From be666b03eef1e085adc0749837480e0db7f811ad Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 22 Apr 2019 21:40:51 +0100 Subject: Trace Logging on Permission Denied & ColorFormat (#6618) * Add log.ColorFormat and log.ColorFormatted Structs can now implement log.ColorFormatted to provide their own colored format when logged with `%-v` or additional flags. Signed-off-by: Andrew Thornton * Add basic ColorFormat to repository and user Signed-off-by: Andrew Thornton * Add basic ColorFormat to access and unit Signed-off-by: Andrew Thornton * Add ColorFormat to permission and on trace log it Signed-off-by: Andrew Thornton * Add log.NewColoredIDValue to make ID value coloring consistent Signed-off-by: Andrew Thornton * formatting changes * Add some better tracing to permission denied for read issues/pulls Signed-off-by: Andrew Thornton * Add Trace logging on permission denied Signed-off-by: Andrew Thornton * Remove isTrace() check from deferred func * Adjust repo and allow logging of team * use FormatInt instead of Itoa * Add blank line Signed-off-by: Andrew Thornton * Update access.go --- modules/context/permission.go | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'modules/context/permission.go') diff --git a/modules/context/permission.go b/modules/context/permission.go index 70f8695300..6ac935686b 100644 --- a/modules/context/permission.go +++ b/modules/context/permission.go @@ -6,6 +6,8 @@ package context import ( "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/log" + macaron "gopkg.in/macaron.v1" ) @@ -45,6 +47,22 @@ func RequireRepoWriterOr(unitTypes ...models.UnitType) macaron.Handler { func RequireRepoReader(unitType models.UnitType) macaron.Handler { return func(ctx *Context) { if !ctx.Repo.CanRead(unitType) { + if log.IsTrace() { + if ctx.IsSigned { + log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+ + "User in Repo has Permissions: %-+v", + ctx.User, + unitType, + ctx.Repo.Repository, + ctx.Repo.Permission) + } else { + log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+ + "Anonymous user in Repo has Permissions: %-+v", + unitType, + ctx.Repo.Repository, + ctx.Repo.Permission) + } + } ctx.NotFound(ctx.Req.RequestURI, nil) return } @@ -59,6 +77,25 @@ func RequireRepoReaderOr(unitTypes ...models.UnitType) macaron.Handler { return } } + if log.IsTrace() { + var format string + var args []interface{} + if ctx.IsSigned { + format = "Permission Denied: User %-v cannot read [" + args = append(args, ctx.User) + } else { + format = "Permission Denied: Anonymous user cannot read [" + } + for _, unit := range unitTypes { + format += "%-v, " + args = append(args, unit) + } + + format = format[:len(format)-2] + "] in Repo %-v\n" + + "User in Repo has Permissions: %-+v" + args = append(args, ctx.Repo.Repository, ctx.Repo.Permission) + log.Trace(format, args...) + } ctx.NotFound(ctx.Req.RequestURI, nil) } } -- cgit v1.2.3