()
| 67 | } |
| 68 | |
| 69 | export function usePermissionConfig(): PermissionConfigResult { |
| 70 | const params = useParams() |
| 71 | const workspaceId = typeof params?.workspaceId === 'string' ? params.workspaceId : undefined |
| 72 | |
| 73 | const { data: permissionData, isLoading: isPermissionLoading } = |
| 74 | useUserPermissionConfig(workspaceId) |
| 75 | const { data: envAllowlistData, isLoading: isEnvAllowlistLoading } = |
| 76 | useAllowedIntegrationsFromEnv() |
| 77 | |
| 78 | const isLoading = isPermissionLoading || isEnvAllowlistLoading |
| 79 | |
| 80 | const config = useMemo(() => { |
| 81 | if (!permissionData?.config) { |
| 82 | return DEFAULT_PERMISSION_GROUP_CONFIG |
| 83 | } |
| 84 | return permissionData.config |
| 85 | }, [permissionData]) |
| 86 | |
| 87 | const isInPermissionGroup = !!permissionData?.permissionGroupId |
| 88 | |
| 89 | const mergedAllowedIntegrations = useMemo(() => { |
| 90 | const envAllowlist = envAllowlistData?.allowedIntegrations ?? null |
| 91 | return intersectAllowlists(config.allowedIntegrations, envAllowlist) |
| 92 | }, [config.allowedIntegrations, envAllowlistData]) |
| 93 | |
| 94 | const isBlockAllowed = useMemo(() => { |
| 95 | return (blockType: string) => { |
| 96 | if (isBlockTypeAccessControlExempt(blockType)) return true |
| 97 | if (mergedAllowedIntegrations === null) return true |
| 98 | return mergedAllowedIntegrations.includes(blockType.toLowerCase()) |
| 99 | } |
| 100 | }, [mergedAllowedIntegrations]) |
| 101 | |
| 102 | const isProviderAllowed = useMemo(() => { |
| 103 | return (providerId: string) => { |
| 104 | if (config.allowedModelProviders === null) return true |
| 105 | return config.allowedModelProviders.includes(providerId) |
| 106 | } |
| 107 | }, [config.allowedModelProviders]) |
| 108 | |
| 109 | const isModelAllowed = useMemo(() => { |
| 110 | return (model: string) => { |
| 111 | if (config.deniedModels.length === 0) return true |
| 112 | const normalized = model.toLowerCase() |
| 113 | return !config.deniedModels.some((denied) => denied.toLowerCase() === normalized) |
| 114 | } |
| 115 | }, [config.deniedModels]) |
| 116 | |
| 117 | const isToolAllowed = useMemo(() => { |
| 118 | return (toolId: string) => { |
| 119 | if (config.deniedTools.length === 0) return true |
| 120 | return !config.deniedTools.includes(toolId) |
| 121 | } |
| 122 | }, [config.deniedTools]) |
| 123 | |
| 124 | const filterBlocks = useMemo(() => { |
| 125 | return <T extends { type: string }>(blocks: T[]): T[] => { |
| 126 | if (mergedAllowedIntegrations === null) return blocks |
no test coverage detected