From c4f4fae5a0b1a06b465782eae0c3538b4c8da3b8 Mon Sep 17 00:00:00 2001
From: Roger Light <roger@atchoo.org>
Date: Sun, 10 Jan 2021 23:04:01 +0000
Subject: [PATCH] dynsec: Improve logging in addGroupRole.

Close #2005. Thanks to Willem Eradus.
---
 plugins/dynamic-security/groups.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/plugins/dynamic-security/groups.c b/plugins/dynamic-security/groups.c
index 1db97a7b..a6ede436 100644
--- a/plugins/dynamic-security/groups.c
+++ b/plugins/dynamic-security/groups.c
@@ -116,6 +116,7 @@ int dynsec_groups__process_add_role(cJSON *j_responses, struct mosquitto *contex
 	struct dynsec__role *role;
 	int priority;
 	const char *admin_clientid, *admin_username;
+	int rc;
 
 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
 		dynsec__command_reply(j_responses, context, "addGroupRole", "Invalid/missing groupname", correlation_data);
@@ -151,13 +152,20 @@ int dynsec_groups__process_add_role(cJSON *j_responses, struct mosquitto *contex
 	admin_clientid = mosquitto_client_id(context);
 	admin_username = mosquitto_client_username(context);
 
-	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | addGroupRole | groupname=%s | rolename=%s | priority=%d",
-			admin_clientid, admin_username, groupname, rolename, priority);
-
-	if(dynsec_rolelist__group_add(group, role, priority) != MOSQ_ERR_SUCCESS){
+	rc = dynsec_rolelist__group_add(group, role, priority);
+	if(rc == MOSQ_ERR_SUCCESS){
+		/* Continue */
+	}else if(rc == MOSQ_ERR_ALREADY_EXISTS){
+		dynsec__command_reply(j_responses, context, "addGroupRole", "Group is already in this role", correlation_data);
+		return MOSQ_ERR_ALREADY_EXISTS;
+	}else{
 		dynsec__command_reply(j_responses, context, "addGroupRole", "Internal error", correlation_data);
 		return MOSQ_ERR_UNKNOWN;
 	}
+
+	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | addGroupRole | groupname=%s | rolename=%s | priority=%d",
+			admin_clientid, admin_username, groupname, rolename, priority);
+
 	dynsec__config_save();
 	dynsec__command_reply(j_responses, context, "addGroupRole", NULL, correlation_data);