[permissions] Enable permissions V1 for all workspaces (#11172)

Closes https://github.com/twentyhq/core-team-issues/issues/526

(for reminder: 
1. Make defaultRoleId non-nullable for an active workspace
2. Remove permissions V1 feature flag
3. Set member role as default role for new workspaces

About 1.:
An active workspace's defaultRoleId should never be null.
We can't rely on a simple postgres NOT NULL constraint as defaultRoleId
will always be initially null when the workspace is first created since
the roles do not exist at that time.

Let's add a more complex rule to ensure that

About 3.:
In the first phase of our deploy of permissions, we chose to assign
admin role to all existing users, not to break any existing behavior
with the introduction of the feature (= existing users have less rights
than before).

As we deploy permissions to all existing and future workspaces, let's
set the member role as default role for future workspaces.
)

packages/twenty-front/src/modules/app/components/SettingsRoutes.tsx

@@ -4,7 +4,6 @@ import { Route, Routes } from 'react-router-dom';
 import { SettingsProtectedRouteWrapper } from '@/settings/components/SettingsProtectedRouteWrapper';
 import { SettingsSkeletonLoader } from '@/settings/components/SettingsSkeletonLoader';
 import { SettingsPath } from '@/types/SettingsPath';
-import { FeatureFlagKey } from '~/generated-metadata/graphql';
 import { SettingPermissionType } from '~/generated/graphql';
 
 const SettingsApiKeys = lazy(() =>
@@ -388,7 +387,6 @@ export const SettingsRoutes = ({
         element={
           <SettingsProtectedRouteWrapper
             settingsPermission={SettingPermissionType.ROLES}
-            requiredFeatureFlag={FeatureFlagKey.IsPermissionsEnabled}
           />
         }
       >

packages/twenty-front/src/modules/settings/components/SettingsProtectedRouteWrapper.tsx

@@ -17,18 +17,12 @@ export const SettingsProtectedRouteWrapper = ({
   settingsPermission,
   requiredFeatureFlag,
 }: SettingsProtectedRouteWrapperProps) => {
-  const isPermissionsEnabled = useIsFeatureEnabled(
-    FeatureFlagKey.IsPermissionsEnabled,
-  );
   const hasPermission = useHasSettingsPermission(settingsPermission);
   const requiredFeatureFlagEnabled = useIsFeatureEnabled(
     requiredFeatureFlag || null,
   );
 
-  if (
+  if ((requiredFeatureFlag && !requiredFeatureFlagEnabled) || !hasPermission) {
-    (requiredFeatureFlag && !requiredFeatureFlagEnabled) ||
-    (!hasPermission && isPermissionsEnabled)
-  ) {
     return <Navigate to={getSettingsPath(SettingsPath.ProfilePage)} replace />;
   }
 

packages/twenty-front/src/modules/settings/hooks/__tests__/useSettingsNavigationItems.test.tsx

@@ -6,7 +6,6 @@ import { MemoryRouter } from 'react-router-dom';
 import { MutableSnapshot, RecoilRoot } from 'recoil';
 import {
   Billing,
-  FeatureFlagKey,
   OnboardingStatus,
   SettingPermissionType,
 } from '~/generated/graphql';
@@ -52,12 +51,6 @@ jest.mock('@/settings/roles/hooks/useSettingsPermissionMap', () => ({
   useSettingsPermissionMap: jest.fn(),
 }));
 
-jest.mock('@/workspace/hooks/useFeatureFlagsMap', () => ({
-  useFeatureFlagsMap: () => ({
-    [FeatureFlagKey.IsPermissionsEnabled]: true,
-  }),
-}));
-
 describe('useSettingsNavigationItems', () => {
   it('should hide workspace settings when no permissions', () => {
     (useSettingsPermissionMap as jest.Mock).mockImplementation(() => ({

packages/twenty-front/src/modules/settings/hooks/useSettingsNavigationItems.tsx

@@ -21,14 +21,12 @@ import {
 } from 'twenty-ui';
 
 import { SettingsPath } from '@/types/SettingsPath';
-import { FeatureFlagKey } from '~/generated-metadata/graphql';
 
 import { currentUserState } from '@/auth/states/currentUserState';
 import { billingState } from '@/client-config/states/billingState';
 import { labPublicFeatureFlagsState } from '@/client-config/states/labPublicFeatureFlagsState';
 import { useSettingsPermissionMap } from '@/settings/roles/hooks/useSettingsPermissionMap';
 import { NavigationDrawerItemIndentationLevel } from '@/ui/navigation/navigation-drawer/components/NavigationDrawerItem';
-import { useFeatureFlagsMap } from '@/workspace/hooks/useFeatureFlagsMap';
 import { t } from '@lingui/core/macro';
 import { useRecoilValue } from 'recoil';
 import { SettingPermissionType } from '~/generated/graphql';
@@ -63,7 +61,6 @@ const useSettingsNavigationItems = (): SettingsNavigationSection[] => {
     false;
   const labPublicFeatureFlags = useRecoilValue(labPublicFeatureFlagsState);
 
