( workflowId: string, userId: string, action: 'read' | 'write' | 'admin' = 'read' )
| 6 | type WorkflowRecord = NonNullable<Awaited<ReturnType<typeof getWorkflowById>>> |
| 7 | |
| 8 | export async function ensureWorkflowAccess( |
| 9 | workflowId: string, |
| 10 | userId: string, |
| 11 | action: 'read' | 'write' | 'admin' = 'read' |
| 12 | ): Promise<{ |
| 13 | workflow: WorkflowRecord |
| 14 | workspaceId?: string | null |
| 15 | }> { |
| 16 | const result = await authorizeWorkflowByWorkspacePermission({ |
| 17 | workflowId, |
| 18 | userId, |
| 19 | action, |
| 20 | }) |
| 21 | |
| 22 | if (!result.workflow) { |
| 23 | throw new Error(`Workflow ${workflowId} not found`) |
| 24 | } |
| 25 | |
| 26 | if (!result.allowed) { |
| 27 | throw new Error(result.message || 'Unauthorized workflow access') |
| 28 | } |
| 29 | |
| 30 | return { workflow: result.workflow, workspaceId: result.workflow.workspaceId } |
| 31 | } |
| 32 | |
| 33 | export async function getDefaultWorkspaceId(userId: string): Promise<string> { |
| 34 | const accessibleRows = await listAccessibleWorkspaceRowsForUser(userId) |
no test coverage detected