address greptile comments

Author: icecrasher321

apps/sim/app/api/permission-groups/[id]/members/bulk/route.ts

@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
 import { member, permissionGroup, permissionGroupMember } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, inArray, notInArray } from 'drizzle-orm'
+import { and, eq, inArray, ne } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
@@ -123,7 +123,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
         and(
           eq(permissionGroup.organizationId, result.group.organizationId),
           inArray(permissionGroupMember.userId, usersToAdd),
-          notInArray(permissionGroupMember.permissionGroupId, [id])
+          ne(permissionGroupMember.permissionGroupId, id)
         )
       )
 

apps/sim/app/api/permission-groups/[id]/members/route.ts

@@ -110,42 +110,42 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
       )
     }
 
-    const existingMembership = await db
-      .select({
-        id: permissionGroupMember.id,
-        permissionGroupId: permissionGroupMember.permissionGroupId,
-      })
-      .from(permissionGroupMember)
-      .innerJoin(permissionGroup, eq(permissionGroupMember.permissionGroupId, permissionGroup.id))
-      .where(
-        and(
-          eq(permissionGroupMember.userId, userId),
-          eq(permissionGroup.organizationId, result.group.organizationId)
-        )
-      )
-      .limit(1)
-
-    if (existingMembership.length > 0) {
-      if (existingMembership[0].permissionGroupId === id) {
-        return NextResponse.json(
-          { error: 'User is already in this permission group' },
-          { status: 409 }
+    const newMember = await db.transaction(async (tx) => {
+      const existingMembership = await tx
+        .select({
+          id: permissionGroupMember.id,
+          permissionGroupId: permissionGroupMember.permissionGroupId,
+        })
+        .from(permissionGroupMember)
+        .innerJoin(permissionGroup, eq(permissionGroupMember.permissionGroupId, permissionGroup.id))
+        .where(
+          and(
+            eq(permissionGroupMember.userId, userId),
+            eq(permissionGroup.organizationId, result.group.organizationId)
+          )
         )
+        .limit(1)
+
+      if (existingMembership.length > 0) {
+        if (existingMembership[0].permissionGroupId === id) {
+          throw new Error('ALREADY_IN_GROUP')
+        }
+        await tx
+          .delete(permissionGroupMember)
+          .where(eq(permissionGroupMember.id, existingMembership[0].id))
       }
-      await db
-        .delete(permissionGroupMember)
-        .where(eq(permissionGroupMember.id, existingMembership[0].id))
-    }
 
-    const newMember = {
-      id: crypto.randomUUID(),
-      permissionGroupId: id,
-      userId,
-      assignedBy: session.user.id,
-      assignedAt: new Date(),
-    }
+      const memberData = {
+        id: crypto.randomUUID(),
+        permissionGroupId: id,
+        userId,
+        assignedBy: session.user.id,
+        assignedAt: new Date(),
+      }
 
-    await db.insert(permissionGroupMember).values(newMember)
+      await tx.insert(permissionGroupMember).values(memberData)
+      return memberData
+    })
 
     logger.info('Added member to permission group', {
       permissionGroupId: id,
@@ -158,6 +158,12 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
     if (error instanceof z.ZodError) {
       return NextResponse.json({ error: error.errors[0].message }, { status: 400 })
     }
+    if (error instanceof Error && error.message === 'ALREADY_IN_GROUP') {
+      return NextResponse.json(
+        { error: 'User is already in this permission group' },
+        { status: 409 }
+      )
+    }
     logger.error('Error adding member to permission group', error)
     return NextResponse.json({ error: 'Failed to add member' }, { status: 500 })
   }

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/tool-input.tsx

@@ -7,6 +7,7 @@ import { useParams } from 'next/navigation'
 import {
   Badge,
   Combobox,
+  type ComboboxOption,
   type ComboboxOptionGroup,
   Popover,
   PopoverContent,

apps/sim/executor/execution/block-executor.ts

@@ -77,7 +77,7 @@ export class BlockExecutor {
 
     try {
       if (!isSentinel && blockType) {
-        await validateBlockType(ctx.userId, blockType)
+        await validateBlockType(ctx.userId, blockType, ctx)
       }
 
       resolvedInputs = this.resolver.resolveInputs(ctx, node.id, block.config.params, block)

apps/sim/executor/handlers/agent/agent-handler.ts

@@ -62,7 +62,7 @@ export class AgentBlockHandler implements BlockHandler {
     const responseFormat = this.parseResponseFormat(filteredInputs.responseFormat)
     const model = filteredInputs.model || AGENT.DEFAULT_MODEL
 
-    await validateModelProvider(ctx.userId, model)
+    await validateModelProvider(ctx.userId, model, ctx)
 
     const providerId = getProviderFromModel(model)
     const formattedTools = await this.formatTools(ctx, filteredInputs.tools || [])
@@ -162,11 +162,11 @@ export class AgentBlockHandler implements BlockHandler {
     const hasCustomTools = tools.some((t) => t.type === 'custom-tool')
 
     if (hasMcpTools) {
-      await validateMcpToolsAllowed(ctx.userId)
+      await validateMcpToolsAllowed(ctx.userId, ctx)
     }
 
     if (hasCustomTools) {
-      await validateCustomToolsAllowed(ctx.userId)
+      await validateCustomToolsAllowed(ctx.userId, ctx)
     }
   }
 
