fix(security): add personal credential ownership check in sharepoint site route; scope markExecutionAsFailed by workflowId

Author: waleedlatif1

apps/sim/app/api/tools/sharepoint/site/route.ts

@@ -70,6 +70,10 @@ export const GET = withRouteHandler(async (request: NextRequest) => {
 
     const accountRow = credentials[0]
 
+    if (!resolved.workspaceId && accountRow.userId !== session.user.id) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
       accountRow.userId,