Permission checks on twentyORM global manager (#11477)

In this PR we are handling permissions when using twentyORMGlobalManager, and handling permissions for rest api and api key
2025-04-23 17:57:48 +02:00
parent 28a1354928
commit 4257f30f12
54 changed files with 547 additions and 116 deletions
--- a/packages/twenty-server/test/integration/graphql/utils/make-graphql-api-request-with-api-key.util.ts
+++ b/packages/twenty-server/test/integration/graphql/utils/make-graphql-api-request-with-api-key.util.ts
@ -0,0 +1,21 @@
+import { ASTNode, print } from 'graphql';
+import request from 'supertest';
+
+type GraphqlOperation = {
+  query: ASTNode;
+  variables?: Record<string, unknown>;
+};
+
+export const makeGraphqlAPIRequestWithApiKey = (
+  graphqlOperation: GraphqlOperation,
+) => {
+  const client = request(`http://localhost:${APP_PORT}`);
+
+  return client
+    .post('/graphql')
+    .set('Authorization', `Bearer ${API_KEY_ACCESS_TOKEN}`)
+    .send({
+      query: print(graphqlOperation.query),
+      variables: graphqlOperation.variables || {},
+    });
+};