-  const featureFlags = useFeatureFlagsMap();
   const permissionMap = useSettingsPermissionMap();
   return [
     {
@@ -120,9 +117,7 @@ const useSettingsNavigationItems = (): SettingsNavigationSection[] => {
           label: t`Roles`,
           path: SettingsPath.Roles,
           Icon: IconLock,
-          isHidden:
+          isHidden: !permissionMap[SettingPermissionType.ROLES],
-            !featureFlags[FeatureFlagKey.IsPermissionsEnabled] ||
-            !permissionMap[SettingPermissionType.ROLES],
         },
         {
           label: t`Billing`,

packages/twenty-front/src/modules/settings/roles/hooks/useHasObjectReadOnlyPermission.ts

@@ -1,19 +1,10 @@
 import { currentUserWorkspaceState } from '@/auth/states/currentUserWorkspaceState';
-import { useIsFeatureEnabled } from '@/workspace/hooks/useIsFeatureEnabled';
 import { useRecoilValue } from 'recoil';
-import { FeatureFlagKey } from '~/generated-metadata/graphql';
-import { isDefined } from 'twenty-shared/utils';
 import { PermissionsOnAllObjectRecords } from 'twenty-shared/constants';
+import { isDefined } from 'twenty-shared/utils';
 
 export const useHasObjectReadOnlyPermission = () => {
   const currentUserWorkspace = useRecoilValue(currentUserWorkspaceState);
-  const isPermissionEnabled = useIsFeatureEnabled(
-    FeatureFlagKey.IsPermissionsEnabled,
-  );
-
-  if (!isPermissionEnabled) {
-    return false;
-  }
 
   if (!isDefined(currentUserWorkspace?.objectRecordsPermissions)) {
     return false;

packages/twenty-front/src/modules/settings/roles/hooks/useSettingsPermissionMap.ts

@@ -1,7 +1,5 @@
 import { currentUserWorkspaceState } from '@/auth/states/currentUserWorkspaceState';
-import { useIsFeatureEnabled } from '@/workspace/hooks/useIsFeatureEnabled';
 import { useRecoilValue } from 'recoil';
-import { FeatureFlagKey } from '~/generated-metadata/graphql';
 import { SettingPermissionType } from '~/generated/graphql';
 import { buildRecordFromKeysWithSameValue } from '~/utils/array/buildRecordFromKeysWithSameValue';
 
@@ -11,16 +9,12 @@ export const useSettingsPermissionMap = (): Record<
 > => {
   const currentUserWorkspace = useRecoilValue(currentUserWorkspaceState);
 
-  const isPermissionEnabled = useIsFeatureEnabled(
-    FeatureFlagKey.IsPermissionsEnabled,
-  );
-
   const currentUserWorkspaceSettingsPermissions =
     currentUserWorkspace?.settingsPermissions;
 
   const initialPermissions = buildRecordFromKeysWithSameValue(
     Object.values(SettingPermissionType),
-    !isPermissionEnabled,
+    false,
   );
 
   if (!currentUserWorkspaceSettingsPermissions) {

packages/twenty-server/src/database/typeorm-seeds/core/workspaces.ts

@@ -1,5 +1,5 @@
-import { DataSource } from 'typeorm';
 import { WorkspaceActivationStatus } from 'twenty-shared/workspace';
+import { DataSource } from 'typeorm';
 
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { extractVersionMajorMinorPatch } from 'src/utils/version/extract-version-major-minor-patch';
@@ -46,7 +46,7 @@ export const seedWorkspaces = async ({
       subdomain: 'apple',
       inviteHash: 'apple.dev-invite-hash',
       logo: 'https://twentyhq.github.io/placeholder-images/workspaces/apple-logo.png',
-      activationStatus: WorkspaceActivationStatus.ACTIVE,
+      activationStatus: WorkspaceActivationStatus.PENDING_CREATION, // will be set to active after default role creation
       version: version,
     },
     [SEED_ACME_WORKSPACE_ID]: {
@@ -55,7 +55,7 @@ export const seedWorkspaces = async ({
       subdomain: 'acme',
       inviteHash: 'acme.dev-invite-hash',
       logo: 'https://logos-world.net/wp-content/uploads/2022/05/Acme-Logo-700x394.png',
-      activationStatus: WorkspaceActivationStatus.ACTIVE,
+      activationStatus: WorkspaceActivationStatus.PENDING_CREATION, // will be set to active after default role creation
       version: version,
     },
   };

packages/twenty-server/src/engine/api/graphql/graphql-query-runner/interfaces/base-resolver-service.ts

@@ -87,17 +87,9 @@ export abstract class GraphqlQueryBaseResolverService<
           authContext.workspace.id,
         );
 
