fix failing tests, update testing

Author: waleedlatif1

apps/sim/socket/constants.ts

@@ -90,3 +90,20 @@ export const UNDO_REDO_OPERATIONS = {
 } as const
 
 export type UndoRedoOperation = (typeof UNDO_REDO_OPERATIONS)[keyof typeof UNDO_REDO_OPERATIONS]
+
+/**
+ * All socket operations that require permission checks.
+ * This is the single source of truth for valid operations.
+ */
+export const ALL_SOCKET_OPERATIONS = [
+  ...Object.values(BLOCK_OPERATIONS),
+  ...Object.values(BLOCKS_OPERATIONS),
+  ...Object.values(EDGE_OPERATIONS),
+  ...Object.values(EDGES_OPERATIONS),
+  ...Object.values(WORKFLOW_OPERATIONS),
+  ...Object.values(SUBBLOCK_OPERATIONS),
+  ...Object.values(VARIABLE_OPERATIONS),
+  ...Object.values(SUBFLOW_OPERATIONS),
+] as const
+
+export type SocketOperation = (typeof ALL_SOCKET_OPERATIONS)[number]

apps/sim/socket/middleware/permissions.ts

@@ -3,52 +3,56 @@ import { workflow } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { eq } from 'drizzle-orm'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
+import {
+  BLOCK_OPERATIONS,
+  BLOCKS_OPERATIONS,
+  EDGE_OPERATIONS,
+  EDGES_OPERATIONS,
+  SUBFLOW_OPERATIONS,
+  WORKFLOW_OPERATIONS,
+} from '@/socket/constants'
 
 const logger = createLogger('SocketPermissions')
 
+// All write operations (admin and write roles have same permissions)
+const WRITE_OPERATIONS: string[] = [
+  // Block operations
+  BLOCK_OPERATIONS.UPDATE_POSITION,
+  BLOCK_OPERATIONS.UPDATE_NAME,
+  BLOCK_OPERATIONS.TOGGLE_ENABLED,
+  BLOCK_OPERATIONS.UPDATE_PARENT,
+  BLOCK_OPERATIONS.UPDATE_ADVANCED_MODE,
+  BLOCK_OPERATIONS.TOGGLE_HANDLES,
+  // Batch block operations
+  BLOCKS_OPERATIONS.BATCH_UPDATE_POSITIONS,
+  BLOCKS_OPERATIONS.BATCH_ADD_BLOCKS,
+  BLOCKS_OPERATIONS.BATCH_REMOVE_BLOCKS,
+  BLOCKS_OPERATIONS.BATCH_TOGGLE_ENABLED,
+  BLOCKS_OPERATIONS.BATCH_TOGGLE_HANDLES,
+  BLOCKS_OPERATIONS.BATCH_UPDATE_PARENT,
+  // Edge operations
+  EDGE_OPERATIONS.ADD,
+  EDGE_OPERATIONS.REMOVE,
+  // Batch edge operations
+  EDGES_OPERATIONS.BATCH_ADD_EDGES,
+  EDGES_OPERATIONS.BATCH_REMOVE_EDGES,
+  // Subflow operations
+  SUBFLOW_OPERATIONS.UPDATE,
+  // Workflow operations
+  WORKFLOW_OPERATIONS.REPLACE_STATE,
+]
+
+// Read role can only update positions (for cursor sync, etc.)
+const READ_OPERATIONS: string[] = [
+  BLOCK_OPERATIONS.UPDATE_POSITION,
+  BLOCKS_OPERATIONS.BATCH_UPDATE_POSITIONS,
+]
+
 // Define operation permissions based on role
 const ROLE_PERMISSIONS: Record<string, string[]> = {
-  admin: [
-    'add',
-    'remove',
-    'update',
-    'update-position',
-    'batch-update-positions',
-    'batch-add-blocks',
-    'batch-remove-blocks',
-    'batch-add-edges',
-    'batch-remove-edges',
-    'batch-toggle-enabled',
-    'batch-toggle-handles',
-    'batch-update-parent',
-    'update-name',
-    'toggle-enabled',
-    'update-parent',
-    'update-advanced-mode',
-    'toggle-handles',
-    'replace-state',
-  ],
-  write: [
-    'add',
-    'remove',
-    'update',
-    'update-position',
-    'batch-update-positions',
-    'batch-add-blocks',
-    'batch-remove-blocks',
-    'batch-add-edges',
-    'batch-remove-edges',
-    'batch-toggle-enabled',
-    'batch-toggle-handles',
-    'batch-update-parent',
-    'update-name',
-    'toggle-enabled',
-    'update-parent',
-    'update-advanced-mode',
-    'toggle-handles',
-    'replace-state',
-  ],
-  read: ['update-position', 'batch-update-positions'],
+  admin: WRITE_OPERATIONS,
+  write: WRITE_OPERATIONS,
+  read: READ_OPERATIONS,
 }
 
