# File lib/puppet/network/rights.rb, line 41
41:     def fail_on_deny(name, args = {})
42:         res = :nomatch
43:         right = @rights.find do |acl|
44:             found = false
45:             # an acl can return :dunno, which means "I'm not qualified to answer your question,
46:             # please ask someone else". This is used when for instance an acl matches, but not for the
47:             # current rest method, where we might think some other acl might be more specific.
48:             if match = acl.match?(name)
49:                 args[:match] = match
50:                 if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno
51:                     # return early if we're allowed
52:                     return if res
53:                     # we matched, select this acl
54:                     found = true
55:                 end
56:             end
57:             found
58:         end
59: 
60:         # if we end here, then that means we either didn't match
61:         # or failed, in any case will throw an error to the outside world
62:         if name =~ /^\// or right
63:             # we're a patch ACL, let's fail
64:             msg = "%s access to %s [%s]" % [ (args[:node].nil? ? args[:ip] : "#{args[:node]}(#{args[:ip]})"), name, args[:method] ]
65: 
66:             msg += " authenticated " if args[:authenticated]
67: 
68:             error = AuthorizationError.new("Forbidden request: " + msg)
69:             if right
70:                 error.file = right.file
71:                 error.line = right.line
72:             end
73:             Puppet.warning("Denying access: " + error.to_s)
74:         else
75:             # there were no rights allowing/denying name
76:             # if name is not a path, let's throw
77:             error = ArgumentError.new "Unknown namespace right '%s'" % name
78:         end
79:         raise error
80:     end