fix(permissions): add client-side hints to prevent read-only users from creating workflows or folders

[waleedlatif1]

Summary

• add client-side hints to prevent read-only users from creating workflows or folders
  • we already rejected this on the server-side, but the buttons themselves were not disabled

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Dec 16, 2025 1:02am

[greptile-apps]

Greptile Overview

Greptile Summary

Added client-side UI hints to disable workflow and folder creation buttons for read-only users.

• Imported useUserPermissionsContext to access canEdit permission
• Added || !canEdit to the disabled prop of three buttons: import workflow, create folder, and create workflow
• Change aligns with existing patterns in the codebase where similar permission checks are used (e.g., in workflow-item.tsx, folder-item.tsx, workspace-header.tsx)
• Server-side enforcement already existed; this provides better UX by preventing users from clicking disabled actions

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The change is a simple, well-scoped UI enhancement that adds permission checks to button disabled states. The implementation follows existing patterns in the codebase, uses the established permissions context, and only affects client-side UI feedback without changing any business logic or server-side behavior
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/sidebar.tsx	5/5	Added canEdit permission checks to disable import workflow, create folder, and create workflow buttons for read-only users

Sequence Diagram

sequenceDiagram
    participant User
    participant Sidebar
    participant PermissionsContext
    participant Button

    User->>Sidebar: Renders sidebar
    Sidebar->>PermissionsContext: useUserPermissionsContext()
    PermissionsContext-->>Sidebar: { canEdit }
    
    alt canEdit is false (read-only user)
        Sidebar->>Button: disabled={isImporting || !canEdit}
        Button-->>User: Button appears disabled
        User->>Button: Attempts to click
        Button-->>User: No action (disabled)
    else canEdit is true (user has write access)
        Sidebar->>Button: disabled={isImporting}
        Button-->>User: Button appears enabled
        User->>Button: Clicks button
        Button->>Sidebar: Executes handler (create workflow/folder/import)
        Sidebar-->>User: Action completed
    end

Loading

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}