simstudioai
diff --git a/‎apps/sim/app/api/tools/drive/file/route.ts‎
Lines changed: 29 additions & 1 deletion b/‎apps/sim/app/api/tools/drive/file/route.ts‎
Lines changed: 29 additions & 1 deletion
diff --git a/‎apps/sim/app/api/tools/drive/files/route.ts‎
Lines changed: 23 additions & 41 deletions b/‎apps/sim/app/api/tools/drive/files/route.ts‎
Lines changed: 23 additions & 41 deletions
diff --git a/‎apps/sim/app/api/webhooks/route.ts‎
Lines changed: 2 additions & 2 deletions b/‎apps/sim/app/api/webhooks/route.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/channel-selector/channel-selector-input.tsx‎
Lines changed: 4 additions & 9 deletions b/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/channel-selector/channel-selector-input.tsx‎
Lines changed: 4 additions & 9 deletions
diff --git a/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/credential-selector/credential-selector.tsx‎
Lines changed: 0 additions & 12 deletions b/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/credential-selector/credential-selector.tsx‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/document-selector/document-selector.tsx‎
Lines changed: 9 additions & 6 deletions b/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/document-selector/document-selector.tsx‎
Lines changed: 9 additions & 6 deletions
diff --git a/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/file-selector/components/confluence-file-selector.tsx‎
Lines changed: 9 additions & 1 deletion b/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/file-selector/components/confluence-file-selector.tsx‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/file-selector/components/google-drive-picker.tsx‎
Lines changed: 9 additions & 2 deletions b/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/file-selector/components/google-drive-picker.tsx‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/file-selector/components/microsoft-file-selector.tsx‎
Lines changed: 9 additions & 2 deletions b/‎apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/file-selector/components/microsoft-file-selector.tsx‎
Lines changed: 9 additions & 2 deletions
@@ -45,7 +45,7 @@ export async function GET(request: NextRequest) {
     // Fetch the file from Google Drive API
     logger.info(`[${requestId}] Fetching file ${fileId} from Google Drive API`)
     const response = await fetch(
-      `https://www.googleapis.com/drive/v3/files/${fileId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks`,
+      `https://www.googleapis.com/drive/v3/files/${fileId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks,shortcutDetails&supportsAllDrives=true`,
       {
         headers: {
           Authorization: `Bearer ${accessToken}`,
@@ -77,6 +77,34 @@ export async function GET(request: NextRequest) {
       'application/vnd.google-apps.presentation': 'application/pdf', // Google Slides to PDF
     }
 
+    // Resolve shortcuts transparently for UI stability
+    if (
+      file.mimeType === 'application/vnd.google-apps.shortcut' &&
+      file.shortcutDetails?.targetId
+    ) {
+      const targetId = file.shortcutDetails.targetId
+      const shortcutResp = await fetch(
+        `https://www.googleapis.com/drive/v3/files/${targetId}?fields=id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,exportLinks&supportsAllDrives=true`,
+        {
+          headers: { Authorization: `Bearer ${accessToken}` },
+        }
+      )
+      if (shortcutResp.ok) {
+        const targetFile = await shortcutResp.json()
+        file.id = targetFile.id
+        file.name = targetFile.name
+        file.mimeType = targetFile.mimeType
+        file.iconLink = targetFile.iconLink
+        file.webViewLink = targetFile.webViewLink
+        file.thumbnailLink = targetFile.thumbnailLink
+        file.createdTime = targetFile.createdTime
+        file.modifiedTime = targetFile.modifiedTime
+        file.size = targetFile.size
+        file.owners = targetFile.owners
+        file.exportLinks = targetFile.exportLinks
+      }
+    }
+
     // If the file is a Google Docs, Sheets, or Slides file, we need to provide the export link
     if (file.mimeType.startsWith('application/vnd.google-apps.')) {
       const format = exportFormats[file.mimeType] || 'application/pdf'
 
@@ -1,10 +1,8 @@
-import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
+import { authorizeCredentialUse } from '@/lib/auth/credential-access'
 import { createLogger } from '@/lib/logs/console/logger'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
-import { db } from '@/db'
-import { account } from '@/db/schema'
 
 export const dynamic = 'force-dynamic'
 
