From be666b03eef1e085adc0749837480e0db7f811ad Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 22 Apr 2019 21:40:51 +0100 Subject: Trace Logging on Permission Denied & ColorFormat (#6618) * Add log.ColorFormat and log.ColorFormatted Structs can now implement log.ColorFormatted to provide their own colored format when logged with `%-v` or additional flags. Signed-off-by: Andrew Thornton * Add basic ColorFormat to repository and user Signed-off-by: Andrew Thornton * Add basic ColorFormat to access and unit Signed-off-by: Andrew Thornton * Add ColorFormat to permission and on trace log it Signed-off-by: Andrew Thornton * Add log.NewColoredIDValue to make ID value coloring consistent Signed-off-by: Andrew Thornton * formatting changes * Add some better tracing to permission denied for read issues/pulls Signed-off-by: Andrew Thornton * Add Trace logging on permission denied Signed-off-by: Andrew Thornton * Remove isTrace() check from deferred func * Adjust repo and allow logging of team * use FormatInt instead of Itoa * Add blank line Signed-off-by: Andrew Thornton * Update access.go --- routers/api/v1/api.go | 50 +++++++++++++++++++++++++++++++++++++++++++++ routers/api/v1/repo/pull.go | 7 ++++++- 2 files changed, 56 insertions(+), 1 deletion(-) (limited to 'routers/api') diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index ac92f7cd43..d201dff917 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -369,6 +369,22 @@ func orgAssignment(args ...bool) macaron.Handler { func mustEnableIssues(ctx *context.APIContext) { if !ctx.Repo.CanRead(models.UnitTypeIssues) { + if log.IsTrace() { + if ctx.IsSigned { + log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+ + "User in Repo has Permissions: %-+v", + ctx.User, + models.UnitTypeIssues, + ctx.Repo.Repository, + ctx.Repo.Permission) + } else { + log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+ + "Anonymous user in Repo has Permissions: %-+v", + models.UnitTypeIssues, + ctx.Repo.Repository, + ctx.Repo.Permission) + } + } ctx.NotFound() return } @@ -376,6 +392,22 @@ func mustEnableIssues(ctx *context.APIContext) { func mustAllowPulls(ctx *context.APIContext) { if !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(models.UnitTypePullRequests)) { + if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() { + if ctx.IsSigned { + log.Trace("Permission Denied: User %-v cannot read %-v in Repo %-v\n"+ + "User in Repo has Permissions: %-+v", + ctx.User, + models.UnitTypePullRequests, + ctx.Repo.Repository, + ctx.Repo.Permission) + } else { + log.Trace("Permission Denied: Anonymous user cannot read %-v in Repo %-v\n"+ + "Anonymous user in Repo has Permissions: %-+v", + models.UnitTypePullRequests, + ctx.Repo.Repository, + ctx.Repo.Permission) + } + } ctx.NotFound() return } @@ -384,6 +416,24 @@ func mustAllowPulls(ctx *context.APIContext) { func mustEnableIssuesOrPulls(ctx *context.APIContext) { if !ctx.Repo.CanRead(models.UnitTypeIssues) && !(ctx.Repo.Repository.CanEnablePulls() && ctx.Repo.CanRead(models.UnitTypePullRequests)) { + if ctx.Repo.Repository.CanEnablePulls() && log.IsTrace() { + if ctx.IsSigned { + log.Trace("Permission Denied: User %-v cannot read %-v and %-v in Repo %-v\n"+ + "User in Repo has Permissions: %-+v", + ctx.User, + models.UnitTypeIssues, + models.UnitTypePullRequests, + ctx.Repo.Repository, + ctx.Repo.Permission) + } else { + log.Trace("Permission Denied: Anonymous user cannot read %-v and %-v in Repo %-v\n"+ + "Anonymous user in Repo has Permissions: %-+v", + models.UnitTypeIssues, + models.UnitTypePullRequests, + ctx.Repo.Repository, + ctx.Repo.Permission) + } + } ctx.NotFound() return } diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go index 7abe6241bd..4fbd024f8c 100644 --- a/routers/api/v1/repo/pull.go +++ b/routers/api/v1/repo/pull.go @@ -672,7 +672,12 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption) return nil, nil, nil, nil, "", "" } if !perm.CanReadIssuesOrPulls(true) { - log.Trace("ParseCompareInfo[%d]: cannot create/read pull requests", baseRepo.ID) + if log.IsTrace() { + log.Trace("Permission Denied: User %-v cannot create/read pull requests in Repo %-v\nUser in headRepo has Permissions: %-+v", + ctx.User, + headRepo, + perm) + } ctx.NotFound() return nil, nil, nil, nil, "", "" } -- cgit v1.2.3