fix(templates): added option to delete/keep templates when deleting workspace, updated template modal, sidebar code cleanup (#1086)

* feat(templates): added in the ability to keep/remove templates when deleting workspace

* code cleanup in sidebar

* add the ability to edit existing templates

* updated template modal

* fix build

* revert bun.lock

* add template logic to workflow deletion as well

* add ability to delete templates

* add owner/admin enforcemnet to modify or delete templates

Author: waleedlatif1

apps/sim/app/api/templates/[id]/route.ts

@@ -1,9 +1,11 @@
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
+import { hasAdminPermission } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { templates } from '@/db/schema'
+import { templates, workflow } from '@/db/schema'
 
 const logger = createLogger('TemplateByIdAPI')
 
@@ -62,3 +64,153 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }
+
+const updateTemplateSchema = z.object({
+  name: z.string().min(1).max(100),
+  description: z.string().min(1).max(500),
+  author: z.string().min(1).max(100),
+  category: z.string().min(1),
+  icon: z.string().min(1),
+  color: z.string().regex(/^#[0-9A-F]{6}$/i),
+  state: z.any().optional(), // Workflow state
+})
+
+// PUT /api/templates/[id] - Update a template
+export async function PUT(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  const { id } = await params
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized template update attempt for ID: ${id}`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = await request.json()
+    const validationResult = updateTemplateSchema.safeParse(body)
+
+    if (!validationResult.success) {
+      logger.warn(`[${requestId}] Invalid template data for update: ${id}`, validationResult.error)
+      return NextResponse.json(
+        { error: 'Invalid template data', details: validationResult.error.errors },
+        { status: 400 }
+      )
+    }
+
+    const { name, description, author, category, icon, color, state } = validationResult.data
+
+    // Check if template exists
+    const existingTemplate = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
+
+    if (existingTemplate.length === 0) {
+      logger.warn(`[${requestId}] Template not found for update: ${id}`)
+      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
+    }
+
+    // Permission: template owner OR admin of the workflow's workspace (if any)
+    let canUpdate = existingTemplate[0].userId === session.user.id
+
+    if (!canUpdate && existingTemplate[0].workflowId) {
+      const wfRows = await db
+        .select({ workspaceId: workflow.workspaceId })
+        .from(workflow)
+        .where(eq(workflow.id, existingTemplate[0].workflowId))
+        .limit(1)
+
+      const workspaceId = wfRows[0]?.workspaceId as string | null | undefined
+      if (workspaceId) {
+        const hasAdmin = await hasAdminPermission(session.user.id, workspaceId)
+        if (hasAdmin) canUpdate = true
+      }
+    }
+
+    if (!canUpdate) {
+      logger.warn(`[${requestId}] User denied permission to update template ${id}`)
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    // Update the template
+    const updatedTemplate = await db
+      .update(templates)
+      .set({
+        name,
+        description,
+        author,
+        category,
+        icon,
+        color,
+        ...(state && { state }),
+        updatedAt: new Date(),
+      })
+      .where(eq(templates.id, id))
+      .returning()
+
+    logger.info(`[${requestId}] Successfully updated template: ${id}`)
+
+    return NextResponse.json({
+      data: updatedTemplate[0],
+      message: 'Template updated successfully',
+    })
+  } catch (error: any) {
+    logger.error(`[${requestId}] Error updating template: ${id}`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+// DELETE /api/templates/[id] - Delete a template
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  const { id } = await params
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized template delete attempt for ID: ${id}`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    // Fetch template
+    const existing = await db.select().from(templates).where(eq(templates.id, id)).limit(1)
+    if (existing.length === 0) {
+      logger.warn(`[${requestId}] Template not found for delete: ${id}`)
+      return NextResponse.json({ error: 'Template not found' }, { status: 404 })
+    }
+
+    const template = existing[0]
+
+    // Permission: owner or admin of the workflow's workspace (if any)
+    let canDelete = template.userId === session.user.id
+
+    if (!canDelete && template.workflowId) {
+      // Look up workflow to get workspaceId
+      const wfRows = await db
+        .select({ workspaceId: workflow.workspaceId })
+        .from(workflow)
+        .where(eq(workflow.id, template.workflowId))
+        .limit(1)
+
+      const workspaceId = wfRows[0]?.workspaceId as string | null | undefined
+      if (workspaceId) {
+        const hasAdmin = await hasAdminPermission(session.user.id, workspaceId)
+        if (hasAdmin) canDelete = true
+      }
+    }
+
+    if (!canDelete) {
+      logger.warn(`[${requestId}] User denied permission to delete template ${id}`)
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    await db.delete(templates).where(eq(templates.id, id))
+
+    logger.info(`[${requestId}] Deleted template: ${id}`)
+    return NextResponse.json({ success: true })
+  } catch (error: any) {
+    logger.error(`[${requestId}] Error deleting template: ${id}`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/templates/route.ts

