admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Enable permissionsV2 in seeds (#12623)

Browse Source 
In this PR

- enable permissions V2 in seeds 
- remove permission V2 toggle in tests
This commit is contained in:
Marie
2025-06-17 11:56:11 +02:00
committed by GitHub
parent 54090a0340
commit 2877b28afb
20 changed files with 826 additions and 1877 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/twenty-server/src/engine/workspace-manager/dev-seeder/core/utils/seed-feature-flags.util.ts
View File

@ -45,6 +45,11 @@ export const seedFeatureFlags = async (
workspaceId: workspaceId, workspaceId: workspaceId,
value: true, value: true,
}, },
{
key: FeatureFlagKey.IS_PERMISSIONS_V2_ENABLED,
workspaceId: workspaceId,
value: true,
},
]) ])
.execute(); .execute();
}; };

217
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-many-object-records-permissions.integration-spec.ts
View File

@ -2,6 +2,7 @@ import { randomUUID } from 'node:crypto';
import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.constants'; import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.constants';
import { createManyOperationFactory } from 'test/integration/graphql/utils/create-many-operation-factory.util'; import { createManyOperationFactory } from 'test/integration/graphql/utils/create-many-operation-factory.util';
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
@ -9,160 +10,88 @@ import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
describe('createManyObjectRecordsPermissions', () => { describe('createManyObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
it('should throw a permission error when user does not have permission (guest role)', async () => { const graphqlOperation = createManyOperationFactory({
const graphqlOperation = createManyOperationFactory({ objectMetadataSingularName: 'person',
objectMetadataSingularName: 'person', objectMetadataPluralName: 'people',
objectMetadataPluralName: 'people', gqlFields: PERSON_GQL_FIELDS,
gqlFields: PERSON_GQL_FIELDS, data: [
data: [ {
{ id: randomUUID(),
id: randomUUID(), },
}, {
{ id: randomUUID(),
id: randomUUID(), },
}, ],
],
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ createPeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should create multiple object records when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const personId1 = randomUUID();
const personId2 = randomUUID();
const graphqlOperation = createManyOperationFactory({ expect(response.body.data).toStrictEqual({ createPeople: null });
objectMetadataSingularName: 'person', expect(response.body.errors).toBeDefined();
objectMetadataPluralName: 'people', expect(response.body.errors[0].message).toBe(
gqlFields: PERSON_GQL_FIELDS, PermissionsExceptionMessage.PERMISSION_DENIED,
data: [ );
{ expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
id: personId1,
},
{
id: personId2,
},
],
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.createPeople).toBeDefined();
expect(response.body.data.createPeople).toHaveLength(2);
expect(response.body.data.createPeople[0].id).toBe(personId1);
expect(response.body.data.createPeople[1].id).toBe(personId2);
});
}); });
// describe('permissions V2 enabled', () => { it('should create multiple object records when user has permission (admin role)', async () => {
// beforeAll(async () => { const personId1 = randomUUID();
// const enablePermissionsQuery = updateFeatureFlagFactory( const personId2 = randomUUID();
// SEED_APPLE_WORKSPACE_ID,
// 'IS_PERMISSIONS_V2_ENABLED',
// true,
// );
// await makeGraphqlAPIRequest(enablePermissionsQuery); const graphqlOperation = createManyOperationFactory({
// }); objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
// afterAll(async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
// const disablePermissionsQuery = updateFeatureFlagFactory(
// SEED_APPLE_WORKSPACE_ID,
// 'IS_PERMISSIONS_V2_ENABLED',
// false,
// );
// await makeGraphqlAPIRequest(disablePermissionsQuery); expect(response.body.data).toBeDefined();
// }); expect(response.body.data.createPeople).toBeDefined();
expect(response.body.data.createPeople).toHaveLength(2);
expect([
response.body.data.createPeople[0].id,
response.body.data.createPeople[1].id,
]).toContain(personId1);
expect([
response.body.data.createPeople[0].id,
response.body.data.createPeople[1].id,
]).toContain(personId2);
});
// it('should throw a permission error when user does not have permission (guest role)', async () => { it('should create multiple object records when executed by api key', async () => {
// const graphqlOperation = createManyOperationFactory({ const personId1 = randomUUID();
// objectMetadataSingularName: 'person', const personId2 = randomUUID();
// objectMetadataPluralName: 'people',
// gqlFields: PERSON_GQL_FIELDS,
// data: [
// {
// id: randomUUID(),
// },
// {
// id: randomUUID(),
// },
// ],
// });
// const response = const graphqlOperation = createManyOperationFactory({
// await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
// expect(response.body.data).toStrictEqual({ createPeople: null }); const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
// expect(response.body.errors).toBeDefined();
// expect(response.body.errors[0].message).toBe(
// PermissionsExceptionMessage.PERMISSION_DENIED,
// );
// expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
// });
// it('should create multiple object records when user has permission (admin role)', async () => { expect(response.body.data).toBeDefined();
// const personId1 = randomUUID(); expect(response.body.data.createPeople).toBeDefined();
// const personId2 = randomUUID(); expect(response.body.data.createPeople).toHaveLength(2);
expect(response.body.data.createPeople[0].id).toBe(personId1);
// const graphqlOperation = createManyOperationFactory({ expect(response.body.data.createPeople[1].id).toBe(personId2);
// objectMetadataSingularName: 'person', });
// objectMetadataPluralName: 'people',
// gqlFields: PERSON_GQL_FIELDS,
// data: [
// {
// id: personId1,
// },
// {
// id: personId2,
// },
// ],
// });
// const response = await makeGraphqlAPIRequest(graphqlOperation);
// expect(response.body.data).toBeDefined();
// expect(response.body.data.createPeople).toBeDefined();
// expect(response.body.data.createPeople).toHaveLength(2);
// expect(response.body.data.createPeople[0].id).toBe(personId1);
// expect(response.body.data.createPeople[1].id).toBe(personId2);
// });
// it('should create multiple object records when executed by api key', async () => {
// const personId1 = randomUUID();
// const personId2 = randomUUID();
// const graphqlOperation = createManyOperationFactory({
// objectMetadataSingularName: 'person',
// objectMetadataPluralName: 'people',
// gqlFields: PERSON_GQL_FIELDS,
// data: [
// {
// id: personId1,
// },
// {
// id: personId2,
// },
// ],
// });
// const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
// expect(response.body.data).toBeDefined();
// expect(response.body.data.createPeople).toBeDefined();
// expect(response.body.data.createPeople).toHaveLength(2);
// expect(response.body.data.createPeople[0].id).toBe(personId1);
// expect(response.body.data.createPeople[1].id).toBe(personId2);
// });
// });
}); });

144
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-one-object-records-permissions.integration-spec.ts
View File

@ -5,125 +5,61 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('createOneObjectRecordsPermissions', () => { describe('createOneObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
it('should throw a permission error when user does not have permission (guest role)', async () => { const graphqlOperation = createOneOperationFactory({
const graphqlOperation = createOneOperationFactory({ objectMetadataSingularName: 'person',
objectMetadataSingularName: 'person', gqlFields: PERSON_GQL_FIELDS,
gqlFields: PERSON_GQL_FIELDS, data: {
data: { id: randomUUID(),
id: randomUUID(), },
},
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ createPerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should create an object record when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const personId = randomUUID();
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); expect(response.body.data).toStrictEqual({ createPerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.data).toBeDefined(); expect(response.body.errors[0].message).toBe(
expect(response.body.data.createPerson).toBeDefined(); PermissionsExceptionMessage.PERMISSION_DENIED,
expect(response.body.data.createPerson.id).toBe(personId); );
}); expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
describe('permissions V2 enabled', () => { it('should create an object record when user has permission (admin role)', async () => {
beforeAll(async () => { const personId = randomUUID();
const enablePermissionsQuery = updateFeatureFlagFactory( const graphqlOperation = createOneOperationFactory({
SEED_APPLE_WORKSPACE_ID, objectMetadataSingularName: 'person',
'IS_PERMISSIONS_V2_ENABLED', gqlFields: PERSON_GQL_FIELDS,
true, data: {
); id: personId,
},
await makeGraphqlAPIRequest(enablePermissionsQuery);
}); });
afterAll(async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); expect(response.body.data).toBeDefined();
expect(response.body.data.createPerson).toBeDefined();
expect(response.body.data.createPerson.id).toBe(personId);
});
it('should create an object record when executed by api key', async () => {
const personId = randomUUID();
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
},
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: randomUUID(),
},
});
const response = expect(response.body.data).toBeDefined();
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); expect(response.body.data.createPerson).toBeDefined();
expect(response.body.data.createPerson.id).toBe(personId);
expect(response.body.data).toStrictEqual({ createPerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should create an object record when user has permission (admin role)', async () => {
const personId = randomUUID();
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.createPerson).toBeDefined();
expect(response.body.data.createPerson.id).toBe(personId);
});
it('should create an object record when executed by api key', async () => {
const personId = randomUUID();
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
},
});
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.createPerson).toBeDefined();
expect(response.body.data.createPerson.id).toBe(personId);
});
}); });
}); });

