🛂 feat: Role as Permission Principal Type

WIP: Role as Permission Principal Type WIP: add user role check optimization to user principal check, update type comparisons WIP: cover edge cases for string vs ObjectId handling in permission granting and checking chore: Update people picker access middleware to use PrincipalType constants feat: Enhance people picker access control to include roles permissions chore: add missing default role schema values for people picker perms, cleanup typing feat: Enhance PeoplePicker component with role-specific UI and localization updates chore: Add missing `VIEW_ROLES` permission to role schema
2025-12-17 08:50:15 +01:00 · 2025-08-03 19:24:40 -04:00 · 2025-08-03 19:24:40 -04:00 · 39346d6b8e
commit 39346d6b8e
parent 28d63dab71
49 changed files with 2879 additions and 258 deletions
--- a/api/server/middleware/accessResources/fileAccess.js
+++ b/api/server/middleware/accessResources/fileAccess.js
@ -8,7 +8,7 @@ const { getFiles } = require('~/models/File');
 * Checks if user has access to a file through agent permissions
 * Files inherit permissions from agents - if you can view the agent, you can access its files
 */
-const checkAgentBasedFileAccess = async (userId, fileId) => {
+const checkAgentBasedFileAccess = async ({ userId, role, fileId }) => {
  try {
    // Find agents that have this file in their tool_resources
    const agentsWithFile = await getAgent({
@ -35,6 +35,7 @@ const checkAgentBasedFileAccess = async (userId, fileId) => {
      try {
        const permissions = await getEffectivePermissions({
          userId,
+          role,
          resourceType: ResourceType.AGENT,
          resourceId: agent._id || agent.id,
        });
@ -67,7 +68,7 @@ const fileAccess = async (req, res, next) => {
  try {
    const fileId = req.params.file_id;
    const userId = req.user?.id;
-
+    const userRole = req.user?.role;
    if (!fileId) {
      return res.status(400).json({
        error: 'Bad Request',
@ -98,7 +99,7 @@ const fileAccess = async (req, res, next) => {
    }

    // Check agent-based access (file inherits agent permissions)
-    const hasAgentAccess = await checkAgentBasedFileAccess(userId, fileId);
+    const hasAgentAccess = await checkAgentBasedFileAccess({ userId, role: userRole, fileId });
    if (hasAgentAccess) {
      req.fileAccess = { file };
      return next();