* Unified authorization function that returns structured result
( key: string, userId: string, context?: StorageContext, storageConfig?: StorageConfig, isLocal?: boolean )
| 716 | * Unified authorization function that returns structured result |
| 717 | */ |
| 718 | async function authorizeFileAccess( |
| 719 | key: string, |
| 720 | userId: string, |
| 721 | context?: StorageContext, |
| 722 | storageConfig?: StorageConfig, |
| 723 | isLocal?: boolean |
| 724 | ): Promise<AuthorizationResult> { |
| 725 | const granted = await verifyFileAccess(key, userId, storageConfig, context, isLocal) |
| 726 | |
| 727 | if (granted) { |
| 728 | let workspaceId: string | undefined |
| 729 | const inferredContext = context || inferContextFromKey(key) |
| 730 | |
| 731 | if (inferredContext === 'workspace') { |
| 732 | const record = await lookupWorkspaceFileByKey(key) |
| 733 | workspaceId = record?.workspaceId |
| 734 | } else { |
| 735 | const extracted = extractWorkspaceIdFromKey(key) |
| 736 | if (extracted) { |
| 737 | workspaceId = extracted |
| 738 | } |
| 739 | } |
| 740 | |
| 741 | return { |
| 742 | granted: true, |
| 743 | reason: 'Access granted', |
| 744 | workspaceId, |
| 745 | } |
| 746 | } |
| 747 | |
| 748 | return { |
| 749 | granted: false, |
| 750 | reason: 'Access denied - insufficient permissions or file not found', |
| 751 | } |
| 752 | } |
| 753 | |
| 754 | /** |
| 755 | * Guard helper for tool routes that download user files from storage. |
nothing calls this directly
no test coverage detected