266
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-many-object-records-permissions.integration-spec.ts
View File

@ -6,202 +6,112 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('deleteManyObjectRecordsPermissions', () => { describe('deleteManyObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
it('should throw a permission error when user does not have permission (guest role)', async () => { const graphqlOperation = deleteManyOperationFactory({
const graphqlOperation = deleteManyOperationFactory({ objectMetadataSingularName: 'person',
objectMetadataSingularName: 'person', objectMetadataPluralName: 'people',
objectMetadataPluralName: 'people', gqlFields: PERSON_GQL_FIELDS,
gqlFields: PERSON_GQL_FIELDS, filter: {
filter: { id: {
id: { in: [randomUUID(), randomUUID()],
in: [randomUUID(), randomUUID()],
},
}, },
}); },
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ deletePeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should delete multiple object records when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({ expect(response.body.data).toStrictEqual({ deletePeople: null });
objectMetadataSingularName: 'person', expect(response.body.errors).toBeDefined();
objectMetadataPluralName: 'people', expect(response.body.errors[0].message).toBe(
gqlFields: PERSON_GQL_FIELDS, PermissionsExceptionMessage.PERMISSION_DENIED,
data: [ );
{ expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
});
const response = await makeGraphqlAPIRequest(deleteGraphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.deletePeople).toBeDefined();
expect(response.body.data.deletePeople).toHaveLength(2);
expect(response.body.data.deletePeople[0].id).toBe(personId1);
expect(response.body.data.deletePeople[1].id).toBe(personId2);
});
}); });
describe('permissions V2 enabled', () => { it('should delete multiple object records when user has permission (admin role)', async () => {
beforeAll(async () => { const personId1 = randomUUID();
const enablePermissionsQuery = updateFeatureFlagFactory( const personId2 = randomUUID();
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery); const createGraphqlOperation = createManyOperationFactory({
}); objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
afterAll(async () => { gqlFields: PERSON_GQL_FIELDS,
const disablePermissionsQuery = updateFeatureFlagFactory( data: [
SEED_APPLE_WORKSPACE_ID, {
'IS_PERMISSIONS_V2_ENABLED', id: personId1,
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
});
it('should throw a permission error when user does not have permission (guest role)', async () => {
const graphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [randomUUID(), randomUUID()],
},
}, },
}); {
id: personId2,
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ deletePeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should delete multiple object records when user has permission (admin role)', async () => {
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
}, },
}); ],
const response = await makeGraphqlAPIRequest(deleteGraphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.deletePeople).toBeDefined();
expect(response.body.data.deletePeople).toHaveLength(2);
expect(response.body.data.deletePeople[0].id).toBe(personId1);
expect(response.body.data.deletePeople[1].id).toBe(personId2);
}); });
it('should delete multiple object records when executed by api key', async () => { await makeGraphqlAPIRequest(createGraphqlOperation);
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({ const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person', objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people', objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS, gqlFields: PERSON_GQL_FIELDS,
data: [ filter: {
{ id: {
id: personId1, in: [personId1, personId2],
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
}, },
}); },
const response = await makeGraphqlAPIRequestWithApiKey(
deleteGraphqlOperation,
);
expect(response.body.data).toBeDefined();
expect(response.body.data.deletePeople).toBeDefined();
expect(response.body.data.deletePeople).toHaveLength(2);
expect(response.body.data.deletePeople[0].id).toBe(personId1);
expect(response.body.data.deletePeople[1].id).toBe(personId2);
}); });
const response = await makeGraphqlAPIRequest(deleteGraphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.deletePeople).toBeDefined();
expect(response.body.data.deletePeople).toHaveLength(2);
expect(response.body.data.deletePeople[0].id).toBe(personId1);
expect(response.body.data.deletePeople[1].id).toBe(personId2);
});
it('should delete multiple object records when executed by api key', async () => {
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
});
const response = await makeGraphqlAPIRequestWithApiKey(
deleteGraphqlOperation,
);
expect(response.body.data).toBeDefined();
expect(response.body.data.deletePeople).toBeDefined();
expect(response.body.data.deletePeople).toHaveLength(2);
expect(response.body.data.deletePeople[0].id).toBe(personId1);
expect(response.body.data.deletePeople[1].id).toBe(personId2);
}); });
}); });

69
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-one-object-records-permissions.integration-spec.ts
View File

@ -6,62 +6,11 @@ import { deleteOneOperationFactory } from 'test/integration/graphql/utils/delete
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('deleteOneObjectRecordsPermissions', () => { describe('deleteOneObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => {
const personId = randomUUID();
beforeAll(async () => {
const createOnePersonRecordOperation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
},
});
await makeGraphqlAPIRequest(createOnePersonRecordOperation);
});
it('should throw a permission error when user does not have permission (guest role)', async () => {
const personId = randomUUID();
const graphqlOperation = deleteOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ deletePerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should delete an object record when user has permission (admin role)', async () => {
const deleteGraphqlOperation = deleteOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
});
const response = await makeGraphqlAPIRequest(deleteGraphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.deletePerson).toBeDefined();
expect(response.body.data.deletePerson.id).toBe(personId);
});
});
describe('permissions V2 enabled', () => { describe('permissions V2 enabled', () => {
const personId = randomUUID(); const personId = randomUUID();
@ -75,24 +24,6 @@ describe('deleteOneObjectRecordsPermissions', () => {
}); });
await makeGraphqlAPIRequest(createOnePersonRecordOperation); await makeGraphqlAPIRequest(createOnePersonRecordOperation);
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
});
afterAll(async () => {
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { it('should throw a permission error when user does not have permission (guest role)', async () => {

190
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-many-object-records-permissions.integration-spec.ts
View File

@ -5,160 +5,70 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat
import { destroyManyOperationFactory } from 'test/integration/graphql/utils/destroy-many-operation-factory.util'; import { destroyManyOperationFactory } from 'test/integration/graphql/utils/destroy-many-operation-factory.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('destroyManyObjectRecordsPermissions', () => { describe('destroyManyObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
it('should throw a permission error when user does not have permission (guest role)', async () => { const graphqlOperation = destroyManyOperationFactory({
const graphqlOperation = destroyManyOperationFactory({ objectMetadataSingularName: 'person',
objectMetadataSingularName: 'person', objectMetadataPluralName: 'people',
objectMetadataPluralName: 'people', gqlFields: PERSON_GQL_FIELDS,
gqlFields: PERSON_GQL_FIELDS, filter: {
filter: { id: {
id: { in: [randomUUID(), randomUUID()],
in: [randomUUID(), randomUUID()],
},
}, },
}); },
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ destroyPeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should destroy multiple object records when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({ expect(response.body.data).toStrictEqual({ destroyPeople: null });
objectMetadataSingularName: 'person', expect(response.body.errors).toBeDefined();
objectMetadataPluralName: 'people', expect(response.body.errors[0].message).toBe(
gqlFields: PERSON_GQL_FIELDS, PermissionsExceptionMessage.PERMISSION_DENIED,
data: [ );
{ expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const graphqlOperation = destroyManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.destroyPeople).toBeDefined();
expect(response.body.data.destroyPeople).toHaveLength(2);
expect(response.body.data.destroyPeople[0].id).toBe(personId1);
expect(response.body.data.destroyPeople[1].id).toBe(personId2);
});
}); });
describe('permissions V2 enabled', () => { it('should destroy multiple object records when user has permission (admin role)', async () => {
beforeAll(async () => { const personId1 = randomUUID();
const enablePermissionsQuery = updateFeatureFlagFactory( const personId2 = randomUUID();
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery); const createGraphqlOperation = createManyOperationFactory({
}); objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
afterAll(async () => { gqlFields: PERSON_GQL_FIELDS,
const disablePermissionsQuery = updateFeatureFlagFactory( data: [
SEED_APPLE_WORKSPACE_ID, {
'IS_PERMISSIONS_V2_ENABLED', id: personId1,
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
});
it('should throw a permission error when user does not have permission (guest role)', async () => {
const graphqlOperation = destroyManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [randomUUID(), randomUUID()],
},
}, },
}); {
id: personId2,
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ destroyPeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should destroy multiple object records when user has permission (admin role)', async () => {
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const graphqlOperation = destroyManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
}, },
}); ],
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.destroyPeople).toBeDefined();
expect(response.body.data.destroyPeople).toHaveLength(2);
expect(response.body.data.destroyPeople[0].id).toBe(personId1);
expect(response.body.data.destroyPeople[1].id).toBe(personId2);
}); });
await makeGraphqlAPIRequest(createGraphqlOperation);
const graphqlOperation = destroyManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.destroyPeople).toBeDefined();
expect(response.body.data.destroyPeople).toHaveLength(2);
expect(response.body.data.destroyPeople[0].id).toBe(personId1);
expect(response.body.data.destroyPeople[1].id).toBe(personId2);
}); });
}); });

