fix: add missing check_space_access function to encryptid_auth

Also imported by portal/views_shared_space.py but never defined, causing a second ImportError after the SpacePermission fix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 15:03:28 -07:00 · 2026-02-15 15:03:28 -07:00 · f26850ded2
parent 2b20b23d0b
commit f26850ded2
1 changed files with 43 additions and 0 deletions
--- a/config/encryptid_auth.py
+++ b/config/encryptid_auth.py
@ -264,3 +264,46 @@ class EncryptIDMiddleware:
                request.encryptid_user = get_or_create_user(claims)

        return self.get_response(request)
+
+
+# ---------------------------------------------------------------------------
+# Space access helper (used by non-DRF views)
+# ---------------------------------------------------------------------------
+
+def check_space_access(request, space_config):
+    """
+    Check if a request has write access to a shared space.
+
+    Args:
+        request: Django HttpRequest
+        space_config: dict with 'visibility' and 'owner_did'
+
+    Returns:
+        dict with 'allowed' (bool) and 'reason' (str)
+    """
+    visibility = space_config.get('visibility', 'public')
+
+    if visibility == 'public':
+        return {'allowed': True, 'reason': ''}
+
+    if visibility == 'public_read':
+        if request.user and request.user.is_authenticated:
+            return {'allowed': True, 'reason': ''}
+        return {'allowed': False, 'reason': 'Authentication required to upload'}
+
+    if visibility == 'authenticated':
+        if request.user and request.user.is_authenticated:
+            return {'allowed': True, 'reason': ''}
+        return {'allowed': False, 'reason': 'Authentication required'}
+
+    if visibility == 'members_only':
+        if not (request.user and request.user.is_authenticated):
+            return {'allowed': False, 'reason': 'Authentication required'}
+        owner_did = space_config.get('owner_did', '')
+        if not owner_did:
+            return {'allowed': False, 'reason': 'Space has no owner configured'}
+        if getattr(request.user, 'email', '') == owner_did:
+            return {'allowed': True, 'reason': ''}
+        return {'allowed': False, 'reason': 'Only the space owner can upload'}
+
+    return {'allowed': False, 'reason': 'Unknown visibility setting'}