diff --git a/packages/twenty-server/src/engine/workspace-manager/dev-seeder/core/utils/seed-feature-flags.util.ts b/packages/twenty-server/src/engine/workspace-manager/dev-seeder/core/utils/seed-feature-flags.util.ts index 28a6216f1..3f4a4bcbe 100644 --- a/packages/twenty-server/src/engine/workspace-manager/dev-seeder/core/utils/seed-feature-flags.util.ts +++ b/packages/twenty-server/src/engine/workspace-manager/dev-seeder/core/utils/seed-feature-flags.util.ts @@ -45,6 +45,11 @@ export const seedFeatureFlags = async ( workspaceId: workspaceId, value: true, }, + { + key: FeatureFlagKey.IS_PERMISSIONS_V2_ENABLED, + workspaceId: workspaceId, + value: true, + }, ]) .execute(); }; diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-many-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-many-object-records-permissions.integration-spec.ts index 1bf388ba1..4b8c61c38 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-many-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-many-object-records-permissions.integration-spec.ts @@ -2,6 +2,7 @@ import { randomUUID } from 'node:crypto'; import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.constants'; import { createManyOperationFactory } from 'test/integration/graphql/utils/create-many-operation-factory.util'; +import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; @@ -9,160 +10,88 @@ import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors. import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; describe('createManyObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: randomUUID(), - }, - { - id: randomUUID(), - }, - ], - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ createPeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: randomUUID(), + }, + { + id: randomUUID(), + }, + ], }); - it('should create multiple object records when user has permission (admin role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const graphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.createPeople).toBeDefined(); - expect(response.body.data.createPeople).toHaveLength(2); - expect(response.body.data.createPeople[0].id).toBe(personId1); - expect(response.body.data.createPeople[1].id).toBe(personId2); - }); + expect(response.body.data).toStrictEqual({ createPeople: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - // describe('permissions V2 enabled', () => { - // beforeAll(async () => { - // const enablePermissionsQuery = updateFeatureFlagFactory( - // SEED_APPLE_WORKSPACE_ID, - // 'IS_PERMISSIONS_V2_ENABLED', - // true, - // ); + it('should create multiple object records when user has permission (admin role)', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); - // await makeGraphqlAPIRequest(enablePermissionsQuery); - // }); + const graphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, + }, + { + id: personId2, + }, + ], + }); - // afterAll(async () => { - // const disablePermissionsQuery = updateFeatureFlagFactory( - // SEED_APPLE_WORKSPACE_ID, - // 'IS_PERMISSIONS_V2_ENABLED', - // false, - // ); + const response = await makeGraphqlAPIRequest(graphqlOperation); - // await makeGraphqlAPIRequest(disablePermissionsQuery); - // }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.createPeople).toBeDefined(); + expect(response.body.data.createPeople).toHaveLength(2); + expect([ + response.body.data.createPeople[0].id, + response.body.data.createPeople[1].id, + ]).toContain(personId1); + expect([ + response.body.data.createPeople[0].id, + response.body.data.createPeople[1].id, + ]).toContain(personId2); + }); - // it('should throw a permission error when user does not have permission (guest role)', async () => { - // const graphqlOperation = createManyOperationFactory({ - // objectMetadataSingularName: 'person', - // objectMetadataPluralName: 'people', - // gqlFields: PERSON_GQL_FIELDS, - // data: [ - // { - // id: randomUUID(), - // }, - // { - // id: randomUUID(), - // }, - // ], - // }); + it('should create multiple object records when executed by api key', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); - // const response = - // await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); + const graphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, + }, + { + id: personId2, + }, + ], + }); - // expect(response.body.data).toStrictEqual({ createPeople: null }); - // expect(response.body.errors).toBeDefined(); - // expect(response.body.errors[0].message).toBe( - // PermissionsExceptionMessage.PERMISSION_DENIED, - // ); - // expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - // }); + const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); - // it('should create multiple object records when user has permission (admin role)', async () => { - // const personId1 = randomUUID(); - // const personId2 = randomUUID(); - - // const graphqlOperation = createManyOperationFactory({ - // objectMetadataSingularName: 'person', - // objectMetadataPluralName: 'people', - // gqlFields: PERSON_GQL_FIELDS, - // data: [ - // { - // id: personId1, - // }, - // { - // id: personId2, - // }, - // ], - // }); - - // const response = await makeGraphqlAPIRequest(graphqlOperation); - - // expect(response.body.data).toBeDefined(); - // expect(response.body.data.createPeople).toBeDefined(); - // expect(response.body.data.createPeople).toHaveLength(2); - // expect(response.body.data.createPeople[0].id).toBe(personId1); - // expect(response.body.data.createPeople[1].id).toBe(personId2); - // }); - - // it('should create multiple object records when executed by api key', async () => { - // const personId1 = randomUUID(); - // const personId2 = randomUUID(); - - // const graphqlOperation = createManyOperationFactory({ - // objectMetadataSingularName: 'person', - // objectMetadataPluralName: 'people', - // gqlFields: PERSON_GQL_FIELDS, - // data: [ - // { - // id: personId1, - // }, - // { - // id: personId2, - // }, - // ], - // }); - - // const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); - - // expect(response.body.data).toBeDefined(); - // expect(response.body.data.createPeople).toBeDefined(); - // expect(response.body.data.createPeople).toHaveLength(2); - // expect(response.body.data.createPeople[0].id).toBe(personId1); - // expect(response.body.data.createPeople[1].id).toBe(personId2); - // }); - // }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.createPeople).toBeDefined(); + expect(response.body.data.createPeople).toHaveLength(2); + expect(response.body.data.createPeople[0].id).toBe(personId1); + expect(response.body.data.createPeople[1].id).toBe(personId2); + }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-one-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-one-object-records-permissions.integration-spec.ts index 055a88b17..f7a6d0cc6 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-one-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-one-object-records-permissions.integration-spec.ts @@ -5,125 +5,61 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('createOneObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: randomUUID(), - }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ createPerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + data: { + id: randomUUID(), + }, }); - it('should create an object record when user has permission (admin role)', async () => { - const personId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - }, - }); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.createPerson).toBeDefined(); - expect(response.body.data.createPerson.id).toBe(personId); - }); + expect(response.body.data).toStrictEqual({ createPerson: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - describe('permissions V2 enabled', () => { - beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); + it('should create an object record when user has permission (admin role)', async () => { + const personId = randomUUID(); + const graphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + data: { + id: personId, + }, }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + const response = await makeGraphqlAPIRequest(graphqlOperation); - await makeGraphqlAPIRequest(disablePermissionsQuery); + expect(response.body.data).toBeDefined(); + expect(response.body.data.createPerson).toBeDefined(); + expect(response.body.data.createPerson.id).toBe(personId); + }); + + it('should create an object record when executed by api key', async () => { + const personId = randomUUID(); + const graphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + data: { + id: personId, + }, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: randomUUID(), - }, - }); + const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ createPerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should create an object record when user has permission (admin role)', async () => { - const