HPCC-30868 Report dropzone name and scope when scope access denied

When accessing a dropzone scope and the scope access denied, the dropzone name and scope are added to the error message. Signed-off-by: wangkx <[email protected]>
hpcc-systems · Mar 6, 2024 · 27d696b · 27d696b
1 parent cb3794d
commit 27d696b
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/dali/dfu/dfurun.cpp b/dali/dfu/dfurun.cpp
@@ -540,10 +540,19 @@ class CDFUengine: public CInterface, implements IDFUengine
         return result;
     }
 
-    void ensureFilePermissions(const char * fileName, SecAccessFlags perm, bool write)
+    void ensureFilePermissions(const char * planeName, const char * fileName, SecAccessFlags perm, bool write)
     {
         if ((write && !HASWRITEPERMISSION(perm)) || (!write && !HASREADPERMISSION(perm)))
         {
+            if (!isEmptyString(planeName))
+            {
+                CDfsLogicalFileName dlfn;
+                dlfn.setPlaneExternal(planeName, fileName);
+                if (write)
+                    throw makeStringExceptionV(DFSERR_CreateAccessDenied, "Create permission denied for file scope: %s on DropZone: %s", dlfn.get(), planeName);
+                else
+                    throw makeStringExceptionV(DFSERR_LookupAccessDenied, "Lookup permission denied for file scope: %s on DropZone: %s", dlfn.get(), planeName);
+            }
             if (write)
                 throw makeStringExceptionV(DFSERR_CreateAccessDenied, "Create permission denied for physical file(s): %s", fileName);
             else
@@ -614,7 +623,7 @@ class CDFUengine: public CInterface, implements IDFUengine
 
         SecAccessFlags perm = queryDistributedFileDirectory().getFDescPermissions(fd,user,auditflags);
         StringBuffer name;
-        ensureFilePermissions(getFDescName(fd,name),perm,write);
+        ensureFilePermissions(nullptr,getFDescName(fd,name),perm,write);
     }
 
     void checkForeignFilePermissions(IConstDFUfileSpec *fSpec,IFileDescriptor *fd,IUserDescriptor *user)
@@ -688,6 +697,7 @@ class CDFUengine: public CInterface, implements IDFUengine
             {
                 if (getGlobalConfigSP()->getPropBool("expert/@failOverToLegacyPhysicalPerms",!isContainerized()))
                     perm = queryDistributedFileDirectory().getFDescPermissions(fd,user,auditflags);
+                ensureFilePermissions(planeName,relativePath,perm,write);
             }
         }
         else
@@ -702,8 +712,6 @@ class CDFUengine: public CInterface, implements IDFUengine
             throw makeStringException(-1,"Unexpected empty plane name."); // should never be the case in containerized setups
 #endif
         }
-        StringBuffer name;
-        ensureFilePermissions(getFDescName(fd,name),perm,write);
     }
 
     void monitorCycle(bool &cancelling)