From f26850ded225bbd3d8f61de946e71ac2d0e41852 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Sun, 15 Feb 2026 15:03:28 -0700
Subject: [PATCH] fix: add missing check_space_access function to
 encryptid_auth

Also imported by portal/views_shared_space.py but never defined,
causing a second ImportError after the SpacePermission fix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 config/encryptid_auth.py | 43 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/config/encryptid_auth.py b/config/encryptid_auth.py
index 76c9faf..b8870f9 100644
--- a/config/encryptid_auth.py
+++ b/config/encryptid_auth.py
@@ -264,3 +264,46 @@ class EncryptIDMiddleware:
                 request.encryptid_user = get_or_create_user(claims)
 
         return self.get_response(request)
+
+
+# ---------------------------------------------------------------------------
+# Space access helper (used by non-DRF views)
+# ---------------------------------------------------------------------------
+
+def check_space_access(request, space_config):
+    """
+    Check if a request has write access to a shared space.
+
+    Args:
+        request: Django HttpRequest
+        space_config: dict with 'visibility' and 'owner_did'
+
+    Returns:
+        dict with 'allowed' (bool) and 'reason' (str)
+    """
+    visibility = space_config.get('visibility', 'public')
+
+    if visibility == 'public':
+        return {'allowed': True, 'reason': ''}
+
+    if visibility == 'public_read':
+        if request.user and request.user.is_authenticated:
+            return {'allowed': True, 'reason': ''}
+        return {'allowed': False, 'reason': 'Authentication required to upload'}
+
+    if visibility == 'authenticated':
+        if request.user and request.user.is_authenticated:
+            return {'allowed': True, 'reason': ''}
+        return {'allowed': False, 'reason': 'Authentication required'}
+
+    if visibility == 'members_only':
+        if not (request.user and request.user.is_authenticated):
+            return {'allowed': False, 'reason': 'Authentication required'}
+        owner_did = space_config.get('owner_did', '')
+        if not owner_did:
+            return {'allowed': False, 'reason': 'Space has no owner configured'}
+        if getattr(request.user, 'email', '') == owner_did:
+            return {'allowed': True, 'reason': ''}
+        return {'allowed': False, 'reason': 'Only the space owner can upload'}
+
+    return {'allowed': False, 'reason': 'Unknown visibility setting'}