• Enhanced AccessDeniedError class to include user, action, and resource context
- Added constructor parameters for action, resource, and user
- Generate detailed error messages showing user principal, attributes, and attempted resource
- Backward compatible with existing usage (falls back to generic message)
• Updated exception handling in server.py
- Import AccessDeniedError from access_control module
- Return proper 403 status codes with detailed error messages
- Separate handling for PermissionError (generic) vs AccessDeniedError (detailed)
• Enhanced error context at raise sites
- Updated routing_tables/common.py to pass action, resource, and user context
- Updated agents persistence to include context in access denied errors
- Provides better debugging information for access control issues
• Added comprehensive unit tests
- Created tests/unit/server/test_server.py with 13 test cases
- Covers AccessDeniedError with and without context
- Tests all exception types (ValidationError, BadRequestError, AuthenticationRequiredError, etc.)
- Validates proper HTTP status codes and error message formats
Resolves access control error visibility issues where 500 errors were returned
instead of proper 403 responses with actionable error messages.
Signed-off-by: Akram Ben Aissi <<akram.benaissi@gmail.com>>