personId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - }, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.createPerson).toBeDefined(); - expect(response.body.data.createPerson.id).toBe(personId); - }); - - it('should create an object record when executed by api key', async () => { - const personId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - }, - }); - - const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.createPerson).toBeDefined(); - expect(response.body.data.createPerson.id).toBe(personId); - }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.createPerson).toBeDefined(); + expect(response.body.data.createPerson.id).toBe(personId); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-many-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-many-object-records-permissions.integration-spec.ts index 936296b5d..ada6dbbdb 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-many-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-many-object-records-permissions.integration-spec.ts @@ -6,202 +6,112 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('deleteManyObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [randomUUID(), randomUUID()], - }, + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = deleteManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [randomUUID(), randomUUID()], }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ deletePeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }, }); - it('should delete multiple object records when user has permission (admin role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - const deleteGraphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, - }, - }); - - const response = await makeGraphqlAPIRequest(deleteGraphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.deletePeople).toBeDefined(); - expect(response.body.data.deletePeople).toHaveLength(2); - expect(response.body.data.deletePeople[0].id).toBe(personId1); - expect(response.body.data.deletePeople[1].id).toBe(personId2); - }); + expect(response.body.data).toStrictEqual({ deletePeople: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - describe('permissions V2 enabled', () => { - beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); + it('should delete multiple object records when user has permission (admin role)', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); - await makeGraphqlAPIRequest(enablePermissionsQuery); - }); - - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); - }); - - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [randomUUID(), randomUUID()], - }, + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ deletePeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should delete multiple object records when user has permission (admin role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); - - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - const deleteGraphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + { + id: personId2, }, - }); - - const response = await makeGraphqlAPIRequest(deleteGraphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.deletePeople).toBeDefined(); - expect(response.body.data.deletePeople).toHaveLength(2); - expect(response.body.data.deletePeople[0].id).toBe(personId1); - expect(response.body.data.deletePeople[1].id).toBe(personId2); + ], }); - it('should delete multiple object records when executed by api key', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); + await makeGraphqlAPIRequest(createGraphqlOperation); - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - const deleteGraphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + const deleteGraphqlOperation = deleteManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], }, - }); - - const response = await makeGraphqlAPIRequestWithApiKey( - deleteGraphqlOperation, - ); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.deletePeople).toBeDefined(); - expect(response.body.data.deletePeople).toHaveLength(2); - expect(response.body.data.deletePeople[0].id).toBe(personId1); - expect(response.body.data.deletePeople[1].id).toBe(personId2); + }, }); + + const response = await makeGraphqlAPIRequest(deleteGraphqlOperation); + + expect(response.body.data).toBeDefined(); + expect(response.body.data.deletePeople).toBeDefined(); + expect(response.body.data.deletePeople).toHaveLength(2); + expect(response.body.data.deletePeople[0].id).toBe(personId1); + expect(response.body.data.deletePeople[1].id).toBe(personId2); + }); + + it('should delete multiple object records when executed by api key', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); + + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, + }, + { + id: personId2, + }, + ], + }); + + await makeGraphqlAPIRequest(createGraphqlOperation); + + const deleteGraphqlOperation = deleteManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], + }, + }, + }); + + const response = await makeGraphqlAPIRequestWithApiKey( + deleteGraphqlOperation, + ); + + expect(response.body.data).toBeDefined(); + expect(response.body.data.deletePeople).toBeDefined(); + expect(response.body.data.deletePeople).toHaveLength(2); + expect(response.body.data.deletePeople[0].id).toBe(personId1); + expect(response.body.data.deletePeople[1].id).toBe(personId2); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-one-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-one-object-records-permissions.integration-spec.ts index e46ff1537..20ef4f388 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-one-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-one-object-records-permissions.integration-spec.ts @@ -6,62 +6,11 @@ import { deleteOneOperationFactory } from 'test/integration/graphql/utils/delete import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('deleteOneObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - const personId = randomUUID(); - - beforeAll(async () => { - const createOnePersonRecordOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - }, - }); - - await makeGraphqlAPIRequest(createOnePersonRecordOperation); - }); - - it('should throw a permission error when user does not have permission (guest role)', async () => { - const personId = randomUUID(); - const graphqlOperation = deleteOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ deletePerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should delete an object record when user has permission (admin role)', async () => { - const deleteGraphqlOperation = deleteOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - }); - - const response = await makeGraphqlAPIRequest(deleteGraphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.deletePerson).toBeDefined(); - expect(response.body.data.deletePerson.id).toBe(personId); - }); - }); - describe('permissions V2 enabled', () => { const personId = randomUUID(); @@ -75,24 +24,6 @@ describe('deleteOneObjectRecordsPermissions', () => { }); await makeGraphqlAPIRequest(createOnePersonRecordOperation); - - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); - }); - - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); }); it('should throw a permission error when user does not have permission (guest role)', async () => { diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-many-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-many-object-records-permissions.integration-spec.ts index ebcf0805c..089b7403d 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-many-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-many-object-records-permissions.integration-spec.ts @@ -5,160 +5,70 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat import { destroyManyOperationFactory } from 'test/integration/graphql/utils/destroy-many-operation-factory.