Add comma when there are more then one entity - // affected. - if (logEntityIdsInfo.length() != 0) { - logEntityIdsInfo.append(", "); - } - logEntityIdsInfo.append(" ID: ").append(permSubject.getObjectId()) - .append(" Type: ").append(permSubject.getObjectType()); - } - } + StringBuilder logEntityIdsInfo = getPermissionSubjectsAsStringBuilder(permissionSubjectList); // If found any entities, add the log to the logInfo. if (logEntityIdsInfo.length() != 0) { @@ -1244,6 +1247,27 @@ log.info(logInfo); } + private StringBuilder getPermissionSubjectsAsStringBuilder(List<PermissionSubject> permissionSubjects) { + StringBuilder builder = new StringBuilder(); + + // Iterate all over the entities , which should be affected. + for (PermissionSubject permSubject : permissionSubjects) { + if (permSubject.getObjectId() != null) { + // Add comma when there are more then one entity + // affected. + if (builder.length() != 0) { + builder.append(", "); + } + builder.append(" ID: ").append(permSubject.getObjectId()) + .append(" Type: ").append(permSubject.getObjectType()); + if (permSubject.getActionGroup() != null) { + builder.append(permSubject.getActionGroup().toString()); + } + } + } + return builder; + } + private void executeActionInTransactionScope() { if (TransactionSupport.current() != null) { TransactionSupport.registerRollbackHandler(CommandBase.this); diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java index 5aeec1e..9d1c9e9 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java @@ -179,4 +179,9 @@ public int getAvailableInModes() { return applicationMode; } + + @Override + public String toString() { + return "Action group " + this.name() + " with role type " + this.roleType.name(); + } } -- To view, visit http://gerrit.ovirt.org/30757 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4ba8fa00b8d28679b9896fe707623af89ac3c01f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
