MCPcopy Index your code
hub / github.com/tldraw/tldraw / assertUserCanAccessFileInternal

Function assertUserCanAccessFileInternal

packages/dotcom-shared/src/mutators.ts:162–187  ·  view source on GitHub ↗

* Check if a user has the required permissions for a file. * @param tx - The transaction * @param userId - The user ID to check permissions for * @param file - The file to check permissions on * @param allowGuestAccess - If true, shared files are accessible even if user isn't owner/member

(
	tx: Transaction<TlaSchema>,
	userId: string,
	file: TlaFile,
	allowGuestAccess: boolean
)

Source from the content-addressed store, hash-verified

160 * @param allowGuestAccess - If true, shared files are accessible even if user isn't owner/member
161 */
162async function assertUserCanAccessFileInternal(
163 tx: Transaction<TlaSchema>,
164 userId: string,
165 file: TlaFile,
166 allowGuestAccess: boolean
167) {
168 assert(file, ZErrorCode.bad_request)
169 assert(!file.isDeleted, ZErrorCode.bad_request)
170
171 // If shared and we allow shared access, grant access immediately
172 if (allowGuestAccess && file.shared) {
173 return
174 }
175
176 if (file.ownerId) {
177 // Legacy model: user must own the file
178 assert(file.ownerId === userId, ZErrorCode.forbidden)
179 } else if (file.owningGroupId) {
180 // New model: user must be a member of the owning workspace
181 const role = await getRole(tx, userId, file.owningGroupId)
182 assert(can(role, 'accessFiles'), ZErrorCode.forbidden)
183 } else {
184 // File has neither ownerId nor owningGroupId - invalid state
185 assert(false, ZErrorCode.bad_request)
186 }
187}
188
189/**
190 * Check if a user can access (read) a file.

Callers 2

assertUserCanAccessFileFunction · 0.85
assertUserCanUpdateFileFunction · 0.85

Calls 2

canFunction · 0.90
getRoleFunction · 0.70

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…