fix(settings): address pr review — atomic autoAddNewMembers, extract query hook, fix types and signal forwarding

Author: waleedlatif1

apps/sim/app/api/permission-groups/[id]/route.ts

@@ -155,31 +155,34 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
       ? { ...currentConfig, ...updates.config }
       : currentConfig
 
-    // If setting autoAddNewMembers to true, unset it on other groups in the org first
-    if (updates.autoAddNewMembers === true) {
-      await db
-        .update(permissionGroup)
-        .set({ autoAddNewMembers: false, updatedAt: new Date() })
-        .where(
-          and(
-            eq(permissionGroup.organizationId, result.group.organizationId),
-            eq(permissionGroup.autoAddNewMembers, true)
+    const now = new Date()
+
+    await db.transaction(async (tx) => {
+      if (updates.autoAddNewMembers === true) {
+        await tx
+          .update(permissionGroup)
+          .set({ autoAddNewMembers: false, updatedAt: now })
+          .where(
+            and(
+              eq(permissionGroup.organizationId, result.group.organizationId),
+              eq(permissionGroup.autoAddNewMembers, true)
+            )
           )
-        )
-    }
+      }
 
-    await db
-      .update(permissionGroup)
-      .set({
-        ...(updates.name !== undefined && { name: updates.name }),
-        ...(updates.description !== undefined && { description: updates.description }),
-        ...(updates.autoAddNewMembers !== undefined && {
-          autoAddNewMembers: updates.autoAddNewMembers,
-        }),
-        config: newConfig,
-        updatedAt: new Date(),
-      })
-      .where(eq(permissionGroup.id, id))
+      await tx
+        .update(permissionGroup)
+        .set({
+          ...(updates.name !== undefined && { name: updates.name }),
+          ...(updates.description !== undefined && { description: updates.description }),
+          ...(updates.autoAddNewMembers !== undefined && {
+            autoAddNewMembers: updates.autoAddNewMembers,
+          }),
+          config: newConfig,
+          updatedAt: now,
+        })
+        .where(eq(permissionGroup.id, id))
+    })
 
     const [updated] = await db
       .select()

apps/sim/app/api/permission-groups/route.ts

@@ -171,19 +171,6 @@ export async function POST(req: Request) {
       ...config,
     }
 
-    // If autoAddNewMembers is true, unset it on any existing groups first
-    if (autoAddNewMembers) {
-      await db
-        .update(permissionGroup)
-        .set({ autoAddNewMembers: false, updatedAt: new Date() })
-        .where(
-          and(
-            eq(permissionGroup.organizationId, organizationId),
-            eq(permissionGroup.autoAddNewMembers, true)
-          )
-        )
-    }
-
     const now = new Date()
     const newGroup = {
       id: generateId(),
@@ -197,7 +184,20 @@ export async function POST(req: Request) {
       autoAddNewMembers: autoAddNewMembers || false,
     }
 
-    await db.insert(permissionGroup).values(newGroup)
+    await db.transaction(async (tx) => {
+      if (autoAddNewMembers) {
+        await tx
+          .update(permissionGroup)
+          .set({ autoAddNewMembers: false, updatedAt: now })
+          .where(
+            and(
+              eq(permissionGroup.organizationId, organizationId),
+              eq(permissionGroup.autoAddNewMembers, true)
+            )
+          )
+      }
+      await tx.insert(permissionGroup).values(newGroup)
+    })
 
     logger.info('Created permission group', {
       permissionGroupId: newGroup.id,

apps/sim/app/workspace/[workspaceId]/settings/[section]/page.tsx

@@ -1,5 +1,6 @@
 import { dehydrate, HydrationBoundary } from '@tanstack/react-query'
 import type { Metadata } from 'next'
+import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { getQueryClient } from '@/app/_shell/providers/get-query-client'
 import type { SettingsSection } from '@/app/workspace/[workspaceId]/settings/navigation'
 import { prefetchGeneralSettings, prefetchSubscriptionData, prefetchUserProfile } from './prefetch'
@@ -11,6 +12,7 @@ const SECTION_TITLES: Record<string, string> = {
   secrets: 'Secrets',
   'template-profile': 'Template Profile',
   'access-control': 'Access Control',
+  'audit-logs': 'Audit Logs',
   apikeys: 'Sim Keys',
   byok: 'BYOK',
   subscription: 'Subscription',
@@ -46,7 +48,7 @@ export default async function SettingsSectionPage({
 
