fix(uploads): require workspace write+ for execution presigned, admin-only for workspace-logos, suppress doubled error toast

waleedlatif1 · waleedlatif1 · commit 8e5e67b8b567 · 2026-05-07T19:41:26.000-07:00
diff --git a/apps/sim/app/api/files/presigned/route.ts b/apps/sim/app/api/files/presigned/route.ts
@@ -167,6 +167,14 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         )
       }
 
+      const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)
+      if (permission !== 'write' && permission !== 'admin') {
+        return NextResponse.json(
+          { error: 'Write or Admin access required for execution uploads' },
+          { status: 403 }
+        )
+      }
+
       const fileValidationError = validateFileType(fileName, contentType)
       if (fileValidationError) {
         throw new ValidationError(fileValidationError.message)
@@ -192,9 +200,9 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       }
 
       const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)
-      if (permission !== 'write' && permission !== 'admin') {
+      if (permission !== 'admin') {
         return NextResponse.json(
-          { error: 'Write or Admin access required for workspace logo uploads' },
+          { error: 'Admin access required for workspace logo uploads' },
           { status: 403 }
         )
       }
diff --git a/apps/sim/hooks/queries/workspace-files.ts b/apps/sim/hooks/queries/workspace-files.ts
@@ -331,9 +331,11 @@ export function useUploadWorkspaceFile() {
     },
     onError: (error, variables) => {
       logger.error('Failed to upload file:', error)
-      toast.error(`Failed to upload "${variables.file.name}": ${error.message}`, {
-        duration: 5000,
-      })
+      if (!variables.skipToast) {
+        toast.error(`Failed to upload "${variables.file.name}": ${error.message}`, {
+          duration: 5000,
+        })
+      }
     },
   })
 }

Original file line number	Diff line number	Diff line change
`@@ -167,6 +167,14 @@ export const POST = withRouteHandler(async (request: NextRequest) => {`
`167`	`167`	`)`
`168`	`168`	`}`
`169`	`169`
	`170`	`+ const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)`
	`171`	`+ if (permission !== 'write' && permission !== 'admin') {`
	`172`	`+ return NextResponse.json(`
	`173`	`+ { error: 'Write or Admin access required for execution uploads' },`
	`174`	`+ { status: 403 }`
	`175`	`+ )`
	`176`	`+ }`
	`177`	`+`
`170`	`178`	`const fileValidationError = validateFileType(fileName, contentType)`
`171`	`179`	`if (fileValidationError) {`
`172`	`180`	`throw new ValidationError(fileValidationError.message)`
`@@ -192,9 +200,9 @@ export const POST = withRouteHandler(async (request: NextRequest) => {`
`192`	`200`	`}`
`193`	`201`
`194`	`202`	`const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)`
`195`		`- if (permission !== 'write' && permission !== 'admin') {`
	`203`	`+ if (permission !== 'admin') {`
`196`	`204`	`return NextResponse.json(`
`197`		`- { error: 'Write or Admin access required for workspace logo uploads' },`
	`205`	`+ { error: 'Admin access required for workspace logo uploads' },`
`198`	`206`	`{ status: 403 }`
`199`	`207`	`)`
`200`	`208`	`}`