(chat: Chat, user: User | undefined)
| 33 | * Checks if the current user (authenticated or anonymous) is the owner of a chat. |
| 34 | */ |
| 35 | export const isOwnerOfChat = async (chat: Chat, user: User | undefined): Promise<boolean> => { |
| 36 | // Authenticated user owns the chat |
| 37 | if (user && chat.createdById === user.id) { |
| 38 | return true; |
| 39 | } |
| 40 | |
| 41 | // Only check the anonymous cookie for unclaimed chats (createdById === null). |
| 42 | // Once a chat has been claimed by an authenticated user, the anonymous path |
| 43 | // must not grant access — even if the same browser still holds the original cookie. |
| 44 | if (!chat.createdById && chat.anonymousCreatorId) { |
| 45 | const anonymousId = await getAnonymousId(); |
| 46 | if (anonymousId && chat.anonymousCreatorId === anonymousId) { |
| 47 | return true; |
| 48 | } |
| 49 | } |
| 50 | |
| 51 | return false; |
| 52 | }; |
| 53 | |
| 54 | /** |
| 55 | * Checks if a user has been explicitly shared access to a chat. |
no test coverage detected