MCPcopy
hub / github.com/simstudioai/sim / verifyExecutionFileAccess

Function verifyExecutionFileAccess

apps/sim/app/api/files/authorization.ts:352–395  ·  view source on GitHub ↗

* Verify access to execution files * Modern format: execution/workspace_id/workflow_id/execution_id/filename * Legacy format: workspace_id/workflow_id/execution_id/filename

(
  cloudKey: string,
  userId: string,
  customConfig?: StorageConfig,
  requireWrite = false
)

Source from the content-addressed store, hash-verified

350 * Legacy format: workspace_id/workflow_id/execution_id/filename
351 */
352async function verifyExecutionFileAccess(
353 cloudKey: string,
354 userId: string,
355 customConfig?: StorageConfig,
356 requireWrite = false
357): Promise<boolean> {
358 const parts = cloudKey.split('/')
359
360 // Determine if this is modern prefixed or legacy format
361 let workspaceId: string
362 if (parts[0] === 'execution') {
363 // Modern format: execution/workspaceId/workflowId/executionId/filename
364 if (parts.length < 5) {
365 logger.warn('Invalid execution file path format (modern)', { cloudKey })
366 return false
367 }
368 workspaceId = parts[1]
369 } else {
370 // Legacy format: workspaceId/workflowId/executionId/filename
371 if (parts.length < 4) {
372 logger.warn('Invalid execution file path format (legacy)', { cloudKey })
373 return false
374 }
375 workspaceId = parts[0]
376 }
377
378 if (!workspaceId) {
379 logger.warn('Could not extract workspaceId from execution file path', { cloudKey })
380 return false
381 }
382
383 const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
384 if (!workspacePermissionSatisfies(permission, requireWrite)) {
385 logger.warn('User does not have workspace access for execution file', {
386 userId,
387 workspaceId,
388 cloudKey,
389 })
390 return false
391 }
392
393 logger.debug('Execution file access granted', { userId, workspaceId, cloudKey })
394 return true
395}
396
397/**
398 * Verify access to copilot files

Callers 1

verifyFileAccessFunction · 0.85

Calls 4

getUserEntityPermissionsFunction · 0.90
debugMethod · 0.80
warnMethod · 0.65

Tested by

no test coverage detected