fix(skills): consolidate redundant permission checks in POST and DELETE

waleedlatif1 · waleedlatif1 · commit dfddb60cc5a0 · 2026-02-05T22:58:05.000-08:00
diff --git a/apps/sim/app/api/skills/route.ts b/apps/sim/app/api/skills/route.ts
@@ -89,14 +89,7 @@ export async function POST(req: NextRequest) {
       }
 
       const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
-      if (!userPermission) {
-        logger.warn(
-          `[${requestId}] User ${userId} does not have access to workspace ${workspaceId}`
-        )
-        return NextResponse.json({ error: 'Access denied' }, { status: 403 })
-      }
-
-      if (userPermission !== 'admin' && userPermission !== 'write') {
+      if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) {
         logger.warn(
           `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}`
         )
@@ -159,12 +152,7 @@ export async function DELETE(request: NextRequest) {
     }
 
     const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
-    if (!userPermission) {
-      logger.warn(`[${requestId}] User ${userId} does not have access to workspace ${workspaceId}`)
-      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
-    }
-
-    if (userPermission !== 'admin' && userPermission !== 'write') {
+    if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) {
       logger.warn(
         `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}`
       )
