Fixed scopes and added more specific logs/errors

2025-10-19 16:03:00 +00:00 · 2020-11-23 13:26:36 +01:00
parent d5e7a42135
commit d7d27ad97a
4 changed files with 31 additions and 29 deletions
--- a/jupyterhub/utils.py
+++ b/jupyterhub/utils.py
@@ -319,15 +319,6 @@ def needs_scope_expansion(filter_, filter_value, sub_scope):
        return True


-# def expand_groups_to_users(db, filter_scope):
-#     """Update the group filters to account for the individual users"""
-#     if 'group' in filter_scope:
-#         groups = db.query(orm.Group)
-#         user_set = orm.User.query.filter(orm.User.group.in_(groups))
-#         return [user.name for user in user_set]
-#
-
-
 def check_user_in_expanded_scope(handler, user_name, scope_group_names):
    user = handler.find_user(user_name)
    if user is None:
@@ -419,7 +410,17 @@ def needs_scope(scope):
            if check_scope(self, scope, parsed_scopes, **s_kwargs):
                return func(self, *args, **kwargs)
            else:
-                raise web.HTTPError(403, "Action is not authorized with current scopes")
+                self.log.warning(
+                    "Not authorizing access to {}. Requires scope {}, not derived from scopes {}".format(
+                        self.request.path, scope, ", ".join(self.scopes)
+                    )
+                )
+                raise web.HTTPError(
+                    403,
+                    "Action is not authorized with current scopes; requires {}".format(
+                        scope
+                    ),
+                )

        return _auth_func