fixing public access for metric_files/data

2025-09-25 17:43:29 -06:00 · 2025-09-25 17:43:29 -06:00 · 32705b3048
parent e508feb877
commit 32705b3048
2 changed files with 23 additions and 37 deletions
--- a/apps/server/src/api/v2/metric_files/[id]/data/get-metric-data.ts
+++ b/apps/server/src/api/v2/metric_files/[id]/data/get-metric-data.ts
@ -38,17 +38,6 @@ export async function getMetricDataHandler(
  versionNumber?: number,
  reportFileId?: string
 ): Promise<MetricDataResponse> {
-  // Get user's organization
-  const userOrg = await getUserOrganizationId(user.id);
-
-  if (!userOrg) {
-    throw new HTTPException(403, {
-      message: 'You must be part of an organization to access metric data',
-    });
-  }
-
-  const { organizationId } = userOrg;
-
  // Retrieve metric definition from database with data source info
  const metric = await getMetricWithDataSource({ metricId, versionNumber });

@ -58,13 +47,6 @@ export async function getMetricDataHandler(
    });
  }

-  // Verify metric belongs to user's organization
-  if (metric.organizationId !== organizationId) {
-    throw new HTTPException(403, {
-      message: 'You do not have permission to view this metric',
-    });
-  }
-
  // Check if user has permission to view this metric file
  // hasAssetPermission internally handles:
  // 1. Direct permissions
@ -76,7 +58,7 @@ export async function getMetricDataHandler(
    assetId: metricId,
    assetType: 'metric_file',
    requiredRole: 'can_view',
-    organizationId,
+    organizationId: metric.organizationId,
    workspaceSharing: metric.workspaceSharing ?? 'none',
    publiclyAccessible: metric.publiclyAccessible,
    publicExpiryDate: metric.publicExpiryDate ?? undefined,
@ -98,13 +80,13 @@ export async function getMetricDataHandler(
    console.info('Checking R2 cache for metric data', {
      metricId,
      reportFileId,
-      organizationId,
+      organizationId: metric.organizationId,
      version: resolvedVersion,
    });

    try {
      const cachedData = await getCachedMetricData(
-        organizationId,
+        metric.organizationId,
        metricId,
        reportFileId,
        resolvedVersion
@ -184,22 +166,26 @@ export async function getMetricDataHandler(
      console.info('Writing metric data to cache', {
        metricId,
        reportFileId,
-        organizationId,
+        organizationId: metric.organizationId,
        version: resolvedVersion,
        rowCount: trimmedData.length,
      });

      // Fire and forget - don't wait for cache write
-      setCachedMetricData(organizationId, metricId, reportFileId, response, resolvedVersion).catch(
-        (error) => {
+      setCachedMetricData(
+        metric.organizationId,
+        metricId,
+        reportFileId,
+        response,
+        resolvedVersion
+      ).catch((error) => {
        console.error('Failed to cache metric data', {
          metricId,
          reportFileId,
          version: resolvedVersion,
          error: error instanceof Error ? error.message : 'Unknown error',
        });
-        }
-      );
+      });
    }

    return response;
--- a/packages/access-controls/src/assets/checks.ts
+++ b/packages/access-controls/src/assets/checks.ts
@ -48,12 +48,10 @@ export async function checkPermission(check: AssetPermissionCheck): Promise<Asse
  } = check;

  // Check cache first (only for single role checks)
-  if (!Array.isArray(requiredRole)) {
  const cached = getCachedPermission(userId, assetId, assetType, requiredRole);
  if (cached !== undefined) {
    return cached;
  }
-  }

  // Get user's organization memberships
  const userOrgs = await getUserOrganizationsByUserId(userId);
@ -112,6 +110,8 @@ export async function checkPermission(check: AssetPermissionCheck): Promise<Asse
    }
  }

+  console.info('publiclyAccessible', publiclyAccessible);
+
  if (publiclyAccessible) {
    const hasPublicAccessCheck = hasPublicAccess(
      publiclyAccessible,