Permission checks on twentyORM global manager (#11477)

In this PR we are handling permissions when using
twentyORMGlobalManager,
and handling permissions for rest api and api key

packages/twenty-server/src/engine/twenty-orm/repository/permissions.util.ts

@@ -6,6 +6,7 @@ import {
   PermissionsExceptionCode,
   PermissionsExceptionMessage,
 } from 'src/engine/metadata-modules/permissions/permissions.exception';
+import { ObjectMetadataMaps } from 'src/engine/metadata-modules/types/object-metadata-maps';
 
 const getTargetEntityAndOperationType = (expressionMap: QueryExpressionMap) => {
   const mainEntity = expressionMap.aliases[0].metadata.name;
@@ -20,10 +21,26 @@ const getTargetEntityAndOperationType = (expressionMap: QueryExpressionMap) => {
 export const validateQueryIsPermittedOrThrow = (
   expressionMap: QueryExpressionMap,
   objectRecordsPermissions: ObjectRecordsPermissions,
+  objectMetadataMaps: ObjectMetadataMaps,
+  shouldBypassPermissionChecks: boolean,
 ) => {
+  if (shouldBypassPermissionChecks) {
+    return;
+  }
+
   const { mainEntity, operationType } =
     getTargetEntityAndOperationType(expressionMap);
 
+  const objectMetadataIdForEntity =
+    objectMetadataMaps.idByNameSingular[mainEntity];
+
+  const objectMetadataIsSystem =
+    objectMetadataMaps.byId[objectMetadataIdForEntity]?.isSystem === true;
+
+  if (objectMetadataIsSystem) {
+    return;
+  }
+
   const permissionsForEntity = objectRecordsPermissions[mainEntity];
 
   switch (operationType) {