ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-16 10:50:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix feedback review findings

Browse source 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
dotta 2026-04-02 10:03:07 -05:00
parent c0d0d03bce
commit d12e3e3d1a
7 changed files with 200 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

30
server/src/routes/issues.ts
View file

@ -116,6 +116,13 @@ export function issueRoutes(db: Db, storage: StorageService) {
return false;
}
function actorCanAccessCompany(req: Request, companyId: string) {
if (req.actor.type === "none") return false;
if (req.actor.type === "agent") return req.actor.companyId === companyId;
if (req.actor.source === "local_implicit" || req.actor.isInstanceAdmin) return true;
return (req.actor.companyIds ?? []).includes(companyId);
}
function canCreateAgentsLegacy(agent: { permissions: Record<string, unknown> | null | undefined; role: string }) {
if (agent.role === "ceo") return true;
if (!agent.permissions || typeof agent.permissions !== "object") return false;
@ -1538,31 +1545,30 @@ export function issueRoutes(db: Db, storage: StorageService) {
router.get("/feedback-traces/:traceId", async (req, res) => {
const traceId = req.params.traceId as string;
const trace = await feedback.getFeedbackTraceById(traceId, parseBooleanQuery(req.query.includePayload) || req.query.includePayload === undefined);
if (!trace) {
res.status(404).json({ error: "Feedback trace not found" });
return;
}
assertCompanyAccess(req, trace.companyId);
if (req.actor.type !== "board") {
res.status(403).json({ error: "Only board users can view feedback traces" });
return;
}
const includePayload = parseBooleanQuery(req.query.includePayload) || req.query.includePayload === undefined;
const trace = await feedback.getFeedbackTraceById(traceId, includePayload);
if (!trace || !actorCanAccessCompany(req, trace.companyId)) {
res.status(404).json({ error: "Feedback trace not found" });
return;
}
res.json(trace);
});
router.get("/feedback-traces/:traceId/bundle", async (req, res) => {
const traceId = req.params.traceId as string;
const bundle = await feedback.getFeedbackTraceBundle(traceId);
if (!bundle) {
res.status(404).json({ error: "Feedback trace not found" });
return;
}
assertCompanyAccess(req, bundle.companyId);
if (req.actor.type !== "board") {
res.status(403).json({ error: "Only board users can view feedback trace bundles" });
return;
}
const bundle = await feedback.getFeedbackTraceBundle(traceId);
if (!bundle || !actorCanAccessCompany(req, bundle.companyId)) {
res.status(404).json({ error: "Feedback trace not found" });
return;
}
res.json(bundle);
});