* Resolve document access within a knowledge base, gated by read or write * permission on the KB (see resolveKnowledgeBaseAccess).
( knowledgeBaseId: string, documentId: string, userId: string, requireWrite: boolean )
| 228 | * permission on the KB (see {@link resolveKnowledgeBaseAccess}). |
| 229 | */ |
| 230 | async function resolveDocumentAccess( |
| 231 | knowledgeBaseId: string, |
| 232 | documentId: string, |
| 233 | userId: string, |
| 234 | requireWrite: boolean |
| 235 | ): Promise<DocumentAccessCheck> { |
| 236 | const kbAccess = await resolveKnowledgeBaseAccess(knowledgeBaseId, userId, requireWrite) |
| 237 | |
| 238 | if (!kbAccess.hasAccess) { |
| 239 | return { |
| 240 | hasAccess: false, |
| 241 | notFound: kbAccess.notFound, |
| 242 | reason: kbAccess.notFound ? 'Knowledge base not found' : 'Unauthorized knowledge base access', |
| 243 | } |
| 244 | } |
| 245 | |
| 246 | const doc = await db |
| 247 | .select() |
| 248 | .from(document) |
| 249 | .where( |
| 250 | and( |
| 251 | eq(document.id, documentId), |
| 252 | eq(document.knowledgeBaseId, knowledgeBaseId), |
| 253 | eq(document.userExcluded, false), |
| 254 | isNull(document.archivedAt), |
| 255 | isNull(document.deletedAt) |
| 256 | ) |
| 257 | ) |
| 258 | .limit(1) |
| 259 | |
| 260 | if (doc.length === 0) { |
| 261 | return { hasAccess: false, notFound: true, reason: 'Document not found' } |
| 262 | } |
| 263 | |
| 264 | return { |
| 265 | hasAccess: true, |
| 266 | document: doc[0] as DocumentData, |
| 267 | knowledgeBase: kbAccess.knowledgeBase!, |
| 268 | } |
| 269 | } |
| 270 | |
| 271 | /** |
| 272 | * Check if a user has read access to a document within a knowledge base. |
no test coverage detected