{"version":3,"sources":["../../src/uploads/checkFileAccess.ts"],"sourcesContent":["import type { Collection, TypeWithID } from '../collections/config/types.js'\nimport type { PayloadRequest, Where } from '../types/index.js'\n\nimport { executeAccess } from '../auth/executeAccess.js'\nimport { Forbidden } from '../errors/Forbidden.js'\n\nexport const checkFileAccess = async ({\n  collection,\n  filename,\n  prefix,\n  req,\n}: {\n  collection: Collection\n  filename: string\n  prefix?: string\n  req: PayloadRequest\n}): Promise<TypeWithID | undefined> => {\n  if (filename.includes('../') || filename.includes('..\\\\')) {\n    throw new Forbidden(req.t)\n  }\n  const { config } = collection\n\n  const accessResult = await executeAccess(\n    { data: { filename }, isReadingStaticFile: true, req },\n    config.access.read,\n  )\n\n  const constraints: Where[] = []\n\n  if (typeof accessResult === 'object') {\n    constraints.push(accessResult)\n  }\n\n  if (typeof prefix === 'string') {\n    constraints.push({ prefix: { equals: prefix } })\n  }\n\n  if (constraints.length > 0) {\n    const filenameCondition: Where = {\n      or: [{ filename: { equals: filename } }],\n    }\n\n    if (config.upload.imageSizes) {\n      config.upload.imageSizes.forEach(({ name }) => {\n        filenameCondition.or!.push({\n          [`sizes.${name}.filename`]: { equals: filename },\n        })\n      })\n    }\n\n    const doc = await req.payload.db.findOne({\n      collection: config.slug,\n      req,\n      where: { and: [filenameCondition, ...constraints] },\n    })\n\n    if (!doc) {\n      throw new Forbidden(req.t)\n    }\n\n    return doc\n  }\n}\n"],"names":["executeAccess","Forbidden","checkFileAccess","collection","filename","prefix","req","includes","t","config","accessResult","data","isReadingStaticFile","access","read","constraints","push","equals","length","filenameCondition","or","upload","imageSizes","forEach","name","doc","payload","db","findOne","slug","where","and"],"mappings":"AAGA,SAASA,aAAa,QAAQ,2BAA0B;AACxD,SAASC,SAAS,QAAQ,yBAAwB;AAElD,OAAO,MAAMC,kBAAkB,OAAO,EACpCC,UAAU,EACVC,QAAQ,EACRC,MAAM,EACNC,GAAG,EAMJ;IACC,IAAIF,SAASG,QAAQ,CAAC,UAAUH,SAASG,QAAQ,CAAC,SAAS;QACzD,MAAM,IAAIN,UAAUK,IAAIE,CAAC;IAC3B;IACA,MAAM,EAAEC,MAAM,EAAE,GAAGN;IAEnB,MAAMO,eAAe,MAAMV,cACzB;QAAEW,MAAM;YAAEP;QAAS;QAAGQ,qBAAqB;QAAMN;IAAI,GACrDG,OAAOI,MAAM,CAACC,IAAI;IAGpB,MAAMC,cAAuB,EAAE;IAE/B,IAAI,OAAOL,iBAAiB,UAAU;QACpCK,YAAYC,IAAI,CAACN;IACnB;IAEA,IAAI,OAAOL,WAAW,UAAU;QAC9BU,YAAYC,IAAI,CAAC;YAAEX,QAAQ;gBAAEY,QAAQZ;YAAO;QAAE;IAChD;IAEA,IAAIU,YAAYG,MAAM,GAAG,GAAG;QAC1B,MAAMC,oBAA2B;YAC/BC,IAAI;gBAAC;oBAAEhB,UAAU;wBAAEa,QAAQb;oBAAS;gBAAE;aAAE;QAC1C;QAEA,IAAIK,OAAOY,MAAM,CAACC,UAAU,EAAE;YAC5Bb,OAAOY,MAAM,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,EAAEC,IAAI,EAAE;gBACxCL,kBAAkBC,EAAE,CAAEJ,IAAI,CAAC;oBACzB,CAAC,CAAC,MAAM,EAAEQ,KAAK,SAAS,CAAC,CAAC,EAAE;wBAAEP,QAAQb;oBAAS;gBACjD;YACF;QACF;QAEA,MAAMqB,MAAM,MAAMnB,IAAIoB,OAAO,CAACC,EAAE,CAACC,OAAO,CAAC;YACvCzB,YAAYM,OAAOoB,IAAI;YACvBvB;YACAwB,OAAO;gBAAEC,KAAK;oBAACZ;uBAAsBJ;iBAAY;YAAC;QACpD;QAEA,IAAI,CAACU,KAAK;YACR,MAAM,IAAIxB,UAAUK,IAAIE,CAAC;QAC3B;QAEA,OAAOiB;IACT;AACF,EAAC"}