From ac16adba4ce25a01c0d368d94263bffb350e13a9 Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@rami.io>
Date: Wed, 8 Feb 2023 13:33:02 +0100
Subject: [PATCH] Device security profiles: Improve logging

---
 src/pretix/api/auth/devicesecurity.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/pretix/api/auth/devicesecurity.py b/src/pretix/api/auth/devicesecurity.py
index 09949f4512..b1d1a13734 100644
--- a/src/pretix/api/auth/devicesecurity.py
+++ b/src/pretix/api/auth/devicesecurity.py
@@ -19,9 +19,12 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
+import logging
 
 from django.utils.translation import gettext_lazy as _
 
+logger = logging.getLogger(__name__)
+
 
 class FullAccessSecurityProfile:
     identifier = 'full'
@@ -36,7 +39,13 @@ class AllowListSecurityProfile:
 
     def is_allowed(self, request):
         key = (request.method, f"{request.resolver_match.namespace}:{request.resolver_match.url_name}")
-        return key in self.allowlist
+        if key in self.allowlist:
+            return True
+        else:
+            logger.info(
+                f'Request {key} not allowed in profile {self.identifier}'
+            )
+            return False
 
 
 class PretixScanSecurityProfile(AllowListSecurityProfile):