diff --git a/apps/sim/app/api/workflows/route.ts b/apps/sim/app/api/workflows/route.ts index a90f1172324..b541fa7aeb9 100644 --- a/apps/sim/app/api/workflows/route.ts +++ b/apps/sim/app/api/workflows/route.ts @@ -5,6 +5,7 @@ import { type NextRequest, NextResponse } from 'next/server' import { z } from 'zod' import { getSession } from '@/lib/auth' import { createLogger } from '@/lib/logs/console/logger' +import { getUserEntityPermissions } from '@/lib/permissions/utils' import { generateRequestId } from '@/lib/utils' import { verifyWorkspaceMembership } from './utils' @@ -94,6 +95,24 @@ export async function POST(req: NextRequest) { const body = await req.json() const { name, description, color, workspaceId, folderId } = CreateWorkflowSchema.parse(body) + if (workspaceId) { + const workspacePermission = await getUserEntityPermissions( + session.user.id, + 'workspace', + workspaceId + ) + + if (!workspacePermission || workspacePermission === 'read') { + logger.warn( + `[${requestId}] User ${session.user.id} attempted to create workflow in workspace ${workspaceId} without write permissions` + ) + return NextResponse.json( + { error: 'Write or Admin access required to create workflows in this workspace' }, + { status: 403 } + ) + } + } + const workflowId = crypto.randomUUID() const now = new Date() diff --git a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/create-menu/create-menu.tsx b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/create-menu/create-menu.tsx index b6594c8efdb..6c5f78b4145 100644 --- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/create-menu/create-menu.tsx +++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/create-menu/create-menu.tsx @@ -323,9 +323,12 @@ export function CreateMenu({ onCreateWorkflow, isCreatingWorkflow = false }: Cre > {/* New Workflow */} {/* Import Workflow */} - {userPermissions.canEdit && ( - - )} +