From dfddb60cc5a0b93feec5d8b564304609220ea4f0 Mon Sep 17 00:00:00 2001
From: waleed <walif6@gmail.com>
Date: Thu, 5 Feb 2026 22:58:05 -0800
Subject: [PATCH] fix(skills): consolidate redundant permission checks in POST
 and DELETE

---
 apps/sim/app/api/skills/route.ts | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/apps/sim/app/api/skills/route.ts b/apps/sim/app/api/skills/route.ts
index 074ef98ec..cf0b76c84 100644
--- a/apps/sim/app/api/skills/route.ts
+++ b/apps/sim/app/api/skills/route.ts
@@ -89,14 +89,7 @@ export async function POST(req: NextRequest) {
       }
 
       const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
-      if (!userPermission) {
-        logger.warn(
-          `[${requestId}] User ${userId} does not have access to workspace ${workspaceId}`
-        )
-        return NextResponse.json({ error: 'Access denied' }, { status: 403 })
-      }
-
-      if (userPermission !== 'admin' && userPermission !== 'write') {
+      if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) {
         logger.warn(
           `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}`
         )
@@ -159,12 +152,7 @@ export async function DELETE(request: NextRequest) {
     }
 
     const userPermission = await getUserEntityPermissions(userId, 'workspace', workspaceId)
-    if (!userPermission) {
-      logger.warn(`[${requestId}] User ${userId} does not have access to workspace ${workspaceId}`)
-      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
-    }
-
-    if (userPermission !== 'admin' && userPermission !== 'write') {
+    if (!userPermission || (userPermission !== 'admin' && userPermission !== 'write')) {
       logger.warn(
         `[${requestId}] User ${userId} does not have write permission for workspace ${workspaceId}`
       )