135
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-one-object-records-permissions.integration-spec.ts
View File

@ -5,125 +5,54 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create
import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util'; import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('destroyOneObjectRecordsPermissions', () => { describe('destroyOneObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { const personId = randomUUID();
const personId = randomUUID();
beforeAll(async () => { beforeAll(async () => {
const createGraphqlOperation = createOneOperationFactory({ const createGraphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'person', objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS, gqlFields: PERSON_GQL_FIELDS,
data: { data: {
id: personId, id: personId,
}, },
});
await makeGraphqlAPIRequest(createGraphqlOperation);
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { await makeGraphqlAPIRequest(createGraphqlOperation);
const graphqlOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ destroyPerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should destroy an object record when user has permission (admin role)', async () => {
const graphqlOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.destroyPerson).toBeDefined();
expect(response.body.data.destroyPerson.id).toBe(personId);
});
}); });
describe('permissions V2 enabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
const personId = randomUUID(); const personId = randomUUID();
const graphqlOperation = destroyOneOperationFactory({
beforeAll(async () => { objectMetadataSingularName: 'person',
const createGraphqlOperation = createOneOperationFactory({ gqlFields: PERSON_GQL_FIELDS,
objectMetadataSingularName: 'person', recordId: personId,
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
},
});
await makeGraphqlAPIRequest(createGraphqlOperation);
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
}); });
afterAll(async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); expect(response.body.data).toStrictEqual({ destroyPerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should destroy an object record when user has permission (admin role)', async () => {
const graphqlOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
const personId = randomUUID();
const graphqlOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
});
const response = expect(response.body.data).toBeDefined();
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); expect(response.body.data.destroyPerson).toBeDefined();
expect(response.body.data.destroyPerson.id).toBe(personId);
expect(response.body.data).toStrictEqual({ destroyPerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should destroy an object record when user has permission (admin role)', async () => {
const graphqlOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.destroyPerson).toBeDefined();
expect(response.body.data.destroyPerson.id).toBe(personId);
});
}); });
}); });

21
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/granular-object-records-permissions.integration-spec.ts
View File

@ -3,13 +3,10 @@ import { createCustomRoleWithObjectPermissions } from 'test/integration/graphql/
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util'; import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util';
import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util'; import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util'; import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
@ -20,15 +17,6 @@ describe('granularObjectRecordsPermissions', () => {
let customRoleId: string; let customRoleId: string;
beforeAll(async () => { beforeAll(async () => {
// Enable Permissions V2
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
// Get the original Member role ID for restoration later // Get the original Member role ID for restoration later
const getRolesQuery = { const getRolesQuery = {
query: ` query: `
@ -69,15 +57,6 @@ describe('granularObjectRecordsPermissions', () => {
.post('/graphql') .post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(restoreMemberRoleQuery); .send(restoreMemberRoleQuery);
// Disable Permissions V2
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
}); });
afterEach(async () => { afterEach(async () => {

298
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/permissions-on-relations.integration-spec.ts
View File

