* Verify access to copilot files * Priority: Database lookup > Metadata > Path pattern (legacy)
( cloudKey: string, userId: string, customConfig?: StorageConfig )
| 399 | * Priority: Database lookup > Metadata > Path pattern (legacy) |
| 400 | */ |
| 401 | async function verifyCopilotFileAccess( |
| 402 | cloudKey: string, |
| 403 | userId: string, |
| 404 | customConfig?: StorageConfig |
| 405 | ): Promise<boolean> { |
| 406 | try { |
| 407 | // Priority 1: Check workspaceFiles table (new system) |
| 408 | const fileRecord = await getFileMetadataByKey(cloudKey, 'copilot') |
| 409 | |
| 410 | if (fileRecord) { |
| 411 | if (fileRecord.userId === userId) { |
| 412 | logger.debug('Copilot file access granted (workspaceFiles table)', { |
| 413 | userId, |
| 414 | cloudKey, |
| 415 | }) |
| 416 | return true |
| 417 | } |
| 418 | logger.warn('User does not own copilot file', { |
| 419 | userId, |
| 420 | fileUserId: fileRecord.userId, |
| 421 | cloudKey, |
| 422 | }) |
| 423 | return false |
| 424 | } |
| 425 | |
| 426 | // Priority 2: Check metadata (for files not yet in database) |
| 427 | const config: StorageConfig = customConfig || {} |
| 428 | const metadata = await getFileMetadata(cloudKey, config) |
| 429 | const fileUserId = metadata.userId |
| 430 | |
| 431 | if (fileUserId) { |
| 432 | if (fileUserId === userId) { |
| 433 | logger.debug('Copilot file access granted (metadata)', { userId, cloudKey }) |
| 434 | return true |
| 435 | } |
| 436 | logger.warn('User does not own copilot file (metadata)', { |
| 437 | userId, |
| 438 | fileUserId, |
| 439 | cloudKey, |
| 440 | }) |
| 441 | return false |
| 442 | } |
| 443 | |
| 444 | // Priority 3: Legacy path pattern check (userId/filename format) |
| 445 | // This handles old copilot files that may have been stored with userId prefix |
| 446 | const parts = cloudKey.split('/') |
| 447 | if (parts.length >= 2) { |
| 448 | const fileUserId = parts[0] |
| 449 | if (fileUserId && fileUserId === userId) { |
| 450 | logger.debug('Copilot file access granted (path pattern)', { userId, cloudKey }) |
| 451 | return true |
| 452 | } |
| 453 | logger.warn('User does not own copilot file (path pattern)', { |
| 454 | userId, |
| 455 | fileUserId, |
| 456 | cloudKey, |
| 457 | }) |
| 458 | return false |
no test coverage detected