fix: check doc access before sending mention email (#7664)

* fix: check doc access before sending mention email * refactor --------- Co-authored-by: Tom Moor <tom.moor@gmail.com>
2026-04-28 21:49:32 -05:00 · 2024-09-29 02:59:34 +05:30
parent 3f73c9d2bf
commit c58aafeb32
5 changed files with 33 additions and 17 deletions
@@ -0,0 +1,21 @@
+import { Document, User } from "@server/models";
+import { authorize } from "@server/policies";
+
+/**
+ * Check if the given user can access a document
+ *
+ * @param user - The user to check
+ * @param documentId - The document to check
+ * @returns Boolean whether the user can access the document
+ */
+export const canUserAccessDocument = async (user: User, documentId: string) => {
+  try {
+    const document = await Document.findByPk(documentId, {
+      userId: user.id,
+    });
+    authorize(user, "read", document);
+    return true;
+  } catch (err) {
+    return false;
+  }
+};