@ -6,36 +6,26 @@ import { createCustomRoleWithObjectPermissions } from 'test/integration/graphql/
import { createOneOperationFactory } from 'test/integration/graphql/utils/create-one-operation-factory.util'; import { createOneOperationFactory } from 'test/integration/graphql/utils/create-one-operation-factory.util';
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
import { findManyOperationFactory } from 'test/integration/graphql/utils/find-many-operation-factory.util'; import { findManyOperationFactory } from 'test/integration/graphql/utils/find-many-operation-factory.util';
import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util';
import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util'; import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util'; import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
describe('permissionsOnRelations', () => { describe('permissionsOnRelations', () => {
describe('permissions V2 enabled', () => { let originalMemberRoleId: string;
let originalMemberRoleId: string; let customRoleId: string;
let customRoleId: string; const personId = randomUUID();
beforeAll(async () => { beforeAll(async () => {
// Enable Permissions V2 // Get the original Member role ID for restoration later
const enablePermissionsQuery = updateFeatureFlagFactory( const getRolesQuery = {
SEED_APPLE_WORKSPACE_ID, query: `
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
// Get the original Member role ID for restoration later
const getRolesQuery = {
query: `
query GetRoles { query GetRoles {
getRoles { getRoles {
id id
@ -43,51 +33,51 @@ describe('permissionsOnRelations', () => {
} }
} }
`, `,
}; };
const rolesResponse = await client const rolesResponse = await client
.post('/graphql') .post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(getRolesQuery); .send(getRolesQuery);
originalMemberRoleId = rolesResponse.body.data.getRoles.find( originalMemberRoleId = rolesResponse.body.data.getRoles.find(
(role: any) => role.label === 'Member', (role: any) => role.label === 'Member',
).id; ).id;
// Create a person record // Create a person record
const companyId = randomUUID(); const companyId = randomUUID();
const graphqlOperationForCompanyCreation = createOneOperationFactory({ const graphqlOperationForCompanyCreation = createOneOperationFactory({
objectMetadataSingularName: 'company', objectMetadataSingularName: 'company',
gqlFields: ` gqlFields: `
name name
`, `,
data: { data: {
id: companyId, id: companyId,
name: 'Twenty', name: 'Twenty',
}, },
});
await makeGraphqlAPIRequest(graphqlOperationForCompanyCreation);
const graphqlOperationForPersonCreation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: randomUUID(),
name: {
firstName: 'Marie',
},
city: 'Paris',
companyId,
},
});
await makeGraphqlAPIRequest(graphqlOperationForPersonCreation);
}); });
afterAll(async () => { await makeGraphqlAPIRequest(graphqlOperationForCompanyCreation);
const restoreMemberRoleQuery = {
query: ` const graphqlOperationForPersonCreation = createOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
data: {
id: personId,
name: {
firstName: 'Marie',
},
city: 'Paris',
companyId,
},
});
await makeGraphqlAPIRequest(graphqlOperationForPersonCreation);
});
afterAll(async () => {
const restoreMemberRoleQuery = {
query: `
mutation UpdateWorkspaceMemberRole { mutation UpdateWorkspaceMemberRole {
updateWorkspaceMemberRole( updateWorkspaceMemberRole(
workspaceMemberId: "${WORKSPACE_MEMBER_DATA_SEED_IDS.JONY}" workspaceMemberId: "${WORKSPACE_MEMBER_DATA_SEED_IDS.JONY}"
@ -97,48 +87,39 @@ describe('permissionsOnRelations', () => {
} }
} }
`, `,
}; };
await client await client
.post('/graphql') .post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(restoreMemberRoleQuery); .send(restoreMemberRoleQuery);
});
// Disable Permissions V2 afterEach(async () => {
const disablePermissionsQuery = updateFeatureFlagFactory( await deleteRole(client, customRoleId);
SEED_APPLE_WORKSPACE_ID, });
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); it('should throw permission error when querying person with company relation without company read permission', async () => {
// Create a role with person read permission but no company read permission
const { roleId } = await createCustomRoleWithObjectPermissions({
label: 'PersonOnlyRole',
canReadPerson: true,
canReadCompany: false,
}); });
afterEach(async () => { customRoleId = roleId;
await deleteRole(client, customRoleId);
await updateWorkspaceMemberRole({
client,
roleId: customRoleId,
workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY,
}); });
it('should throw permission error when querying person with company relation without company read permission', async () => { // Create GraphQL query that includes company relation
// Create a role with person read permission but no company read permission const graphqlOperation = findManyOperationFactory({
const { roleId } = await createCustomRoleWithObjectPermissions({ objectMetadataSingularName: 'person',
label: 'PersonOnlyRole', objectMetadataPluralName: 'people',
canReadPerson: true, gqlFields: `
canReadCompany: false,
});
customRoleId = roleId;
await updateWorkspaceMemberRole({
client,
roleId: customRoleId,
workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY,
});
// Create GraphQL query that includes company relation
const graphqlOperation = findManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: `
id id
city city
jobTitle jobTitle
@ -147,38 +128,38 @@ describe('permissionsOnRelations', () => {
name name
} }
`, `,
});
const response = await makeGraphqlAPIRequestWithJony(graphqlOperation);
// The query should fail when trying to access company relation without permission
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should successfully query person with company relation when having both permissions', async () => { const response = await makeGraphqlAPIRequestWithJony(graphqlOperation);
// Create a role with both person and company read permissions
const { roleId } = await createCustomRoleWithObjectPermissions({
label: 'PersonAndCompanyRole',
canReadPerson: true,
canReadCompany: true,
});
customRoleId = roleId; // The query should fail when trying to access company relation without permission
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
await updateWorkspaceMemberRole({ it('should successfully query person with company relation when having both permissions', async () => {
client, // Create a role with both person and company read permissions
roleId: customRoleId, const { roleId } = await createCustomRoleWithObjectPermissions({
workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY, label: 'PersonAndCompanyRole',
}); canReadPerson: true,
canReadCompany: true,
});
// Create GraphQL query that includes company relation customRoleId = roleId;
const graphqlOperation = findManyOperationFactory({
objectMetadataSingularName: 'person', await updateWorkspaceMemberRole({
objectMetadataPluralName: 'people', client,
gqlFields: ` roleId: customRoleId,
workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY,
});
// Create GraphQL query that includes company relation
const graphqlOperation = findManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: `
id id
city city
jobTitle jobTitle
@ -187,42 +168,41 @@ describe('permissionsOnRelations', () => {
name name
} }
`, `,
});
const response = await makeGraphqlAPIRequestWithJony(graphqlOperation);
// The query should succeed
expect(response.body.data).toBeDefined();
expect(response.body.data.people).toBeDefined();
const person = response.body.data.people.edges[0].node;
expect(person.company).toBeDefined();
expect(response.body.error).toBeUndefined();
}); });
it('nested relations - should throw permission error when querying nested opportunity relation without opportunity read permission', async () => { const response = await makeGraphqlAPIRequestWithJony(graphqlOperation);
// Where user has person and company read permissions but not opportunity read permission
const { roleId } = await createCustomRoleWithObjectPermissions({ // The query should succeed
label: 'PersonCompanyOnlyRole', expect(response.body.data).toBeDefined();
canReadPerson: true, expect(response.body.data.people).toBeDefined();
canReadCompany: true, const person = response.body.data.people.edges[0].node;
canReadOpportunities: false,
});
customRoleId = roleId; expect(person.company).toBeDefined();
expect(response.body.error).toBeUndefined();
});
await updateWorkspaceMemberRole({ it('nested relations - should throw permission error when querying nested opportunity relation without opportunity read permission', async () => {
client, // Where user has person and company read permissions but not opportunity read permission
roleId: customRoleId,
workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY,
});
// Create a query with nested relations const { roleId } = await createCustomRoleWithObjectPermissions({
const graphqlOperation = findManyOperationFactory({ label: 'PersonCompanyOnlyRole',
objectMetadataSingularName: 'person', canReadPerson: true,
objectMetadataPluralName: 'people', canReadCompany: true,
gqlFields: ` canReadOpportunities: false,
});
customRoleId = roleId;
await updateWorkspaceMemberRole({
client,
roleId: customRoleId,
workspaceMemberId: WORKSPACE_MEMBER_DATA_SEED_IDS.JONY,
});
// Create a query with nested relations
const graphqlOperation = findOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: `
id id
city city
jobTitle jobTitle
@ -238,15 +218,19 @@ describe('permissionsOnRelations', () => {
} }
} }
`, `,
}); filter: {
id: {
const response = await makeGraphqlAPIRequestWithJony(graphqlOperation); eq: personId,
},
expect(response.body.errors).toBeDefined(); },
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
const response = await makeGraphqlAPIRequestWithJony(graphqlOperation);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
}); });

223
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-many-object-records-permissions.integration-spec.ts
View File

@ -6,192 +6,87 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { restoreManyOperationFactory } from 'test/integration/graphql/utils/restore-many-operation-factory.util'; import { restoreManyOperationFactory } from 'test/integration/graphql/utils/restore-many-operation-factory.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('restoreManyObjectRecordsPermissions', () => { describe('restoreManyObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { const personId1 = randomUUID();
const personId1 = randomUUID(); const personId2 = randomUUID();
const personId2 = randomUUID();
beforeAll(async () => { beforeAll(async () => {
// Create people // Create people
const createGraphqlOperation = createManyOperationFactory({ const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person', objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people', objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS, gqlFields: PERSON_GQL_FIELDS,
data: [ data: [
{ {
id: personId1, id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
// Delete people
const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
}, },
}); {
id: personId2,
await makeGraphqlAPIRequest(deleteGraphqlOperation); },
],
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { await makeGraphqlAPIRequest(createGraphqlOperation);
const graphqlOperation = restoreManyOperationFactory({
objectMetadataSingularName: 'person', // Delete people
objectMetadataPluralName: 'people', const deleteGraphqlOperation = deleteManyOperationFactory({
gqlFields: PERSON_GQL_FIELDS, objectMetadataSingularName: 'person',
filter: { objectMetadataPluralName: 'people',
id: { gqlFields: PERSON_GQL_FIELDS,
in: [personId1, personId2], filter: {
}, id: {
in: [personId1, personId2],
}, },
}); },
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ restorePeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should restore multiple object records when user has permission (admin role)', async () => { await makeGraphqlAPIRequest(deleteGraphqlOperation);
const graphqlOperation = restoreManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.restorePeople).toBeDefined();
expect(response.body.data.restorePeople).toHaveLength(2);
expect(response.body.data.restorePeople[0].id).toBe(personId1);
expect(response.body.data.restorePeople[1].id).toBe(personId2);
});
}); });
describe('permissions V2 enabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
const personId1 = randomUUID(); const graphqlOperation = restoreManyOperationFactory({
const personId2 = randomUUID(); objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
beforeAll(async () => { gqlFields: PERSON_GQL_FIELDS,
// Create people filter: {
const createGraphqlOperation = createManyOperationFactory({ id: {
objectMetadataSingularName: 'person', in: [personId1, personId2],
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
// Delete people
const deleteGraphqlOperation = deleteManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
}, },
}); },
await makeGraphqlAPIRequest(deleteGraphqlOperation);
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
}); });
afterAll(async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); expect(response.body.data).toStrictEqual({ restorePeople: null });
}); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should throw a permission error when user does not have permission (guest role)', async () => { it('should restore multiple object records when user has permission (admin role)', async () => {
const graphqlOperation = restoreManyOperationFactory({ const graphqlOperation = restoreManyOperationFactory({
objectMetadataSingularName: 'person', objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people', objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS, gqlFields: PERSON_GQL_FIELDS,
filter: { filter: {
id: { id: {
in: [personId1, personId2], in: [personId1, personId2],
},
}, },
}); },
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ restorePeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should restore multiple object records when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
const graphqlOperation = restoreManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); expect(response.body.data).toBeDefined();
expect(response.body.data.restorePeople).toBeDefined();
expect(response.body.data).toBeDefined(); expect(response.body.data.restorePeople).toHaveLength(2);
expect(response.body.data.restorePeople).toBeDefined(); expect(response.body.data.restorePeople[0].id).toBe(personId1);
expect(response.body.data.restorePeople).toHaveLength(2); expect(response.body.data.restorePeople[1].id).toBe(personId2);
expect(response.body.data.restorePeople[0].id).toBe(personId1);
expect(response.body.data.restorePeople[1].id).toBe(personId2);
});
}); });
}); });

