consolidate access, billing principals

icecrasher321 · icecrasher321 · commit bb1d384d523a · 2026-06-15T16:34:53.000-07:00
diff --git a/apps/sim/lib/knowledge/documents/service.ts b/apps/sim/lib/knowledge/documents/service.ts
@@ -515,7 +515,6 @@ export async function processDocumentAsync(
     // KB config + workspace billing + doc tags in one JOIN (was 3 SELECTs).
     const contextRows = await db
       .select({
-        userId: knowledgeBase.userId,
         workspaceId: knowledgeBase.workspaceId,
         chunkingConfig: knowledgeBase.chunkingConfig,
         embeddingModel: knowledgeBase.embeddingModel,
@@ -644,7 +643,12 @@ export async function processDocumentAsync(
           kbConfig.maxSize,
           kbConfig.overlap,
           kbConfig.minSize,
-          ctx.userId,
+          // Authorize the source file (and run OCR/processing) as the billed
+          // actor — the uploader when known, else the workspace billed account —
+          // the same principal embeddings are billed to. Using the KB owner here
+          // would authorize an attacker-supplied internal fileUrl against the
+          // owner, letting a KB write-member ingest a file only the owner can read.
+          billingUserId,
           ctx.workspaceId,
           rawConfig?.strategy,
           rawConfig?.strategyOptions