   void prefetchGeneralSettings(queryClient)
   void prefetchUserProfile(queryClient)
-  void prefetchSubscriptionData(queryClient)
+  if (isBillingEnabled) void prefetchSubscriptionData(queryClient)
 
   return (
     <HydrationBoundary state={dehydrate(queryClient)}>

apps/sim/ee/access-control/components/access-control.tsx

@@ -2,7 +2,6 @@
 
 import { useCallback, useMemo, useState } from 'react'
 import { createLogger } from '@sim/logger'
-import { useQuery } from '@tanstack/react-query'
 import { Plus, Search } from 'lucide-react'
 import {
   Avatar,
@@ -42,17 +41,27 @@ import {
   useRemovePermissionGroupMember,
   useUpdatePermissionGroup,
 } from '@/ee/access-control/hooks/permission-groups'
+import { useBlacklistedProviders } from '@/hooks/queries/allowed-providers'
 import { useOrganization, useOrganizations } from '@/hooks/queries/organization'
 import { useSubscriptionData } from '@/hooks/queries/subscription'
 import { PROVIDER_DEFINITIONS } from '@/providers/models'
 import { getAllProviderIds } from '@/providers/utils'
 
 const logger = createLogger('AccessControl')
 
+interface OrgMember {
+  userId: string
+  user: {
+    name: string | null
+    email: string
+    image?: string | null
+  }
+}
+
 interface AddMembersModalProps {
   open: boolean
   onOpenChange: (open: boolean) => void
-  availableMembers: any[]
+  availableMembers: OrgMember[]
   selectedMemberIds: Set<string>
   setSelectedMemberIds: React.Dispatch<React.SetStateAction<Set<string>>>
   onAddMembers: () => void
@@ -73,7 +82,7 @@ function AddMembersModal({
   const filteredMembers = useMemo(() => {
     if (!searchTerm.trim()) return availableMembers
     const query = searchTerm.toLowerCase()
-    return availableMembers.filter((m: any) => {
+    return availableMembers.filter((m) => {
       const name = m.user?.name || ''
       const email = m.user?.email || ''
       return name.toLowerCase().includes(query) || email.toLowerCase().includes(query)
@@ -82,12 +91,12 @@ function AddMembersModal({
 
   const allFilteredSelected = useMemo(() => {
     if (filteredMembers.length === 0) return false
-    return filteredMembers.every((m: any) => selectedMemberIds.has(m.userId))
+    return filteredMembers.every((m) => selectedMemberIds.has(m.userId))
   }, [filteredMembers, selectedMemberIds])
 
   const handleToggleAll = () => {
     if (allFilteredSelected) {
-      const filteredIds = new Set(filteredMembers.map((m: any) => m.userId))
+      const filteredIds = new Set(filteredMembers.map((m) => m.userId))
       setSelectedMemberIds((prev) => {
         const next = new Set(prev)
         filteredIds.forEach((id) => next.delete(id))
@@ -96,7 +105,7 @@ function AddMembersModal({
     } else {
       setSelectedMemberIds((prev) => {
         const next = new Set(prev)
-        filteredMembers.forEach((m: any) => next.add(m.userId))
+        filteredMembers.forEach((m) => next.add(m.userId))
         return next
       })
     }
@@ -153,7 +162,7 @@ function AddMembersModal({
                   </p>
                 ) : (
                   <div className='flex flex-col'>
-                    {filteredMembers.map((member: any) => {
+                    {filteredMembers.map((member) => {
                       const name = member.user?.name || 'Unknown'
                       const email = member.user?.email || ''
                       const avatarInitial = name.charAt(0).toUpperCase()
@@ -466,16 +475,7 @@ export function AccessControl() {
       return a.name.localeCompare(b.name)
     })
   }, [])
-  const { data: blacklistedProvidersData } = useQuery({
-    queryKey: ['blacklistedProviders'],
-    queryFn: async ({ signal }) => {
-      const res = await fetch('/api/settings/allowed-providers', { signal })
-      if (!res.ok) return { blacklistedProviders: [] as string[] }
-      return res.json() as Promise<{ blacklistedProviders: string[] }>
-    },
-    staleTime: 5 * 60 * 1000,
-    enabled: showConfigModal,
-  })
+  const { data: blacklistedProvidersData } = useBlacklistedProviders({ enabled: showConfigModal })
 
