fix(sidebar): pass showDelete to hide delete menu for non-admin members

[minijeong-log]

Summary

Fixes #4695

Write/Read workspace members see the Delete option in the workflow/folder context menu, but the DELETE API enforces action: 'admin', so it always fails with 403. The ContextMenu component already has a showDelete prop with conditional rendering, but workflow-item and folder-item never pass it, leaving it at the default true.

This PR passes showDelete={userPermissions.canAdmin} from both components so non-admin users no longer see the Delete menu. disableDelete is simplified to only check canDeleteSelection and effectiveLocked, since permission gating is now handled by showDelete.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation

Testing

• Verified with admin, write, and read permission levels by directly modifying the permissions table
  • Admin: Delete menu visible, deletion works
  • Write: Delete menu hidden
  • Read: Delete menu hidden
  • Admin (last workflow): Delete menu visible but disabled

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• Existing tests pass locally
• I agree to the terms of the contributor license agreement

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		May 21, 2026 10:07am

[cursor]

PR Summary

Low Risk
Low risk UI permission-gating change that only affects whether the Delete menu item is shown/enabled in the sidebar context menu.

Overview
Fixes sidebar workflow/folder context menus to hide the Delete action for non-admin users by wiring showDelete={userPermissions.canAdmin} from both workflow-item and folder-item into ContextMenu.

Simplifies disableDelete in those callers to only consider selection/lock constraints (since permission gating is now handled via showDelete), preventing non-admins from seeing an action that would 403 server-side.

^{Reviewed by Cursor Bugbot for commit b7f6407. Bugbot is set up for automated code reviews on this repo. Configure here.}

[greptile-apps]

Greptile Summary

This PR fixes a UX bug where non-admin workspace members (write/read) could see a Delete option in the workflow and folder context menus, even though the underlying DELETE API enforces an admin permission check and would always return 403 for them. The fix passes showDelete={userPermissions.canAdmin} from both workflow-item and folder-item, leveraging the existing conditional-rendering prop in ContextMenu that was simply never wired up.

• Both workflow-item.tsx and folder-item.tsx now pass showDelete={userPermissions.canAdmin} so the Delete menu item is hidden entirely for non-admin users.
• The disableDelete expression in both files drops the !userPermissions.canEdit guard since that check is now superseded by the showDelete gate; the remaining checks (!canDeleteSelection, effectiveLocked) continue to handle the "last workflow" and locked-item disabled states for admins.

Confidence Score: 5/5

Minimal, targeted change that wires an existing visibility prop to hide a menu item for non-admin users; no logic paths are added or removed beyond what is necessary.

Both files make the same two-line surgical change. The ContextMenu component already handles showDelete=false correctly — the item is not rendered and the surrounding separator is suppressed via (showLeave || showDelete). Dropping !userPermissions.canEdit from disableDelete is safe because canAdmin implies canEdit in this permission model, and canDeleteSelection/effectiveLocked still gate the disabled state for admins who need it.

No files require special attention; both changed files make identical, self-contained prop additions.

Important Files Changed

Filename	Overview
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/workflow-item.tsx	Adds showDelete={userPermissions.canAdmin} and removes the !userPermissions.canEdit guard from disableDelete; correct because admins always have edit access and the showDelete prop gates visibility for non-admins.
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/folder-item/folder-item.tsx	Same two-line change as workflow-item: showDelete={userPermissions.canAdmin} added and the !userPermissions.canEdit removed from disableDelete; mirrors the workflow fix correctly.

Sequence Diagram

sequenceDiagram
    participant U as User (non-admin)
    participant WI as WorkflowItem / FolderItem
    participant CM as ContextMenu
    participant API as DELETE API

    U->>WI: Right-click (context menu)
    WI->>CM: "showDelete={canAdmin=false}"
    CM-->>U: Delete item hidden (not rendered)
    Note over U,API: No 403 error ever reached

    participant A as Admin User
    A->>WI: Right-click (context menu)
    WI->>CM: "showDelete={canAdmin=true}, disableDelete={locked||!canDelete}"
    CM-->>A: Delete item visible (enabled or disabled)
    A->>API: DELETE /workflow/:id
    API-->>A: 200 OK

Loading

_{Reviews (1): Last reviewed commit: "fix(sidebar): pass showDelete to hide de..." | Re-trigger Greptile}