use isOwner as part of SpacesPolicy.isMember (#1139)

Brendonovich · web-flow · commit 18d0675c61cc · 2025-10-06T16:50:33.000+03:00
* use isOwner as part of SpacesPolicy.isMember

* deny SpacesPolicy.isOwner on 404
diff --git a/packages/web-backend/src/Spaces/SpacesPolicy.ts b/packages/web-backend/src/Spaces/SpacesPolicy.ts
@@ -11,14 +11,27 @@ export class SpacesPolicy extends Effect.Service<SpacesPolicy>()(
 		effect: Effect.gen(function* () {
 			const repo = yield* SpacesRepo;
 
-			const isMember = (spaceId: string) =>
+			const hasMembership = (spaceId: string) =>
 				Policy.policy(
 					Effect.fn(function* (user) {
 						return Option.isSome(yield* repo.membership(user.id, spaceId));
 					}),
 				);
 
-			return { isMember };
+			const isOwner = (spaceId: string) =>
+				Policy.policy(
+					Effect.fn(function* (user) {
+						const space = yield* repo.getById(spaceId);
+						if (Option.isNone(space)) return false;
+
+						return space.value.createdById === user.id;
+					}),
+				);
+
+			const isMember = (spaceId: string) =>
+				Policy.any(isOwner(spaceId), hasMembership(spaceId));
+
+			return { isMember, isOwner };
 		}),
 		dependencies: [
 			OrganisationsRepo.Default,
diff --git a/packages/web-backend/src/Spaces/SpacesRepo.ts b/packages/web-backend/src/Spaces/SpacesRepo.ts
@@ -45,6 +45,12 @@ export class SpacesRepo extends Effect.Service<SpacesRepo>()("SpacesRepo", {
 							),
 					)
 					.pipe(Effect.map(Array.get(0))),
+			getById: (spaceId: string) =>
+				db
+					.execute((db) =>
+						db.select().from(Db.spaces).where(Dz.eq(Db.spaces.id, spaceId)),
+					)
+					.pipe(Effect.map(Array.get(0))),
 		};
 	}),
 	dependencies: [Database.Default],
diff --git a/packages/web-domain/src/Policy.ts b/packages/web-domain/src/Policy.ts
@@ -1,17 +1,19 @@
 // shoutout https://lucas-barake.github.io/building-a-composable-policy-system/
 
 import { type Brand, Context, Data, Effect, type Option, Schema } from "effect";
-
+import type { NonEmptyReadonlyArray } from "effect/Array";
 import { CurrentUser } from "./Authentication.ts";
 
-export type Policy<E = never, R = never> = Brand.Branded<
-	Effect.Effect<void, PolicyDeniedError | E, CurrentUser | R>,
-	"Private"
+export type Policy<E = never, R = never> = Effect.Effect<
+	void,
+	PolicyDeniedError | E,
+	CurrentUser | R
 >;
 
-export type PublicPolicy<E = never, R = never> = Brand.Branded<
-	Effect.Effect<void, PolicyDeniedError | E, R>,
-	"Public"
+export type PublicPolicy<E = never, R = never> = Effect.Effect<
+	void,
+	PolicyDeniedError | E,
+	R
 >;
 
 export class PolicyDeniedError extends Schema.TaggedError<PolicyDeniedError>()(
@@ -73,3 +75,23 @@ export const withPublicPolicy =
 	<E, R>(policy: PublicPolicy<E, R>) =>
 	<A, E2, R2>(self: Effect.Effect<A, E2, R2>) =>
 		Effect.zipRight(policy, self);
+
+/**
+ * Composes multiple policies with AND semantics - all policies must pass.
+ * Returns a new policy that succeeds only if all the given policies succeed.
+ */
+export const all = <E, R>(
+	...policies: NonEmptyReadonlyArray<Policy<E, R>>
+): Policy<E, R> =>
+	Effect.all(policies, {
+		concurrency: 1,
+		discard: true,
+	});
+
+/**
+ * Composes multiple policies with OR semantics - at least one policy must pass.
+ * Returns a new policy that succeeds if any of the given policies succeed.
+ */
+export const any = <E, R>(
+	...policies: NonEmptyReadonlyArray<Policy<E, R>>
+): Policy<E, R> => Effect.firstSuccessOf(policies);
