From 27d696b4590d3e165f837ed7f39b1f3a43c46087 Mon Sep 17 00:00:00 2001
From: wangkx <kevin.wang@lexisnexis.com>
Date: Thu, 22 Feb 2024 10:55:44 -0500
Subject: [PATCH] HPCC-30868 Report dropzone name and scope when scope access
 denied

When accessing a dropzone scope and the scope access denied, the
dropzone name and scope are added to the error message.

Signed-off-by: wangkx <kevin.wang@lexisnexis.com>
---
 dali/dfu/dfurun.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/dali/dfu/dfurun.cpp b/dali/dfu/dfurun.cpp
index add2dfe81ea..aa8f9e6c2b7 100644
--- a/dali/dfu/dfurun.cpp
+++ b/dali/dfu/dfurun.cpp
@@ -540,10 +540,19 @@ class CDFUengine: public CInterface, implements IDFUengine
         return result;
     }
 
-    void ensureFilePermissions(const char * fileName, SecAccessFlags perm, bool write)
+    void ensureFilePermissions(const char * planeName, const char * fileName, SecAccessFlags perm, bool write)
     {
         if ((write && !HASWRITEPERMISSION(perm)) || (!write && !HASREADPERMISSION(perm)))
         {
+            if (!isEmptyString(planeName))
+            {
+                CDfsLogicalFileName dlfn;
+                dlfn.setPlaneExternal(planeName, fileName);
+                if (write)
+                    throw makeStringExceptionV(DFSERR_CreateAccessDenied, "Create permission denied for file scope: %s on DropZone: %s", dlfn.get(), planeName);
+                else
+                    throw makeStringExceptionV(DFSERR_LookupAccessDenied, "Lookup permission denied for file scope: %s on DropZone: %s", dlfn.get(), planeName);
+            }
             if (write)
                 throw makeStringExceptionV(DFSERR_CreateAccessDenied, "Create permission denied for physical file(s): %s", fileName);
             else
@@ -614,7 +623,7 @@ class CDFUengine: public CInterface, implements IDFUengine
 
         SecAccessFlags perm = queryDistributedFileDirectory().getFDescPermissions(fd,user,auditflags);
         StringBuffer name;
-        ensureFilePermissions(getFDescName(fd,name),perm,write);
+        ensureFilePermissions(nullptr,getFDescName(fd,name),perm,write);
     }
 
     void checkForeignFilePermissions(IConstDFUfileSpec *fSpec,IFileDescriptor *fd,IUserDescriptor *user)
@@ -688,6 +697,7 @@ class CDFUengine: public CInterface, implements IDFUengine
             {
                 if (getGlobalConfigSP()->getPropBool("expert/@failOverToLegacyPhysicalPerms",!isContainerized()))
                     perm = queryDistributedFileDirectory().getFDescPermissions(fd,user,auditflags);
+                ensureFilePermissions(planeName,relativePath,perm,write);
             }
         }
         else
@@ -702,8 +712,6 @@ class CDFUengine: public CInterface, implements IDFUengine
             throw makeStringException(-1,"Unexpected empty plane name."); // should never be the case in containerized setups
 #endif
         }
-        StringBuffer name;
-        ensureFilePermissions(getFDescName(fd,name),perm,write);
     }
 
     void monitorCycle(bool &cancelling)