@@ -32,64 +30,48 @@ export async function GET(request: NextRequest) {
     const credentialId = searchParams.get('credentialId')
     const mimeType = searchParams.get('mimeType')
     const query = searchParams.get('query') || ''
+    const folderId = searchParams.get('folderId') || searchParams.get('parentId') || ''
+    const workflowId = searchParams.get('workflowId') || undefined
 
     if (!credentialId) {
       logger.warn(`[${requestId}] Missing credential ID`)
       return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
     }
 
-    // Get the credential from the database
-    const credentials = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
-
-    if (!credentials.length) {
-      logger.warn(`[${requestId}] Credential not found`, { credentialId })
-      return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
-    }
-
-    const credential = credentials[0]
-
-    // Check if the credential belongs to the user
-    if (credential.userId !== session.user.id) {
-      logger.warn(`[${requestId}] Unauthorized credential access attempt`, {
-        credentialUserId: credential.userId,
-        requestUserId: session.user.id,
-      })
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
+    // Authorize use of the credential (supports collaborator credentials via workflow)
+    const authz = await authorizeCredentialUse(request, { credentialId: credentialId!, workflowId })
+    if (!authz.ok || !authz.credentialOwnerUserId) {
+      logger.warn(`[${requestId}] Unauthorized credential access attempt`, authz)
+      return NextResponse.json({ error: authz.error || 'Unauthorized' }, { status: 403 })
     }
 
     // Refresh access token if needed using the utility function
-    const accessToken = await refreshAccessTokenIfNeeded(credentialId, session.user.id, requestId)
+    const accessToken = await refreshAccessTokenIfNeeded(
+      credentialId!,
+      authz.credentialOwnerUserId,
+      requestId
+    )
 
     if (!accessToken) {
       return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
     }
 
-    // Build the query parameters for Google Drive API
-    let queryParams = 'trashed=false'
-
-    // Add mimeType filter if provided
+    // Build Drive 'q' expression safely
+    const qParts: string[] = ['trashed = false']
+    if (folderId) {
+      qParts.push(`'${folderId.replace(/'/g, "\\'")}' in parents`)
+    }
     if (mimeType) {
-      // For Google Drive API, we need to use 'q' parameter for mimeType filtering
-      // Instead of using the mimeType parameter directly, we'll add it to the query
-      if (queryParams.includes('q=')) {
-        queryParams += ` and mimeType='${mimeType}'`
-      } else {
-        queryParams += `&q=mimeType='${mimeType}'`
-      }
+      qParts.push(`mimeType = '${mimeType.replace(/'/g, "\\'")}'`)
     }
-
-    // Add search query if provided
     if (query) {
-      if (queryParams.includes('q=')) {
-        queryParams += ` and name contains '${query}'`
-      } else {
-        queryParams += `&q=name contains '${query}'`
-      }
+      qParts.push(`name contains '${query.replace(/'/g, "\\'")}'`)
     }
+    const q = encodeURIComponent(qParts.join(' and '))
 
-    // Fetch files from Google Drive API
+    // Fetch files from Google Drive API with shared drives support
     const response = await fetch(
-      `https://www.googleapis.com/drive/v3/files?${queryParams}&fields=files(id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners)`,
+      `https://www.googleapis.com/drive/v3/files?q=${q}&supportsAllDrives=true&includeItemsFromAllDrives=true&spaces=drive&fields=files(id,name,mimeType,iconLink,webViewLink,thumbnailLink,createdTime,modifiedTime,size,owners,parents)`,
       {
         headers: {
           Authorization: `Bearer ${accessToken}`,
 
@@ -329,7 +329,7 @@ export async function POST(request: NextRequest) {
       logger.info(`[${requestId}] Gmail provider detected. Setting up Gmail webhook configuration.`)
       try {
         const { configureGmailPolling } = await import('@/lib/webhooks/utils')
-        // Use workflow owner for OAuth lookups to support collaborator-saved credentials
+        // Pass workflow owner for backward-compat fallback (utils prefers credentialId if present)
         const success = await configureGmailPolling(workflowRecord.userId, savedWebhook, requestId)
 
         if (!success) {
@@ -364,7 +364,7 @@ export async function POST(request: NextRequest) {
       )
       try {
         const { configureOutlookPolling } = await import('@/lib/webhooks/utils')
-        // Use workflow owner for OAuth lookups to support collaborator-saved credentials
+        // Pass workflow owner for backward-compat fallback (utils prefers credentialId if present)
         const success = await configureOutlookPolling(
           workflowRecord.userId,
           savedWebhook,
 
