From a39283babdd026a38b60552e1f02953a40bb6e22 Mon Sep 17 00:00:00 2001
From: Sean Flanigan <sflaniga@redhat.com>
Date: Tue, 9 Sep 2014 16:35:34 +1000
Subject: [PATCH] Log permission check failure as WARN, success as DEBUG

---
 .../org/zanata/security/ZanataIdentity.java   | 38 +++++++++++++++----
 1 file changed, 31 insertions(+), 7 deletions(-)

diff --git a/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java b/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java
index 72eb1a1b10..91e5757f17 100644
--- a/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java
+++ b/zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java
@@ -52,8 +52,8 @@
 @BypassInterceptors
 @Startup
 public class ZanataIdentity extends Identity {
-    private static final Logger LOGGER = LoggerFactory
-            .getLogger(ZanataIdentity.class);
+    private static final Logger log = LoggerFactory.getLogger(
+            ZanataIdentity.class);
 
     public static final String USER_LOGOUT_EVENT = "user.logout";
     public static final String USER_ENTER_WORKSPACE = "user.enter";
@@ -115,18 +115,42 @@ public void logout() {
 
     @Override
     public boolean hasPermission(Object target, String action) {
-        LOGGER.debug("ENTER hasPermission({}, {})", target, action);
+        log.trace("ENTER hasPermission({}, {})", target, action);
         boolean result = super.hasPermission(target, action);
-        LOGGER.debug("EXIT hasPermission(): {}", result);
+        if (result) {
+            if (log.isDebugEnabled()) {
+                log.debug("ALLOWED hasPermission({}, {}) for user {}",
+                        target, action, getAccountUsername());
+            }
+        } else {
+            if (log.isWarnEnabled()) {
+                log.warn("DENIED hasPermission({}, {}) for user {}",
+                        target, action, getAccountUsername());
+            }
+        }
+        log.trace("EXIT hasPermission(): {}", result);
         return result;
     }
 
     @Override
     public boolean hasPermission(String name, String action, Object... arg) {
-        LOGGER.debug("ENTER hasPermission({})",
-                Lists.newArrayList(name, action, arg));
+        if (log.isTraceEnabled()) {
+            log.trace("ENTER hasPermission({})",
+                    Lists.newArrayList(name, action, arg));
+        }
         boolean result = super.hasPermission(name, action, arg);
-        LOGGER.debug("EXIT hasPermission(): {}", result);
+        if (result) {
+            if (log.isDebugEnabled()) {
+                log.debug("ALLOWED hasPermission({}, {}, {}) for user {}",
+                        name, action, arg, getAccountUsername());
+            }
+        } else {
+            if (log.isWarnEnabled()) {
+                log.warn("DENIED hasPermission({}, {}, {}) for user {}",
+                        name, action, arg, getAccountUsername());
+            }
+        }
+        log.trace("EXIT hasPermission(): {}", result);
         return result;
     }