UN-2868 [FIX] Restrict tool modification to workflow owners only

johnyrahul · claude · johnyrahul · commit b0d15a17bcfb · 2025-10-13T17:06:32.000+05:30
Added ownership check to prevent non-owners from modifying workflow tools: - Added isWorkflowOwner() helper function to compare current user ID with workflow creator ID - Disabled "Change Prompt Studio project" button for non-owners - Disabled "Configure Settings" button for non-owners - Handles type differences between user IDs (integer vs string) by converting both to strings This ensures that only workflow owners can change or configure the Prompt Studio projects in shared workflows. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/frontend/src/components/agency/agency/Agency.jsx b/frontend/src/components/agency/agency/Agency.jsx
@@ -390,6 +390,15 @@ function Agency() {
     return tool?.name || toolId;
   };
 
+  // Check if current user is the workflow owner
+  const isWorkflowOwner = () => {
+    if (!details?.created_by || !sessionDetails?.id) {
+      return false;
+    }
+    // Convert both to strings for comparison to handle type differences
+    return String(details.created_by) === String(sessionDetails.id);
+  };
+
   // Initialize selected tool from existing tool instances on page load
   const initializeSelectedTool = () => {
     if (details?.tool_instances?.length > 0) {
@@ -1147,6 +1156,7 @@ function Agency() {
                             type="link"
                             onClick={() => setShowToolSelectionSidebar(true)}
                             size="small"
+                            disabled={!isWorkflowOwner()}
                           >
                             Change Prompt Studio project
                           </Button>
@@ -1164,7 +1174,7 @@ function Agency() {
                     <Button
                       type="primary"
                       onClick={() => setShowSidebar(!showSidebar)}
-                      disabled={!selectedTool}
+                      disabled={!selectedTool || !isWorkflowOwner()}
                     >
                       Configure Settings
                     </Button>
