Module: Collavre::Tools::TopicAuthorizer

Defined in:: app/services/collavre/tools/topic_authorizer.rb

Overview

Topic write authorization for MCP tool services. Mirrors CreativePermissionGuard#require_creative_write! but is callable outside a controller request. Attaching a channel injects external messages into a topic, so it is a write-equivalent mutation — restrict to users with write permission on the topic’s effective_origin creative.

Class Method Summary collapse

.authorize_write!(topic, user: Collavre::Current.user) ⇒ Object

Class Method Details

.authorize_write!(topic, user: Collavre::Current.user) ⇒ `Object`

Raises:

(ArgumentError)

# File 'app/services/collavre/tools/topic_authorizer.rb', line 13

def authorize_write!(topic, user: Collavre::Current.user)
  creative = topic.creative&.effective_origin
  raise ArgumentError, "Topic has no creative" unless creative
  return if creative.user == user
  return if user && creative.has_permission?(user, :write)

  raise Collavre::Tools::PermissionDeniedError,
    "No write permission on topic #{topic.id}"
end

Module: Collavre::Tools::TopicAuthorizer

Overview

Class Method Summary collapse

Class Method Details

.authorize_write!(topic, user: Collavre::Current.user) ⇒ Object

.authorize_write!(topic, user: Collavre::Current.user) ⇒ `Object`