admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Enable permissions V1 for all workspaces (#11172)

Browse Source 
Closes https://github.com/twentyhq/core-team-issues/issues/526

(for reminder: 
1. Make defaultRoleId non-nullable for an active workspace
2. Remove permissions V1 feature flag
3. Set member role as default role for new workspaces

About 1.:
An active workspace's defaultRoleId should never be null.
We can't rely on a simple postgres NOT NULL constraint as defaultRoleId
will always be initially null when the workspace is first created since
the roles do not exist at that time.

Let's add a more complex rule to ensure that

About 3.:
In the first phase of our deploy of permissions, we chose to assign
admin role to all existing users, not to break any existing behavior
with the introduction of the feature (= existing users have less rights
than before).

As we deploy permissions to all existing and future workspaces, let's
set the member role as default role for future workspaces.
)
This commit is contained in:
Marie
2025-03-26 13:51:34 +01:00
committed by GitHub
parent 0f7adedc96
commit 72b4b26e2c
35 changed files with 103 additions and 562 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/twenty-server/src/engine/workspace-manager/workspace-manager.service.ts
View File

@ -1,6 +1,7 @@
import { Injectable, Logger } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { WorkspaceActivationStatus } from 'twenty-shared/workspace';
import { Repository } from 'typeorm';
import { DEV_SEED_USER_WORKSPACE_IDS } from 'src/database/typeorm-seeds/core/user-workspaces';
@ -8,7 +9,6 @@ import {
SEED_ACME_WORKSPACE_ID,
SEED_APPLE_WORKSPACE_ID,
} from 'src/database/typeorm-seeds/core/workspaces';
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
@ -315,21 +315,16 @@ export class WorkspaceManagerService {
roleId: adminRole.id,
});
await this.roleService.createMemberRole({
const memberRole = await this.roleService.createMemberRole({
workspaceId,
});
// Temporary - after permissions are rolled-out we will set member role as the default role
await this.workspaceRepository.update(workspaceId, {
defaultRoleId: adminRole.id,
defaultRoleId: memberRole.id,
});
}
private async initPermissionsDev(workspaceId: string) {
await this.featureFlagService.enableFeatureFlags(
[FeatureFlagKey.IsPermissionsEnabled],
workspaceId,
);
const adminRole = await this.roleService.createAdminRole({
workspaceId,
});
@ -369,6 +364,7 @@ export class WorkspaceManagerService {
await this.workspaceRepository.update(workspaceId, {
defaultRoleId: memberRole.id,
activationStatus: WorkspaceActivationStatus.ACTIVE,
});
if (memberUserWorkspaceId) {