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('destroyManyObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = destroyManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [randomUUID(), randomUUID()], - }, + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = destroyManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [randomUUID(), randomUUID()], }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ destroyPeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }, }); - it('should destroy multiple object records when user has permission (admin role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - const graphqlOperation = destroyManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, - }, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.destroyPeople).toBeDefined(); - expect(response.body.data.destroyPeople).toHaveLength(2); - expect(response.body.data.destroyPeople[0].id).toBe(personId1); - expect(response.body.data.destroyPeople[1].id).toBe(personId2); - }); + expect(response.body.data).toStrictEqual({ destroyPeople: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - describe('permissions V2 enabled', () => { - beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); + it('should destroy multiple object records when user has permission (admin role)', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); - await makeGraphqlAPIRequest(enablePermissionsQuery); - }); - - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); - }); - - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = destroyManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [randomUUID(), randomUUID()], - }, + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ destroyPeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should destroy multiple object records when user has permission (admin role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); - - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - const graphqlOperation = destroyManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + { + id: personId2, }, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.destroyPeople).toBeDefined(); - expect(response.body.data.destroyPeople).toHaveLength(2); - expect(response.body.data.destroyPeople[0].id).toBe(personId1); - expect(response.body.data.destroyPeople[1].id).toBe(personId2); + ], }); + + await makeGraphqlAPIRequest(createGraphqlOperation); + + const graphqlOperation = destroyManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], + }, + }, + }); + + const response = await makeGraphqlAPIRequest(graphqlOperation); + + expect(response.body.data).toBeDefined(); + expect(response.body.data.destroyPeople).toBeDefined(); + expect(response.body.data.destroyPeople).toHaveLength(2); + expect(response.body.data.destroyPeople[0].id).toBe(personId1); + expect(response.body.data.destroyPeople[1].id).toBe(personId2); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-one-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-one-object-records-permissions.integration-spec.ts index a71b1b7bb..06139c959 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-one-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-one-object-records-permissions.integration-spec.ts @@ -5,125 +5,54 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('destroyOneObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - const personId = randomUUID(); + const personId = randomUUID(); - beforeAll(async () => { - const createGraphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - }, - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); + beforeAll(async () => { + const createGraphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + data: { + id: personId, + }, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ destroyPerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should destroy an object record when user has permission (admin role)', async () => { - const graphqlOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.destroyPerson).toBeDefined(); - expect(response.body.data.destroyPerson.id).toBe(personId); - }); + await makeGraphqlAPIRequest(createGraphqlOperation); }); - describe('permissions V2 enabled', () => { + it('should throw a permission error when user does not have permission (guest role)', async () => { const personId = randomUUID(); - - beforeAll(async () => { - const createGraphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - }, - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); + const graphqlOperation = destroyOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + recordId: personId, }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - await makeGraphqlAPIRequest(disablePermissionsQuery); + expect(response.body.data).toStrictEqual({ destroyPerson: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }); + + it('should destroy an object record when user has permission (admin role)', async () => { + const graphqlOperation = destroyOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + recordId: personId, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const personId = randomUUID(); - const graphqlOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - }); + const response = await makeGraphqlAPIRequest(graphqlOperation); - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ destroyPerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should destroy an object record when user has permission (admin role)', async () => { - const graphqlOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.destroyPerson).toBeDefined(); - expect(response.body.data.destroyPerson.id).toBe(personId); - }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.destroyPerson).toBeDefined(); + expect(response.body.data.destroyPerson.id).toBe(personId); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/granular-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/granular-object-records-permissions.integration-spec.ts index 3d12805d9..afc0ad72a 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/granular-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/granular-object-records-permissions.integration-spec.ts @@ -3,13 +3,10 @@ import { createCustomRoleWithObjectPermissions } from 'test/integration/graphql/ import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util'; import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util'; -import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; const client = request(`http://localhost:${APP_PORT}`); @@ -20,15 +17,6 @@ describe('granularObjectRecordsPermissions', () => { let customRoleId: string; beforeAll(async () => { - // Enable Permissions V2 - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); - // Get the original Member role ID for restoration later const getRolesQuery = { query: ` @@ -69,15 +57,6 @@ describe('granularObjectRecordsPermissions', () => { .post('/graphql') .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .send(restoreMemberRoleQuery); - - // Disable Permissions V2 - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); }); afterEach(async () => { diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/permissions-on-relations.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/permissions-on-relations.integration-spec.ts index dc3c2f2a2..278c8f8e3 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/permissions-on-relations.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/permissions-on-relations.integration-spec.ts @@ -6,36 +6,26 @@ import { createCustomRoleWithObjectPermissions } from 'test/integration/graphql/ import { createOneOperationFactory } from 'test/integration/graphql/utils/create-one-operation-factory.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { findManyOperationFactory } from 'test/integration/graphql/utils/find-many-operation-factory.util'; +import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util'; import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; const client = request(`http://localhost:${APP_PORT}`); describe('permissionsOnRelations', () => { - describe('permissions V2 enabled', () => { - let originalMemberRoleId: string; - let customRoleId: string; + let originalMemberRoleId: string; + let customRoleId: string; + const personId = randomUUID(); - beforeAll(async () => { - // Enable Permissions V2 - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); - - // Get the original Member role ID for restoration later - const getRolesQuery = { - query: ` + beforeAll(async () => { + // Get the original Member role ID for restoration later + const getRolesQuery = { + query: ` query GetRoles { getRoles { id @@ -43,51 +33,51 @@ describe('permissionsOnRelations', () => { } } `, - }; + }; - const rolesResponse = await client - .post('/graphql') - .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) - .send(getRolesQuery); + const rolesResponse = await client + .post('/graphql') + .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) + .send(getRolesQuery); - originalMemberRoleId = rolesResponse.body.data.getRoles.find( - (role: any) => role.label === 'Member', - ).id; + originalMemberRoleId = rolesResponse.body.data.getRoles.find( + (role: any) => role.label === 'Member', + ).id; - // Create a person record - const companyId = randomUUID(); - const graphqlOperationForCompanyCreation = createOneOperationFactory({ - objectMetadataSingularName: 'company', - gqlFields: ` + // Create a person record + const companyId = randomUUID(); + const graphqlOperationForCompanyCreation = createOneOperationFactory({ + objectMetadataSingularName: 'company', + gqlFields: ` name `, - data: { - id: companyId, - name: 'Twenty', - }, - }); - - await makeGraphqlAPIRequest(graphqlOperationForCompanyCreation); - - const graphqlOperationForPersonCreation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: randomUUID(), - name: { - firstName: 'Marie', - }, - city: 'Paris', - companyId, - }, - }); - - await makeGraphqlAPIRequest(graphqlOperationForPersonCreation); + data: { + id: companyId, + name: 'Twenty', + }, }); - afterAll(async () => { - const restoreMemberRoleQuery = { - query: ` + await makeGraphqlAPIRequest(graphqlOperationForCompanyCreation); + + const graphqlOperationForPersonCreation = createOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + data: { + id: personId, + name: { + firstName: 'Marie', + }, + city: 'Paris', + companyId, + }, + }); + + await makeGraphqlAPIRequest(graphqlOperationForPersonCreation); + }); + + afterAll(async () => { + const restoreMemberRoleQuery = { + query: ` mutation UpdateWorkspaceMemberRole { updateWorkspaceMemberRole( workspaceMemberId: "${WORKSPACE_MEMBER_DATA_SEED_IDS.JONY}" @@ -97,48 +87,39 @@ describe('permissionsOnRelations', () => { } } `, - }; + }; - await client - .post('/graphql') - .