From 253a8e37fd6f7a81bd0e7659919890a36dad3f23 Mon Sep 17 00:00:00 2001
From: mluto <m@luto.at>
Date: Sat, 30 Mar 2013 20:28:46 +0100
Subject: [PATCH] Added debug-output to SecurityManager.checkAccess to indicate
 *why* an auth-try failed.

---
 src/node/db/SecurityManager.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index 4289e39c..074728b5 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -134,12 +134,14 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
               
               //is it for this group?
               if(sessionInfo.groupID != groupID) {
+                console.debug("Auth failed: wrong group");
             	  callback();
             	  return;
               }
               
               //is validUntil still ok?
               if(sessionInfo.validUntil <= now){
+                console.debug("Auth failed: validUntil");
             	  callback();
             	  return;
               }
@@ -234,7 +236,11 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
         //--> grant access
         statusObject = {accessStatus: "grant", authorID: sessionAuthor};
         //--> deny access if user isn't allowed to create the pad
-        if(settings.editOnly) statusObject.accessStatus = "deny";
+        if(settings.editOnly)
+        {
+          console.debug("Auth failed: valid session & pad does not exist");
+          statusObject.accessStatus = "deny";
+        }
       }
       // there is no valid session avaiable AND pad exists
       else if(!validSession && padExists)
@@ -266,6 +272,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
         //- its not public
         else if(!isPublic)
         {
+          console.debug("Auth failed: invalid session & pad is not public");
           //--> deny access
           statusObject = {accessStatus: "deny"};
         }
@@ -277,6 +284,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
       // there is no valid session avaiable AND pad doesn't exists
       else
       {
+         console.debug("Auth failed: invalid session & pad does not exist");
          //--> deny access
          statusObject = {accessStatus: "deny"};
       }