Add configurable log level and debug logging for access checks #41

Merged

qwc merged 1 commit from add-debug-logging into main

2026-02-04 15:26:30 +01:00

qwc commented

2026-02-04 15:16:52 +01:00

Owner

Summary

Builds on the visibility feature branch (#40) and adds debug logging to help troubleshoot access issues.

Adds server.log_level config option (debug, info, warn, error) and ASIAKIRJAT_LOG_LEVEL env var
Adds slog.Debug logging throughout LDAP/OAuth2 auth sync and access-check paths

Debug logging covers:

LDAP/OAuth2 login: logs user's group memberships, configured role groups, resolved role
Project access sync: logs each group mapping check (group, project, matched yes/no), grants and revokes
Global access sync: logs each global access rule check, grant upserts, removals
canViewProject: logs the full decision path (why access was granted or denied)
canUpload: same decision logging

Usage

Set log_level: "debug" in config or ASIAKIRJAT_LOG_LEVEL=debug and inspect stdout during LDAP/OAuth2 login.

Test plan

go test ./... passes
Set log_level: debug and verify debug output appears on login
Set log_level: info (default) and verify no debug output appears

Note: depends on #40 (includes those commits as base)

🤖 Generated with Claude Code

## Summary Builds on the visibility feature branch (#40) and adds debug logging to help troubleshoot access issues. - Adds `server.log_level` config option (`debug`, `info`, `warn`, `error`) and `ASIAKIRJAT_LOG_LEVEL` env var - Adds `slog.Debug` logging throughout LDAP/OAuth2 auth sync and access-check paths ### Debug logging covers: - **LDAP/OAuth2 login**: logs user's group memberships, configured role groups, resolved role - **Project access sync**: logs each group mapping check (group, project, matched yes/no), grants and revokes - **Global access sync**: logs each global access rule check, grant upserts, removals - **`canViewProject`**: logs the full decision path (why access was granted or denied) - **`canUpload`**: same decision logging ### Usage Set `log_level: "debug"` in config or `ASIAKIRJAT_LOG_LEVEL=debug` and inspect stdout during LDAP/OAuth2 login. ## Test plan - [x] `go test ./...` passes - [ ] Set `log_level: debug` and verify debug output appears on login - [ ] Set `log_level: info` (default) and verify no debug output appears Note: depends on #40 (includes those commits as base) 🤖 Generated with [Claude Code](https://claude.com/claude-code)

qwc added 1 commit

2026-02-04 15:16:52 +01:00

Add configurable log level and debug logging for access checks

CI / test (pull_request) Successful in 1m12s

Details

CI / build (pull_request) Successful in 57s

Details

CI / docker (pull_request) Has been skipped

Details

9e344e0435

Adds a server.log_level config option (debug/info/warn/error) and
ASIAKIRJAT_LOG_LEVEL env var. Adds slog.Debug logging throughout the
LDAP/OAuth2 auth sync and access-check paths to help troubleshoot
group-based access issues for private projects.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

qwc merged commit f2d4b758bf into main

2026-02-04 15:26:30 +01:00

qwc deleted branch add-debug-logging

2026-02-04 15:26:31 +01:00

qwc referenced this pull request from a commit

2026-02-04 15:26:32 +01:00

Merge pull request 'Add configurable log level and debug logging for access checks' (#41) from add-debug-logging into main