@@ -6,9 +6,9 @@ import {
   type SlackChannelInfo,
   SlackChannelSelector,
 } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/components/channel-selector/components/slack-channel-selector'
+import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/hooks/use-depends-on-gate'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/hooks/use-sub-block-value'
 import type { SubBlockConfig } from '@/blocks/types'
-import { useSubBlockStore } from '@/stores/workflows/subblock/store'
 
 interface ChannelSelectorInputProps {
   blockId: string
@@ -29,8 +29,6 @@ export function ChannelSelectorInput({
   isPreview = false,
   previewValue,
 }: ChannelSelectorInputProps) {
-  const { getValue } = useSubBlockStore()
-
   // Use the proper hook to get the current value and setter (same as file-selector)
   const [storeValue, setStoreValue] = useSubBlockValue(blockId, subBlock.id)
   // Reactive upstream fields
@@ -43,6 +41,8 @@ export function ChannelSelectorInput({
   // Get provider-specific values
   const provider = subBlock.provider || 'slack'
   const isSlack = provider === 'slack'
+  // Central dependsOn gating
+  const { finalDisabled } = useDependsOnGate(blockId, subBlock, { disabled, isPreview })
 
   // Get the credential for the provider - use provided credential or fall back to reactive values
   let credential: string
@@ -89,15 +89,10 @@ export function ChannelSelectorInput({
                 }}
                 credential={credential}
                 label={subBlock.placeholder || 'Select Slack channel'}
-                disabled={disabled || !credential}
+                disabled={finalDisabled}
               />
             </div>
           </TooltipTrigger>
-          {!credential && (
-            <TooltipContent side='top'>
-              <p>Please select a Slack account or enter a bot token first</p>
-            </TooltipContent>
-          )}
         </Tooltip>
       </TooltipProvider>
     )
 
@@ -26,7 +26,6 @@ import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/c
 import type { SubBlockConfig } from '@/blocks/types'
 import { useCollaborativeWorkflow } from '@/hooks/use-collaborative-workflow'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
-import { useSubBlockStore } from '@/stores/workflows/subblock/store'
 
 const logger = createLogger('CredentialSelector')
 
@@ -217,17 +216,6 @@ export function CredentialSelector({
     setSelectedId(credentialId)
     if (!isPreview) {
       setStoreValue(credentialId)
-      // If credential changed, clear other sub-block fields for a clean state
-      if (previousId && previousId !== credentialId) {
-        const wfId = (activeWorkflowId as string) || ''
-        const workflowValues = useSubBlockStore.getState().workflowValues[wfId] || {}
-        const blockValues = workflowValues[blockId] || {}
-        Object.keys(blockValues).forEach((key) => {
-          if (key !== subBlock.id) {
-            collaborativeSetSubblockValue(blockId, key, '')
-          }
-        })
-      }
     }
     setOpen(false)
   }
 
@@ -12,6 +12,7 @@ import {
   CommandList,
 } from '@/components/ui/command'
 import { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover'
+import { useDependsOnGate } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/hooks/use-depends-on-gate'
 import { useSubBlockValue } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/workflow-block/components/sub-block/hooks/use-sub-block-value'
 import type { SubBlockConfig } from '@/blocks/types'
 
@@ -65,6 +66,9 @@ export function DocumentSelector({
   // Use preview value when in preview mode, otherwise use store value
   const value = isPreview ? previewValue : storeValue
 
+  const { finalDisabled } = useDependsOnGate(blockId, subBlock, { disabled, isPreview })
+  const isDisabled = finalDisabled
+
   // Fetch documents for the selected knowledge base
   const fetchDocuments = useCallback(async () => {
     if (!knowledgeBaseId) {
@@ -103,6 +107,7 @@ export function DocumentSelector({
   // Handle dropdown open/close - fetch documents when opening
   const handleOpenChange = (isOpen: boolean) => {
     if (isPreview) return
+    if (isDisabled) return
 
     setOpen(isOpen)
 