315
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-many-object-records-permissions.integration-spec.ts
View File

@ -5,245 +5,144 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { updateManyOperationFactory } from 'test/integration/graphql/utils/update-many-operation-factory.util'; import { updateManyOperationFactory } from 'test/integration/graphql/utils/update-many-operation-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('updateManyObjectRecordsPermissions', () => { describe('updateManyObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
const personId1 = randomUUID(); const personId1 = randomUUID();
const personId2 = randomUUID(); const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({
beforeAll(async () => { objectMetadataSingularName: 'person',
const createGraphqlOperation = createManyOperationFactory({ objectMetadataPluralName: 'people',
objectMetadataSingularName: 'person', gqlFields: PERSON_GQL_FIELDS,
objectMetadataPluralName: 'people', data: [
gqlFields: PERSON_GQL_FIELDS, {
data: [ id: personId1,
{ },
id: personId1, {
}, id: personId2,
{ },
id: personId2, ],
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation);
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { await makeGraphqlAPIRequest(createGraphqlOperation);
const graphqlOperation = updateManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [randomUUID(), randomUUID()],
},
},
data: {
jobTitle: 'Architect',
},
});
const response = const updateGraphqlOperation = updateManyOperationFactory({
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
expect(response.body.data).toStrictEqual({ updatePeople: null }); gqlFields: PERSON_GQL_FIELDS,
expect(response.body.errors).toBeDefined(); filter: {
expect(response.body.errors[0].message).toBe( id: {
PermissionsExceptionMessage.PERMISSION_DENIED, in: [personId1, personId2],
); },
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); },
data: {
jobTitle: 'Senior Developer',
},
}); });
it('should update multiple object records when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(
const graphqlOperation = updateManyOperationFactory({ updateGraphqlOperation,
objectMetadataSingularName: 'person', );
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
data: {
jobTitle: 'Architect',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); expect(response.body.data).toStrictEqual({ updatePeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.data).toBeDefined(); expect(response.body.errors[0].message).toBe(
expect(response.body.data.updatePeople).toBeDefined(); PermissionsExceptionMessage.PERMISSION_DENIED,
expect(response.body.data.updatePeople).toHaveLength(2); );
expect(response.body.data.updatePeople[0].jobTitle).toBe('Architect'); expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
expect(response.body.data.updatePeople[1].jobTitle).toBe('Architect');
});
}); });
describe('permissions V2 enabled', () => { it('should update multiple object records when user has permission (admin role)', async () => {
beforeAll(async () => { const personId1 = randomUUID();
const enablePermissionsQuery = updateFeatureFlagFactory( const personId2 = randomUUID();
SEED_APPLE_WORKSPACE_ID, const createGraphqlOperation = createManyOperationFactory({
'IS_PERMISSIONS_V2_ENABLED', objectMetadataSingularName: 'person',
true, objectMetadataPluralName: 'people',
); gqlFields: PERSON_GQL_FIELDS,
data: [
await makeGraphqlAPIRequest(enablePermissionsQuery); {
id: personId1,
},
{
id: personId2,
},
],
}); });
afterAll(async () => { await makeGraphqlAPIRequest(createGraphqlOperation);
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); const updateGraphqlOperation = updateManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
filter: {
id: {
in: [personId1, personId2],
},
},
data: {
jobTitle: 'Tech Lead',
},
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { const response = await makeGraphqlAPIRequest(updateGraphqlOperation);
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation); expect(response.body.data).toBeDefined();
expect(response.body.data.updatePeople).toBeDefined();
expect(response.body.data.updatePeople).toHaveLength(2);
expect(response.body.data.updatePeople[0].id).toBe(personId1);
expect(response.body.data.updatePeople[1].id).toBe(personId2);
expect(response.body.data.updatePeople[0].jobTitle).toBe('Tech Lead');
expect(response.body.data.updatePeople[1].jobTitle).toBe('Tech Lead');
});
const updateGraphqlOperation = updateManyOperationFactory({ it('should update multiple object records when executed by api key', async () => {
objectMetadataSingularName: 'person', const personId1 = randomUUID();
objectMetadataPluralName: 'people', const personId2 = randomUUID();
gqlFields: PERSON_GQL_FIELDS, const createGraphqlOperation = createManyOperationFactory({
filter: { objectMetadataSingularName: 'person',
id: { objectMetadataPluralName: 'people',
in: [personId1, personId2], gqlFields: PERSON_GQL_FIELDS,
}, data: [
{
id: personId1,
}, },
data: { {
jobTitle: 'Senior Developer', id: personId2,
}, },
}); ],
const response = await makeGraphqlAPIRequestWithGuestRole(
updateGraphqlOperation,
);
expect(response.body.data).toStrictEqual({ updatePeople: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should update multiple object records when user has permission (admin role)', async () => { await makeGraphqlAPIRequest(createGraphqlOperation);
const personId1 = randomUUID();
const personId2 = randomUUID();
const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation); const updateGraphqlOperation = updateManyOperationFactory({
objectMetadataSingularName: 'person',
const updateGraphqlOperation = updateManyOperationFactory({ objectMetadataPluralName: 'people',
objectMetadataSingularName: 'person', gqlFields: PERSON_GQL_FIELDS,
objectMetadataPluralName: 'people', filter: {
gqlFields: PERSON_GQL_FIELDS, id: {
filter: { in: [personId1, personId2],
id: {
in: [personId1, personId2],
},
}, },
data: { },
jobTitle: 'Tech Lead', data: {
}, jobTitle: 'Product Manager',
}); },
const response = await makeGraphqlAPIRequest(updateGraphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.updatePeople).toBeDefined();
expect(response.body.data.updatePeople).toHaveLength(2);
expect(response.body.data.updatePeople[0].id).toBe(personId1);
expect(response.body.data.updatePeople[1].id).toBe(personId2);
expect(response.body.data.updatePeople[0].jobTitle).toBe('Tech Lead');
expect(response.body.data.updatePeople[1].jobTitle).toBe('Tech Lead');
}); });
it('should update multiple object records when executed by api key', async () => { const response = await makeGraphqlAPIRequestWithApiKey(
const personId1 = randomUUID(); updateGraphqlOperation,
const personId2 = randomUUID(); );
const createGraphqlOperation = createManyOperationFactory({
objectMetadataSingularName: 'person',
objectMetadataPluralName: 'people',
gqlFields: PERSON_GQL_FIELDS,
data: [
{
id: personId1,
},
{
id: personId2,
},
],
});
await makeGraphqlAPIRequest(createGraphqlOperation); expect(response.body.data).toBeDefined();
expect(response.body.data.updatePeople).toBeDefined();
const updateGraphqlOperation = updateManyOperationFactory({ expect(response.body.data.updatePeople).toHaveLength(2);
objectMetadataSingularName: 'person', expect(response.body.data.updatePeople[0].id).toBe(personId1);
objectMetadataPluralName: 'people', expect(response.body.data.updatePeople[1].id).toBe(personId2);
gqlFields: PERSON_GQL_FIELDS, expect(response.body.data.updatePeople[0].jobTitle).toBe('Product Manager');
filter: { expect(response.body.data.updatePeople[1].jobTitle).toBe('Product Manager');
id: {
in: [personId1, personId2],
},
},
data: {
jobTitle: 'Product Manager',
},
});
const response = await makeGraphqlAPIRequestWithApiKey(
updateGraphqlOperation,
);
expect(response.body.data).toBeDefined();
expect(response.body.data.updatePeople).toBeDefined();
expect(response.body.data.updatePeople).toHaveLength(2);
expect(response.body.data.updatePeople[0].id).toBe(personId1);
expect(response.body.data.updatePeople[1].id).toBe(personId2);
expect(response.body.data.updatePeople[0].jobTitle).toBe(
'Product Manager',
);
expect(response.body.data.updatePeople[1].jobTitle).toBe(
'Product Manager',
);
});
}); });
}); });