@@ -77,6 +77,7 @@ const QueryParamsSchema = z.object({
   limit: z.coerce.number().optional().default(50),
   offset: z.coerce.number().optional().default(0),
   search: z.string().optional(),
+  workflowId: z.string().optional(),
 })
 
 // GET /api/templates - Retrieve templates
@@ -111,6 +112,11 @@ export async function GET(request: NextRequest) {
       )
     }
 
+    // Apply workflow filter if provided (for getting template by workflow)
+    if (params.workflowId) {
+      conditions.push(eq(templates.workflowId, params.workflowId))
+    }
+
     // Combine conditions
     const whereCondition = conditions.length > 0 ? and(...conditions) : undefined
 

apps/sim/app/api/workflows/[id]/route.ts

@@ -8,7 +8,7 @@ import { createLogger } from '@/lib/logs/console/logger'
 import { getUserEntityPermissions, hasAdminPermission } from '@/lib/permissions/utils'
 import { loadWorkflowFromNormalizedTables } from '@/lib/workflows/db-helpers'
 import { db } from '@/db'
-import { apiKey as apiKeyTable, workflow } from '@/db/schema'
+import { apiKey as apiKeyTable, templates, workflow } from '@/db/schema'
 
 const logger = createLogger('WorkflowByIdAPI')
 
@@ -218,6 +218,48 @@ export async function DELETE(
       return NextResponse.json({ error: 'Access denied' }, { status: 403 })
     }
 
+    // Check if workflow has published templates before deletion
+    const { searchParams } = new URL(request.url)
+    const checkTemplates = searchParams.get('check-templates') === 'true'
+    const deleteTemplatesParam = searchParams.get('deleteTemplates')
+
+    if (checkTemplates) {
+      // Return template information for frontend to handle
+      const publishedTemplates = await db
+        .select()
+        .from(templates)
+        .where(eq(templates.workflowId, workflowId))
+
+      return NextResponse.json({
+        hasPublishedTemplates: publishedTemplates.length > 0,
+        count: publishedTemplates.length,
+        publishedTemplates: publishedTemplates.map((t) => ({
+          id: t.id,
+          name: t.name,
+          views: t.views,
+          stars: t.stars,
+        })),
+      })
+    }
+
+    // Handle template deletion based on user choice
+    if (deleteTemplatesParam !== null) {
+      const deleteTemplates = deleteTemplatesParam === 'delete'
+
+      if (deleteTemplates) {
+        // Delete all templates associated with this workflow
+        await db.delete(templates).where(eq(templates.workflowId, workflowId))
+        logger.info(`[${requestId}] Deleted templates for workflow ${workflowId}`)
+      } else {
+        // Orphan the templates (set workflowId to null)
+        await db
+          .update(templates)
+          .set({ workflowId: null })
+          .where(eq(templates.workflowId, workflowId))
+        logger.info(`[${requestId}] Orphaned templates for workflow ${workflowId}`)
+      }
+    }
+
     await db.delete(workflow).where(eq(workflow.id, workflowId))
 
     const elapsed = Date.now() - startTime

apps/sim/app/api/workspaces/[id]/route.ts

@@ -1,4 +1,4 @@
-import { and, eq } from 'drizzle-orm'
+import { and, eq, inArray } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console/logger'
@@ -8,7 +8,7 @@ const logger = createLogger('WorkspaceByIdAPI')
 
 import { getUserEntityPermissions } from '@/lib/permissions/utils'
 import { db } from '@/db'
-import { knowledgeBase, permissions, workspace } from '@/db/schema'
+import { knowledgeBase, permissions, templates, workspace } from '@/db/schema'
 
