LCOV - f6946e90941b557c917ac98cd5a7e9506d180f3e.info

LCOV - differential code coverage report

Current view:	top level - pageserver/src - auth.rs (source / functions)		Coverage	Total	Hit	CBC
Current:	f6946e90941b557c917ac98cd5a7e9506d180f3e.info	Lines:	100.0 %	11	11	11
Current Date:	2023-10-19 02:04:12	Functions:	100.0 %	1	1	1
Baseline:	c8637f37369098875162f194f92736355783b050.info
Baseline Date:	2023-10-18 20:25:20

           TLA  Line data    Source code

       1                 : use anyhow::{bail, Result};
       2                 : use utils::auth::{Claims, Scope};
       3                 : use utils::id::TenantId;
       4                 : 
       5                 : pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<()> {
       6 CBC         139 :     match (&claims.scope, tenant_id) {
       7                 :         (Scope::Tenant, None) => {
       8               1 :             bail!("Attempt to access management api with tenant scope. Permission denied")
       9                 :         }
      10              96 :         (Scope::Tenant, Some(tenant_id)) => {
      11              96 :             if claims.tenant_id.unwrap() != tenant_id {
      12               2 :                 bail!("Tenant id mismatch. Permission denied")
      13              94 :             }
      14              94 :             Ok(())
      15                 :         }
      16              14 :         (Scope::PageServerApi, None) => Ok(()), // access to management api for PageServerApi scope
      17              27 :         (Scope::PageServerApi, Some(_)) => Ok(()), // access to tenant api using PageServerApi scope
      18                 :         (Scope::SafekeeperData, _) => {
      19               1 :             bail!("SafekeeperData scope makes no sense for Pageserver")
      20                 :         }
      21                 :     }
      22             139 : }

Generated by: LCOV version 2.1-beta