Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-14 05:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(server): permission check for workspace doc match (#12139)

Browse Source 
<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

- **Bug Fixes**
  - Improved permission checks to ensure users only see document chunks they have read access to.
  - Enhanced error handling for clearer and more user-friendly error messages.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
darkskygit
2025-05-09 07:35:47 +00:00
parent 97aa3fc672
commit 918b3b2dab
1 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
packages/backend/server/src/plugins/copilot/context/resolver.ts
View File

@@ -710,28 +710,44 @@ export class CopilotContextResolver {
return [];
}
const session = await this.context.get(context.id);
await this.ac
.user(user.id)
.workspace(session.workspaceId)
.allowLocal()
.assert('Workspace.Copilot');
const allowEmbedding = await this.models.workspace.allowEmbedding(
session.workspaceId
);
if (!allowEmbedding) {
return [];
}
try {
return await session.matchWorkspaceChunks(
const session = await this.context.get(context.id);
await this.ac
.user(user.id)
.workspace(session.workspaceId)
.allowLocal()
.assert('Workspace.Copilot');
const allowEmbedding = await this.models.workspace.allowEmbedding(
session.workspaceId
);
if (!allowEmbedding) {
return [];
}
const chunks = await session.matchWorkspaceChunks(
content,
limit,
this.getSignal(ctx.req),
scopedThreshold,
threshold
);
const docsMap = await Promise.all(
chunks.map(c =>
this.ac
.user(user.id)
.workspace(session.workspaceId)
.doc(c.docId)
.can('Doc.Read')
.then(ret => [c.docId, ret] as const)
)
).then(r => new Map(r));
return chunks.filter(c => docsMap.get(c.docId));
} catch (e: any) {
// passthrough user friendly error
if (e instanceof UserFriendlyError) {
throw e;
}
throw new CopilotFailedToMatchContext({
contextId: context.id,
// don't record the large content