From 25c853459d903dfdd7ca7b1cc329c04fee13ef07 Mon Sep 17 00:00:00 2001
From: Ken Rowland <kenneth.rowland@lexisnexisrisk.com>
Date: Fri, 6 Oct 2023 15:34:32 -0400
Subject: [PATCH] HPCC-29854 Enable logging of scope search results in non
 debug builds

Added PROG and WARN log statements to handle access denial cases.

Signed-off-by: Kenneth.Rowland@lexisnexisrisk.com
---
 system/security/shared/caching.cpp | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/system/security/shared/caching.cpp b/system/security/shared/caching.cpp
index 4f1430b4ac8..81127330199 100644
--- a/system/security/shared/caching.cpp
+++ b/system/security/shared/caching.cpp
@@ -556,6 +556,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
     if (!fullScope || !*fullScope)
     {
         *accessFlags = queryDefaultPermission(sec_user);
+        WARNLOG("FileScope unspecified for %s, applying default permissions %s(%d), took %dms", sec_user.getName(), getSecAccessFlagName(*accessFlags), *accessFlags,  msTick()-start);
         return true;
     }
 
@@ -579,6 +580,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
     if (m_managedFileScopesMap.empty())
     {
         *accessFlags = queryDefaultPermission(sec_user);
+        WARNLOG("Filescope managed scopes empty for %s, applying default permissions %s(%d), took %dms", sec_user.getName(), getSecAccessFlagName(*accessFlags), *accessFlags,  msTick()-start);
         return true;
     }
 
@@ -624,7 +626,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
                 {
                     *accessFlags = res->getAccessFlags();
                     managedScope.append(const_cast<char *>(res->getName()));
-                    DBGLOG("FileScope %s for %s(%s) access denied %d at scope %s, took %dms",fullScope, sec_user.getName(), res->getName(), *accessFlags, scope, msTick()-start);
+                    PROGLOG("FileScope %s for %s(%s) access denied %s(%d) at scope %s, took %dms", fullScope, sec_user.getName(), res->getName(), getSecAccessFlagName(*accessFlags), *accessFlags, scope, msTick()-start);
                     return true;
                 }
                 else
@@ -653,7 +655,6 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
         else
         {
             managedScope.append(const_cast<char *>(res->getName()));//return deepest managed scope
-
 #ifdef _DEBUG
             DBGLOG("FileScope %s for %s(%s) managed but not cached, took %dms", fullScope, sec_user.getName(), res->getName(), msTick()-start);
 #endif
@@ -663,9 +664,7 @@ bool CPermissionsCache::queryPermsManagedFileScope(ISecUser& sec_user, const cha
     else
     {
         *accessFlags = queryDefaultPermission(sec_user);
-#ifdef _DEBUG
-        DBGLOG("FileScope %s for %s not managed, using default %d, took %dms", fullScope, sec_user.getName(),*accessFlags, msTick()-start);
-#endif
+        WARNLOG("FileScope %s for %s not managed, using default %s(%d), took %dms", fullScope, sec_user.getName(), getSecAccessFlagName(*accessFlags), *accessFlags, msTick()-start);
         rc = true;
     }
     return rc;