fix perms for creating cred set

icecrasher321 · icecrasher321 · commit 0f9338d6de9d · 2026-01-07T10:11:50.000-08:00
diff --git a/apps/sim/app/api/credential-sets/[id]/invite/route.ts b/apps/sim/app/api/credential-sets/[id]/invite/route.ts
@@ -78,8 +78,8 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
     }
 
-    if (result.role !== 'admin') {
-      return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
     }
 
     const body = await req.json()
@@ -193,8 +193,8 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
       return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
     }
 
-    if (result.role !== 'admin') {
-      return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
     }
 
     await db
diff --git a/apps/sim/app/api/credential-sets/[id]/members/route.ts b/apps/sim/app/api/credential-sets/[id]/members/route.ts
@@ -125,8 +125,8 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
       return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
     }
 
-    if (result.role !== 'admin') {
-      return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
     }
 
     const [memberToRemove] = await db
diff --git a/apps/sim/app/api/credential-sets/[id]/route.ts b/apps/sim/app/api/credential-sets/[id]/route.ts
@@ -75,8 +75,8 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
       return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
     }
 
-    if (result.role !== 'admin') {
-      return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
     }
 
     const body = await req.json()
@@ -138,8 +138,8 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
       return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })
     }
 
-    if (result.role !== 'admin') {
-      return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })
+    if (result.role !== 'admin' && result.role !== 'owner') {
+      return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })
     }
 
     await db.delete(credentialSetMember).where(eq(credentialSetMember.credentialSetId, id))
diff --git a/apps/sim/app/api/credential-sets/route.ts b/apps/sim/app/api/credential-sets/route.ts
@@ -95,9 +95,10 @@ export async function POST(req: Request) {
       .where(and(eq(member.userId, session.user.id), eq(member.organizationId, organizationId)))
       .limit(1)
 
-    if (membership.length === 0 || membership[0].role !== 'admin') {
+    const role = membership[0]?.role
+    if (membership.length === 0 || (role !== 'admin' && role !== 'owner')) {
       return NextResponse.json(
-        { error: 'Admin permissions required to create credential sets' },
+        { error: 'Admin or owner permissions required to create credential sets' },
         { status: 403 }
       )
     }

Original file line number	Diff line number	Diff line change
`@@ -78,8 +78,8 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:`
`78`	`78`	`return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })`
`79`	`79`	`}`
`80`	`80`
`81`		`- if (result.role !== 'admin') {`
`82`		`- return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })`
	`81`	`+ if (result.role !== 'admin' && result.role !== 'owner') {`
	`82`	`+ return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`const body = await req.json()`
`@@ -193,8 +193,8 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i`
`193`	`193`	`return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })`
`194`	`194`	`}`
`195`	`195`
`196`		`- if (result.role !== 'admin') {`
`197`		`- return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })`
	`196`	`+ if (result.role !== 'admin' && result.role !== 'owner') {`
	`197`	`+ return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })`
`198`	`198`	`}`
`199`	`199`
`200`	`200`	`await db`
Original file line number	Diff line number	Diff line change
`@@ -125,8 +125,8 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i`
`125`	`125`	`return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })`
`126`	`126`	`}`
`127`	`127`
`128`		`- if (result.role !== 'admin') {`
`129`		`- return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })`
	`128`	`+ if (result.role !== 'admin' && result.role !== 'owner') {`
	`129`	`+ return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })`
`130`	`130`	`}`
`131`	`131`
`132`	`132`	`const [memberToRemove] = await db`
Original file line number	Diff line number	Diff line change
`@@ -75,8 +75,8 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:`
`75`	`75`	`return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })`
`76`	`76`	`}`
`77`	`77`
`78`		`- if (result.role !== 'admin') {`
`79`		`- return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })`
	`78`	`+ if (result.role !== 'admin' && result.role !== 'owner') {`
	`79`	`+ return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`const body = await req.json()`
`@@ -138,8 +138,8 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i`
`138`	`138`	`return NextResponse.json({ error: 'Credential set not found' }, { status: 404 })`
`139`	`139`	`}`
`140`	`140`
`141`		`- if (result.role !== 'admin') {`
`142`		`- return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })`
	`141`	`+ if (result.role !== 'admin' && result.role !== 'owner') {`
	`142`	`+ return NextResponse.json({ error: 'Admin or owner permissions required' }, { status: 403 })`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`await db.delete(credentialSetMember).where(eq(credentialSetMember.credentialSetId, id))`
Original file line number	Diff line number	Diff line change
`@@ -95,9 +95,10 @@ export async function POST(req: Request) {`
`95`	`95`	`.where(and(eq(member.userId, session.user.id), eq(member.organizationId, organizationId)))`
`96`	`96`	`.limit(1)`
`97`	`97`
`98`		`- if (membership.length === 0 \|\| membership[0].role !== 'admin') {`
	`98`	`+ const role = membership[0]?.role`
	`99`	`+ if (membership.length === 0 \|\| (role !== 'admin' && role !== 'owner')) {`
`99`	`100`	`return NextResponse.json(`
`100`		`- { error: 'Admin permissions required to create credential sets' },`
	`101`	`+ { error: 'Admin or owner permissions required to create credential sets' },`
`101`	`102`	`{ status: 403 }`
`102`	`103`	`)`
`103`	`104`	`}`