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params
@@ -19,13 +19,51 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
   }
 
   const workspaceId = id
+  const url = new URL(request.url)
+  const checkTemplates = url.searchParams.get('check-templates') === 'true'
 
   // Check if user has any access to this workspace
   const userPermission = await getUserEntityPermissions(session.user.id, 'workspace', workspaceId)
   if (!userPermission) {
     return NextResponse.json({ error: 'Workspace not found or access denied' }, { status: 404 })
   }
 
+  // If checking for published templates before deletion
+  if (checkTemplates) {
+    try {
+      // Get all workflows in this workspace
+      const workspaceWorkflows = await db
+        .select({ id: workflow.id })
+        .from(workflow)
+        .where(eq(workflow.workspaceId, workspaceId))
+
+      if (workspaceWorkflows.length === 0) {
+        return NextResponse.json({ hasPublishedTemplates: false, publishedTemplates: [] })
+      }
+
+      const workflowIds = workspaceWorkflows.map((w) => w.id)
+
+      // Check for published templates that reference these workflows
+      const publishedTemplates = await db
+        .select({
+          id: templates.id,
+          name: templates.name,
+          workflowId: templates.workflowId,
+        })
+        .from(templates)
+        .where(inArray(templates.workflowId, workflowIds))
+
+      return NextResponse.json({
+        hasPublishedTemplates: publishedTemplates.length > 0,
+        publishedTemplates,
+        count: publishedTemplates.length,
+      })
+    } catch (error) {
+      logger.error(`Error checking published templates for workspace ${workspaceId}:`, error)
+      return NextResponse.json({ error: 'Failed to check published templates' }, { status: 500 })
+    }
+  }
+
   // Get workspace details
   const workspaceDetails = await db
     .select()
@@ -108,6 +146,8 @@ export async function DELETE(
   }
 
   const workspaceId = id
+  const body = await request.json().catch(() => ({}))
+  const { deleteTemplates = false } = body // User's choice: false = keep templates (recommended), true = delete templates
 
   // Check if user has admin permissions to delete workspace
   const userPermission = await getUserEntityPermissions(session.user.id, 'workspace', workspaceId)
@@ -116,10 +156,39 @@ export async function DELETE(
   }
 
   try {
-    logger.info(`Deleting workspace ${workspaceId} for user ${session.user.id}`)
+    logger.info(
+      `Deleting workspace ${workspaceId} for user ${session.user.id}, deleteTemplates: ${deleteTemplates}`
+    )
 
     // Delete workspace and all related data in a transaction
     await db.transaction(async (tx) => {
+      // Get all workflows in this workspace before deletion
+      const workspaceWorkflows = await tx
+        .select({ id: workflow.id })
+        .from(workflow)
+        .where(eq(workflow.workspaceId, workspaceId))
+
+      if (workspaceWorkflows.length > 0) {
+        const workflowIds = workspaceWorkflows.map((w) => w.id)
+
+        // Handle templates based on user choice
+        if (deleteTemplates) {
+          // Delete published templates that reference these workflows
+          await tx.delete(templates).where(inArray(templates.workflowId, workflowIds))
+          logger.info(`Deleted templates for workflows in workspace ${workspaceId}`)
+        } else {
+          // Set workflowId to null for templates to create "orphaned" templates
+          // This allows templates to remain in marketplace but without source workflows
+          await tx
+            .update(templates)
+            .set({ workflowId: null })
+            .where(inArray(templates.workflowId, workflowIds))
+          logger.info(
+            `Updated templates to orphaned status for workflows in workspace ${workspaceId}`
+          )
+        }
+      }
+
       // Delete all workflows in the workspace - database cascade will handle all workflow-related data
       // The database cascade will handle deleting related workflow_blocks, workflow_edges, workflow_subflows,
       // workflow_logs, workflow_execution_snapshots, workflow_execution_logs, workflow_execution_trace_spans,

apps/sim/app/workspace/[workspaceId]/templates/templates.tsx

@@ -29,7 +29,7 @@ export type CategoryValue = (typeof categories)[number]['value']
 // Template data structure
 export interface Template {
   id: string
-  workflowId: string
+  workflowId: string | null
   userId: string
   name: string
   description: string | null