( userId: string, scope: WorkspaceScope = 'active' )
| 53 | * owner/admin. Implements the workspace-permission inheritance model. |
| 54 | */ |
| 55 | export async function getOrgAdminWorkspaceRows( |
| 56 | userId: string, |
| 57 | scope: WorkspaceScope = 'active' |
| 58 | ): Promise<Array<typeof workspaceTable.$inferSelect>> { |
| 59 | const [membership] = await db |
| 60 | .select({ organizationId: member.organizationId, role: member.role }) |
| 61 | .from(member) |
| 62 | .where(eq(member.userId, userId)) |
| 63 | .limit(1) |
| 64 | |
| 65 | if (!membership || !isOrgAdminRole(membership.role)) { |
| 66 | return [] |
| 67 | } |
| 68 | |
| 69 | const orgFilter = eq(workspaceTable.organizationId, membership.organizationId) |
| 70 | const where = |
| 71 | scope === 'all' |
| 72 | ? orgFilter |
| 73 | : scope === 'archived' |
| 74 | ? and(orgFilter, sql`${workspaceTable.archivedAt} IS NOT NULL`) |
| 75 | : and(orgFilter, isNull(workspaceTable.archivedAt)) |
| 76 | |
| 77 | return db.select().from(workspaceTable).where(where).orderBy(desc(workspaceTable.createdAt)) |
| 78 | } |
| 79 | |
| 80 | /** |
| 81 | * Every workspace a user can access: explicit permission grants plus workspaces |
no test coverage detected