diff options
author | Mickael Remond <mremond@process-one.net> | 2016-07-30 18:51:54 +0200 |
---|---|---|
committer | Mickael Remond <mremond@process-one.net> | 2016-07-30 18:51:54 +0200 |
commit | 674a8039ef0da080c9882bbe8ea3a476d78df0f5 (patch) | |
tree | 5feb442b40e6b80d03c91d383bae1981e12ba966 /src/mod_http_api.erl | |
parent | Make s2s stats commands more robust (diff) |
Add support for sending back missing scope error to API ReST command calls
Diffstat (limited to 'src/mod_http_api.erl')
-rw-r--r-- | src/mod_http_api.erl | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl index 6f6d59cda..cda4d6059 100644 --- a/src/mod_http_api.erl +++ b/src/mod_http_api.erl @@ -162,14 +162,15 @@ check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _, ScopeL case oauth_check_token(ScopeList, Token) of {ok, user, {User, Server}} -> {ok, {User, Server, {oauth, Token}, Admin}}; - false -> - false + {false, Reason} -> + {false, Reason} end; _ -> false end, case Auth of {ok, A} -> {allowed, Call, A}; + {false, no_matching_scope} -> outofscope_response(); _ -> unauthorized_response() end; check_permissions2(_Request, Call, open, _Scope) -> @@ -189,7 +190,7 @@ check_permissions2(#request{ip={IP, _Port}}, Call, _Policy, _Scope) -> Commands when is_list(Commands) -> case lists:member(Call, Commands) of true -> {allowed, Call, admin}; - _ -> unauthorized_response() + _ -> outofscope_response() end; _E -> {allowed, Call, noauth} @@ -495,6 +496,7 @@ format_result(Tuple, {Name, {tuple, Def}}) -> format_result(404, {_Name, _}) -> "not_found". + format_error_result(conflict, Code, Msg) -> {409, Code, iolist_to_binary(Msg)}; format_error_result(_ErrorAtom, Code, Msg) -> @@ -503,6 +505,9 @@ format_error_result(_ErrorAtom, Code, Msg) -> unauthorized_response() -> json_error(401, 10, <<"Oauth Token is invalid or expired.">>). +outofscope_response() -> + json_error(401, 11, <<"Token does not grant usage to command required scope.">>). + badrequest_response() -> badrequest_response(<<"400 Bad Request">>). badrequest_response(Body) -> |