import-ai
diff --git a/‎src/interceptor/user.interceptor.ts‎
Lines changed: 20 additions & 10 deletions b/‎src/interceptor/user.interceptor.ts‎
Lines changed: 20 additions & 10 deletions
diff --git a/‎src/interceptor/ws-span.interceptor.ts‎
Lines changed: 25 additions & 0 deletions b/‎src/interceptor/ws-span.interceptor.ts‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎src/namespace-resources/file-resources.controller.ts‎
Lines changed: 2 additions & 2 deletions b/‎src/namespace-resources/file-resources.controller.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/namespace-resources/namespace-resources.controller.ts‎
Lines changed: 7 additions & 5 deletions b/‎src/namespace-resources/namespace-resources.controller.ts‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎src/namespace-resources/namespace-resources.service.ts‎
Lines changed: 32 additions & 42 deletions b/‎src/namespace-resources/namespace-resources.service.ts‎
Lines changed: 32 additions & 42 deletions
diff --git a/‎src/permissions/permissions.service.ts‎
Lines changed: 31 additions & 2 deletions b/‎src/permissions/permissions.service.ts‎
Lines changed: 31 additions & 2 deletions
@@ -7,6 +7,7 @@ import {
 import { Observable } from 'rxjs';
 import { tap, finalize } from 'rxjs/operators';
 import { trace, context } from '@opentelemetry/api';
+import { Socket } from 'socket.io';
 
 const LOGIN_URLS = ['/api/v1/login', '/api/v1/sign-up/confirm'];
 
@@ -16,24 +17,33 @@ export class UserInterceptor implements NestInterceptor {
     executionContext: ExecutionContext,
     next: CallHandler,
   ): Observable<any> {
-    const req = executionContext.switchToHttp().getRequest();
     const tracer = trace.getTracer('user-interceptor');
-
     return tracer.startActiveSpan(
       'UserInterceptor',
       {},
       context.active(),
       (span) => {
         return next.handle().pipe(
           tap((responseBody) => {
-            if (req.user?.id) {
-              span.setAttribute('user.id', req.user.id);
-            } else if (
-              LOGIN_URLS.includes(req.url) &&
-              req.method === 'POST' &&
-              responseBody?.id
-            ) {
-              span.setAttribute('user.id', responseBody.id);
+            const ctxType = executionContext.getType();
+            let userId: string | null = null;
+            if (ctxType === 'http') {
+              const httpReq = executionContext.switchToHttp().getRequest();
+              if (httpReq.user?.id) {
+                userId = httpReq.user.id;
+              } else if (
+                LOGIN_URLS.includes(httpReq.url) &&
+                httpReq.method === 'POST' &&
+                responseBody?.id
+              ) {
+                userId = responseBody.id;
+              }
+            } else if (ctxType === 'ws') {
+              const client = executionContext.switchToWs().getClient<Socket>();
+              userId = client.data.userId;
+            }
+            if (userId) {
+              span.setAttribute('user.id', userId);
             }
           }),
           finalize(() => span.end()),
 
@@ -0,0 +1,25 @@
+import {
+  Injectable,
+  NestInterceptor,
+  ExecutionContext,
+  CallHandler,
+} from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { finalize } from 'rxjs/operators';
+import { trace, context } from '@opentelemetry/api';
+
+@Injectable()
+export class WsSpanInterceptor implements NestInterceptor {
+  intercept(
+    executionContext: ExecutionContext,
+    next: CallHandler,
+  ): Observable<any> {
+    const wsContext = executionContext.switchToWs();
+    const messageName = wsContext.getPattern();
+    const spanName = `SOCKET /api/v1/socket.io/wizard/${messageName}`;
+    const tracer = trace.getTracer('ws-span-interceptor');
+    return tracer.startActiveSpan(spanName, {}, context.active(), (span) => {
+      return next.handle().pipe(finalize(() => span.end()));
+    });
+  }
+}
@@ -37,7 +37,7 @@ export class FileResourcesController {
       parentId,
       undefined,
     );
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId,
       userId,
       resourceId: newResource.id,
@@ -92,7 +92,7 @@ export class FileResourcesController {
       mimetype,
       parentId,
     );
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId,
       userId: req.user!.id,
       resourceId: newResource.id,
 
