( rateLimit: RateLimitResult, userId: string, workspaceId: string, level: PermissionType = 'read' )
| 198 | * Returns null on success, NextResponse on failure. |
| 199 | */ |
| 200 | export async function validateWorkspaceAccess( |
| 201 | rateLimit: RateLimitResult, |
| 202 | userId: string, |
| 203 | workspaceId: string, |
| 204 | level: PermissionType = 'read' |
| 205 | ): Promise<NextResponse | null> { |
| 206 | const scopeError = await checkWorkspaceScope(rateLimit, workspaceId) |
| 207 | if (scopeError) return scopeError |
| 208 | |
| 209 | const permission = await getUserEntityPermissions(userId, 'workspace', workspaceId) |
| 210 | if (!permissionSatisfies(permission, level)) { |
| 211 | return NextResponse.json({ error: 'Access denied' }, { status: 403 }) |
| 212 | } |
| 213 | return null |
| 214 | } |
no test coverage detected