refactor: Implement file access filtering based on agent permissions

- Introduced `filterFilesByAgentAccess` function to filter files based on user access through agents.
- Updated `getFiles` and `primeFiles` functions to utilize the new filtering logic.
- Moved `hasAccessToFilesViaAgent` function from the File model to permission services, adjusting imports accordingly
- Enhanced tests to ensure proper access control and filtering behavior for files associated with agents.

api/server/services/Files/Code/process.js

@@ -11,6 +11,7 @@ const {
   imageExtRegex,
   EToolResources,
 } = require('librechat-data-provider');
+const { filterFilesByAgentAccess } = require('~/server/services/Files/permissions');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { convertImage } = require('~/server/services/Files/images/convert');
 const { createFile, getFiles, updateFile } = require('~/models/File');
@@ -164,14 +165,19 @@ const primeFiles = async (options, apiKey) => {
   const file_ids = tool_resources?.[EToolResources.execute_code]?.file_ids ?? [];
   const agentResourceIds = new Set(file_ids);
   const resourceFiles = tool_resources?.[EToolResources.execute_code]?.files ?? [];
-  const dbFiles = (
-    (await getFiles(
-      { file_id: { $in: file_ids } },
-      null,
-      { text: 0 },
-      { userId: req?.user?.id, agentId },
-    )) ?? []
-  ).concat(resourceFiles);
+
+  // Get all files first
+  const allFiles = (await getFiles({ file_id: { $in: file_ids } }, null, { text: 0 })) ?? [];
+
+  // Filter by access if user and agent are provided
+  let dbFiles;
+  if (req?.user?.id && agentId) {
+    dbFiles = await filterFilesByAgentAccess(allFiles, req.user.id, agentId);
+  } else {
+    dbFiles = allFiles;
+  }
+
+  dbFiles = dbFiles.concat(resourceFiles);
 
   const files = [];
   const sessions = new Map();