[permissions] Enable permissions V1 for all workspaces (#11172)

Closes https://github.com/twentyhq/core-team-issues/issues/526 (for reminder: 1. Make defaultRoleId non-nullable for an active workspace 2. Remove permissions V1 feature flag 3. Set member role as default role for new workspaces About 1.: An active workspace's defaultRoleId should never be null. We can't rely on a simple postgres NOT NULL constraint as defaultRoleId will always be initially null when the workspace is first created since the roles do not exist at that time. Let's add a more complex rule to ensure that About 3.: In the first phase of our deploy of permissions, we chose to assign admin role to all existing users, not to break any existing behavior with the introduction of the feature (= existing users have less rights than before). As we deploy permissions to all existing and future workspaces, let's set the member role as default role for future workspaces. )
2025-03-26 13:51:34 +01:00
parent 0f7adedc96
commit 72b4b26e2c
35 changed files with 103 additions and 562 deletions
--- a/packages/twenty-server/src/engine/api/graphql/graphql-query-runner/interfaces/base-resolver-service.ts
+++ b/packages/twenty-server/src/engine/api/graphql/graphql-query-runner/interfaces/base-resolver-service.ts
@ -87,17 +87,9 @@ export abstract class GraphqlQueryBaseResolverService<
          authContext.workspace.id,
        );

-      if (
-        featureFlagsMap[FeatureFlagKey.IsPermissionsEnabled] &&
-        objectMetadataItemWithFieldMaps.isSystem === true
-      ) {
+      if (objectMetadataItemWithFieldMaps.isSystem === true) {
        await this.validateSystemObjectPermissionsOrThrow(options);
-      }
-
-      if (
-        featureFlagsMap[FeatureFlagKey.IsPermissionsEnabled] &&
-        !objectMetadataItemWithFieldMaps.isSystem
-      ) {
+      } else {
        await this.validateObjectRecordPermissionsOrThrow({
          operationName,
          options,