[permissions - seeds] Give tim@apple.dev restricted rights (#12768)

Let's introduce an object-limited role for Tim, to test and/or spot incompatibilities with restricted permissions in the future. Our main user tim@apple.dev is now assigned a role that has all settings permissions, and all object permissions except for update on Pets (to test read-only view) and read on Rockets. Since we still need an admin user for each workspace we are introducing a new member, Jane, who has the admin role --------- Co-authored-by: Félix Malfait <felix@twenty.com>
2025-06-23 15:46:53 +02:00
parent 8f0c9facf2
commit 2cb2f528df
12 changed files with 246 additions and 108 deletions
--- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
+++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
@ -88,7 +88,7 @@ describe('roles permissions', () => {

      expect(resp.status).toBe(200);
      expect(resp.body.errors).toBeUndefined();
-      expect(resp.body.data.getRoles).toHaveLength(3);
+      expect(resp.body.data.getRoles).toHaveLength(4);
      expect(resp.body.data.getRoles).toEqual(
        expect.arrayContaining([
          {
@ -107,10 +107,10 @@ describe('roles permissions', () => {
            label: 'Admin',
            workspaceMembers: [
              {
-                id: '20202020-0687-4c41-b707-ed1bfca972a7',
+                id: '20202020-463f-435b-828c-107e007a2711',
                name: {
-                  firstName: 'Tim',
-                  lastName: 'Apple',
+                  firstName: 'Jane',
+                  lastName: 'Austen',
                },
              },
            ],
@ -127,6 +127,18 @@ describe('roles permissions', () => {
              },
            ],
          },
+          {
+            label: 'Object-restricted',
+            workspaceMembers: [
+              {
+                id: '20202020-0687-4c41-b707-ed1bfca972a7',
+                name: {
+                  firstName: 'Tim',
+                  lastName: 'Apple',
+                },
+              },
+            ],
+          },
        ]),
      );
    });
@ -171,7 +183,7 @@ describe('roles permissions', () => {
      const query = {
        query: `
            mutation UpdateWorkspaceMemberRole {
-                updateWorkspaceMemberRole(workspaceMemberId: "${WORKSPACE_MEMBER_DATA_SEED_IDS.TIM}", roleId: "test-role-id") {
+                updateWorkspaceMemberRole(workspaceMemberId: "${WORKSPACE_MEMBER_DATA_SEED_IDS.JANE}", roleId: "test-role-id") {
                    id
                }
            }