feat: extract permission check

packages/backend/server/src/core/workspaces/permission.ts

@@ -112,6 +112,23 @@ export class PermissionService {
     return count !== 0;
   }
 
+  /**
+   * only check permission if the workspace is a cloud workspace
+   * @param workspaceId workspace id
+   * @param userId user id, check if is a public workspace if not provided
+   * @param permission default is read
+   */
+  async checkCloudWorkspace(
+    workspaceId: string,
+    userId?: string,
+    permission: Permission = Permission.Read
+  ) {
+    const hasWorkspace = await this.hasWorkspace(workspaceId);
+    if (hasWorkspace) {
+      await this.checkWorkspace(workspaceId, userId, permission);
+    }
+  }
+
   async checkWorkspace(
     ws: string,
     user?: string,
@@ -279,6 +296,25 @@ export class PermissionService {
   /// End regin: workspace permission
 
   /// Start regin: page permission
+  /**
+   * only check permission if the workspace is a cloud workspace
+   * @param workspaceId workspace id
+   * @param pageId page id aka doc id
+   * @param userId user id, check if is a public page if not provided
+   * @param permission default is read
+   */
+  async checkCloudPagePermission(
+    workspaceId: string,
+    pageId: string,
+    userId?: string,
+    permission = Permission.Read
+  ) {
+    const hasWorkspace = await this.hasWorkspace(workspaceId);
+    if (hasWorkspace) {
+      await this.checkPagePermission(workspaceId, pageId, userId, permission);
+    }
+  }
+
   async checkPagePermission(
     ws: string,
     page: string,

packages/backend/server/src/plugins/copilot/resolver.ts

@@ -159,7 +159,7 @@ export class CopilotResolver {
     @CurrentUser() user: CurrentUser
   ) {
     if (!copilot.workspaceId) return [];
-    await this.permissions.checkWorkspace(copilot.workspaceId, user.id);
+    await this.permissions.checkCloudWorkspace(copilot.workspaceId, user.id);
     return await this.chatSession.listSessions(user.id, copilot.workspaceId);
   }
 
@@ -172,7 +172,7 @@ export class CopilotResolver {
     @CurrentUser() user: CurrentUser
   ) {
     if (!copilot.workspaceId) return [];
-    await this.permissions.checkWorkspace(copilot.workspaceId, user.id);
+    await this.permissions.checkCloudWorkspace(copilot.workspaceId, user.id);
     return await this.chatSession.listSessions(user.id, copilot.workspaceId, {
       action: true,
     });
@@ -194,9 +194,13 @@ export class CopilotResolver {
     if (!workspaceId) {
       return [];
     } else if (docId) {
-      await this.permissions.checkPagePermission(workspaceId, docId, user.id);
+      await this.permissions.checkCloudPagePermission(
+        workspaceId,
+        docId,
+        user.id
+      );
     } else {
-      await this.permissions.checkWorkspace(workspaceId, user.id);
+      await this.permissions.checkCloudWorkspace(workspaceId, user.id);
     }
 
     return await this.chatSession.listHistories(
@@ -216,7 +220,7 @@ export class CopilotResolver {
     @Args({ name: 'options', type: () => CreateChatSessionInput })
     options: CreateChatSessionInput
   ) {
-    await this.permissions.checkPagePermission(
+    await this.permissions.checkCloudPagePermission(
       options.workspaceId,
       options.docId,
       user.id
@@ -255,12 +259,7 @@ export class UserCopilotResolver {
     @Args('workspaceId', { nullable: true }) workspaceId?: string
   ) {
     if (workspaceId) {
-      const hasWorkspace = await this.permissions.hasWorkspace(workspaceId);
-      // only check permission if the workspace is a cloud workspace
-      // now allow user to create copilot session in local workspace
-      if (hasWorkspace) {
-        await this.permissions.checkWorkspace(workspaceId, user.id);
-      }
+      await this.permissions.checkCloudWorkspace(workspaceId, user.id);
     }
     return { workspaceId };
   }