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) - .send(restoreMemberRoleQuery); + await client + .post('/graphql') + .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) + .send(restoreMemberRoleQuery); + }); - // Disable Permissions V2 - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + afterEach(async () => { + await deleteRole(client, customRoleId); + }); - await makeGraphqlAPIRequest(disablePermissionsQuery); + it('should throw permission error when querying person with company relation without company read permission', async () => { + // Create a role with person read permission but no company read permission + const { roleId } = await createCustomRoleWithObjectPermissions({ + label: 'PersonOnlyRole', + canReadPerson: true, + canReadCompany: false, }); - afterEach(async () => { - await deleteRole(client, customRoleId); + customRoleId = roleId; + + await updateWorkspaceMemberRole({ + client, + roleId: customRoleId, + workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, }); - it('should throw permission error when querying person with company relation without company read permission', async () => { - // Create a role with person read permission but no company read permission - const { roleId } = await createCustomRoleWithObjectPermissions({ - label: 'PersonOnlyRole', - canReadPerson: true, - canReadCompany: false, - }); - - customRoleId = roleId; - - await updateWorkspaceMemberRole({ - client, - roleId: customRoleId, - workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, - }); - - // Create GraphQL query that includes company relation - const graphqlOperation = findManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: ` + // Create GraphQL query that includes company relation + const graphqlOperation = findManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: ` id city jobTitle @@ -147,38 +128,38 @@ describe('permissionsOnRelations', () => { name } `, - }); - - const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); - - // The query should fail when trying to access company relation without permission - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - it('should successfully query person with company relation when having both permissions', async () => { - // Create a role with both person and company read permissions - const { roleId } = await createCustomRoleWithObjectPermissions({ - label: 'PersonAndCompanyRole', - canReadPerson: true, - canReadCompany: true, - }); + const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); - customRoleId = roleId; + // The query should fail when trying to access company relation without permission + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }); - await updateWorkspaceMemberRole({ - client, - roleId: customRoleId, - workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, - }); + it('should successfully query person with company relation when having both permissions', async () => { + // Create a role with both person and company read permissions + const { roleId } = await createCustomRoleWithObjectPermissions({ + label: 'PersonAndCompanyRole', + canReadPerson: true, + canReadCompany: true, + }); - // Create GraphQL query that includes company relation - const graphqlOperation = findManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: ` + customRoleId = roleId; + + await updateWorkspaceMemberRole({ + client, + roleId: customRoleId, + workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, + }); + + // Create GraphQL query that includes company relation + const graphqlOperation = findManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: ` id city jobTitle @@ -187,42 +168,41 @@ describe('permissionsOnRelations', () => { name } `, - }); - - const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); - - // The query should succeed - expect(response.body.data).toBeDefined(); - expect(response.body.data.people).toBeDefined(); - const person = response.body.data.people.edges[0].node; - - expect(person.company).toBeDefined(); - expect(response.body.error).toBeUndefined(); }); - it('nested relations - should throw permission error when querying nested opportunity relation without opportunity read permission', async () => { - // Where user has person and company read permissions but not opportunity read permission + const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); - const { roleId } = await createCustomRoleWithObjectPermissions({ - label: 'PersonCompanyOnlyRole', - canReadPerson: true, - canReadCompany: true, - canReadOpportunities: false, - }); + // The query should succeed + expect(response.body.data).toBeDefined(); + expect(response.body.data.people).toBeDefined(); + const person = response.body.data.people.edges[0].node; - customRoleId = roleId; + expect(person.company).toBeDefined(); + expect(response.body.error).toBeUndefined(); + }); - await updateWorkspaceMemberRole({ - client, - roleId: customRoleId, - workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, - }); + it('nested relations - should throw permission error when querying nested opportunity relation without opportunity read permission', async () => { + // Where user has person and company read permissions but not opportunity read permission - // Create a query with nested relations - const graphqlOperation = findManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: ` + const { roleId } = await createCustomRoleWithObjectPermissions({ + label: 'PersonCompanyOnlyRole', + canReadPerson: true, + canReadCompany: true, + canReadOpportunities: false, + }); + + customRoleId = roleId; + + await updateWorkspaceMemberRole({ + client, + roleId: customRoleId, + workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, + }); + + // Create a query with nested relations + const graphqlOperation = findOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: ` id city jobTitle @@ -238,15 +218,19 @@ describe('permissionsOnRelations', () => { } } `, - }); - - const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); - - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + filter: { + id: { + eq: personId, + }, + }, }); + + const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); + + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-many-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-many-object-records-permissions.integration-spec.ts index a6476b0a7..d4cccbcf6 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-many-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-many-object-records-permissions.integration-spec.ts @@ -6,192 +6,87 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { restoreManyOperationFactory } from 'test/integration/graphql/utils/restore-many-operation-factory.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('restoreManyObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); + const personId1 = randomUUID(); + const personId2 = randomUUID(); - beforeAll(async () => { - // Create people - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - // Delete people - const deleteGraphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + beforeAll(async () => { + // Create people + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, }, - }); - - await makeGraphqlAPIRequest(deleteGraphqlOperation); + { + id: personId2, + }, + ], }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = restoreManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + await makeGraphqlAPIRequest(createGraphqlOperation); + + // Delete people + const deleteGraphqlOperation = deleteManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ restorePeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }, }); - it('should restore multiple object records when user has permission (admin role)', async () => { - const graphqlOperation = restoreManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, - }, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.restorePeople).toBeDefined(); - expect(response.body.data.restorePeople).toHaveLength(2); - expect(response.body.data.restorePeople[0].id).toBe(personId1); - expect(response.body.data.restorePeople[1].id).toBe(personId2); - }); + await makeGraphqlAPIRequest(deleteGraphqlOperation); }); - describe('permissions V2 enabled', () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); - - beforeAll(async () => { - // Create people - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); - - // Delete people - const deleteGraphqlOperation = deleteManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = restoreManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], }, - }); - - await makeGraphqlAPIRequest(deleteGraphqlOperation); - - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); + }, }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - await makeGraphqlAPIRequest(disablePermissionsQuery); - }); + expect(response.body.data).toStrictEqual({ restorePeople: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = restoreManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + it('should restore multiple object records when user has permission (admin role)', async () => { + const graphqlOperation = restoreManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ restorePeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }, }); - it('should restore multiple object records when user has permission (admin role)', async () => { - const graphqlOperation = restoreManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, - }, - }); + const response = await makeGraphqlAPIRequest(graphqlOperation); - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.restorePeople).toBeDefined(); - expect(response.body.data.restorePeople).toHaveLength(2); - expect(response.body.data.restorePeople[0].id).toBe(personId1); - expect(response.body.data.restorePeople[1].id).toBe(personId2); - }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.restorePeople).toBeDefined(); + expect(response.body.data.restorePeople).toHaveLength(2); + expect(response.body.data.restorePeople[0].id).toBe(personId1); + expect(response.body.data.restorePeople[1].id).toBe(personId2); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-many-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-many-object-records-permissions.integration-spec.ts index 4716f4ebb..751ae4104 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-many-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-many-object-records-permissions.integration-spec.ts @@ -5,245 +5,144 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { updateManyOperationFactory } from 'test/integration/graphql/utils/update-many-operation-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('updateManyObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { + it('should throw a permission error when user does not have permission (guest role)', async () => { const personId1 = randomUUID(); const personId2 = randomUUID(); - - beforeAll(async () => { - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); - - await makeGraphqlAPIRequest(createGraphqlOperation); + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, + }, + { + id: personId2, + }, + ], }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = updateManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [randomUUID(), randomUUID()], - }, - }, - data: { - jobTitle: 'Architect', - }, - }); + await makeGraphqlAPIRequest(createGraphqlOperation); - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ updatePeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + const updateGraphqlOperation = updateManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], + }, + }, + data: { + jobTitle: 'Senior Developer', + }, }); - it('should update multiple object records when user has permission (admin role)', async () => { - const graphqlOperation = updateManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, - }, - data: { - jobTitle: 'Architect', - }, - }); + const response = await makeGraphqlAPIRequestWithGuestRole( + updateGraphqlOperation, + ); - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.updatePeople).toBeDefined(); - expect(response.body.data.updatePeople).toHaveLength(2); - expect(response.body.data.updatePeople[0].jobTitle).toBe('Architect'); - expect(response.body.data.updatePeople[1].jobTitle).toBe('Architect'); - }); + expect(response.body.data).toStrictEqual({ updatePeople: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - describe('permissions V2 enabled', () => { - beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); + it('should update multiple object records when user has permission (admin role)', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, + }, + { + id: personId2, + }, + ], }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + await makeGraphqlAPIRequest(createGraphqlOperation); - await makeGraphqlAPIRequest(disablePermissionsQuery); + const updateGraphqlOperation = updateManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], + }, + }, + data: { + jobTitle: 'Tech Lead', + }, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); + const response = await makeGraphqlAPIRequest(updateGraphqlOperation); - await makeGraphqlAPIRequest(createGraphqlOperation); + expect(response.body.data).toBeDefined(); + expect(response.body.data.updatePeople).toBeDefined(); + expect(response.body.data.updatePeople).toHaveLength(2); + expect(response.body.data.updatePeople[0].id).toBe(personId1); + expect(response.body.data.updatePeople[1].id).toBe(personId2); + expect(response.body.data.updatePeople[0].jobTitle).toBe('Tech Lead'); + expect(response.body.data.updatePeople[1].jobTitle).toBe('Tech Lead'); + }); - const updateGraphqlOperation = updateManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + it('should update multiple object records when executed by api key', async () => { + const personId1 = randomUUID(); + const personId2 = randomUUID(); + const createGraphqlOperation = createManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + data: [ + { + id: personId1, }, - data: { - jobTitle: 'Senior Developer', + { + id: personId2, }, - }); - - const response = await makeGraphqlAPIRequestWithGuestRole( - updateGraphqlOperation, - ); - - expect(response.body.data).toStrictEqual({ updatePeople: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + ], }); - it('should update multiple object records when user has permission (admin role)', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); + await makeGraphqlAPIRequest(createGraphqlOperation); - await makeGraphqlAPIRequest(createGraphqlOperation); - - const updateGraphqlOperation = updateManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, + const updateGraphqlOperation = updateManyOperationFactory({ + objectMetadataSingularName: 'person', + objectMetadataPluralName: 'people', + gqlFields: PERSON_GQL_FIELDS, + filter: { + id: { + in: [personId1, personId2], }, - data: { - jobTitle: 'Tech Lead', - }, - }); - - const response = await makeGraphqlAPIRequest(updateGraphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.updatePeople).toBeDefined(); - expect(response.body.data.updatePeople).toHaveLength(2); - expect(response.body.data.updatePeople[0].id).toBe(personId1); - expect(response.body.data.updatePeople[1].id).toBe(personId2); - expect(response.body.data.updatePeople[0].jobTitle).toBe('Tech Lead'); - expect(response.body.data.updatePeople[1].jobTitle).toBe('Tech Lead'); + }, + data: { + jobTitle: 'Product Manager', + }, }); - it('should update multiple object records when executed by api key', async () => { - const personId1 = randomUUID(); - const personId2 = randomUUID(); - const createGraphqlOperation = createManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - data: [ - { - id: personId1, - }, - { - id: personId2, - }, - ], - }); + const response = await makeGraphqlAPIRequestWithApiKey( + updateGraphqlOperation, + ); - await makeGraphqlAPIRequest(createGraphqlOperation); - - const updateGraphqlOperation = updateManyOperationFactory({ - objectMetadataSingularName: 'person', - objectMetadataPluralName: 'people', - gqlFields: PERSON_GQL_FIELDS, - filter: { - id: { - in: [personId1, personId2], - }, - }, - data: { - jobTitle: 'Product Manager', - }, - }); - - const response = await makeGraphqlAPIRequestWithApiKey( - updateGraphqlOperation, - ); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.updatePeople).toBeDefined(); - expect(response.body.data.updatePeople).toHaveLength(2); - expect(response.body.data.updatePeople[0].id).toBe(personId1); - expect(response.body.data.updatePeople[1].id).toBe(personId2); - expect(response.body.data.updatePeople[0].jobTitle).toBe( - 'Product Manager', - ); - expect(response.body.data.updatePeople[1].jobTitle).toBe( - 'Product Manager', - ); - }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.updatePeople).toBeDefined(); + expect(response.body.data.updatePeople).toHaveLength(2); + expect(response.body.data.updatePeople[0].id).toBe(personId1); + expect(response.body.data.updatePeople[1].id).toBe(personId2); + expect(response.body.data.updatePeople[0].jobTitle).toBe('Product Manager'); + expect(response.body.data.updatePeople[1].jobTitle).toBe('Product Manager'); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-one-object-records-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-one-object-records-permissions.integration-spec.ts