markusthoemmes commented on a change in pull request #2877: Better error
controller message for authorization failure
URL:
https://github.com/apache/incubator-openwhisk/pull/2877#discussion_r145885089
##########
File path:
core/controller/src/main/scala/whisk/core/controller/AuthorizedRouteDispatcher.scala
##########
@@ -71,7 +74,21 @@ trait BasicAuthorizedRouteProvider extends Directives {
onComplete(entitlementProvider.check(user, right, resource)) {
case Success(_) => dispatchOp(user, right, resource)
- case Failure(t) => handleEntitlementFailure(t)
+ case Failure(t) =>
+ t match {
+ case (r: RejectRequest) =>
+ r.code match {
+ case Forbidden =>
+ handleEntitlementFailure(
+ RejectRequest(
+ Forbidden,
+
Some(ErrorResponse(Messages.notAuthorizedtoAccessResource(resource.fqname),
transid))))
+ case NotFound =>
+ handleEntitlementFailure(
+ RejectRequest(NotFound,
Some(ErrorResponse(Messages.resourceDoesntExist(resource.fqname), transid))))
+ case _ => handleEntitlementFailure(t)
+ }
+ }
Review comment:
Does this disambiguate access to your own namespace vs. access to any other
namespace? We shall not return `not found` if we don't even have access to that
namespace because then we'd leak information from other peoples namespaces.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
