Added debug logging for djblets webapi permission errors.
Review Request #7927 — Created Jan. 30, 2016 and submitted — Latest diff uploaded
What this entailed was adding two logging statements at the debug level that log when a PERMISSION_DENIED error is returned. Before this diff, it wasn't clear enough from the server log who was denied from what. This diff attempts to make security auditing a bit more explicit and debuggable.
Both logging statements covers cases where an authenticated user doesn't have proper permissions to access an API resource.
Manual Testing:
Installed a reviewboard extension (rbmotd) and tried to enable it through an api call with bad permissions
Made an api call to access a draft that didn't belong to that user
Diff Revision 4
This is not the most recent revision of the diff. The latest diff is revision 6. See what's changed.
| djblets/webapi/decorators.py |
|---|
| djblets/webapi/resources/base.py |
|---|