[Permissions] Implement getRoles (#9955)

In this PR - introducing roles module to separate roles logic (assign a Role, get a workspace's roles etc.) from permission logic (check if a user has a permission) - Introduces getRoles endpoint to fetch a workspace's roles - introduces the first permission check: getRoles in only accessible to users with permission on ROLE setting. Implemented validatesUserHasWorkspaceSettingPermissionOrThrow
2025-02-03 19:14:18 +01:00
parent caee5b1f89
commit 351e768038
18 changed files with 413 additions and 50 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.service.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.service.ts
@ -0,0 +1,36 @@
+import { InjectRepository } from '@nestjs/typeorm';
+
+import { Repository } from 'typeorm';
+
+import { ADMIN_ROLE_LABEL } from 'src/engine/metadata-modules/permissions/constants/admin-role-label.constants';
+import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
+
+export class RoleService {
+  constructor(
+    @InjectRepository(RoleEntity, 'metadata')
+    private readonly roleRepository: Repository<RoleEntity>,
+  ) {}
+
+  public async getWorkspaceRoles(workspaceId: string): Promise<RoleEntity[]> {
+    return this.roleRepository.find({
+      where: {
+        workspaceId,
+      },
+      relations: ['userWorkspaceRoles'],
+    });
+  }
+
+  public async createAdminRole({
+    workspaceId,
+  }: {
+    workspaceId: string;
+  }): Promise<RoleEntity> {
+    return this.roleRepository.save({
+      label: ADMIN_ROLE_LABEL,
+      description: 'Admin role',
+      canUpdateAllSettings: true,
+      isEditable: false,
+      workspaceId,
+    });
+  }
+}