LCOV - code coverage report
Current view: top level - safekeeper/src - auth.rs (source / functions) Coverage Total Hit
Test: 8ff8efadb0253cf618c612650348666c0c564111.info Lines: 0.0 % 19 0
Test Date: 2024-11-20 17:53:50 Functions: 0.0 % 1 0

            Line data    Source code
       1              : use utils::auth::{AuthError, Claims, Scope};
       2              : use utils::id::TenantId;
       3              : 
       4              : /// If tenant_id is provided, allow if token (claims) is for this tenant or
       5              : /// whole safekeeper scope (SafekeeperData). Else, allow only if token is
       6              : /// SafekeeperData.
       7            0 : pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> {
       8            0 :     match (&claims.scope, tenant_id) {
       9            0 :         (Scope::Tenant, None) => Err(AuthError(
      10            0 :             "Attempt to access management api with tenant scope. Permission denied".into(),
      11            0 :         )),
      12            0 :         (Scope::Tenant, Some(tenant_id)) => {
      13            0 :             if claims.tenant_id.unwrap() != tenant_id {
      14            0 :                 return Err(AuthError("Tenant id mismatch. Permission denied".into()));
      15            0 :             }
      16            0 :             Ok(())
      17              :         }
      18              :         (
      19              :             Scope::Admin
      20              :             | Scope::PageServerApi
      21              :             | Scope::GenerationsApi
      22              :             | Scope::Infra
      23              :             | Scope::Scrubber
      24              :             | Scope::ControllerPeer,
      25              :             _,
      26            0 :         ) => Err(AuthError(
      27            0 :             format!(
      28            0 :                 "JWT scope '{:?}' is ineligible for Safekeeper auth",
      29            0 :                 claims.scope
      30            0 :             )
      31            0 :             .into(),
      32            0 :         )),
      33            0 :         (Scope::SafekeeperData, _) => Ok(()),
      34              :     }
      35            0 : }
        

Generated by: LCOV version 2.1-beta