Skip to content

fix(schedules): restore enabling/disabling of schedules, fix premature cron validation#1807

Merged
waleedlatif1 merged 1 commit intostagingfrom
fix/sched
Nov 4, 2025
Merged

fix(schedules): restore enabling/disabling of schedules, fix premature cron validation#1807
waleedlatif1 merged 1 commit intostagingfrom
fix/sched

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Nov 4, 2025

Summary

  • restore enabling/disabling of schedules
  • fix premature cron validation that was validating all fields irregardless of dropdown options selected, now it only validates fields for that one frequency option specifically

Type of Change

  • Bug fix

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Nov 4, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
docs Skipped Skipped Nov 4, 2025 10:00pm

greptile-apps[bot]
greptile-apps bot reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Overview

Greptile Summary

This PR fixes two critical bugs in the schedules system: restores the ability to enable/disable schedules for workspace members, and fixes premature cron validation that was incorrectly validating fields for all schedule frequencies.

Key Changes:

  • Authorization Fix: Added workspace permission checking in the PUT endpoint (apps/sim/app/api/schedules/[id]/route.ts:120-138) to allow workspace members with write or admin permissions to enable/disable schedules, not just the workflow owner
  • Cron Validation Fix: Removed premature cron validation from getScheduleTimeValues() (apps/sim/lib/schedules/utils.ts:145-153) that was validating the cronExpression field regardless of the selected schedule type (daily, weekly, etc.)
  • Value Sanitization: Added logic to null out cronExpression for non-custom schedule types (apps/sim/app/api/schedules/route.ts:304-307) before generating the cron expression, ensuring only the relevant fields are used
  • Cache Control: Updated Cache-Control header from max-age=30 to no-store, max-age=0 (apps/sim/app/api/schedules/route.ts:124) to prevent stale schedule data from being cached

The authorization fix properly handles workspace-shared workflows, and the cron validation fix ensures users can select schedule frequencies without encountering validation errors for fields they haven't configured.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • All changes are well-targeted bug fixes that address specific issues. The authorization logic correctly checks workspace permissions using the existing getUserEntityPermissions utility, the cron validation removal eliminates premature validation while keeping proper validation at the right point (after cron generation), and the sanitization ensures clean separation between schedule types
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
apps/sim/lib/schedules/utils.ts 5/5 Removed premature cron validation from getScheduleTimeValues that was incorrectly validating all fields regardless of schedule type selection
apps/sim/app/api/schedules/route.ts 5/5 Added schedule value sanitization to null out cronExpression for non-custom schedule types, and changed Cache-Control from max-age=30 to no-store, max-age=0
apps/sim/app/api/schedules/[id]/route.ts 5/5 Enhanced authorization logic by adding workspaceId to query and checking workspace permissions for users who aren't the workflow owner

Sequence Diagram

sequenceDiagram
    participant User
    participant API as PUT /api/schedules/[id]
    participant DB as Database
    participant Auth as getUserEntityPermissions
    
    User->>API: Request to enable/disable schedule
    API->>DB: Query schedule by ID
    DB-->>API: Schedule record
    API->>DB: Query workflow (userId, workspaceId)
    DB-->>API: Workflow record
    
    alt User is workflow owner
        API->>API: isAuthorized = true
    else User is not owner AND workflow has workspaceId
        API->>Auth: Check workspace permissions
        Auth-->>API: Permission level (write/admin/read/null)
        API->>API: isAuthorized = (permission === 'write' || 'admin')
    end
    
    alt Not authorized
        API-->>User: 403 Forbidden
    else Authorized
        API->>DB: Update schedule status
        DB-->>API: Success
        API-->>User: 200 OK with updated schedule
    end
Loading

3 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@waleedlatif1 waleedlatif1 merged commit 670e63c into staging Nov 4, 2025
9 checks passed
@waleedlatif1 waleedlatif1 deleted the fix/sched branch November 4, 2025 22:05
waleedlatif1 added a commit that referenced this pull request Nov 12, 2025
@waleedlatif1
fix(schedules): restore enabling/disabling of schedules, fix prematur…
4243316 
…e cron validation (#1807)
@waleedlatif1 waleedlatif1 mentioned this pull request Nov 12, 2025
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1