refactor(uploads): hoist execution permission check, dedupe permission-gate tests#5420
Conversation
…p, dedupe permission-gate tests /simplify pass on PR #5404: resolve the execution-context workspace permission check once per request instead of once per uploaded file, and collapse repeated request-construction boilerplate in the new permission-gate tests into a shared helper.
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryLow Risk Overview In No intended behavior change — same 400/403 responses, messages, and upload paths. Reviewed by Cursor Bugbot for commit 8c61bfa. Configure here. |
|
@greptile review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 8c61bfa. Configure here.
Summary
Follow-up to #5404 (already merged) — applying an explicit
/cleanup+/simplifyfinal gate on that diff surfaced two small, real, low-risk quality issues that this PR fixes:apps/sim/app/api/files/upload/route.ts: the new execution-context workspace permission check (getUserEntityPermissions) was re-run once per uploaded file inside the upload loop, even thoughworkspaceId(and thus the permission result) is invariant for the whole request. Hoisted the workflowId/executionId/workspaceId validation + permission check above the loop so it runs once per request instead of once per file.apps/sim/app/api/files/upload/route.test.ts: the 5 new "Execution Context Permission Gate" tests repeated identical request-construction boilerplate. Extracted a sharedpostExecutionUpload()helper.No behavior change — same validation order, same error messages/status codes, same mocked call assertions.
/cleanup's other 6 sub-passes (effects/memo/callbacks/state/react-query/emcn/url-state) had nothing to flag since this diff is backend-only (no React/UI code). A/simplify"reuse" suggestion to swap the permission check for a different existing helper (verifyExecutionFileAccess) was deliberately not applied — it would make the execution branch inconsistent with the 4 other context branches in the same file that use the identicalgetUserEntityPermissions+ 403 pattern; an altitude-focused review agent independently confirmed the current pattern is the correct, consistent one for this file.Test plan
bun vitest run apps/sim/app/api/files/upload/route.test.ts— 19/19 passapps/simtype-check clean (bun run type-checkin apps/sim)bunx biome checkclean on both touched filesbun run check:api-validation— audit passed