index bc2260cf0..3aa942ac4 100644 --- a/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-one-object-records-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-one-object-records-permissions.integration-spec.ts @@ -6,215 +6,135 @@ import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('updateOneObjectRecordsPermissions', () => { - describe('permissions V2 disabled', () => { - const personId = randomUUID(); + const personId = randomUUID(); + let allPetsViewId: string; - beforeAll(async () => { - const createPersonOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - jobTitle: 'Software Engineer', - }, - }); - - await makeGraphqlAPIRequest(createPersonOperation); + beforeAll(async () => { + const createPersonOperation = createOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + data: { + id: personId, + jobTitle: 'Software Engineer', + }, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - data: { - jobTitle: 'Senior Software Engineer', + await makeGraphqlAPIRequest(createPersonOperation); + + const findAllPetsViewOperation = findOneOperationFactory({ + objectMetadataSingularName: 'view', + gqlFields: 'id', + filter: { + icon: { + eq: 'IconCat', }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ updatePerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }, }); - it('should update an object record when user has permission (admin role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - data: { - jobTitle: 'Senior Software Engineer', - }, - }); + const findAllPetsViewResponse = await makeGraphqlAPIRequest( + findAllPetsViewOperation, + ); - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.updatePerson).toBeDefined(); - expect(response.body.data.updatePerson.id).toBe(personId); - expect(response.body.data.updatePerson.jobTitle).toBe( - 'Senior Software Engineer', - ); - }); + allPetsViewId = findAllPetsViewResponse.body.data.view.id; }); - describe('permissions V2 enabled', () => { - const personId = randomUUID(); - let allPetsViewId: string; - - beforeAll(async () => { - const createPersonOperation = createOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - data: { - id: personId, - jobTitle: 'Software Engineer', - }, - }); - - await makeGraphqlAPIRequest(createPersonOperation); - - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); - - const findAllPetsViewOperation = findOneOperationFactory({ - objectMetadataSingularName: 'view', - gqlFields: 'id', - filter: { - icon: { - eq: 'IconCat', - }, - }, - }); - - const findAllPetsViewResponse = await makeGraphqlAPIRequest( - findAllPetsViewOperation, - ); - - allPetsViewId = findAllPetsViewResponse.body.data.view.id; + afterAll(async () => { + const updateViewOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'view', + gqlFields: 'id', + recordId: allPetsViewId, + data: { + icon: 'IconCat', + }, }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + await makeGraphqlAPIRequest(updateViewOperation); + }); - await makeGraphqlAPIRequest(disablePermissionsQuery); - - const updateViewOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'view', - gqlFields: 'id', - recordId: allPetsViewId, - data: { - icon: 'IconCat', - }, - }); - - await makeGraphqlAPIRequest(updateViewOperation); + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + recordId: personId, + data: { + jobTitle: 'Senior Software Engineer', + }, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - data: { - jobTitle: 'Senior Software Engineer', - }, - }); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); + expect(response.body.data).toStrictEqual({ updatePerson: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }); - expect(response.body.data).toStrictEqual({ updatePerson: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); - }); - - it('should allow to update a system object record even without update permission (guest role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'view', - gqlFields: ` + it('should allow to update a system object record even without update permission (guest role)', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'view', + gqlFields: ` id icon `, - recordId: allPetsViewId, - data: { - icon: 'IconDog', - }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.updateView).toBeDefined(); - expect(response.body.data.updateView.id).toBe(allPetsViewId); - expect(response.body.data.updateView.icon).toBe('IconDog'); + recordId: allPetsViewId, + data: { + icon: 'IconDog', + }, }); - it('should update an object record when user has permission (admin role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - data: { - jobTitle: 'Senior Software Engineer', - }, - }); + const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const response = await makeGraphqlAPIRequest(graphqlOperation); + expect(response.body.data).toBeDefined(); + expect(response.body.data.updateView).toBeDefined(); + expect(response.body.data.updateView.id).toBe(allPetsViewId); + expect(response.body.data.updateView.icon).toBe('IconDog'); + }); - expect(response.body.data).toBeDefined(); - expect(response.body.data.updatePerson).toBeDefined(); - expect(response.body.data.updatePerson.id).toBe(personId); - expect(response.body.data.updatePerson.jobTitle).toBe( - 'Senior Software Engineer', - ); + it('should update an object record when user has permission (admin role)', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + recordId: personId, + data: { + jobTitle: 'Senior Software Engineer', + }, }); - it('should update an object record when executed by api key', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'person', - gqlFields: PERSON_GQL_FIELDS, - recordId: personId, - data: { - jobTitle: 'Senior Software Engineer', - }, - }); + const response = await makeGraphqlAPIRequest(graphqlOperation); - const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); + expect(response.body.data).toBeDefined(); + expect(response.body.data.updatePerson).toBeDefined(); + expect(response.body.data.updatePerson.id).toBe(personId); + expect(response.body.data.updatePerson.jobTitle).toBe( + 'Senior Software Engineer', + ); + }); - expect(response.body.data).toBeDefined(); - expect(response.body.data.updatePerson).toBeDefined(); - expect(response.body.data.updatePerson.id).toBe(personId); - expect(response.body.data.updatePerson.jobTitle).toBe( - 'Senior Software Engineer', - ); + it('should update an object record when executed by api key', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'person', + gqlFields: PERSON_GQL_FIELDS, + recordId: personId, + data: { + jobTitle: 'Senior Software Engineer', + }, }); + + const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); + + expect(response.body.data).toBeDefined(); + expect(response.body.data.updatePerson).toBeDefined(); + expect(response.body.data.updatePerson.id).toBe(personId); + expect(response.body.data.updatePerson.jobTitle).toBe( + 'Senior Software Engineer', + ); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/role/object-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/role/object-permissions.integration-spec.ts index 9754d1a4d..d49f7068f 100644 --- a/packages/twenty-server/test/integration/graphql/suites/role/object-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/role/object-permissions.integration-spec.ts @@ -3,13 +3,11 @@ import { default as request } from 'supertest'; import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { createUpsertObjectPermissionsOperation } from 'test/integration/graphql/utils/upsert-object-permission-operation-factory.util'; import { makeMetadataAPIRequest } from 'test/integration/metadata/suites/utils/make-metadata-api-request.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; const client = request(`http://localhost:${APP_PORT}`); @@ -19,13 +17,6 @@ describe('Object Permissions Validation', () => { let companyObjectId: string; beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); // Get object metadata IDs for Person and Company const getObjectMetadataOperation = { query: gql` @@ -58,16 +49,6 @@ describe('Object Permissions Validation', () => { expect(companyObjectId).toBeDefined(); }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); - }); - describe('cases with role with all rights by default', () => { beforeEach(async () => { // Create a custom role for each test diff --git a/packages/twenty-server/test/integration/graphql/suites/role/role.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/role/role.integration-spec.ts index fa3929cb5..3ec18eef4 100644 --- a/packages/twenty-server/test/integration/graphql/suites/role/role.