(ctx context.Context, userID uuid.UUID)
| 6831 | } |
| 6832 | |
| 6833 | func userSkillContext(ctx context.Context, userID uuid.UUID) context.Context { |
| 6834 | actor := rbac.Subject{ |
| 6835 | Type: rbac.SubjectTypeUser, |
| 6836 | ID: userID.String(), |
| 6837 | Roles: rbac.RoleIdentifiers{rbac.RoleMember()}, |
| 6838 | Scope: rbac.ScopeAll, |
| 6839 | }.WithCachedASTValue() |
| 6840 | // Chat turns run asynchronously after admission, so the original request |
| 6841 | // actor may no longer be available when a worker loads personal skills. |
| 6842 | // We synthesize the chat owner as a member instead of reusing that actor. |
| 6843 | // Hardcoding RoleMember is safe because dbauthz enforces |
| 6844 | // ResourceUserSkill.WithOwner(userID), so this actor cannot read any other |
| 6845 | // user's skills regardless of role. Org scoping is not needed because |
| 6846 | // personal skills are user-scoped, not org-scoped. |
| 6847 | //nolint:gocritic // The synthetic actor is intentional for the reasons above. |
| 6848 | return dbauthz.As(ctx, actor) |
| 6849 | } |
| 6850 | |
| 6851 | func (p *Server) fetchPersonalSkillMetadata( |
| 6852 | ctx context.Context, |
no test coverage detected