( chat: T | undefined, chatId: string, userId: string )
| 114 | Pick<typeof copilotChats.$inferSelect, 'model' | 'planArtifact' | 'config'> |
| 115 | |
| 116 | async function authorizeCopilotChatRow<T extends CopilotChatAuthRow>( |
| 117 | chat: T | undefined, |
| 118 | chatId: string, |
| 119 | userId: string |
| 120 | ): Promise<T | null> { |
| 121 | if (!chat) { |
| 122 | logger.warn('Copilot chat not found or not owned by user', { chatId, userId }) |
| 123 | return null |
| 124 | } |
| 125 | |
| 126 | if (chat.workflowId) { |
| 127 | const authorization = await authorizeWorkflowByWorkspacePermission({ |
| 128 | workflowId: chat.workflowId, |
| 129 | userId, |
| 130 | action: 'read', |
| 131 | }) |
| 132 | if (!authorization.allowed || !authorization.workflow) { |
| 133 | logger.warn('Copilot chat workflow not authorized for user', { |
| 134 | chatId, |
| 135 | userId, |
| 136 | workflowId: chat.workflowId, |
| 137 | }) |
| 138 | return null |
| 139 | } |
| 140 | } else if (chat.workspaceId) { |
| 141 | const access = await checkWorkspaceAccess(chat.workspaceId, userId) |
| 142 | if (!access.exists || !access.hasAccess) { |
| 143 | logger.warn('Copilot chat workspace not accessible to user', { |
| 144 | chatId, |
| 145 | userId, |
| 146 | workspaceId: chat.workspaceId, |
| 147 | }) |
| 148 | return null |
| 149 | } |
| 150 | } |
| 151 | |
| 152 | return chat |
| 153 | } |
| 154 | |
| 155 | /** |
| 156 | * Verify a copilot chat exists, is owned by the user, and the user has access |
no test coverage detected