Skip to content

Commit 526b7a6

Browse files
icecrasher321icecrasher321
committed
update templates routes to use helper
1 parent 9da689b commit 526b7a6

5 files changed

Lines changed: 17 additions & 29 deletions

File tree

apps/sim/app/api/creators/[id]/verify/route.ts

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
11
import { db } from '@sim/db'
2-
import { templateCreators, user } from '@sim/db/schema'
2+
import { templateCreators } from '@sim/db/schema'
33
import { createLogger } from '@sim/logger'
44
import { eq } from 'drizzle-orm'
55
import { type NextRequest, NextResponse } from 'next/server'
66
import { getSession } from '@/lib/auth'
77
import { generateRequestId } from '@/lib/core/utils/request'
8+
import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
89

910
const logger = createLogger('CreatorVerificationAPI')
1011

@@ -23,9 +24,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
2324
}
2425

2526
// Check if user is a super user
26-
const currentUser = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
27-
28-
if (!currentUser[0]?.isSuperUser) {
27+
const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
28+
if (!effectiveSuperUser) {
2929
logger.warn(`[${requestId}] Non-super user attempted to verify creator: ${id}`)
3030
return NextResponse.json({ error: 'Only super users can verify creators' }, { status: 403 })
3131
}
@@ -76,9 +76,8 @@ export async function DELETE(
7676
}
7777

7878
// Check if user is a super user
79-
const currentUser = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
80-
81-
if (!currentUser[0]?.isSuperUser) {
79+
const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
80+
if (!effectiveSuperUser) {
8281
logger.warn(`[${requestId}] Non-super user attempted to unverify creator: ${id}`)
8382
return NextResponse.json({ error: 'Only super users can unverify creators' }, { status: 403 })
8483
}

apps/sim/app/api/templates/[id]/approve/route.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import { eq } from 'drizzle-orm'
55
import { type NextRequest, NextResponse } from 'next/server'
66
import { getSession } from '@/lib/auth'
77
import { generateRequestId } from '@/lib/core/utils/request'
8-
import { verifySuperUser } from '@/lib/templates/permissions'
8+
import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
99

1010
const logger = createLogger('TemplateApprovalAPI')
1111

@@ -25,8 +25,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
2525
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
2626
}
2727

28-
const { isSuperUser } = await verifySuperUser(session.user.id)
29-
if (!isSuperUser) {
28+
const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
29+
if (!effectiveSuperUser) {
3030
logger.warn(`[${requestId}] Non-super user attempted to approve template: ${id}`)
3131
return NextResponse.json({ error: 'Only super users can approve templates' }, { status: 403 })
3232
}
@@ -71,8 +71,8 @@ export async function DELETE(
7171
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
7272
}
7373

74-
const { isSuperUser } = await verifySuperUser(session.user.id)
75-
if (!isSuperUser) {
74+
const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
75+
if (!effectiveSuperUser) {
7676
logger.warn(`[${requestId}] Non-super user attempted to reject template: ${id}`)
7777
return NextResponse.json({ error: 'Only super users can reject templates' }, { status: 403 })
7878
}

apps/sim/app/api/templates/[id]/reject/route.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import { eq } from 'drizzle-orm'
55
import { type NextRequest, NextResponse } from 'next/server'
66
import { getSession } from '@/lib/auth'
77
import { generateRequestId } from '@/lib/core/utils/request'
8-
import { verifySuperUser } from '@/lib/templates/permissions'
8+
import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
99

1010
const logger = createLogger('TemplateRejectionAPI')
1111

@@ -25,8 +25,8 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
2525
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
2626
}
2727

28-
const { isSuperUser } = await verifySuperUser(session.user.id)
29-
if (!isSuperUser) {
28+
const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
29+
if (!effectiveSuperUser) {
3030
logger.warn(`[${requestId}] Non-super user attempted to reject template: ${id}`)
3131
return NextResponse.json({ error: 'Only super users can reject templates' }, { status: 403 })
3232
}

apps/sim/app/api/templates/route.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ import {
33
templateCreators,
44
templateStars,
55
templates,
6-
user,
76
workflow,
87
workflowDeploymentVersion,
98
} from '@sim/db/schema'
@@ -14,6 +13,7 @@ import { v4 as uuidv4 } from 'uuid'
1413
import { z } from 'zod'
1514
import { getSession } from '@/lib/auth'
1615
import { generateRequestId } from '@/lib/core/utils/request'
16+
import { verifyEffectiveSuperUser } from '@/lib/templates/permissions'
1717
import {
1818
extractRequiredCredentials,
1919
sanitizeCredentials,
@@ -70,8 +70,8 @@ export async function GET(request: NextRequest) {
7070
logger.debug(`[${requestId}] Fetching templates with params:`, params)
7171

7272
// Check if user is a super user
73-
const currentUser = await db.select().from(user).where(eq(user.id, session.user.id)).limit(1)
74-
const isSuperUser = currentUser[0]?.isSuperUser || false
73+
const { effectiveSuperUser } = await verifyEffectiveSuperUser(session.user.id)
74+
const isSuperUser = effectiveSuperUser
7575

7676
// Build query conditions
7777
const conditions = []

apps/sim/lib/templates/permissions.ts

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -4,17 +4,6 @@ import { and, eq, or } from 'drizzle-orm'
44

55
export type CreatorPermissionLevel = 'member' | 'admin'
66

7-
/**
8-
* Verifies if a user is a super user (database flag only).
9-
*
10-
* @param userId - The ID of the user to check
11-
* @returns Object with isSuperUser boolean
12-
*/
13-
export async function verifySuperUser(userId: string): Promise<{ isSuperUser: boolean }> {
14-
const [currentUser] = await db.select().from(user).where(eq(user.id, userId)).limit(1)
15-
return { isSuperUser: currentUser?.isSuperUser || false }
16-
}
17-
187
/**
198
* Verifies if a user is an effective super user (database flag AND settings toggle).
209
* This should be used for features that can be disabled by the user's settings toggle.

0 commit comments

Comments
 (0)