(params: {
workspaceId: string
envKeys: string[]
userId: string
})
| 51 | * yet (new or legacy), letting routes fall back to a workspace-permission gate. |
| 52 | */ |
| 53 | export async function getWorkspaceEnvKeyAdminAccess(params: { |
| 54 | workspaceId: string |
| 55 | envKeys: string[] |
| 56 | userId: string |
| 57 | }): Promise<WorkspaceEnvKeyAdminAccess> { |
| 58 | const { workspaceId, envKeys, userId } = params |
| 59 | const keys = Array.from(new Set(envKeys.filter(Boolean))) |
| 60 | if (keys.length === 0) return { adminKeys: new Set(), knownKeys: new Set() } |
| 61 | |
| 62 | const rows = await db |
| 63 | .select({ |
| 64 | envKey: credential.envKey, |
| 65 | role: credentialMember.role, |
| 66 | status: credentialMember.status, |
| 67 | }) |
| 68 | .from(credential) |
| 69 | .leftJoin( |
| 70 | credentialMember, |
| 71 | and(eq(credentialMember.credentialId, credential.id), eq(credentialMember.userId, userId)) |
| 72 | ) |
| 73 | .where( |
| 74 | and( |
| 75 | eq(credential.workspaceId, workspaceId), |
| 76 | eq(credential.type, 'env_workspace'), |
| 77 | inArray(credential.envKey, keys) |
| 78 | ) |
| 79 | ) |
| 80 | |
| 81 | const knownKeys = new Set<string>() |
| 82 | const adminKeys = new Set<string>() |
| 83 | for (const row of rows) { |
| 84 | if (!row.envKey) continue |
| 85 | knownKeys.add(row.envKey) |
| 86 | if (row.role === 'admin' && row.status === 'active') adminKeys.add(row.envKey) |
| 87 | } |
| 88 | return { adminKeys, knownKeys } |
| 89 | } |
| 90 | |
| 91 | interface AccessibleEnvCredential { |
| 92 | type: 'env_workspace' | 'env_personal' |
no test coverage detected