fix(schedules): restore enabling/disabling of schedules, fix premature cron validation (#1807)

2026-04-06 03:00:16 -04:00 · 2025-11-04 14:05:29 -08:00
parent e62a635757
commit 670e63c108
3 changed files with 21 additions and 14 deletions
--- a/apps/sim/app/api/schedules/[id]/route.ts
+++ b/apps/sim/app/api/schedules/[id]/route.ts
@@ -117,7 +117,7 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
    }

    const [workflowRecord] = await db
-      .select({ userId: workflow.userId })
+      .select({ userId: workflow.userId, workspaceId: workflow.workspaceId })
      .from(workflow)
      .where(eq(workflow.id, schedule.workflowId))
      .limit(1)
@@ -127,7 +127,18 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
      return NextResponse.json({ error: 'Workflow not found' }, { status: 404 })
    }

-    if (workflowRecord.userId !== session.user.id) {
+    let isAuthorized = workflowRecord.userId === session.user.id
+
+    if (!isAuthorized && workflowRecord.workspaceId) {
+      const userPermission = await getUserEntityPermissions(
+        session.user.id,
+        'workspace',
+        workflowRecord.workspaceId
+      )
+      isAuthorized = userPermission === 'write' || userPermission === 'admin'
+    }
+
+    if (!isAuthorized) {
      logger.warn(`[${requestId}] User not authorized to modify this schedule: ${scheduleId}`)
      return NextResponse.json({ error: 'Not authorized to modify this schedule' }, { status: 403 })
    }
--- a/apps/sim/app/api/schedules/route.ts
+++ b/apps/sim/app/api/schedules/route.ts
@@ -121,7 +121,7 @@ export async function GET(req: NextRequest) {
      .limit(1)

    const headers = new Headers()
-    headers.set('Cache-Control', 'max-age=30')
+    headers.set('Cache-Control', 'no-store, max-age=0')

    if (schedule.length === 0) {
      return NextResponse.json({ schedule: null }, { headers })
@@ -301,9 +301,13 @@ export async function POST(req: NextRequest) {
        time: scheduleTime || 'not specified',
      })

-      cronExpression = generateCronExpression(defaultScheduleType, scheduleValues)
+      const sanitizedScheduleValues =
+        defaultScheduleType !== 'custom'
+          ? { ...scheduleValues, cronExpression: null }
+          : scheduleValues
+
+      cronExpression = generateCronExpression(defaultScheduleType, sanitizedScheduleValues)

-      // Always validate the generated cron expression
      if (cronExpression) {
        const validation = validateCronExpression(cronExpression, timezone)
        if (!validation.isValid) {
@@ -318,7 +322,7 @@ export async function POST(req: NextRequest) {
        }
      }

-      nextRunAt = calculateNextRunTime(defaultScheduleType, scheduleValues)
+      nextRunAt = calculateNextRunTime(defaultScheduleType, sanitizedScheduleValues)

      logger.debug(
        `[${requestId}] Generated cron: ${cronExpression}, next run at: ${nextRunAt.toISOString()}`
--- a/apps/sim/lib/schedules/utils.ts
+++ b/apps/sim/lib/schedules/utils.ts
@@ -142,14 +142,6 @@ export function getScheduleTimeValues(starterBlock: BlockState): {

  const cronExpression = getSubBlockValue(starterBlock, 'cronExpression') || null

-  // Validate cron expression if provided
-  if (cronExpression) {
-    const validation = validateCronExpression(cronExpression)
-    if (!validation.isValid) {
-      throw new Error(`Invalid cron expression: ${validation.error}`)
-    }
-  }
-
  return {
    scheduleTime,
    scheduleStartAt,