272
packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-one-object-records-permissions.integration-spec.ts
View File

@ -6,215 +6,135 @@ import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util'; import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('updateOneObjectRecordsPermissions', () => { describe('updateOneObjectRecordsPermissions', () => {
describe('permissions V2 disabled', () => { const personId = randomUUID();
const personId = randomUUID(); let allPetsViewId: string;
beforeAll(async () => { beforeAll(async () => {
const createPersonOperation = createOneOperationFactory({ const createPersonOperation = createOneOperationFactory({
objectMetadataSingularName: 'person', objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS, gqlFields: PERSON_GQL_FIELDS,
data: { data: {
id: personId, id: personId,
jobTitle: 'Software Engineer', jobTitle: 'Software Engineer',
}, },
});
await makeGraphqlAPIRequest(createPersonOperation);
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { await makeGraphqlAPIRequest(createPersonOperation);
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'person', const findAllPetsViewOperation = findOneOperationFactory({
gqlFields: PERSON_GQL_FIELDS, objectMetadataSingularName: 'view',
recordId: personId, gqlFields: 'id',
data: { filter: {
jobTitle: 'Senior Software Engineer', icon: {
eq: 'IconCat',
}, },
}); },
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ updatePerson: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
}); });
it('should update an object record when user has permission (admin role)', async () => { const findAllPetsViewResponse = await makeGraphqlAPIRequest(
const graphqlOperation = updateOneOperationFactory({ findAllPetsViewOperation,
objectMetadataSingularName: 'person', );
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
data: {
jobTitle: 'Senior Software Engineer',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); allPetsViewId = findAllPetsViewResponse.body.data.view.id;
expect(response.body.data).toBeDefined();
expect(response.body.data.updatePerson).toBeDefined();
expect(response.body.data.updatePerson.id).toBe(personId);
expect(response.body.data.updatePerson.jobTitle).toBe(
'Senior Software Engineer',
);
});
}); });
describe('permissions V2 enabled', () => { afterAll(async () => {
const personId = randomUUID(); const updateViewOperation = updateOneOperationFactory({
let allPetsViewId: string; objectMetadataSingularName: 'view',
gqlFields: 'id',
beforeAll(async () => { recordId: allPetsViewId,
const createPersonOperation = createOneOperationFactory({ data: {
objectMetadataSingularName: 'person', icon: 'IconCat',
gqlFields: PERSON_GQL_FIELDS, },
data: {
id: personId,
jobTitle: 'Software Engineer',
},
});
await makeGraphqlAPIRequest(createPersonOperation);
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
const findAllPetsViewOperation = findOneOperationFactory({
objectMetadataSingularName: 'view',
gqlFields: 'id',
filter: {
icon: {
eq: 'IconCat',
},
},
});
const findAllPetsViewResponse = await makeGraphqlAPIRequest(
findAllPetsViewOperation,
);
allPetsViewId = findAllPetsViewResponse.body.data.view.id;
}); });
afterAll(async () => { await makeGraphqlAPIRequest(updateViewOperation);
const disablePermissionsQuery = updateFeatureFlagFactory( });
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); it('should throw a permission error when user does not have permission (guest role)', async () => {
const graphqlOperation = updateOneOperationFactory({
const updateViewOperation = updateOneOperationFactory({ objectMetadataSingularName: 'person',
objectMetadataSingularName: 'view', gqlFields: PERSON_GQL_FIELDS,
gqlFields: 'id', recordId: personId,
recordId: allPetsViewId, data: {
data: { jobTitle: 'Senior Software Engineer',
icon: 'IconCat', },
},
});
await makeGraphqlAPIRequest(updateViewOperation);
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
data: {
jobTitle: 'Senior Software Engineer',
},
});
const response = expect(response.body.data).toStrictEqual({ updatePerson: null });
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
expect(response.body.data).toStrictEqual({ updatePerson: null }); it('should allow to update a system object record even without update permission (guest role)', async () => {
expect(response.body.errors).toBeDefined(); const graphqlOperation = updateOneOperationFactory({
expect(response.body.errors[0].message).toBe( objectMetadataSingularName: 'view',
PermissionsExceptionMessage.PERMISSION_DENIED, gqlFields: `
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
it('should allow to update a system object record even without update permission (guest role)', async () => {
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'view',
gqlFields: `
id id
icon icon
`, `,
recordId: allPetsViewId, recordId: allPetsViewId,
data: { data: {
icon: 'IconDog', icon: 'IconDog',
}, },
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.updateView).toBeDefined();
expect(response.body.data.updateView.id).toBe(allPetsViewId);
expect(response.body.data.updateView.icon).toBe('IconDog');
}); });
it('should update an object record when user has permission (admin role)', async () => { const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
data: {
jobTitle: 'Senior Software Engineer',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); expect(response.body.data).toBeDefined();
expect(response.body.data.updateView).toBeDefined();
expect(response.body.data.updateView.id).toBe(allPetsViewId);
expect(response.body.data.updateView.icon).toBe('IconDog');
});
expect(response.body.data).toBeDefined(); it('should update an object record when user has permission (admin role)', async () => {
expect(response.body.data.updatePerson).toBeDefined(); const graphqlOperation = updateOneOperationFactory({
expect(response.body.data.updatePerson.id).toBe(personId); objectMetadataSingularName: 'person',
expect(response.body.data.updatePerson.jobTitle).toBe( gqlFields: PERSON_GQL_FIELDS,
'Senior Software Engineer', recordId: personId,
); data: {
jobTitle: 'Senior Software Engineer',
},
}); });
it('should update an object record when executed by api key', async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'person',
gqlFields: PERSON_GQL_FIELDS,
recordId: personId,
data: {
jobTitle: 'Senior Software Engineer',
},
});
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation); expect(response.body.data).toBeDefined();
expect(response.body.data.updatePerson).toBeDefined();
expect(response.body.data.updatePerson.id).toBe(personId);
expect(response.body.data.updatePerson.jobTitle).toBe(
'Senior Software Engineer',
);
});
expect(response.body.data).toBeDefined(); it('should update an object record when executed by api key', async () => {
expect(response.body.data.updatePerson).toBeDefined(); const graphqlOperation = updateOneOperationFactory({
expect(response.body.data.updatePerson.id).toBe(personId); objectMetadataSingularName: 'person',
expect(response.body.data.updatePerson.jobTitle).toBe( gqlFields: PERSON_GQL_FIELDS,
'Senior Software Engineer', recordId: personId,
); data: {
jobTitle: 'Senior Software Engineer',
},
}); });
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.updatePerson).toBeDefined();
expect(response.body.data.updatePerson.id).toBe(personId);
expect(response.body.data.updatePerson.jobTitle).toBe(
'Senior Software Engineer',
);
}); });
}); });

19
packages/twenty-server/test/integration/graphql/suites/role/object-permissions.integration-spec.ts
View File

@ -3,13 +3,11 @@ import { default as request } from 'supertest';
import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util'; import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util';
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { createUpsertObjectPermissionsOperation } from 'test/integration/graphql/utils/upsert-object-permission-operation-factory.util'; import { createUpsertObjectPermissionsOperation } from 'test/integration/graphql/utils/upsert-object-permission-operation-factory.util';
import { makeMetadataAPIRequest } from 'test/integration/metadata/suites/utils/make-metadata-api-request.util'; import { makeMetadataAPIRequest } from 'test/integration/metadata/suites/utils/make-metadata-api-request.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
@ -19,13 +17,6 @@ describe('Object Permissions Validation', () => {
let companyObjectId: string; let companyObjectId: string;
beforeAll(async () => { beforeAll(async () => {
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
// Get object metadata IDs for Person and Company // Get object metadata IDs for Person and Company
const getObjectMetadataOperation = { const getObjectMetadataOperation = {
query: gql` query: gql`
@ -58,16 +49,6 @@ describe('Object Permissions Validation', () => {
expect(companyObjectId).toBeDefined(); expect(companyObjectId).toBeDefined();
}); });
afterAll(async () => {
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
});
describe('cases with role with all rights by default', () => { describe('cases with role with all rights by default', () => {
beforeEach(async () => { beforeEach(async () => {
// Create a custom role for each test // Create a custom role for each test

