HPCC-29854 Enable logging of scope search results in non debug builds

Added PROG and WARN log statements to handle access denial cases. Signed-off-by: [email protected]
hpcc-systems · Oct 6, 2023 · 25c8534 · 25c8534
1 parent 85f7c98
commit 25c8534
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/system/security/shared/caching.cpp b/system/security/shared/caching.cpp
@@ -556,6 +556,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
     if (!fullScope || !*fullScope)
     {
         *accessFlags = queryDefaultPermission(sec_user);
+        WARNLOG("FileScope unspecified for %s, applying default permissions %s(%d), took %dms", sec_user.getName(), getSecAccessFlagName(*accessFlags), *accessFlags,  msTick()-start);
         return true;
     }
 
@@ -579,6 +580,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
     if (m_managedFileScopesMap.empty())
     {
         *accessFlags = queryDefaultPermission(sec_user);
+        WARNLOG("Filescope managed scopes empty for %s, applying default permissions %s(%d), took %dms", sec_user.getName(), getSecAccessFlagName(*accessFlags), *accessFlags,  msTick()-start);
         return true;
     }
 
@@ -624,7 +626,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
                 {
                     *accessFlags = res->getAccessFlags();
                     managedScope.append(const_cast<char *>(res->getName()));
-                    DBGLOG("FileScope %s for %s(%s) access denied %d at scope %s, took %dms",fullScope, sec_user.getName(), res->getName(), *accessFlags, scope, msTick()-start);
+                    PROGLOG("FileScope %s for %s(%s) access denied %s(%d) at scope %s, took %dms", fullScope, sec_user.getName(), res->getName(), getSecAccessFlagName(*accessFlags), *accessFlags, scope, msTick()-start);
                     return true;
                 }
                 else
@@ -653,7 +655,6 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
         else
         {
             managedScope.append(const_cast<char *>(res->getName()));//return deepest managed scope
-
 #ifdef _DEBUG
             DBGLOG("FileScope %s for %s(%s) managed but not cached, took %dms", fullScope, sec_user.getName(), res->getName(), msTick()-start);
 #endif
@@ -663,9 +664,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
     else
     {
         *accessFlags = queryDefaultPermission(sec_user);
-#ifdef _DEBUG
-        DBGLOG("FileScope %s for %s not managed, using default %d, took %dms", fullScope, sec_user.getName(),*accessFlags, msTick()-start);
-#endif
+        WARNLOG("FileScope %s for %s not managed, using default %s(%d), took %dms", fullScope, sec_user.getName(), getSecAccessFlagName(*accessFlags), *accessFlags, msTick()-start);
         rc = true;
     }
     return rc;