MCPcopy
hub / github.com/simstudioai/sim / resolveKnowledgeBaseAccess

Function resolveKnowledgeBaseAccess

apps/sim/app/api/knowledge/utils.ts:162–200  ·  view source on GitHub ↗

* Resolve knowledge-base access for a user, gated by read or write permission. * * Read (`requireWrite: false`) grants on any workspace permission; write * (`requireWrite: true`) requires `write`/`admin`. Legacy non-workspace KBs grant * to the owning user in both modes.

(
  knowledgeBaseId: string,
  userId: string,
  requireWrite: boolean
)

Source from the content-addressed store, hash-verified

160 * to the owning user in both modes.
161 */
162async function resolveKnowledgeBaseAccess(
163 knowledgeBaseId: string,
164 userId: string,
165 requireWrite: boolean
166): Promise<KnowledgeBaseAccessCheck> {
167 const kb = await db
168 .select({
169 id: knowledgeBase.id,
170 userId: knowledgeBase.userId,
171 workspaceId: knowledgeBase.workspaceId,
172 name: knowledgeBase.name,
173 embeddingModel: knowledgeBase.embeddingModel,
174 })
175 .from(knowledgeBase)
176 .where(and(eq(knowledgeBase.id, knowledgeBaseId), isNull(knowledgeBase.deletedAt)))
177 .limit(1)
178
179 if (kb.length === 0) {
180 return { hasAccess: false, notFound: true }
181 }
182
183 const kbData = kb[0]
184
185 if (kbData.workspaceId) {
186 // Workspace KB: use workspace permissions only
187 const userPermission = await getUserEntityPermissions(userId, 'workspace', kbData.workspaceId)
188 const permitted = requireWrite
189 ? userPermission === 'write' || userPermission === 'admin'
190 : userPermission !== null
191 return permitted ? { hasAccess: true, knowledgeBase: kbData } : { hasAccess: false }
192 }
193
194 // Legacy non-workspace KB: allow owner access
195 if (kbData.userId === userId) {
196 return { hasAccess: true, knowledgeBase: kbData }
197 }
198
199 return { hasAccess: false }
200}
201
202/**
203 * Check if a user has read access to a knowledge base.

Callers 4

checkKnowledgeBaseAccessFunction · 0.85
resolveDocumentAccessFunction · 0.85
resolveChunkAccessFunction · 0.85

Calls 2

getUserEntityPermissionsFunction · 0.90
eqFunction · 0.50

Tested by

no test coverage detected