admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Enable permissions V1 for all workspaces (#11172)

Browse Source 
Closes https://github.com/twentyhq/core-team-issues/issues/526

(for reminder: 
1. Make defaultRoleId non-nullable for an active workspace
2. Remove permissions V1 feature flag
3. Set member role as default role for new workspaces

About 1.:
An active workspace's defaultRoleId should never be null.
We can't rely on a simple postgres NOT NULL constraint as defaultRoleId
will always be initially null when the workspace is first created since
the roles do not exist at that time.

Let's add a more complex rule to ensure that

About 3.:
In the first phase of our deploy of permissions, we chose to assign
admin role to all existing users, not to break any existing behavior
with the introduction of the feature (= existing users have less rights
than before).

As we deploy permissions to all existing and future workspaces, let's
set the member role as default role for future workspaces.
)
This commit is contained in:
Marie
2025-03-26 13:51:34 +01:00
committed by GitHub
parent 0f7adedc96
commit 72b4b26e2c
35 changed files with 103 additions and 562 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/twenty-server/src/engine/guards/settings-permissions.guard.ts
View File

@ -9,8 +9,6 @@ import { GqlExecutionContext } from '@nestjs/graphql';
import { isDefined } from 'twenty-shared/utils';
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
import {
PermissionsException,
@ -24,24 +22,11 @@ export const SettingsPermissionsGuard = (
): Type<CanActivate> => {
@Injectable()
class SettingsPermissionsMixin implements CanActivate {
constructor(
private readonly featureFlagService: FeatureFlagService,
private readonly permissionsService: PermissionsService,
) {}
constructor(private readonly permissionsService: PermissionsService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const ctx = GqlExecutionContext.create(context);
const workspaceId = ctx.getContext().req.workspace.id;
const permissionsEnabled = await this.featureFlagService.isFeatureEnabled(
FeatureFlagKey.IsPermissionsEnabled,
workspaceId,
);
if (!permissionsEnabled) {
return true;
}
const userWorkspaceId = ctx.getContext().req.userWorkspaceId;
const hasPermission =