Skip to content

improvement(permissions): added ability to auto-add new org members to existing permission group, disallow disabling of start block #2836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
icecrasher321 merged 7 commits into from
Jan 15, 2026
Merged

improvement(permissions): added ability to auto-add new org members to existing permission group, disallow disabling of start block #2836

icecrasher321 merged 7 commits into from
Jan 15, 2026
+10,563 −35

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Jan 15, 2026
edited by icecrasher321
Loading

Summary

  • added ability to auto-add new org members to existing permission group
  • disallow disabling of start block
  • deploy tabs configurability

Type of Change

  • Bug fix
  • New feature

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@waleedlatif1
improvement(permissions): added ability to auto-add new org members t…
62aa462 
…o existing permission group, disallow disabling of start block
@waleedlatif1
ran migrations
59e9264
@vercel
Copy link

vercel bot commented Jan 15, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
docs Ready Ready Preview, Comment Jan 15, 2026 11:04pm

Review with Vercel Agent

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 15, 2026

Greptile Summary

This PR implements two permission-related features:

  • Auto-add new members to permission groups: New organization members can be automatically assigned to a designated permission group when they accept an invitation. Only one permission group per organization can have this feature enabled (enforced via database unique partial index).

  • Start block protection: The start_trigger block type is now always allowed regardless of permission group restrictions, preventing workflows from being rendered unusable when blocks are restricted.

Key implementation details:

  • Database schema updated with auto_add_new_members boolean column and unique partial index
  • API routes updated to handle the new field with proper validation
  • UI components extended with toggle and checkbox controls for the auto-add feature
  • Permission filtering logic updated to always allow start_trigger blocks

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk - well-structured feature additions with proper error handling.
  • The changes are well-implemented with proper database constraints, validation, and error handling. The unique partial index ensures data integrity for the auto-add feature. Error handling in the invitation flow is non-blocking to prevent feature failures from breaking the core invitation acceptance.
  • No files require special attention.

Important Files Changed

Filename Overview
apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts Added auto-assignment of new members to permission groups with autoAddNewMembers enabled when accepting organization invitations. Error handling is properly implemented.
apps/sim/app/api/permission-groups/[id]/route.ts Added autoAddNewMembers field support in GET and PUT endpoints with proper validation. Includes logic to unset the flag on other groups when enabling it on one group.
apps/sim/app/api/permission-groups/route.ts Extended permission group creation to support autoAddNewMembers option with proper exclusive flag handling across groups.
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/access-control/access-control.tsx Added UI for auto-add members feature with checkbox in creation modal and toggle in group details. Also ensures start_trigger is always allowed when deselecting all blocks.
apps/sim/hooks/use-permission-config.ts Added special handling to always allow start_trigger block type regardless of permission group configuration.
packages/db/migrations/0142_orange_chat.sql Migration adds auto_add_new_members column with unique partial index ensuring only one group per org can have it enabled.
packages/db/schema.ts Added autoAddNewMembers boolean column to permission_group table with unique partial index constraint.

Sequence Diagram

sequenceDiagram
    participant User as New Member
    participant API as Invitation API
    participant DB as Database
    participant PG as Permission Group

    User->>API: Accept invitation (PUT)
    API->>DB: Update invitation status
    API->>DB: Create member record
    API->>DB: Check hasAccessControlAccess
    alt Has Access Control
        API->>DB: Query permission group with autoAddNewMembers=true
        alt Auto-add group exists
            API->>PG: Insert permission group member
            API-->>User: Member auto-assigned to group
        end
    end
    API-->>User: Invitation accepted
Loading

@icecrasher321 icecrasher321 merged commit 6f469a7 into staging Jan 15, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icecrasher321 icecrasher321 icecrasher321 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@waleedlatif1 @icecrasher321