LCOV - code coverage report
Current view: top level - pageserver/src - auth.rs (source / functions) Coverage Total Hit
Test: c639aa5f7ab62b43d647b10f40d15a15686ce8a9.info Lines: 100.0 % 16 16
Test Date: 2024-02-12 20:26:03 Functions: 100.0 % 1 1 

            Line data    Source code
       1              : use utils::auth::{AuthError, Claims, Scope};
       2              : use utils::id::TenantId;
       3              : 
       4          164 : pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> {
       5          164 :     match (&claims.scope, tenant_id) {
       6            1 :         (Scope::Tenant, None) => Err(AuthError(
       7            1 :             "Attempt to access management api with tenant scope. Permission denied".into(),
       8            1 :         )),
       9          107 :         (Scope::Tenant, Some(tenant_id)) => {
      10          107 :             if claims.tenant_id.unwrap() != tenant_id {
      11            2 :                 return Err(AuthError("Tenant id mismatch. Permission denied".into()));
      12          105 :             }
      13          105 :             Ok(())
      14              :         }
      15           10 :         (Scope::PageServerApi, None) => Ok(()), // access to management api for PageServerApi scope
      16           45 :         (Scope::PageServerApi, Some(_)) => Ok(()), // access to tenant api using PageServerApi scope
      17            1 :         (Scope::SafekeeperData, _) => Err(AuthError(
      18            1 :             "SafekeeperData scope makes no sense for Pageserver".into(),
      19            1 :         )),
      20              :     }
      21          164 : }

Generated by: LCOV version 2.1-beta