fix(invitation): allow admins to remove members from workspace

apps/sim/app/api/organizations/[id]/workspaces/route.ts

@@ -3,7 +3,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
 import { db } from '@/db'
-import { member, permissions, user, workspace, workspaceMember } from '@/db/schema'
+import { member, permissions, user, workspace } from '@/db/schema'
 
 const logger = createLogger('OrganizationWorkspacesAPI')
 
@@ -116,10 +116,9 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
           id: workspace.id,
           name: workspace.name,
           ownerId: workspace.ownerId,
-          createdAt: workspace.createdAt,
           isOwner: eq(workspace.ownerId, memberId),
           permissionType: permissions.permissionType,
-          joinedAt: workspaceMember.joinedAt,
+          createdAt: permissions.createdAt,
         })
         .from(workspace)
         .leftJoin(
@@ -130,10 +129,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
             eq(permissions.userId, memberId)
           )
         )
-        .leftJoin(
-          workspaceMember,
-          and(eq(workspaceMember.workspaceId, workspace.id), eq(workspaceMember.userId, memberId))
-        )
         .where(
           or(
             // Member owns the workspace
@@ -148,7 +143,7 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
         name: workspace.name,
         isOwner: workspace.isOwner,
         permission: workspace.permissionType,
-        joinedAt: workspace.joinedAt,
+        joinedAt: workspace.createdAt,
         createdAt: workspace.createdAt,
       }))
 

apps/sim/app/api/organizations/invitations/accept/route.ts

@@ -5,7 +5,7 @@ import { getSession } from '@/lib/auth'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console-logger'
 import { db } from '@/db'
-import { invitation, member, permissions, workspaceInvitation, workspaceMember } from '@/db/schema'
+import { invitation, member, permissions, workspaceInvitation } from '@/db/schema'
 
 const logger = createLogger('OrganizationInvitationAcceptance')
 
@@ -135,18 +135,6 @@ export async function GET(req: NextRequest) {
           wsInvitation.expiresAt &&
           new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
         ) {
-          // Check if user isn't already a member of the workspace
-          const existingWorkspaceMember = await tx
-            .select()
-            .from(workspaceMember)
-            .where(
-              and(
-                eq(workspaceMember.workspaceId, wsInvitation.workspaceId),
-                eq(workspaceMember.userId, session.user.id)
-              )
-            )
-            .limit(1)
-
           // Check if user doesn't already have permissions on the workspace
           const existingPermission = await tx
             .select()
@@ -160,17 +148,7 @@ export async function GET(req: NextRequest) {
             )
             .limit(1)
 
-          if (existingWorkspaceMember.length === 0 && existingPermission.length === 0) {
-            // Add user as workspace member
-            await tx.insert(workspaceMember).values({
-              id: randomUUID(),
-              workspaceId: wsInvitation.workspaceId,
-              userId: session.user.id,
-              role: wsInvitation.role,
-              joinedAt: new Date(),
-              updatedAt: new Date(),
-            })
-
+          if (existingPermission.length === 0) {
             // Add workspace permissions
             await tx.insert(permissions).values({
               id: randomUUID(),
@@ -311,17 +289,6 @@ export async function POST(req: NextRequest) {
           wsInvitation.expiresAt &&
           new Date().toISOString() <= wsInvitation.expiresAt.toISOString()
         ) {
-          const existingWorkspaceMember = await tx
-            .select()
-            .from(workspaceMember)
-            .where(
-              and(
-                eq(workspaceMember.workspaceId, wsInvitation.workspaceId),
-                eq(workspaceMember.userId, session.user.id)
-              )
-            )
-            .limit(1)
-
           const existingPermission = await tx
             .select()
             .from(permissions)
@@ -334,16 +301,7 @@ export async function POST(req: NextRequest) {
             )
             .limit(1)
 
-          if (existingWorkspaceMember.length === 0 && existingPermission.length === 0) {
-            await tx.insert(workspaceMember).values({
-              id: randomUUID(),
-              workspaceId: wsInvitation.workspaceId,
-              userId: session.user.id,
-              role: wsInvitation.role,
-              joinedAt: new Date(),
-              updatedAt: new Date(),
-            })
-
+          if (existingPermission.length === 0) {
             await tx.insert(permissions).values({
               id: randomUUID(),
               userId: session.user.id,

apps/sim/app/api/workspaces/[id]/permissions/route.ts

@@ -1,9 +1,10 @@
+import crypto from 'crypto'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { getUsersWithPermissions, hasWorkspaceAdminAccess } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { permissions, type permissionTypeEnum, workspaceMember } from '@/db/schema'
+import { permissions, type permissionTypeEnum } from '@/db/schema'
 
 type PermissionType = (typeof permissionTypeEnum.enumValues)[number]
 
@@ -33,18 +34,19 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     }
 
     // Verify the current user has access to this workspace
-    const userMembership = await db
+    const userPermission = await db
       .select()
-      .from(workspaceMember)
+      .from(permissions)
       .where(
         and(
-          eq(workspaceMember.workspaceId, workspaceId),
-          eq(workspaceMember.userId, session.user.id)
+          eq(permissions.entityId, workspaceId),
+          eq(permissions.entityType, 'workspace'),
+          eq(permissions.userId, session.user.id)
         )
       )
       .limit(1)
 
-    if (userMembership.length === 0) {
+    if (userPermission.length === 0) {
       return NextResponse.json({ error: 'Workspace not found or access denied' }, { status: 404 })
     }
 

apps/sim/app/api/workspaces/[id]/route.ts

@@ -2,7 +2,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
-import { workflow, workspaceMember } from '@/db/schema'
+import { workflow } from '@/db/schema'
 
 const logger = createLogger('WorkspaceByIdAPI')
 
@@ -126,9 +126,6 @@ export async function DELETE(
       // workflow_schedule, webhook, marketplace, chat, and memory records
       await tx.delete(workflow).where(eq(workflow.workspaceId, workspaceId))
 
-      // Delete workspace members
-      await tx.delete(workspaceMember).where(eq(workspaceMember.workspaceId, workspaceId))
-
       // Delete all permissions associated with this workspace
       await tx
         .delete(permissions)