LCOV - code coverage report
Current view: top level - pageserver/src - auth.rs (source / functions) Coverage Total Hit
Test: a43a77853355b937a79c57b07a8f05607cf29e6c.info Lines: 0.0 % 20 0
Test Date: 2024-09-19 12:04:32 Functions: 0.0 % 1 0

            Line data    Source code
       1              : use utils::auth::{AuthError, Claims, Scope};
       2              : use utils::id::TenantId;
       3              : 
       4            0 : pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> {
       5            0 :     match (&claims.scope, tenant_id) {
       6            0 :         (Scope::Tenant, None) => Err(AuthError(
       7            0 :             "Attempt to access management api with tenant scope. Permission denied".into(),
       8            0 :         )),
       9            0 :         (Scope::Tenant, Some(tenant_id)) => {
      10            0 :             if claims.tenant_id.unwrap() != tenant_id {
      11            0 :                 return Err(AuthError("Tenant id mismatch. Permission denied".into()));
      12            0 :             }
      13            0 :             Ok(())
      14              :         }
      15            0 :         (Scope::PageServerApi, None) => Ok(()), // access to management api for PageServerApi scope
      16            0 :         (Scope::PageServerApi, Some(_)) => Ok(()), // access to tenant api using PageServerApi scope
      17              :         (Scope::Admin | Scope::SafekeeperData | Scope::GenerationsApi | Scope::Scrubber, _) => {
      18            0 :             Err(AuthError(
      19            0 :                 format!(
      20            0 :                     "JWT scope '{:?}' is ineligible for Pageserver auth",
      21            0 :                     claims.scope
      22            0 :                 )
      23            0 :                 .into(),
      24            0 :             ))
      25              :         }
      26              :     }
      27            0 : }
        

Generated by: LCOV version 2.1-beta