fix(webhook-modal): on copy do not change webhook url, fix auth to use regular perms system

[icecrasher321]

Description

• On copying before saving -- a re-render caused webhook url to be regenerated. This PR fixes that bug.
• Auth checks were just ownership -- didn't check permissions table. Also fixed in this PR.

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Open up webhook modal -- and click on copy url button - should not generate a new URL each time.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added tests that prove my fix is effective or that my feature works
• All tests pass locally and in CI (bun run test)
• My changes generate no new warnings
• Any dependent changes have been merged and published in downstream modules
• I have updated version numbers as needed (if needed)
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Security Considerations:

• My changes do not introduce any new security vulnerabilities
• I have considered the security implications of my changes

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sim	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 28, 2025 11:12pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
docs	⬜️ Skipped (Inspect)			Jul 28, 2025 11:12pm

[greptile-apps]

Greptile Summary

This PR addresses two distinct bugs in the webhook system:

1. Webhook URL Regeneration Bug: The webhook modal was generating new URLs on every re-render, particularly when users clicked the copy button. This was caused by the formattedPath computation being executed directly in the component body, triggering crypto.randomUUID() on each render cycle. The fix uses useMemo to memoize the path computation, ensuring the UUID is only generated once when the component mounts and remains stable across re-renders.

2. Authentication System Enhancement: The webhook API endpoints (/api/webhooks/[id]/route.ts and /api/webhooks/route.ts) were using basic ownership checking that only verified if a user owned a workflow directly. This missed cases where users have workspace-level permissions to access workflows they don't own. The fix integrates the proper permissions system using getUserEntityPermissions to check workspace permissions, allowing users with appropriate workspace access (read for viewing, write/admin for modifications) to manage webhooks.

These changes align the webhook system with the established workspace permission model used throughout the codebase, ensuring consistent access control and fixing the UI bug that was causing user confusion with changing webhook URLs.

Confidence score: 4/5

• This PR safely fixes two well-defined bugs with targeted, minimal changes that don't introduce breaking changes
• The confidence score reflects that while the changes are solid, the authentication changes involve permission logic that should be thoroughly tested in multi-user scenarios
• Files requiring more attention: apps/sim/app/api/webhooks/[id]/route.ts and apps/sim/app/api/webhooks/route.ts for the new permission checking logic

_{3 files reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}