MCPcopy Index your code
hub / github.com/simstudioai/sim / fetchAndAuthorize

Function fetchAndAuthorize

apps/sim/app/api/schedules/[id]/route.ts:32–86  ·  view source on GitHub ↗
(
  requestId: string,
  scheduleId: string,
  userId: string,
  action: 'read' | 'write'
)

Source from the content-addressed store, hash-verified

30type ScheduleRow = typeof workflowSchedule.$inferSelect
31
32async function fetchAndAuthorize(
33 requestId: string,
34 scheduleId: string,
35 userId: string,
36 action: 'read' | 'write'
37): Promise<{ schedule: ScheduleRow; workspaceId: string | null } | NextResponse> {
38 const [schedule] = await db
39 .select()
40 .from(workflowSchedule)
41 .where(and(eq(workflowSchedule.id, scheduleId), isNull(workflowSchedule.archivedAt)))
42 .limit(1)
43
44 if (!schedule) {
45 logger.warn(`[${requestId}] Schedule not found: ${scheduleId}`)
46 return NextResponse.json({ error: 'Schedule not found' }, { status: 404 })
47 }
48
49 if (schedule.sourceType === 'job') {
50 if (!schedule.sourceWorkspaceId) {
51 return NextResponse.json({ error: 'Job has no workspace' }, { status: 400 })
52 }
53 const permission = await verifyWorkspaceMembership(userId, schedule.sourceWorkspaceId)
54 const canWrite = permission === 'admin' || permission === 'write'
55 if (!permission || (action === 'write' && !canWrite)) {
56 return NextResponse.json({ error: 'Not authorized' }, { status: 403 })
57 }
58 return { schedule, workspaceId: schedule.sourceWorkspaceId }
59 }
60
61 if (!schedule.workflowId) {
62 logger.warn(`[${requestId}] Schedule has no workflow: ${scheduleId}`)
63 return NextResponse.json({ error: 'Schedule has no associated workflow' }, { status: 400 })
64 }
65
66 const authorization = await authorizeWorkflowByWorkspacePermission({
67 workflowId: schedule.workflowId,
68 userId,
69 action,
70 })
71
72 if (!authorization.workflow) {
73 logger.warn(`[${requestId}] Workflow not found for schedule: ${scheduleId}`)
74 return NextResponse.json({ error: 'Workflow not found' }, { status: 404 })
75 }
76
77 if (!authorization.allowed) {
78 logger.warn(`[${requestId}] User not authorized to modify schedule: ${scheduleId}`)
79 return NextResponse.json(
80 { error: authorization.message || 'Not authorized to modify this schedule' },
81 { status: authorization.status }
82 )
83 }
84
85 return { schedule, workspaceId: authorization.workflow.workspaceId ?? null }
86}
87
88export const GET = withRouteHandler(
89 async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {

Callers 1

route.tsFile · 0.85

Calls 4

warnMethod · 0.65
eqFunction · 0.50

Tested by

no test coverage detected