(
workspaceId: string,
userId: string,
options?: { isWorkspaceAdmin?: boolean }
)
| 428 | } |
| 429 | |
| 430 | export async function getAccessibleEnvCredentials( |
| 431 | workspaceId: string, |
| 432 | userId: string, |
| 433 | options?: { isWorkspaceAdmin?: boolean } |
| 434 | ): Promise<AccessibleEnvCredential[]> { |
| 435 | const isWorkspaceAdmin = |
| 436 | options?.isWorkspaceAdmin ?? (await hasWorkspaceAdminAccess(userId, workspaceId)) |
| 437 | |
| 438 | const rows = await db |
| 439 | .select({ |
| 440 | type: credential.type, |
| 441 | envKey: credential.envKey, |
| 442 | envOwnerUserId: credential.envOwnerUserId, |
| 443 | updatedAt: credential.updatedAt, |
| 444 | }) |
| 445 | .from(credential) |
| 446 | .leftJoin( |
| 447 | credentialMember, |
| 448 | and( |
| 449 | eq(credentialMember.credentialId, credential.id), |
| 450 | eq(credentialMember.userId, userId), |
| 451 | eq(credentialMember.status, 'active') |
| 452 | ) |
| 453 | ) |
| 454 | .where( |
| 455 | and( |
| 456 | eq(credential.workspaceId, workspaceId), |
| 457 | inArray(credential.type, ['env_workspace', 'env_personal']), |
| 458 | or( |
| 459 | isNotNull(credentialMember.id), |
| 460 | eq(credential.envOwnerUserId, userId), |
| 461 | isWorkspaceAdmin ? eq(credential.type, 'env_workspace') : undefined |
| 462 | ) |
| 463 | ) |
| 464 | ) |
| 465 | |
| 466 | return rows |
| 467 | .filter( |
| 468 | (row): row is typeof row & { type: 'env_workspace' | 'env_personal'; envKey: string } => |
| 469 | row.envKey !== null && (row.type === 'env_workspace' || row.type === 'env_personal') |
| 470 | ) |
| 471 | .map((row) => ({ |
| 472 | type: row.type, |
| 473 | envKey: row.envKey, |
| 474 | envOwnerUserId: row.envOwnerUserId, |
| 475 | updatedAt: row.updatedAt, |
| 476 | })) |
| 477 | } |
| 478 | |
| 479 | export interface AccessibleOAuthCredential { |
| 480 | id: string |
no test coverage detected