Add error messages in permission denied cases

awx/api/serializers.py

@@ -1292,7 +1292,7 @@ class InventorySourceOptionsSerializer(BaseSerializer):
             return value
         except yaml.YAMLError:
             pass
-        raise serializers.ValidationError('Must be valid JSON or YAML')
+        raise serializers.ValidationError('Must be valid JSON or YAML.')
 
     def validate(self, attrs):
         # TODO: Validate source, validate source_regions
@@ -2426,36 +2426,36 @@ class ScheduleSerializer(BaseSerializer):
         if not len(match_multiple_dtstart):
             raise serializers.ValidationError('DTSTART required in rrule. Value should match: DTSTART:YYYYMMDDTHHMMSSZ')
         if len(match_multiple_dtstart) > 1:
-            raise serializers.ValidationError('Multiple DTSTART is not supported')
+            raise serializers.ValidationError('Multiple DTSTART is not supported.')
         if not len(match_multiple_rrule):
-            raise serializers.ValidationError('RRULE require in rrule')
+            raise serializers.ValidationError('RRULE require in rrule.')
         if len(match_multiple_rrule) > 1:
-            raise serializers.ValidationError('Multiple RRULE is not supported')
+            raise serializers.ValidationError('Multiple RRULE is not supported.')
         if 'interval' not in rrule_value.lower():
-            raise serializers.ValidationError('INTERVAL required in rrule')
+            raise serializers.ValidationError('INTERVAL required in rrule.')
         if 'tzid' in rrule_value.lower():
-            raise serializers.ValidationError('TZID is not supported')
+            raise serializers.ValidationError('TZID is not supported.')
         if 'secondly' in rrule_value.lower():
-            raise serializers.ValidationError('SECONDLY is not supported')
+            raise serializers.ValidationError('SECONDLY is not supported.')
         if re.match(multi_by_month_day, rrule_value):
-            raise serializers.ValidationError('Multiple BYMONTHDAYs not supported')
+            raise serializers.ValidationError('Multiple BYMONTHDAYs not supported.')
         if re.match(multi_by_month, rrule_value):
-            raise serializers.ValidationError('Multiple BYMONTHs not supported')
+            raise serializers.ValidationError('Multiple BYMONTHs not supported.')
         if re.match(by_day_with_numeric_prefix, rrule_value):
-            raise serializers.ValidationError("BYDAY with numeric prefix not supported")
+            raise serializers.ValidationError("BYDAY with numeric prefix not supported.")
         if 'byyearday' in rrule_value.lower():
-            raise serializers.ValidationError("BYYEARDAY not supported")
+            raise serializers.ValidationError("BYYEARDAY not supported.")
         if 'byweekno' in rrule_value.lower():
-            raise serializers.ValidationError("BYWEEKNO not supported")
+            raise serializers.ValidationError("BYWEEKNO not supported.")
         if match_count:
             count_val = match_count.groups()[0].strip().split("=")
             if int(count_val[1]) > 999:
-                raise serializers.ValidationError("COUNT > 999 is unsupported")
+                raise serializers.ValidationError("COUNT > 999 is unsupported.")
         try:
             rrule.rrulestr(rrule_value)
         except Exception:
             # TODO: Log
-            raise serializers.ValidationError("rrule parsing failed validation")
+            raise serializers.ValidationError("rrule parsing failed validation.")
         return value
 
 class ActivityStreamSerializer(BaseSerializer):

awx/api/views.py

@@ -925,7 +925,7 @@ class ProjectDetail(RetrieveUpdateDestroyAPIView):
         obj = self.get_object()
         can_delete = request.user.can_access(Project, 'delete', obj)
         if not can_delete:
-            raise PermissionDenied("Cannot delete project")
+            raise PermissionDenied("Cannot delete project.")
         for pu in obj.project_updates.filter(status__in=['new', 'pending', 'waiting', 'running']):
             pu.cancel()
         return super(ProjectDetail, self).destroy(request, *args, **kwargs)
@@ -1114,7 +1114,7 @@ class UserRolesList(SubListCreateAttachDetachAPIView):
             return Response(data, status=status.HTTP_400_BAD_REQUEST)
 
         if sub_id == self.request.user.admin_role.pk:
-            raise PermissionDenied('You may not remove your own admin_role')
+            raise PermissionDenied('You may not remove your own admin_role.')
 
         return super(UserRolesList, self).post(request, *args, **kwargs)
 
@@ -1210,13 +1210,13 @@ class UserDetail(RetrieveUpdateDestroyAPIView):
                 if left is not None and right is not None and left != right:
                     changed[field] = (left, right)
             if changed:
-                raise PermissionDenied('Cannot change %s' % ', '.join(changed.keys()))
+                raise PermissionDenied('Cannot change %s.' % ', '.join(changed.keys()))
 
     def destroy(self, request, *args, **kwargs):
         obj = self.get_object()
         can_delete = request.user.can_access(User, 'delete', obj)
         if not can_delete:
-            raise PermissionDenied('Cannot delete user')
+            raise PermissionDenied('Cannot delete user.')
         return super(UserDetail, self).destroy(request, *args, **kwargs)
 
 class UserAccessList(ResourceAccessList):
@@ -1373,7 +1373,7 @@ class InventoryScriptDetail(RetrieveUpdateDestroyAPIView):
         instance = self.get_object()
         can_delete = request.user.can_access(self.model, 'delete', instance)
         if not can_delete:
-            raise PermissionDenied("Cannot delete inventory script")
+            raise PermissionDenied("Cannot delete inventory script.")
         for inv_src in InventorySource.objects.filter(source_script=instance):
             inv_src.source_script = None
             inv_src.save()
@@ -1957,7 +1957,7 @@ class InventorySourceDetail(RetrieveUpdateAPIView):
         obj = self.get_object()
         can_delete = request.user.can_access(InventorySource, 'delete', obj)
         if not can_delete:
-            raise PermissionDenied("Cannot delete inventory source")
+            raise PermissionDenied("Cannot delete inventory source.")
         for pu in obj.inventory_updates.filter(status__in=['new', 'pending', 'waiting', 'running']):
             pu.cancel()
         return super(InventorySourceDetail, self).destroy(request, *args, **kwargs)
@@ -2099,7 +2099,7 @@ class JobTemplateDetail(RetrieveUpdateDestroyAPIView):
         obj = self.get_object()
         can_delete = request.user.can_access(JobTemplate, 'delete', obj)
         if not can_delete:
-            raise PermissionDenied("Cannot delete job template")
+            raise PermissionDenied("Cannot delete job template.")
         for pu in obj.jobs.filter(status__in=['new', 'pending', 'waiting', 'running']):
             pu.cancel()
         return super(JobTemplateDetail, self).destroy(request, *args, **kwargs)
@@ -2482,7 +2482,7 @@ class SystemJobTemplateList(ListAPIView):
 
     def get(self, request, *args, **kwargs):
         if not request.user.is_superuser:
-            raise PermissionDenied("Superuser privileges needed")
+            raise PermissionDenied("Superuser privileges needed.")
         return super(SystemJobTemplateList, self).get(request, *args, **kwargs)
 
 class SystemJobTemplateDetail(RetrieveAPIView):
@@ -3212,7 +3212,7 @@ class SystemJobList(ListCreateAPIView):
 
     def get(self, request, *args, **kwargs):
         if not request.user.is_superuser:
-            raise PermissionDenied("Superuser privileges needed")
+            raise PermissionDenied("Superuser privileges needed.")
         return super(SystemJobList, self).get(request, *args, **kwargs)