@@ -53,7 +53,7 @@ export class NamespaceResourcesController {
       userId,
       data,
     );
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId: data.namespaceId,
       resourceId: newResource.id,
       userId: userId,
@@ -68,9 +68,10 @@ export class NamespaceResourcesController {
   ) {
     const newResource = await this.namespaceResourcesService.duplicate(
       req.user!.id,
+      namespaceId,
       resourceId,
     );
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId,
       userId: req.user!.id,
       resourceId: newResource.id,
@@ -141,7 +142,7 @@ export class NamespaceResourcesController {
     @Param('namespaceId') namespaceId: string,
     @Param('resourceId') resourceId: string,
   ) {
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId,
       resourceId,
       userId: req.user!.id,
@@ -165,7 +166,7 @@ export class NamespaceResourcesController {
       throw new ForbiddenException('Not authorized');
     }
     await this.namespaceResourcesService.update(req.user!.id, resourceId, data);
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId,
       resourceId,
       userId: req.user!.id,
@@ -189,6 +190,7 @@ export class NamespaceResourcesController {
     }
     return await this.namespaceResourcesService.delete(
       req.user!.id,
+      namespaceId,
       resourceId,
     );
   }
@@ -200,7 +202,7 @@ export class NamespaceResourcesController {
     @Param('resourceId') resourceId: string,
   ) {
     await this.namespaceResourcesService.restore(req.user!.id, resourceId);
-    return await this.namespaceResourcesService.getPath({
+    return await this.namespaceResourcesService.getResource({
       namespaceId,
       resourceId,
       userId: req.user!.id,
 
@@ -202,8 +202,11 @@ export class NamespaceResourcesService {
     );
   }
 
-  async duplicate(userId: string, resourceId: string) {
-    const resource = await this.get(resourceId);
+  async duplicate(userId: string, namespaceId: string, resourceId: string) {
+    const resource = await this.resourcesService.getResourceOrFail(
+      namespaceId,
+      resourceId,
+    );
     if (!resource.parentId) {
       throw new BadRequestException('Cannot duplicate root resource.');
     }
@@ -361,9 +364,9 @@ export class NamespaceResourcesService {
     // Self and child exclusions
     if (excludeResourceId) {
       const resourceChildren = await this.getSubResourcesByUser(
+        userId,
         namespaceId,
         excludeResourceId,
-        userId,
       );
       where.id = Not(
         In([
@@ -390,9 +393,9 @@ export class NamespaceResourcesService {
   }
 
   async getSubResourcesByUser(
+    userId: string,
     namespaceId: string,
     resourceId: string,
-    userId: string,
   ): Promise<ResourceMetaDto[]> {
     const parents = await this.resourcesService.getParentResourcesOrFail(
       namespaceId,
@@ -452,8 +455,8 @@ export class NamespaceResourcesService {
     );
     const resources = [...parents, ...children, ...subChildren];
     const permissionMap = await this.permissionsService.getCurrentPermissions(
-      namespaceId,
       userId,
+      namespaceId,
       resources,
     );
 
@@ -494,7 +497,7 @@ export class NamespaceResourcesService {
     return count > 0 ? SpaceType.TEAM : SpaceType.PRIVATE;
   }
 
-  async getPath({
+  async getResource({
     userId,
     namespaceId,
     resourceId,
@@ -503,7 +506,10 @@ export class NamespaceResourcesService {
     namespaceId: string;
     resourceId: string;
   }): Promise<ResourceDto> {
-    const resource = await this.get(resourceId);
+    const resource = await this.resourcesService.getResourceOrFail(
+      namespaceId,
+      resourceId,
+    );
     if (resource.namespaceId !== namespaceId) {
       throw new NotFoundException('Not found');
     }
@@ -541,18 +547,6 @@ export class NamespaceResourcesService {
     );
   }
 
-  async get(id: string) {
-    const resource = await this.resourceRepository.findOne({
-      where: {
-        id,
-      },
-    });
-    if (!resource) {
-      throw new NotFoundException('Resource not found.');
-    }
-    return resource;
-  }
-
   async update(userId: string, resourceId: string, data: UpdateResourceDto) {
     await this.resourcesService.updateResource(
       data.namespaceId,
@@ -567,8 +561,11 @@ export class NamespaceResourcesService {
     );
   }
 
