(
userId: string,
workspaceId?: string,
options?: { workspaceAccess?: WorkspaceAccess }
)
| 91 | } |
| 92 | |
| 93 | export async function getPersonalAndWorkspaceEnv( |
| 94 | userId: string, |
| 95 | workspaceId?: string, |
| 96 | options?: { workspaceAccess?: WorkspaceAccess } |
| 97 | ): Promise<{ |
| 98 | personalEncrypted: Record<string, string> |
| 99 | workspaceEncrypted: Record<string, string> |
| 100 | personalDecrypted: Record<string, string> |
| 101 | workspaceDecrypted: Record<string, string> |
| 102 | conflicts: string[] |
| 103 | decryptionFailures: string[] |
| 104 | }> { |
| 105 | let workspaceCanAdmin = false |
| 106 | if (workspaceId) { |
| 107 | const access = options?.workspaceAccess ?? (await checkWorkspaceAccess(workspaceId, userId)) |
| 108 | if (!access.hasAccess) { |
| 109 | throw new Error(`Access denied to workspace ${workspaceId}`) |
| 110 | } |
| 111 | workspaceCanAdmin = access.canAdmin |
| 112 | } |
| 113 | |
| 114 | const [personalRows, workspaceRows, accessibleEnvCredentials] = await Promise.all([ |
| 115 | db.select().from(environment).where(eq(environment.userId, userId)).limit(1), |
| 116 | workspaceId |
| 117 | ? db |
| 118 | .select() |
| 119 | .from(workspaceEnvironment) |
| 120 | .where(eq(workspaceEnvironment.workspaceId, workspaceId)) |
| 121 | .limit(1) |
| 122 | : Promise.resolve([] as any[]), |
| 123 | workspaceId |
| 124 | ? getAccessibleEnvCredentials(workspaceId, userId, { isWorkspaceAdmin: workspaceCanAdmin }) |
| 125 | : Promise.resolve([]), |
| 126 | ]) |
| 127 | |
| 128 | const ownPersonalEncrypted: Record<string, string> = (personalRows[0]?.variables as any) || {} |
| 129 | const allWorkspaceEncrypted: Record<string, string> = (workspaceRows[0]?.variables as any) || {} |
| 130 | |
| 131 | const hasCredentialFiltering = Boolean(workspaceId) && accessibleEnvCredentials.length > 0 |
| 132 | const workspaceCredentialKeys = new Set( |
| 133 | accessibleEnvCredentials.filter((row) => row.type === 'env_workspace').map((row) => row.envKey) |
| 134 | ) |
| 135 | |
| 136 | const personalCredentialRows = accessibleEnvCredentials |
| 137 | .filter((row) => row.type === 'env_personal' && row.envOwnerUserId) |
| 138 | .sort((a, b) => { |
| 139 | const aIsRequester = a.envOwnerUserId === userId |
| 140 | const bIsRequester = b.envOwnerUserId === userId |
| 141 | if (aIsRequester && !bIsRequester) return -1 |
| 142 | if (!aIsRequester && bIsRequester) return 1 |
| 143 | return b.updatedAt.getTime() - a.updatedAt.getTime() |
| 144 | }) |
| 145 | |
| 146 | const selectedPersonalOwners = new Map<string, string>() |
| 147 | for (const row of personalCredentialRows) { |
| 148 | if (!selectedPersonalOwners.has(row.envKey) && row.envOwnerUserId) { |
| 149 | selectedPersonalOwners.set(row.envKey, row.envOwnerUserId) |
| 150 | } |
no test coverage detected