diff options
| author | Paul Berry <paul@puppetlabs.com> | 2011-01-11 14:56:14 -0800 |
|---|---|---|
| committer | Paul Berry <paul@puppetlabs.com> | 2011-01-12 16:27:42 -0800 |
| commit | 08561b22920aa5eaa76addd8b0da8feb189e0d18 (patch) | |
| tree | d37638614389562e49a16922c3029e4b9e0a7fb0 /lib/puppet/network | |
| parent | bf2b07158f5e4e16e7a1a52e84257ae5d84d9e1c (diff) | |
| download | puppet-08561b22920aa5eaa76addd8b0da8feb189e0d18.tar.gz puppet-08561b22920aa5eaa76addd8b0da8feb189e0d18.tar.xz puppet-08561b22920aa5eaa76addd8b0da8feb189e0d18.zip | |
(#5838) Refactored Puppet::Network::Rights#fail_on_deny
Changed into a method that returns the exception to raised rather than
raising it.
Paired-with: Jesse Wolfe <jesse@puppetlabs.com>
Diffstat (limited to 'lib/puppet/network')
| -rw-r--r-- | lib/puppet/network/rest_authconfig.rb | 18 | ||||
| -rwxr-xr-x | lib/puppet/network/rights.rb | 20 |
2 files changed, 15 insertions, 23 deletions
diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb index 7abe06956..1704ea0c1 100644 --- a/lib/puppet/network/rest_authconfig.rb +++ b/lib/puppet/network/rest_authconfig.rb @@ -38,14 +38,16 @@ module Puppet # fail_on_deny could as well be called in the XMLRPC context # with a ClientRequest. - @rights.fail_on_deny( - build_uri(request), - - :node => request.node, - :ip => request.ip, - :method => request.method, - :environment => request.environment, - :authenticated => request.authenticated) + if authorization_failure_exception = @rights.is_forbidden_and_why?( + build_uri(request), + :node => request.node, + :ip => request.ip, + :method => request.method, + :environment => request.environment, + :authenticated => request.authenticated) + Puppet.warning("Denying access: #{authorization_failure_exception}") + raise authorization_failure_exception + end end def initialize(file = nil, parsenow = true) diff --git a/lib/puppet/network/rights.rb b/lib/puppet/network/rights.rb index e3cd3179a..b2146494c 100755 --- a/lib/puppet/network/rights.rb +++ b/lib/puppet/network/rights.rb @@ -26,19 +26,10 @@ class Rights # Check that name is allowed or not def allowed?(name, *args) - begin - fail_on_deny(name, :node => args[0], :ip => args[1]) - rescue AuthorizationError - return false - rescue ArgumentError - # the namespace contract says we should raise this error - # if we didn't find the right acl - raise - end - true + !is_forbidden_and_why?(name, :node => args[0], :ip => args[1]) end - def fail_on_deny(name, args = {}) + def is_forbidden_and_why?(name, args = {}) res = :nomatch right = @rights.find do |acl| found = false @@ -49,7 +40,7 @@ class Rights args[:match] = match if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno # return early if we're allowed - return if res + return nil if res # we matched, select this acl found = true end @@ -70,13 +61,12 @@ class Rights error.file = right.file error.line = right.line end - Puppet.warning("Denying access: #{error}") else # there were no rights allowing/denying name # if name is not a path, let's throw - error = ArgumentError.new "Unknown namespace right '#{name}'" + raise ArgumentError.new "Unknown namespace right '#{name}'" end - raise error + error end def initialize |