WIP: add user role check optimization to user principal check, update type comparisons

2025-12-22 19:30:15 +01:00 · 2025-08-03 21:53:06 -04:00 · 2025-08-03 21:53:06 -04:00 · ecd7bf0d51
commit ecd7bf0d51
parent 89f0a4e02f
19 changed files with 481 additions and 71 deletions
--- a/api/server/routes/files/files.js
+++ b/api/server/routes/files/files.js
@ -79,6 +79,7 @@ router.get('/agent/:agent_id', async (req, res) => {
    if (agent.author.toString() !== userId) {
      const hasEditPermission = await checkPermission({
        userId,
+        role: req.user.role,
        resourceType: ResourceType.AGENT,
        resourceId: agent._id,
        requiredPermission: PermissionBits.EDIT,
@ -152,7 +153,7 @@ router.delete('/', async (req, res) => {
    const nonOwnedFiles = [];

    for (const file of dbFiles) {
-      if (file.user.toString() === req.user.id) {
+      if (file.user.toString() === req.user.id.toString()) {
        ownedFiles.push(file);
      } else {
        nonOwnedFiles.push(file);
@ -176,11 +177,12 @@ router.delete('/', async (req, res) => {

    if (req.body.agent_id && nonOwnedFiles.length > 0) {
      const nonOwnedFileIds = nonOwnedFiles.map((f) => f.file_id);
-      const accessMap = await hasAccessToFilesViaAgent(
-        req.user.id,
-        nonOwnedFileIds,
-        req.body.agent_id,
-      );
+      const accessMap = await hasAccessToFilesViaAgent({
+        userId: req.user.id,
+        role: req.user.role,
+        fileIds: nonOwnedFileIds,
+        agentId: req.body.agent_id,
+      });

      for (const file of nonOwnedFiles) {
        if (accessMap.get(file.file_id)) {