22
packages/twenty-server/test/integration/graphql/suites/role/role.integration-spec.ts
View File

@ -3,35 +3,13 @@ import { default as request } from 'supertest';
import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util'; import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util';
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util'; import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
describe('Role Permissions Validation', () => { describe('Role Permissions Validation', () => {
beforeAll(async () => {
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
});
afterAll(async () => {
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
});
describe('validateRoleDoesNotHaveWritingPermissionsWithoutReadingPermissionsOrThrow', () => { describe('validateRoleDoesNotHaveWritingPermissionsWithoutReadingPermissionsOrThrow', () => {
describe('createRole - Valid Cases', () => { describe('createRole - Valid Cases', () => {
it('should allow creating role with read=true and any write permissions', async () => { it('should allow creating role with read=true and any write permissions', async () => {

21
packages/twenty-server/test/integration/graphql/suites/settings-permissions/granular-settings-permissions.integration-spec.ts
View File

@ -2,8 +2,6 @@ import { print } from 'graphql';
import request from 'supertest'; import request from 'supertest';
import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util'; import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util';
import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util'; import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util'; import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util';
import { createOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata-query-factory.util'; import { createOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata-query-factory.util';
import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata-query-factory.util'; import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata-query-factory.util';
@ -11,7 +9,6 @@ import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/s
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants'; import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
@ -21,15 +18,6 @@ describe('Granular settings permissions', () => {
let originalMemberRoleId: string; let originalMemberRoleId: string;
beforeAll(async () => { beforeAll(async () => {
// Enable Permissions V2
const enablePermissionsV2Query = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsV2Query);
// Get the original Member role ID for restoration later // Get the original Member role ID for restoration later
const getRolesQuery = { const getRolesQuery = {
query: ` query: `
@ -135,15 +123,6 @@ describe('Granular settings permissions', () => {
.post('/graphql') .post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(deleteRoleQuery); .send(deleteRoleQuery);
// Disable Permissions V2
const disablePermissionsV2Query = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsV2Query);
}); });
describe('Data Model Permissions', () => { describe('Data Model Permissions', () => {

21
packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
View File

@ -1,14 +1,11 @@
import request from 'supertest'; import request from 'supertest';
import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util'; import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { createOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata.util'; import { createOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata.util';
import { deleteOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata.util'; import { deleteOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants'; import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant'; import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
@ -38,14 +35,6 @@ describe('roles permissions', () => {
let guestRoleId: string; let guestRoleId: string;
beforeAll(async () => { beforeAll(async () => {
const enablePermissionsV2Query = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsV2Query);
const query = { const query = {
query: ` query: `
query GetRoles { query GetRoles {
@ -73,16 +62,6 @@ describe('roles permissions', () => {
).id; ).id;
}); });
afterAll(async () => {
const disablePermissionsV2Query = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsV2Query);
});
describe('getRoles', () => { describe('getRoles', () => {
it('should allow admin to query getRoles', async () => { it('should allow admin to query getRoles', async () => {
const query = { const query = {

10
packages/twenty-server/test/integration/graphql/suites/settings-permissions/security.integration-spec.ts
View File

@ -1,11 +1,9 @@
import { gql } from 'graphql-tag'; import { gql } from 'graphql-tag';
import request from 'supertest'; import request from 'supertest';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
@ -35,14 +33,6 @@ describe('Security permissions', () => {
}); });
afterAll(async () => { afterAll(async () => {
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IsPermissionsEnabled',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
// Restore workspace state // Restore workspace state
const restoreQuery = gql` const restoreQuery = gql`
mutation updateWorkspace { mutation updateWorkspace {

442
packages/twenty-server/test/integration/graphql/suites/settings-permissions/workflows.integration-spec.ts
View File

