apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-15 20:05:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/auth_analysis/cross_file_helper_authz.rs
Eli Peter a438886217
Python fp and docs updtes (#58) 
* refactor: Update comments for clarity and add expectations.json files for performance metrics

* feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks

* feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks

* refactor: Simplify code formatting for better readability in multiple files

* refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration

* feat: Update Java and Python patterns to include new security rules

* refactor: Improve comment clarity and consistency across multiple Rust files

* refactor: Simplify code formatting for improved readability in integration tests and module files

* refactor: Improve comment formatting and enhance clarity in assertions across multiple files
2026-04-29 19:53:34 -04:00

33 lines
1.1 KiB
Rust
Raw Blame History

// Target: authorization happens inside `require_owner`, which
// delegates to `require_group_member` (a configured authorization
// check name). The handler in `cross_file_helper_handler.rs`
// delegates ownership validation to this helper, cross-file helper
// lifting should recognise the call as an auth check covering the
// supplied `row`.
struct Db;
impl Db {
fn get(&self, _id: i64) -> i64 {
0
}
}
mod authz {
pub async fn require_group_member(
_db: &super::Db,
_row_id: i64,
_user_id: i64,
) -> Result<(), ()> {
Ok(())
}
}
/// Ownership / group-membership guard. Delegates to the configured
/// authorization check `require_group_member`, passing `row_id` as
/// the resource id and `user_id` as the actor id. The single-file
/// extractor produces an `AuthCheckSummary` with param 1 (`row_id`)
/// marked as `Membership`-checked.
pub async fn require_owner(db: &Db, row_id: i64, user_id: i64) -> Result<(), ()> {
authz::require_group_member(db, row_id, user_id).await?;
let _ = db.get(row_id);
Ok(())
}
Reference in a new issue View git blame Copy permalink