LCOV - cd44433dd675caa99df17a61b18949c8387e2242.info

LCOV - differential code coverage report

Current view:	top level - pageserver/src - auth.rs (source / functions)		Coverage	Total	Hit	CBC
Current:	cd44433dd675caa99df17a61b18949c8387e2242.info	Lines:	100.0 %	16	16	16
Current Date:	2024-01-09 02:06:09	Functions:	100.0 %	1	1	1
Baseline:	66c52a629a0f4a503e193045e0df4c77139e344b.info
Baseline Date:	2024-01-08 15:34:46

           TLA  Line data    Source code

       1                 : use utils::auth::{AuthError, Claims, Scope};
       2                 : use utils::id::TenantId;
       3                 : 
       4 CBC         168 : pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> {
       5             168 :     match (&claims.scope, tenant_id) {
       6               1 :         (Scope::Tenant, None) => Err(AuthError(
       7               1 :             "Attempt to access management api with tenant scope. Permission denied".into(),
       8               1 :         )),
       9             111 :         (Scope::Tenant, Some(tenant_id)) => {
      10             111 :             if claims.tenant_id.unwrap() != tenant_id {
      11               2 :                 return Err(AuthError("Tenant id mismatch. Permission denied".into()));
      12             109 :             }
      13             109 :             Ok(())
      14                 :         }
      15              22 :         (Scope::PageServerApi, None) => Ok(()), // access to management api for PageServerApi scope
      16              33 :         (Scope::PageServerApi, Some(_)) => Ok(()), // access to tenant api using PageServerApi scope
      17               1 :         (Scope::SafekeeperData, _) => Err(AuthError(
      18               1 :             "SafekeeperData scope makes no sense for Pageserver".into(),
      19               1 :         )),
      20                 :     }
      21             168 : }

Generated by: LCOV version 2.1-beta