@ -6,365 +6,187 @@ import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destr
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util'; import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util'; import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util'; import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
describe('workflowsPermissions', () => { describe('workflowsPermissions', () => {
describe('createOne workflow', () => { describe('createOne workflow', () => {
describe('permissions V2 disabled', () => { it('should throw a permission error when user does not have permission (guest role)', async () => {
it('should throw a permission error when user does not have permission (guest role)', async () => { const workflowId = randomUUID();
const workflowId = randomUUID(); const graphqlOperation = createOneOperationFactory({
const graphqlOperation = createOneOperationFactory({ objectMetadataSingularName: 'workflow',
objectMetadataSingularName: 'workflow', gqlFields: WORKFLOW_GQL_FIELDS,
gqlFields: WORKFLOW_GQL_FIELDS, data: {
data: { id: workflowId,
id: workflowId, name: 'Test Workflow V2',
name: 'Test Workflow', },
},
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ createWorkflow: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
}); });
it('should create a workflow when user has permission (admin role)', async () => { const response =
const workflowId = randomUUID(); await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
data: {
id: workflowId,
name: 'Test Workflow Admin',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); expect(response.body.data).toStrictEqual({ createWorkflow: null });
expect(response.body.errors).toBeDefined();
expect(response.body.data).toBeDefined(); expect(response.body.errors[0].message).toBe(
expect(response.body.data.createWorkflow).toBeDefined(); PermissionsExceptionMessage.PERMISSION_DENIED,
expect(response.body.data.createWorkflow.id).toBe(workflowId); );
expect(response.body.data.createWorkflow.name).toBe( expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
'Test Workflow Admin',
);
// Clean up - delete the created workflow
const destroyWorkflowOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: `
id
`,
recordId: response.body.data.createWorkflow.id,
});
await makeGraphqlAPIRequest(destroyWorkflowOperation);
});
}); });
describe('permissions V2 enabled', () => { it('should create a workflow when user has permission (admin role)', async () => {
beforeAll(async () => { const workflowId = randomUUID();
const enablePermissionsQuery = updateFeatureFlagFactory( const graphqlOperation = createOneOperationFactory({
SEED_APPLE_WORKSPACE_ID, objectMetadataSingularName: 'workflow',
'IS_PERMISSIONS_V2_ENABLED', gqlFields: WORKFLOW_GQL_FIELDS,
true, data: {
); id: workflowId,
name: 'Test Workflow Admin',
await makeGraphqlAPIRequest(enablePermissionsQuery); },
}); });
afterAll(async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery); expect(response.body.data).toBeDefined();
}); expect(response.body.data.createWorkflow).toBeDefined();
expect(response.body.data.createWorkflow.id).toBe(workflowId);
expect(response.body.data.createWorkflow.name).toBe(
'Test Workflow Admin',
);
it('should throw a permission error when user does not have permission (guest role)', async () => { // Clean up - delete the created workflow
const workflowId = randomUUID(); const destroyWorkflowOperation = destroyOneOperationFactory({
const graphqlOperation = createOneOperationFactory({ objectMetadataSingularName: 'workflow',
objectMetadataSingularName: 'workflow', gqlFields: `
gqlFields: WORKFLOW_GQL_FIELDS,
data: {
id: workflowId,
name: 'Test Workflow V2',
},
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ createWorkflow: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
it('should create a workflow when user has permission (admin role)', async () => {
const workflowId = randomUUID();
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
data: {
id: workflowId,
name: 'Test Workflow Admin',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.createWorkflow).toBeDefined();
expect(response.body.data.createWorkflow.id).toBe(workflowId);
expect(response.body.data.createWorkflow.name).toBe(
'Test Workflow Admin',
);
// Clean up - delete the created workflow
const destroyWorkflowOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: `
id id
`, `,
recordId: response.body.data.createWorkflow.id, recordId: response.body.data.createWorkflow.id,
});
await makeGraphqlAPIRequest(destroyWorkflowOperation);
}); });
it('should create a workflow when executed by api key', async () => { await makeGraphqlAPIRequest(destroyWorkflowOperation);
const workflowId = randomUUID(); });
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
data: {
id: workflowId,
name: 'Test Workflow API Key',
},
});
const response = it('should create a workflow when executed by api key', async () => {
await makeGraphqlAPIRequestWithApiKey(graphqlOperation); const workflowId = randomUUID();
const graphqlOperation = createOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
data: {
id: workflowId,
name: 'Test Workflow API Key',
},
});
expect(response.body.data).toBeDefined(); const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
expect(response.body.data.createWorkflow).toBeDefined();
expect(response.body.data.createWorkflow.id).toBe(workflowId);
expect(response.body.data.createWorkflow.name).toBe(
'Test Workflow API Key',
);
// Clean up - delete the created workflow expect(response.body.data).toBeDefined();
const destroyWorkflowOperation = destroyOneOperationFactory({ expect(response.body.data.createWorkflow).toBeDefined();
objectMetadataSingularName: 'workflow', expect(response.body.data.createWorkflow.id).toBe(workflowId);
gqlFields: ` expect(response.body.data.createWorkflow.name).toBe(
'Test Workflow API Key',
);
// Clean up - delete the created workflow
const destroyWorkflowOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: `
id id
`, `,
recordId: response.body.data.createWorkflow.id, recordId: response.body.data.createWorkflow.id,
});
await makeGraphqlAPIRequest(destroyWorkflowOperation);
}); });
await makeGraphqlAPIRequest(destroyWorkflowOperation);
}); });
}); });
describe('updateOne workflow', () => { describe('updateOne workflow', () => {
describe('permissions V2 disabled', () => { const workflowId = randomUUID();
const workflowId = randomUUID();
beforeAll(async () => { beforeAll(async () => {
const createWorkflowOperation = createOneOperationFactory({ const createWorkflowOperation = createOneOperationFactory({
objectMetadataSingularName: 'workflow', objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS, gqlFields: WORKFLOW_GQL_FIELDS,
data: { data: {
id: workflowId, id: workflowId,
name: 'Original Workflow Name', name: 'Original Workflow V2',
}, },
});
await makeGraphqlAPIRequest(createWorkflowOperation);
}); });
afterAll(async () => { await makeGraphqlAPIRequest(createWorkflowOperation);
const destroyWorkflowOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: `
id
`,
recordId: workflowId,
});
await makeGraphqlAPIRequest(destroyWorkflowOperation);
});
it('should throw a permission error when user does not have permission (guest role)', async () => {
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
recordId: workflowId,
data: {
name: 'Updated Workflow Name Guest',
},
});
const response =
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
expect(response.body.data).toStrictEqual({ updateWorkflow: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
it('should update a workflow when user has permission (admin role)', async () => {
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
recordId: workflowId,
data: {
name: 'Updated Workflow Name Admin',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.updateWorkflow).toBeDefined();
expect(response.body.data.updateWorkflow.id).toBe(workflowId);
expect(response.body.data.updateWorkflow.name).toBe(
'Updated Workflow Name Admin',
);
});
}); });
describe('permissions V2 enabled', () => { afterAll(async () => {
const workflowId = randomUUID(); const destroyWorkflowOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'workflow',
beforeAll(async () => { gqlFields: `
const createWorkflowOperation = createOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
data: {
id: workflowId,
name: 'Original Workflow V2',
},
});
await makeGraphqlAPIRequest(createWorkflowOperation);
const enablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
true,
);
await makeGraphqlAPIRequest(enablePermissionsQuery);
});
afterAll(async () => {
const destroyWorkflowOperation = destroyOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: `
id id
`, `,
recordId: workflowId, recordId: workflowId,
});
await makeGraphqlAPIRequest(destroyWorkflowOperation);
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_V2_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
}); });
it('should throw a permission error when user does not have permission (guest role)', async () => { await makeGraphqlAPIRequest(destroyWorkflowOperation);
const graphqlOperation = updateOneOperationFactory({ });
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
recordId: workflowId,
data: {
name: 'Updated Workflow V2 Guest',
},
});
const response = it('should throw a permission error when user does not have permission (guest role)', async () => {
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation); const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'workflow',
expect(response.body.data).toStrictEqual({ updateWorkflow: null }); gqlFields: WORKFLOW_GQL_FIELDS,
expect(response.body.errors).toBeDefined(); recordId: workflowId,
expect(response.body.errors[0].message).toBe( data: {
PermissionsExceptionMessage.PERMISSION_DENIED, name: 'Updated Workflow V2 Guest',
); },
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
}); });
it('should update a workflow when user has permission (admin role)', async () => { const response =
const graphqlOperation = updateOneOperationFactory({ await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
recordId: workflowId,
data: {
name: 'Updated Workflow V2 Admin',
},
});
const response = await makeGraphqlAPIRequest(graphqlOperation); expect(response.body.data).toStrictEqual({ updateWorkflow: null });
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
});
expect(response.body.data).toBeDefined(); it('should update a workflow when user has permission (admin role)', async () => {
expect(response.body.data.updateWorkflow).toBeDefined(); const graphqlOperation = updateOneOperationFactory({
expect(response.body.data.updateWorkflow.id).toBe(workflowId); objectMetadataSingularName: 'workflow',
expect(response.body.data.updateWorkflow.name).toBe( gqlFields: WORKFLOW_GQL_FIELDS,
'Updated Workflow V2 Admin', recordId: workflowId,
); data: {
name: 'Updated Workflow V2 Admin',
},
}); });
it('should update a workflow when executed by api key', async () => { const response = await makeGraphqlAPIRequest(graphqlOperation);
const graphqlOperation = updateOneOperationFactory({
objectMetadataSingularName: 'workflow',
gqlFields: WORKFLOW_GQL_FIELDS,
recordId: workflowId,
data: {
name: 'Updated Workflow API Key',
},
});
const response = expect(response.body.data).toBeDefined();
await makeGraphqlAPIRequestWithApiKey(graphqlOperation); expect(response.body.data.updateWorkflow).toBeDefined();
expect(response.body.data.updateWorkflow.id).toBe(workflowId);
expect(response.body.data.updateWorkflow.name).toBe(
'Updated Workflow V2 Admin',
);
});
expect(response.body.data).toBeDefined(); it('should update a workflow when executed by api key', async () => {
expect(response.body.data.updateWorkflow).toBeDefined(); const graphqlOperation = updateOneOperationFactory({
expect(response.body.data.updateWorkflow.id).toBe(workflowId); objectMetadataSingularName: 'workflow',
expect(response.body.data.updateWorkflow.name).toBe( gqlFields: WORKFLOW_GQL_FIELDS,
'Updated Workflow API Key', recordId: workflowId,
); data: {
name: 'Updated Workflow API Key',
},
}); });
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
expect(response.body.data).toBeDefined();
expect(response.body.data.updateWorkflow).toBeDefined();
expect(response.body.data.updateWorkflow.id).toBe(workflowId);
expect(response.body.data.updateWorkflow.name).toBe(
'Updated Workflow API Key',
);
}); });
}); });
}); });

10
packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace.integration-spec.ts
View File

@ -1,12 +1,10 @@
import gql from 'graphql-tag'; import gql from 'graphql-tag';
import request from 'supertest'; import request from 'supertest';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { BillingPlanKey } from 'src/engine/core-modules/billing/enums/billing-plan-key.enum'; import { BillingPlanKey } from 'src/engine/core-modules/billing/enums/billing-plan-key.enum';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
const client = request(`http://localhost:${APP_PORT}`); const client = request(`http://localhost:${APP_PORT}`);
@ -35,14 +33,6 @@ describe('workspace permissions', () => {
}); });
afterAll(async () => { afterAll(async () => {
const disablePermissionsQuery = updateFeatureFlagFactory(
SEED_APPLE_WORKSPACE_ID,
'IS_PERMISSIONS_ENABLED',
false,
);
await makeGraphqlAPIRequest(disablePermissionsQuery);
// Restore workspace state // Restore workspace state
const restoreQuery = gql` const restoreQuery = gql`
mutation updateWorkspace { mutation updateWorkspace {

3
packages/twenty-server/test/integration/graphql/utils/create-custom-role-with-object-permissions.util.ts
View File

@ -29,6 +29,9 @@ export const createCustomRoleWithObjectPermissions = async (options: {
}; };
const response = await makeGraphqlAPIRequest(createRoleOperation); const response = await makeGraphqlAPIRequest(createRoleOperation);
expect(response.body.errors).toBeUndefined();
expect(response.body.data.createOneRole).toBeDefined();
const roleId = response.body.data.createOneRole.id; const roleId = response.body.data.createOneRole.id;
// Get object metadata IDs for Person and Company // Get object metadata IDs for Person and Company