@@ -124,13 +129,14 @@ export function DocumentSelector({
 
   // Sync selected document with value prop
   useEffect(() => {
+    if (isDisabled) return
     if (value && documents.length > 0) {
       const docInfo = documents.find((doc) => doc.id === value)
       setSelectedDocument(docInfo || null)
     } else {
       setSelectedDocument(null)
     }
-  }, [value, documents])
+  }, [value, documents, isDisabled])
 
   // Reset documents when knowledge base changes
   useEffect(() => {
@@ -141,10 +147,10 @@ export function DocumentSelector({
 
   // Fetch documents when knowledge base is available
   useEffect(() => {
-    if (knowledgeBaseId && !isPreview) {
+    if (knowledgeBaseId && !isPreview && !isDisabled) {
       fetchDocuments()
     }
-  }, [knowledgeBaseId, isPreview, fetchDocuments])
+  }, [knowledgeBaseId, isPreview, isDisabled, fetchDocuments])
 
   const formatDocumentName = (document: DocumentData) => {
     return document.filename
@@ -166,9 +172,6 @@ export function DocumentSelector({
 
   const label = subBlock.placeholder || 'Select document'
 
-  // Show disabled state if no knowledge base is selected
-  const isDisabled = disabled || isPreview || !knowledgeBaseId
-
   return (
     <div className='w-full'>
       <Popover open={open} onOpenChange={handleOpenChange}>
 
@@ -376,6 +376,14 @@ export function ConfluenceFileSelector({
     }
   }, [value])
 
+  // Clear preview when value is cleared (e.g., collaborator cleared or domain change cascade)
+  useEffect(() => {
+    if (!value) {
+      setSelectedFile(null)
+      onFileInfoChange?.(null)
+    }
+  }, [value, onFileInfoChange])
+
   // Handle file selection
   const handleSelectFile = (file: ConfluenceFileInfo) => {
     setSelectedFileId(file.id)
@@ -547,7 +555,7 @@ export function ConfluenceFileSelector({
         </Popover>
 
         {/* File preview */}
-        {showPreview && selectedFile && (
+        {showPreview && selectedFile && selectedFileId && selectedFile.id === selectedFileId && (
           <div className='relative mt-2 rounded-md border border-muted bg-muted/10 p-2'>
             <div className='absolute top-2 right-2'>
               <Button
 
@@ -414,6 +414,13 @@ export function GoogleDrivePicker({
     return <FileIcon className={`${iconSize} text-muted-foreground`} />
   }
 
+  const canShowPreview = !!(
+    showPreview &&
+    selectedFile &&
+    selectedFileId &&
+    selectedFile.id === selectedFileId
+  )
+
   return (
     <>
       <div className='space-y-2'>
@@ -440,7 +447,7 @@ export function GoogleDrivePicker({
           }}
         >
           <div className='flex min-w-0 items-center gap-2 overflow-hidden'>
-            {selectedFile ? (
+            {canShowPreview ? (
               <>
                 {getFileIcon(selectedFile, 'sm')}
                 <span className='truncate font-normal'>{selectedFile.name}</span>
@@ -460,7 +467,7 @@ export function GoogleDrivePicker({
         </Button>
 
         {/* File preview */}
-        {showPreview && selectedFile && (
+        {canShowPreview && (
           <div className='relative mt-2 rounded-md border border-muted bg-muted/10 p-2'>
             <div className='absolute top-2 right-2'>
               <Button
 
@@ -727,6 +727,13 @@ export function MicrosoftFileSelector({
         })
       : availableFiles
 
+  const canShowPreview = !!(
+    showPreview &&
+    selectedFile &&
+    selectedFileId &&
+    selectedFile.id === selectedFileId
+  )
+
   return (
     <>
       <div className='space-y-2'>
@@ -750,7 +757,7 @@ export function MicrosoftFileSelector({
               }
             >
               <div className='flex min-w-0 items-center gap-2 overflow-hidden'>
-                {selectedFile ? (
+                {canShowPreview ? (
                   <>
                     {getFileIcon(selectedFile, 'sm')}
                     <span className='truncate font-normal'>{selectedFile.name}</span>
@@ -925,7 +932,7 @@ export function MicrosoftFileSelector({
         </Popover>
 
         {/* File preview */}
-        {showPreview && selectedFile && (
+        {canShowPreview && (
           <div className='relative mt-2 rounded-md border border-muted bg-muted/10 p-2'>
             <div className='absolute top-2 right-2'>
               <Button