[field-level permissions] Upsert fieldPermission + use fieldPermission to compute permissions (#13050)

In this PR - introduction of fieldPermission entity - addition of upsertFieldPermission in role resolver - computing of permissions taking fieldPermission into account. In order to limit what is stored in Redis we only store fields restrictions. For instance for objectMetadata with id XXX with a restriction on field with id YYY we store: `"XXX":{"canRead":true,"canUpdate":false,"canSoftDelete":false,"canDestroy":false,"restrictedFields":{"YYY":{"canRead":false,"canUpdate":null}}}` --------- Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
2025-07-09 10:47:59 +02:00
parent 6ba6860e1c
commit 1cb60f943e
49 changed files with 1343 additions and 47 deletions
--- a/packages/twenty-server/test/integration/metadata/suites/agent/agent-tool.service.integration-spec.ts
+++ b/packages/twenty-server/test/integration/metadata/suites/agent/agent-tool.service.integration-spec.ts
@ -47,6 +47,7 @@ describe('AgentToolService Integration', () => {
                canUpdate: true,
                canSoftDelete: true,
                canDestroy: true,
+                restrictedFields: {},
              },
            },
          },
@ -91,6 +92,7 @@ describe('AgentToolService Integration', () => {
                canUpdate: false,
                canSoftDelete: false,
                canDestroy: false,
+                restrictedFields: {},
              },
            },
          },
@ -168,6 +170,7 @@ describe('AgentToolService Integration', () => {
                canUpdate: true,
                canSoftDelete: true,
                canDestroy: false,
+                restrictedFields: {},
              },
            },
          },
@ -767,12 +770,14 @@ describe('AgentToolService Integration', () => {
                canUpdate: true,
                canSoftDelete: false,
                canDestroy: false,
+                restrictedFields: {},
              },
              [secondObjectMetadata.id]: {
                canRead: true,
                canUpdate: false,
                canSoftDelete: true,
                canDestroy: false,
+                restrictedFields: {},
              },
            },
          },
--- a/packages/twenty-server/test/integration/metadata/suites/agent/utils/agent-tool-test-utils.ts
+++ b/packages/twenty-server/test/integration/metadata/suites/agent/utils/agent-tool-test-utils.ts
@ -158,6 +158,7 @@ export const createAgentToolTestModule =
      targetRelationFields: [],
      dataSource: {} as any,
      objectPermissions: [],
+      fieldPermissions: [],
    };

    return {
@ -207,6 +208,7 @@ export const setupBasicPermissions = (context: AgentToolTestContext) => {
            canUpdate: true,
            canSoftDelete: true,
            canDestroy: false,
+            restrictedFields: {},
          },
        },
      },