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/role/role.integration-spec.ts @@ -3,35 +3,13 @@ import { default as request } from 'supertest'; import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; const client = request(`http://localhost:${APP_PORT}`); describe('Role Permissions Validation', () => { - beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); - }); - - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); - }); - describe('validateRoleDoesNotHaveWritingPermissionsWithoutReadingPermissionsOrThrow', () => { describe('createRole - Valid Cases', () => { it('should allow creating role with read=true and any write permissions', async () => { diff --git a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/granular-settings-permissions.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/granular-settings-permissions.integration-spec.ts index 0af829aef..fc7a25594 100644 --- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/granular-settings-permissions.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/granular-settings-permissions.integration-spec.ts @@ -2,8 +2,6 @@ import { print } from 'graphql'; import request from 'supertest'; import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util'; import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util'; -import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util'; import { createOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata-query-factory.util'; import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata-query-factory.util'; @@ -11,7 +9,6 @@ import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/s import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; const client = request(`http://localhost:${APP_PORT}`); @@ -21,15 +18,6 @@ describe('Granular settings permissions', () => { let originalMemberRoleId: string; beforeAll(async () => { - // Enable Permissions V2 - const enablePermissionsV2Query = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsV2Query); - // Get the original Member role ID for restoration later const getRolesQuery = { query: ` @@ -135,15 +123,6 @@ describe('Granular settings permissions', () => { .post('/graphql') .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .send(deleteRoleQuery); - - // Disable Permissions V2 - const disablePermissionsV2Query = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsV2Query); }); describe('Data Model Permissions', () => { diff --git a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts index ca0c3d83a..9b9c97d3c 100644 --- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts @@ -1,14 +1,11 @@ import request from 'supertest'; import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util'; -import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { createOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata.util'; import { deleteOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; const client = request(`http://localhost:${APP_PORT}`); @@ -38,14 +35,6 @@ describe('roles permissions', () => { let guestRoleId: string; beforeAll(async () => { - const enablePermissionsV2Query = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsV2Query); - const query = { query: ` query GetRoles { @@ -73,16 +62,6 @@ describe('roles permissions', () => { ).id; }); - afterAll(async () => { - const disablePermissionsV2Query = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsV2Query); - }); - describe('getRoles', () => { it('should allow admin to query getRoles', async () => { const query = { diff --git a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/security.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/security.integration-spec.ts index 181e56300..dbf62b1ba 100644 --- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/security.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/security.integration-spec.ts @@ -1,11 +1,9 @@ import { gql } from 'graphql-tag'; import request from 'supertest'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; const client = request(`http://localhost:${APP_PORT}`); @@ -35,14 +33,6 @@ describe('Security permissions', () => { }); afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IsPermissionsEnabled', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); - // Restore workspace state const restoreQuery = gql` mutation updateWorkspace { diff --git a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workflows.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workflows.integration-spec.ts index e07afe837..9b8e9b9b1 100644 --- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workflows.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workflows.integration-spec.ts @@ -6,365 +6,187 @@ import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destr import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; describe('workflowsPermissions', () => { describe('createOne workflow', () => { - describe('permissions V2 disabled', () => { - it('should throw a permission error when user does not have permission (guest role)', async () => { - const workflowId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Test Workflow', - }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ createWorkflow: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe( - ErrorCode.FORBIDDEN, - ); + it('should throw a permission error when user does not have permission (guest role)', async () => { + const workflowId = randomUUID(); + const graphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + data: { + id: workflowId, + name: 'Test Workflow V2', + }, }); - it('should create a workflow when user has permission (admin role)', async () => { - const workflowId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Test Workflow Admin', - }, - }); + const response = + await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.createWorkflow).toBeDefined(); - expect(response.body.data.createWorkflow.id).toBe(workflowId); - expect(response.body.data.createWorkflow.name).toBe( - 'Test Workflow Admin', - ); - - // Clean up - delete the created workflow - const destroyWorkflowOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: ` - id - `, - recordId: response.body.data.createWorkflow.id, - }); - - await makeGraphqlAPIRequest(destroyWorkflowOperation); - }); + expect(response.body.data).toStrictEqual({ createWorkflow: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); - describe('permissions V2 enabled', () => { - beforeAll(async () => { - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); + it('should create a workflow when user has permission (admin role)', async () => { + const workflowId = randomUUID(); + const graphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + data: { + id: workflowId, + name: 'Test Workflow Admin', + }, }); - afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); + const response = await makeGraphqlAPIRequest(graphqlOperation); - await makeGraphqlAPIRequest(disablePermissionsQuery); - }); + expect(response.body.data).toBeDefined(); + expect(response.body.data.createWorkflow).toBeDefined(); + expect(response.body.data.createWorkflow.id).toBe(workflowId); + expect(response.body.data.createWorkflow.name).toBe( + 'Test Workflow Admin', + ); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const workflowId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Test Workflow V2', - }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ createWorkflow: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe( - ErrorCode.FORBIDDEN, - ); - }); - - it('should create a workflow when user has permission (admin role)', async () => { - const workflowId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Test Workflow Admin', - }, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.createWorkflow).toBeDefined(); - expect(response.body.data.createWorkflow.id).toBe(workflowId); - expect(response.body.data.createWorkflow.name).toBe( - 'Test Workflow Admin', - ); - - // Clean up - delete the created workflow - const destroyWorkflowOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: ` + // Clean up - delete the created workflow + const destroyWorkflowOperation = destroyOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: ` id `, - recordId: response.body.data.createWorkflow.id, - }); - - await makeGraphqlAPIRequest(destroyWorkflowOperation); + recordId: response.body.data.createWorkflow.id, }); - it('should create a workflow when executed by api key', async () => { - const workflowId = randomUUID(); - const graphqlOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Test Workflow API Key', - }, - }); + await makeGraphqlAPIRequest(destroyWorkflowOperation); + }); - const response = - await makeGraphqlAPIRequestWithApiKey(graphqlOperation); + it('should create a workflow when executed by api key', async () => { + const workflowId = randomUUID(); + const graphqlOperation = createOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + data: { + id: workflowId, + name: 'Test Workflow API Key', + }, + }); - expect(response.body.data).toBeDefined(); - expect(response.body.data.createWorkflow).toBeDefined(); - expect(response.body.data.createWorkflow.id).toBe(workflowId); - expect(response.body.data.createWorkflow.name).toBe( - 