@@ -240,7 +240,7 @@ export class AgentBlockHandler implements BlockHandler {
       otherTools.map(async (tool) => {
         try {
           if (tool.type && tool.type !== 'custom-tool' && tool.type !== 'mcp') {
-            await validateBlockType(ctx.userId, tool.type)
+            await validateBlockType(ctx.userId, tool.type, ctx)
           }
           if (tool.type === 'custom-tool' && (tool.schema || tool.customToolId)) {
             return await this.createCustomTool(ctx, tool)

apps/sim/executor/handlers/evaluator/evaluator-handler.ts

@@ -38,7 +38,7 @@ export class EvaluatorBlockHandler implements BlockHandler {
       bedrockRegion: inputs.bedrockRegion,
     }
 
-    await validateModelProvider(ctx.userId, evaluatorConfig.model)
+    await validateModelProvider(ctx.userId, evaluatorConfig.model, ctx)
 
     const providerId = getProviderFromModel(evaluatorConfig.model)
 

apps/sim/executor/handlers/router/router-handler.ts

@@ -74,7 +74,7 @@ export class RouterBlockHandler implements BlockHandler {
       bedrockRegion: inputs.bedrockRegion,
     }
 
-    await validateModelProvider(ctx.userId, routerConfig.model)
+    await validateModelProvider(ctx.userId, routerConfig.model, ctx)
 
     const providerId = getProviderFromModel(routerConfig.model)
 
@@ -214,7 +214,7 @@ export class RouterBlockHandler implements BlockHandler {
       bedrockRegion: inputs.bedrockRegion,
     }
 
-    await validateModelProvider(ctx.userId, routerConfig.model)
+    await validateModelProvider(ctx.userId, routerConfig.model, ctx)
 
     const providerId = getProviderFromModel(routerConfig.model)
 

apps/sim/executor/types.ts

@@ -1,4 +1,5 @@
 import type { TraceSpan } from '@/lib/logs/types'
+import type { PermissionGroupConfig } from '@/lib/permission-groups/types'
 import type { BlockOutput } from '@/blocks/types'
 import type { SerializedBlock, SerializedWorkflow } from '@/serializer/types'
 
@@ -152,6 +153,9 @@ export interface ExecutionContext {
   userId?: string
   isDeployedContext?: boolean
 
+  permissionConfig?: PermissionGroupConfig | null
+  permissionConfigLoaded?: boolean
+
   blockStates: ReadonlyMap<string, BlockState>
   executedBlocks: ReadonlySet<string>
 

apps/sim/executor/utils/permission-check.ts

@@ -7,6 +7,7 @@ import {
   type PermissionGroupConfig,
   parsePermissionGroupConfig,
 } from '@/lib/permission-groups/types'
+import type { ExecutionContext } from '@/executor/types'
 import { getProviderFromModel } from '@/providers/utils'
 
 const logger = createLogger('PermissionCheck')
@@ -78,15 +79,38 @@ export async function getUserPermissionConfig(
   return parsePermissionGroupConfig(groupMembership.config)
 }
 
+export async function getPermissionConfig(
+  userId: string | undefined,
+  ctx?: ExecutionContext
+): Promise<PermissionGroupConfig | null> {
+  if (!userId) {
+    return null
+  }
+
+  if (ctx) {
+    if (ctx.permissionConfigLoaded) {
+      return ctx.permissionConfig ?? null
+    }
+
+    const config = await getUserPermissionConfig(userId)
+    ctx.permissionConfig = config
+    ctx.permissionConfigLoaded = true
+    return config
+  }
+
+  return getUserPermissionConfig(userId)
+}
+
 export async function validateModelProvider(
   userId: string | undefined,
-  model: string
+  model: string,
+  ctx?: ExecutionContext
 ): Promise<void> {
   if (!userId) {
     return
   }
 
-  const config = await getUserPermissionConfig(userId)
+  const config = await getPermissionConfig(userId, ctx)
 
   if (!config || config.allowedModelProviders === null) {
     return
@@ -102,13 +126,14 @@ export async function validateModelProvider(
 
 export async function validateBlockType(
   userId: string | undefined,
-  blockType: string
+  blockType: string,
+  ctx?: ExecutionContext
 ): Promise<void> {
   if (!userId) {
     return
   }
 
-  const config = await getUserPermissionConfig(userId)
+  const config = await getPermissionConfig(userId, ctx)
 
   if (!config || config.allowedIntegrations === null) {
     return
@@ -120,12 +145,15 @@ export async function validateBlockType(
   }
 }
 
-export async function validateMcpToolsAllowed(userId: string | undefined): Promise<void> {
+export async function validateMcpToolsAllowed(
+  userId: string | undefined,
+  ctx?: ExecutionContext
+): Promise<void> {
   if (!userId) {
     return
   }
 
-  const config = await getUserPermissionConfig(userId)
+  const config = await getPermissionConfig(userId, ctx)
 
   if (!config) {
     return
@@ -137,12 +165,15 @@ export async function validateMcpToolsAllowed(userId: string | undefined): Promi
   }
 }
 
-export async function validateCustomToolsAllowed(userId: string | undefined): Promise<void> {
+export async function validateCustomToolsAllowed(
+  userId: string | undefined,
+  ctx?: ExecutionContext
+): Promise<void> {
   if (!userId) {
     return
   }
 
-  const config = await getUserPermissionConfig(userId)
+  const config = await getPermissionConfig(userId, ctx)
 
   if (!config) {
     return