   const allProviderIds = useMemo(() => {
     const allIds = getAllProviderIds()
@@ -733,7 +733,7 @@ export function AccessControl() {
 
   const availableMembersToAdd = useMemo(() => {
     const existingMemberUserIds = new Set(members.map((m) => m.userId))
-    return orgMembers.filter((m: any) => !existingMemberUserIds.has(m.userId))
+    return orgMembers.filter((m) => !existingMemberUserIds.has(m.userId))
   }, [orgMembers, members])
 
   if (isLoading) {

apps/sim/ee/sso/hooks/sso.ts

@@ -14,8 +14,8 @@ export const ssoKeys = {
 /**
  * Fetch SSO providers
  */
-async function fetchSSOProviders() {
-  const response = await fetch('/api/auth/sso/providers')
+async function fetchSSOProviders(signal: AbortSignal) {
+  const response = await fetch('/api/auth/sso/providers', { signal })
   if (!response.ok) {
     throw new Error('Failed to fetch SSO providers')
   }
@@ -32,7 +32,7 @@ interface UseSSOProvidersOptions {
 export function useSSOProviders({ enabled = true }: UseSSOProvidersOptions = {}) {
   return useQuery({
     queryKey: ssoKeys.providers(),
-    queryFn: fetchSSOProviders,
+    queryFn: ({ signal }) => fetchSSOProviders(signal),
     staleTime: 5 * 60 * 1000,
     placeholderData: keepPreviousData,
     enabled,

apps/sim/hooks/queries/allowed-providers.ts

@@ -0,0 +1,35 @@
+'use client'
+
+import { useQuery } from '@tanstack/react-query'
+
+/**
+ * Query key factory for allowed providers queries
+ */
+export const allowedProvidersKeys = {
+  all: ['allowedProviders'] as const,
+  blacklisted: () => [...allowedProvidersKeys.all, 'blacklisted'] as const,
+}
+
+interface BlacklistedProvidersResponse {
+  blacklistedProviders: string[]
+}
+
+async function fetchBlacklistedProviders(
+  signal: AbortSignal
+): Promise<BlacklistedProvidersResponse> {
+  const res = await fetch('/api/settings/allowed-providers', { signal })
+  if (!res.ok) return { blacklistedProviders: [] }
+  return res.json()
+}
+
+/**
+ * Hook to fetch the list of blacklisted provider IDs from the server.
+ */
+export function useBlacklistedProviders({ enabled = true }: { enabled?: boolean } = {}) {
+  return useQuery({
+    queryKey: allowedProvidersKeys.blacklisted(),
+    queryFn: ({ signal }) => fetchBlacklistedProviders(signal),
+    staleTime: 5 * 60 * 1000,
+    enabled,
+  })
+}

apps/sim/providers/utils.ts

@@ -4,7 +4,7 @@ import type { ChatCompletionChunk } from 'openai/resources/chat/completions'
 import type { CompletionUsage } from 'openai/resources/completions'
 import { dollarsToCredits } from '@/lib/billing/credits/conversion'
 import { env } from '@/lib/core/config/env'
-import { isHosted } from '@/lib/core/config/feature-flags'
+import { getBlacklistedProvidersFromEnv, isHosted } from '@/lib/core/config/feature-flags'
 import {
   buildCanonicalIndex,
   type CanonicalGroup,
@@ -281,14 +281,8 @@ export function getProviderModels(providerId: ProviderId): string[] {
   return getProviderModelsFromDefinitions(providerId)
 }
 
-function getBlacklistedProviders(): string[] {
-  if (!env.BLACKLISTED_PROVIDERS) return []
-  return env.BLACKLISTED_PROVIDERS.split(',').map((p) => p.trim().toLowerCase())
-}
-
 export function isProviderBlacklisted(providerId: string): boolean {
-  const blacklist = getBlacklistedProviders()
-  return blacklist.includes(providerId.toLowerCase())
+  return getBlacklistedProvidersFromEnv().includes(providerId.toLowerCase())
 }
 
 /**