| 41 | }; |
| 42 | |
| 43 | const verifyProjectSharePolicyAccess = async (req, project, sharePolicy) => { |
| 44 | if (!sharePolicy) { |
| 45 | return true; |
| 46 | } |
| 47 | |
| 48 | if (sharePolicy.visibility === "disabled") { |
| 49 | return false; |
| 50 | } |
| 51 | |
| 52 | if (sharePolicy.visibility === "public") { |
| 53 | return true; |
| 54 | } |
| 55 | |
| 56 | const shareToken = req.query?.token || req.body?.token; |
| 57 | if (!shareToken) { |
| 58 | return false; |
| 59 | } |
| 60 | |
| 61 | try { |
| 62 | const decodedToken = jwt.verify(shareToken, settings.secret); |
| 63 | if (!decodedToken?.sub?.sharePolicyId || decodedToken?.sub?.type !== "Project") { |
| 64 | return false; |
| 65 | } |
| 66 | |
| 67 | return `${decodedToken.sub.id}` === `${project.id}` |
| 68 | && `${decodedToken.sub.sharePolicyId}` === `${sharePolicy.id}`; |
| 69 | } catch (_error) { |
| 70 | return false; |
| 71 | } |
| 72 | }; |
| 73 | |
| 74 | const hasProjectReadAccess = async (project, user) => { |
| 75 | if (!project || !user?.id) { |