[permissions] Add workspace + security settings permission gates (#10204)

In this PR - closing https://github.com/twentyhq/core-team-issues/issues/313 - adding permission gates on workspace settings and security settings - adding integration tests for each of the protected setting and security
2025-02-14 17:32:42 +01:00
parent db526778e3
commit 12cc61e096
84 changed files with 857 additions and 155 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/permissions/constants/member-role-label.constants.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/permissions/constants/member-role-label.constants.ts
@ -0,0 +1 @@
+export const MEMBER_ROLE_LABEL = 'Member';
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.service.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.service.ts
@ -3,6 +3,7 @@ import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';

 import { ADMIN_ROLE_LABEL } from 'src/engine/metadata-modules/permissions/constants/admin-role-label.constants';
+import { MEMBER_ROLE_LABEL } from 'src/engine/metadata-modules/permissions/constants/member-role-label.constants';
 import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';

 export class RoleService {
@ -33,4 +34,18 @@ export class RoleService {
      workspaceId,
    });
  }
+
+  public async createMemberRole({
+    workspaceId,
+  }: {
+    workspaceId: string;
+  }): Promise<RoleEntity> {
+    return this.roleRepository.save({
+      label: MEMBER_ROLE_LABEL,
+      description: 'Member role',
+      canUpdateAllSettings: false,
+      isEditable: false,
+      workspaceId,
+    });
+  }
 }