Introduce userWorkspaceRoles and Roles + seed standard admin role at workspace creation (#9929)

Closes https://github.com/twentyhq/core-team-issues/issues/303
2025-01-30 16:05:33 +01:00
parent e895aa27e6
commit 3a78e6f889
10 changed files with 279 additions and 2 deletions
--- a/packages/twenty-server/src/engine/workspace-manager/workspace-manager.service.ts
+++ b/packages/twenty-server/src/engine/workspace-manager/workspace-manager.service.ts
@ -1,9 +1,18 @@
 import { Injectable } from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';

-import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
+import isEmpty from 'lodash.isempty';
+import { Repository } from 'typeorm';
+
+import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
 import { DataSourceEntity } from 'src/engine/metadata-modules/data-source/data-source.entity';
 import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
 import { ObjectMetadataService } from 'src/engine/metadata-modules/object-metadata/object-metadata.service';
+import {
+  PermissionsException,
+  PermissionsExceptionCode,
+} from 'src/engine/metadata-modules/permissions/permissions.exception';
+import { PermissionsService } from 'src/engine/metadata-modules/permissions/permissions.service';
 import { WorkspaceMigrationService } from 'src/engine/metadata-modules/workspace-migration/workspace-migration.service';
 import { PETS_DATA_SEEDS } from 'src/engine/seeder/data-seeds/pets-data-seeds';
 import { SURVEY_RESULTS_DATA_SEEDS } from 'src/engine/seeder/data-seeds/survey-results-data-seeds';
@ -24,7 +33,9 @@ export class WorkspaceManagerService {
    private readonly seederService: SeederService,
    private readonly dataSourceService: DataSourceService,
    private readonly workspaceSyncMetadataService: WorkspaceSyncMetadataService,
-    private readonly featureFlagService: FeatureFlagService,
+    private readonly permissionsService: PermissionsService,
+    @InjectRepository(UserWorkspace, 'core')
+    private readonly userWorkspaceRepository: Repository<UserWorkspace>,
  ) {}

  /**
@ -49,6 +60,13 @@ export class WorkspaceManagerService {
      dataSourceId: dataSourceMetadata.id,
    });

+    const permissionsEnabled =
+      await this.permissionsService.isPermissionsEnabled();
+
+    if (permissionsEnabled === true) {
+      await this.initPermissions(workspaceId);
+    }
+
    await this.prefillWorkspaceWithStandardObjects(
      dataSourceMetadata,
      workspaceId,
@ -168,4 +186,36 @@ export class WorkspaceManagerService {
    // Delete schema
    await this.workspaceDataSourceService.deleteWorkspaceDBSchema(workspaceId);
  }
+
+  private async initPermissions(workspaceId: string) {
+    const adminRole = await this.permissionsService.createAdminRole({
+      workspaceId,
+    });
+
+    const userWorkspace = await this.userWorkspaceRepository.find({
+      where: {
+        workspaceId,
+      },
+    });
+
+    if (isEmpty(userWorkspace)) {
+      throw new PermissionsException(
+        'User workspace not found',
+        PermissionsExceptionCode.USER_WORKSPACE_NOT_FOUND,
+      );
+    }
+
+    if (userWorkspace.length > 1) {
+      throw new PermissionsException(
+        'Multiple user workspaces found, cannot tell which one should be admin',
+        PermissionsExceptionCode.TOO_MANY_ADMIN_CANDIDATES,
+      );
+    }
+
+    await this.permissionsService.assignRoleToUserWorkspace({
+      workspaceId,
+      userWorkspaceId: userWorkspace[0].id,
+      roleId: adminRole.id,
+    });
+  }
 }