-  async delete(userId: string, id: string) {
-    const resource = await this.get(id);
+  async delete(userId: string, namespaceId: string, id: string) {
+    const resource = await this.resourcesService.getResourceOrFail(
+      namespaceId,
+      id,
+    );
     if (!resource.parentId) {
       throw new BadRequestException('Cannot delete root resource.');
     }
@@ -658,7 +655,10 @@ export class NamespaceResourcesService {
     const encodedName = encodeFileName(fileName);
     let resource: Resource;
     if (resourceId) {
-      resource = await this.get(resourceId);
+      resource = await this.resourcesService.getResourceOrFail(
+        namespaceId,
+        resourceId,
+      );
       if (resource.resourceType !== ResourceType.FILE) {
         throw new BadRequestException('Resource is not a file.');
       }
@@ -714,7 +714,10 @@ export class NamespaceResourcesService {
 
     let resource: Resource;
     if (resourceId) {
-      resource = await this.get(resourceId);
+      resource = await this.resourcesService.getResourceOrFail(
+        namespaceId,
+        resourceId,
+      );
       if (resource.resourceType !== ResourceType.FILE) {
         throw new BadRequestException('Resource is not a file.');
       }
@@ -778,30 +781,17 @@ export class NamespaceResourcesService {
     return { fileStream, resource };
   }
 
-  async listAllUserAccessibleResources(
-    namespaceId: string,
+  async getAllResourcesByUser(
     userId: string,
+    namespaceId: string,
     includeRoot: boolean = false,
-  ) {
-    const resources = await this.resourceRepository.find({
-      where: { namespaceId, deletedAt: IsNull() },
-    });
-    const filteredResources = await this.permissionFilter(
-      namespaceId,
+  ): Promise<ResourceMetaDto[]> {
+    const resources = await this.permissionsService.filterResourcesByPermission(
       userId,
-      resources.filter((res) => res.parentId !== null || includeRoot),
-    );
-
-    // Load tags for filtered resources
-    const tagsMap = await this.getTagsForResources(
       namespaceId,
-      filteredResources,
+      await this.resourcesService.getAllResources(namespaceId),
     );
-
-    return filteredResources.map((resource) => ({
-      ...resource,
-      tags: tagsMap.get(resource.id) || [],
-    }));
+    return resources.filter((res) => res.parentId !== null || includeRoot);
   }
 
   async listAllResources(offset: number, limit: number) {
 
@@ -162,17 +162,21 @@ export class PermissionsService {
     return curPermission || ResourcePermission.NO_ACCESS;
   }
 
+  /**
+   * Get the current permissions for each specified resource.
+   * For each non-root resource specified, it's required that all its parents are also specified.
+   */
   async getCurrentPermissions(
-    namespaceId: string,
     userId: string,
+    namespaceId: string,
     resources: ResourceMetaDto[],
     entityManager?: EntityManager,
   ): Promise<Map<string, ResourcePermission>> {
     if (!entityManager) {
       return await this.dataSource.transaction((entityManager) =>
         this.getCurrentPermissions(
-          namespaceId,
           userId,
+          namespaceId,
           resources,
           entityManager,
         ),
@@ -495,6 +499,31 @@ export class PermissionsService {
     );
     return comparePermission(permission, requiredPermission) >= 0;
   }
+
+  /**
+   * Filter resources by permission.
+   * For each non-root resource specified, it's required that all its parents are also specified.
+   */
+  async filterResourcesByPermission(
+    userId: string,
+    namespaceId: string,
+    resources: ResourceMetaDto[],
+    requiredPermission: ResourcePermission = ResourcePermission.CAN_VIEW,
+    entityManager?: EntityManager,
+  ): Promise<ResourceMetaDto[]> {
+    const permissions = await this.getCurrentPermissions(
+      userId,
+      namespaceId,
+      resources,
+      entityManager,
+    );
+    return resources.filter((res) => {
+      const permission = permissions.get(res.id);
+      return (
+        permission && comparePermission(permission, requiredPermission) >= 0
+      );
+    });
+  }
 }
 
 function getGlobalPermission(