'Test Workflow API Key', - ); + const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); - // Clean up - delete the created workflow - const destroyWorkflowOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: ` + expect(response.body.data).toBeDefined(); + expect(response.body.data.createWorkflow).toBeDefined(); + expect(response.body.data.createWorkflow.id).toBe(workflowId); + expect(response.body.data.createWorkflow.name).toBe( + 'Test Workflow API Key', + ); + + // Clean up - delete the created workflow + const destroyWorkflowOperation = destroyOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: ` id `, - recordId: response.body.data.createWorkflow.id, - }); - - await makeGraphqlAPIRequest(destroyWorkflowOperation); + recordId: response.body.data.createWorkflow.id, }); + + await makeGraphqlAPIRequest(destroyWorkflowOperation); }); }); describe('updateOne workflow', () => { - describe('permissions V2 disabled', () => { - const workflowId = randomUUID(); + const workflowId = randomUUID(); - beforeAll(async () => { - const createWorkflowOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Original Workflow Name', - }, - }); - - await makeGraphqlAPIRequest(createWorkflowOperation); + beforeAll(async () => { + const createWorkflowOperation = createOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + data: { + id: workflowId, + name: 'Original Workflow V2', + }, }); - afterAll(async () => { - const destroyWorkflowOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: ` - id - `, - recordId: workflowId, - }); - - await makeGraphqlAPIRequest(destroyWorkflowOperation); - }); - - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - recordId: workflowId, - data: { - name: 'Updated Workflow Name Guest', - }, - }); - - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ updateWorkflow: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe( - ErrorCode.FORBIDDEN, - ); - }); - - it('should update a workflow when user has permission (admin role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - recordId: workflowId, - data: { - name: 'Updated Workflow Name Admin', - }, - }); - - const response = await makeGraphqlAPIRequest(graphqlOperation); - - expect(response.body.data).toBeDefined(); - expect(response.body.data.updateWorkflow).toBeDefined(); - expect(response.body.data.updateWorkflow.id).toBe(workflowId); - expect(response.body.data.updateWorkflow.name).toBe( - 'Updated Workflow Name Admin', - ); - }); + await makeGraphqlAPIRequest(createWorkflowOperation); }); - describe('permissions V2 enabled', () => { - const workflowId = randomUUID(); - - beforeAll(async () => { - const createWorkflowOperation = createOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - data: { - id: workflowId, - name: 'Original Workflow V2', - }, - }); - - await makeGraphqlAPIRequest(createWorkflowOperation); - - const enablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - true, - ); - - await makeGraphqlAPIRequest(enablePermissionsQuery); - }); - - afterAll(async () => { - const destroyWorkflowOperation = destroyOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: ` + afterAll(async () => { + const destroyWorkflowOperation = destroyOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: ` id `, - recordId: workflowId, - }); - - await makeGraphqlAPIRequest(destroyWorkflowOperation); - - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_V2_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); + recordId: workflowId, }); - it('should throw a permission error when user does not have permission (guest role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - recordId: workflowId, - data: { - name: 'Updated Workflow V2 Guest', - }, - }); + await makeGraphqlAPIRequest(destroyWorkflowOperation); + }); - const response = - await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - - expect(response.body.data).toStrictEqual({ updateWorkflow: null }); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toBe( - PermissionsExceptionMessage.PERMISSION_DENIED, - ); - expect(response.body.errors[0].extensions.code).toBe( - ErrorCode.FORBIDDEN, - ); + it('should throw a permission error when user does not have permission (guest role)', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + recordId: workflowId, + data: { + name: 'Updated Workflow V2 Guest', + }, }); - it('should update a workflow when user has permission (admin role)', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - recordId: workflowId, - data: { - name: 'Updated Workflow V2 Admin', - }, - }); + const response = + await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); - const response = await makeGraphqlAPIRequest(graphqlOperation); + expect(response.body.data).toStrictEqual({ updateWorkflow: null }); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toBe( + PermissionsExceptionMessage.PERMISSION_DENIED, + ); + expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); + }); - expect(response.body.data).toBeDefined(); - expect(response.body.data.updateWorkflow).toBeDefined(); - expect(response.body.data.updateWorkflow.id).toBe(workflowId); - expect(response.body.data.updateWorkflow.name).toBe( - 'Updated Workflow V2 Admin', - ); + it('should update a workflow when user has permission (admin role)', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + recordId: workflowId, + data: { + name: 'Updated Workflow V2 Admin', + }, }); - it('should update a workflow when executed by api key', async () => { - const graphqlOperation = updateOneOperationFactory({ - objectMetadataSingularName: 'workflow', - gqlFields: WORKFLOW_GQL_FIELDS, - recordId: workflowId, - data: { - name: 'Updated Workflow API Key', - }, - }); + const response = await makeGraphqlAPIRequest(graphqlOperation); - const response = - await makeGraphqlAPIRequestWithApiKey(graphqlOperation); + expect(response.body.data).toBeDefined(); + expect(response.body.data.updateWorkflow).toBeDefined(); + expect(response.body.data.updateWorkflow.id).toBe(workflowId); + expect(response.body.data.updateWorkflow.name).toBe( + 'Updated Workflow V2 Admin', + ); + }); - expect(response.body.data).toBeDefined(); - expect(response.body.data.updateWorkflow).toBeDefined(); - expect(response.body.data.updateWorkflow.id).toBe(workflowId); - expect(response.body.data.updateWorkflow.name).toBe( - 'Updated Workflow API Key', - ); + it('should update a workflow when executed by api key', async () => { + const graphqlOperation = updateOneOperationFactory({ + objectMetadataSingularName: 'workflow', + gqlFields: WORKFLOW_GQL_FIELDS, + recordId: workflowId, + data: { + name: 'Updated Workflow API Key', + }, }); + + const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); + + expect(response.body.data).toBeDefined(); + expect(response.body.data.updateWorkflow).toBeDefined(); + expect(response.body.data.updateWorkflow.id).toBe(workflowId); + expect(response.body.data.updateWorkflow.name).toBe( + 'Updated Workflow API Key', + ); }); }); }); diff --git a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace.integration-spec.ts index 97b686e7e..bafe8d09b 100644 --- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace.integration-spec.ts +++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace.integration-spec.ts @@ -1,12 +1,10 @@ import gql from 'graphql-tag'; import request from 'supertest'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; -import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { BillingPlanKey } from 'src/engine/core-modules/billing/enums/billing-plan-key.enum'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; -import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util'; const client = request(`http://localhost:${APP_PORT}`); @@ -35,14 +33,6 @@ describe('workspace permissions', () => { }); afterAll(async () => { - const disablePermissionsQuery = updateFeatureFlagFactory( - SEED_APPLE_WORKSPACE_ID, - 'IS_PERMISSIONS_ENABLED', - false, - ); - - await makeGraphqlAPIRequest(disablePermissionsQuery); - // Restore workspace state const restoreQuery = gql` mutation updateWorkspace { diff --git a/packages/twenty-server/test/integration/graphql/utils/create-custom-role-with-object-permissions.util.ts b/packages/twenty-server/test/integration/graphql/utils/create-custom-role-with-object-permissions.util.ts index 55abd71f3..f49d4bbfb 100644 --- a/packages/twenty-server/test/integration/graphql/utils/create-custom-role-with-object-permissions.util.ts +++ b/packages/twenty-server/test/integration/graphql/utils/create-custom-role-with-object-permissions.util.ts @@ -29,6 +29,9 @@ export const createCustomRoleWithObjectPermissions = async (options: { }; const response = await makeGraphqlAPIRequest(createRoleOperation); + + expect(response.body.errors).toBeUndefined(); + expect(response.body.data.createOneRole).toBeDefined(); const roleId = response.body.data.createOneRole.id; // Get object metadata IDs for Person and Company