 // Check if a role allows a specific operation (no DB query, pure logic)

apps/sim/stores/workflows/workflow/store.ts

@@ -498,10 +498,21 @@ export const useWorkflowStore = create<WorkflowStore>()(
         const currentEdges = get().edges
         const newEdges = [...currentEdges]
         const existingEdgeIds = new Set(currentEdges.map((e) => e.id))
+        // Track existing connections to prevent duplicates (same source->target)
+        const existingConnections = new Set(currentEdges.map((e) => `${e.source}->${e.target}`))
 
         for (const edge of edges) {
+          // Skip if edge ID already exists
           if (existingEdgeIds.has(edge.id)) continue
 
+          // Skip self-referencing edges
+          if (edge.source === edge.target) continue
+
+          // Skip if connection already exists (same source and target)
+          const connectionKey = `${edge.source}->${edge.target}`
+          if (existingConnections.has(connectionKey)) continue
+
+          // Skip if would create a cycle
           if (wouldCreateCycle([...newEdges], edge.source, edge.target)) continue
 
           newEdges.push({
@@ -514,6 +525,7 @@ export const useWorkflowStore = create<WorkflowStore>()(
             data: edge.data || {},
           })
           existingEdgeIds.add(edge.id)
+          existingConnections.add(connectionKey)
         }
 
         const blocks = get().blocks

packages/testing/src/factories/permission.factory.ts

@@ -252,33 +252,65 @@ export function createWorkflowAccessContext(options: {
 }
 
 /**
- * All socket operations that can be performed.
+ * Socket operations
+ */
+const BLOCK_OPERATIONS = {
+  UPDATE_POSITION: 'update-position',
+  UPDATE_NAME: 'update-name',
+  TOGGLE_ENABLED: 'toggle-enabled',
+  UPDATE_PARENT: 'update-parent',
+  UPDATE_ADVANCED_MODE: 'update-advanced-mode',
+  TOGGLE_HANDLES: 'toggle-handles',
+} as const
+
+const BLOCKS_OPERATIONS = {
+  BATCH_UPDATE_POSITIONS: 'batch-update-positions',
+  BATCH_ADD_BLOCKS: 'batch-add-blocks',
+  BATCH_REMOVE_BLOCKS: 'batch-remove-blocks',
+  BATCH_TOGGLE_ENABLED: 'batch-toggle-enabled',
+  BATCH_TOGGLE_HANDLES: 'batch-toggle-handles',
+  BATCH_UPDATE_PARENT: 'batch-update-parent',
+} as const
+
+const EDGE_OPERATIONS = {
+  ADD: 'add',
+  REMOVE: 'remove',
+} as const
+
+const EDGES_OPERATIONS = {
+  BATCH_ADD_EDGES: 'batch-add-edges',
+  BATCH_REMOVE_EDGES: 'batch-remove-edges',
+} as const
+
+const SUBFLOW_OPERATIONS = {
+  UPDATE: 'update',
+} as const
+
+const WORKFLOW_OPERATIONS = {
+  REPLACE_STATE: 'replace-state',
+} as const
+
+/**
+ * All socket operations that require permission checks.
  */
 export const SOCKET_OPERATIONS = [
-  'add',
-  'remove',
-  'batch-add-blocks',
-  'batch-remove-blocks',
-  'update',
-  'update-position',
-  'update-name',
-  'toggle-enabled',
-  'update-parent',
-  'update-advanced-mode',
-  'toggle-handles',
-  'batch-update-positions',
-  'replace-state',
+  ...Object.values(BLOCK_OPERATIONS),
+  ...Object.values(BLOCKS_OPERATIONS),
+  ...Object.values(EDGE_OPERATIONS),
+  ...Object.values(EDGES_OPERATIONS),
+  ...Object.values(SUBFLOW_OPERATIONS),
+  ...Object.values(WORKFLOW_OPERATIONS),
 ] as const
 
 export type SocketOperation = (typeof SOCKET_OPERATIONS)[number]
 
 /**
  * Operations allowed for each role.
  */
-export const ROLE_ALLOWED_OPERATIONS: Record<PermissionType, SocketOperation[]> = {
-  admin: [...SOCKET_OPERATIONS],
-  write: [...SOCKET_OPERATIONS],
-  read: ['update-position', 'batch-update-positions'],
+export const ROLE_ALLOWED_OPERATIONS: Record<PermissionType, readonly SocketOperation[]> = {
+  admin: SOCKET_OPERATIONS,
+  write: SOCKET_OPERATIONS,
+  read: [BLOCK_OPERATIONS.UPDATE_POSITION, BLOCKS_OPERATIONS.BATCH_UPDATE_POSITIONS],
 }
 
 /**