Skip to content

Commit ae1abfa

Browse files
committed
fix(access-control): attribute denied tools to all exposing blocks when pruning
A tool id can appear in more than one block's tools.access. The single tool->block map meant pruneDeniedTools (and the per-block denied count) attributed a shared tool to only one block, so disabling that block could drop a denial while the tool was still exposed by another allowed block. Tools now map to all exposing block types; a denial is pruned only when no allowed block exposes the tool, and the per-block count is derived from each block's own tool list.
1 parent b161dd3 commit ae1abfa

1 file changed

Lines changed: 17 additions & 11 deletions

File tree

apps/sim/ee/access-control/components/group-detail.tsx

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -630,12 +630,12 @@ export function GroupDetail({
630630
return allIds.filter((id) => !blacklist.includes(id.toLowerCase()))
631631
}, [blacklistedProvidersData])
632632

633-
/** Maps every tool id to the block type that exposes it (for denied-count grouping). */
634-
const toolToBlockType = useMemo(() => {
635-
const map: Record<string, string> = {}
633+
/** Maps every tool id to ALL block types that expose it (some tools are shared across blocks). */
634+
const toolBlockTypes = useMemo(() => {
635+
const map: Record<string, string[]> = {}
636636
for (const block of allBlocks) {
637637
for (const toolId of block.tools?.access ?? []) {
638-
map[toolId] = block.type
638+
;(map[toolId] ??= []).push(block.type)
639639
}
640640
}
641641
return map
@@ -887,12 +887,14 @@ export function GroupDetail({
887887
if (allowedIntegrations === null) return deniedTools
888888
const allowed = new Set(allowedIntegrations)
889889
const pruned = deniedTools.filter((toolId) => {
890-
const blockType = toolToBlockType[toolId]
891-
return !blockType || allowed.has(blockType)
890+
const blockTypes = toolBlockTypes[toolId]
891+
// Keep the denial while ANY block exposing the tool is still allowed;
892+
// preserve tools we can't attribute to a known block.
893+
return !blockTypes || blockTypes.some((bt) => allowed.has(bt))
892894
})
893895
return pruned.length === deniedTools.length ? deniedTools : pruned
894896
},
895-
[toolToBlockType]
897+
[toolBlockTypes]
896898
)
897899

898900
const toggleIntegration = useCallback(
@@ -973,13 +975,17 @@ export function GroupDetail({
973975
}, [])
974976

975977
const deniedCountByBlock = useMemo(() => {
978+
const denied = new Set(editingConfig.deniedTools)
976979
const counts: Record<string, number> = {}
977-
for (const toolId of editingConfig.deniedTools) {
978-
const blockType = toolToBlockType[toolId]
979-
if (blockType) counts[blockType] = (counts[blockType] ?? 0) + 1
980+
for (const block of allBlocks) {
981+
let count = 0
982+
for (const toolId of block.tools?.access ?? []) {
983+
if (denied.has(toolId)) count++
984+
}
985+
if (count > 0) counts[block.type] = count
980986
}
981987
return counts
982-
}, [editingConfig.deniedTools, toolToBlockType])
988+
}, [editingConfig.deniedTools, allBlocks])
983989

984990
const isProviderAllowed = useCallback(
985991
(providerId: string) =>

0 commit comments

Comments
 (0)