-      if (
+      if (objectMetadataItemWithFieldMaps.isSystem === true) {
-        featureFlagsMap[FeatureFlagKey.IsPermissionsEnabled] &&
-        objectMetadataItemWithFieldMaps.isSystem === true
-      ) {
         await this.validateSystemObjectPermissionsOrThrow(options);
-      }
+      } else {
-
-      if (
-        featureFlagsMap[FeatureFlagKey.IsPermissionsEnabled] &&
-        !objectMetadataItemWithFieldMaps.isSystem
-      ) {
         await this.validateObjectRecordPermissionsOrThrow({
           operationName,
           options,

packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts

@@ -17,7 +17,6 @@ import { BillingSubscriptionService } from 'src/engine/core-modules/billing/serv
 import { BillingService } from 'src/engine/core-modules/billing/services/billing.service';
 import { BillingPortalCheckoutSessionParameters } from 'src/engine/core-modules/billing/types/billing-portal-checkout-session-parameters.type';
 import { formatBillingDatabaseProductToGraphqlDTO } from 'src/engine/core-modules/billing/utils/format-database-product-to-graphql-dto.util';
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
 import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
@@ -140,15 +139,6 @@ export class BillingResolver {
     userWorkspaceId: string;
     isExecutedByApiKey: boolean;
   }) {
-    const isPermissionsEnabled = await this.featureFlagService.isFeatureEnabled(
-      FeatureFlagKey.IsPermissionsEnabled,
-      workspaceId,
-    );
-
-    if (!isPermissionsEnabled) {
-      return;
-    }
-
     if (
       await this.billingService.isSubscriptionIncompleteOnboardingStatus(
         workspaceId,

packages/twenty-server/src/engine/core-modules/feature-flag/constants/public-feature-flag.const.ts

@@ -9,9 +9,7 @@ type FeatureFlagMetadata = {
 export type PublicFeatureFlag = {
   key: Extract<
     FeatureFlagKey,
-    | FeatureFlagKey.IsWorkflowEnabled
+    FeatureFlagKey.IsWorkflowEnabled | FeatureFlagKey.IsCustomDomainEnabled
-    | FeatureFlagKey.IsPermissionsEnabled
-    | FeatureFlagKey.IsCustomDomainEnabled
   >;
   metadata: FeatureFlagMetadata;
 };
@@ -25,15 +23,6 @@ export const PUBLIC_FEATURE_FLAGS: PublicFeatureFlag[] = [
       imagePath: 'https://twenty.com/images/lab/is-workflow-enabled.png',
     },
   },
-  {
-    key: FeatureFlagKey.IsPermissionsEnabled,
-    metadata: {
-      label: 'Permissions V1',
-      description:
-        'Role-based access control system for workspace security management (Admin/Member)',
-      imagePath: 'https://twenty.com/images/lab/is-permissions-enabled.png',
-    },
-  },
   ...(process.env.CLOUDFLARE_API_KEY
     ? [
         {

packages/twenty-server/src/engine/core-modules/feature-flag/enums/feature-flag-key.enum.ts

@@ -12,7 +12,6 @@ export enum FeatureFlagKey {
   IsCustomDomainEnabled = 'IS_CUSTOM_DOMAIN_ENABLED',
   IsApprovedAccessDomainsEnabled = 'IS_APPROVED_ACCESS_DOMAINS_ENABLED',
   IsNewRelationEnabled = 'IS_NEW_RELATION_ENABLED',
-  IsPermissionsEnabled = 'IS_PERMISSIONS_ENABLED',
   IsWorkflowFormActionEnabled = 'IS_WORKFLOW_FORM_ACTION_ENABLED',
   IsPermissionsV2Enabled = 'IS_PERMISSIONS_V2_ENABLED',
 }

packages/twenty-server/src/engine/core-modules/user/services/user.service.ts

@@ -3,8 +3,8 @@ import { InjectRepository } from '@nestjs/typeorm';
 import assert from 'assert';
 
 import { TypeOrmQueryService } from '@ptc-org/nestjs-query-typeorm';
-import { Repository } from 'typeorm';
 import { isWorkspaceActiveOrSuspended } from 'twenty-shared/workspace';
+import { Repository } from 'typeorm';
 
 import { TypeORMService } from 'src/database/typeorm/typeorm.service';
 import { DatabaseEventAction } from 'src/engine/api/graphql/graphql-query-runner/enums/database-event-action';
@@ -12,7 +12,6 @@ import {
   AuthException,
   AuthExceptionCode,
 } from 'src/engine/core-modules/auth/auth.exception';
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
 import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
@@ -97,16 +96,11 @@ export class UserService extends TypeOrmQueryService<User> {
     const workspaceDataSource =
       await this.typeORMService.connectToDataSource(dataSourceMetadata);
 
-    const isPermissionsEnabled = await this.featureFlagService.isFeatureEnabled(
-      FeatureFlagKey.IsPermissionsEnabled,
-      workspaceId,
-    );
-
     const workspaceMembers = await workspaceDataSource?.query(
       `SELECT * FROM ${dataSourceMetadata.schema}."workspaceMember"`,
     );
 
-    if (isPermissionsEnabled && workspaceMembers.length > 1) {
+    if (workspaceMembers.length > 1) {
       const userWorkspace =
         await this.userWorkspaceService.getUserWorkspaceForUserOrThrow({
           userId,

packages/twenty-server/src/engine/core-modules/user/user.resolver.ts

@@ -27,8 +27,6 @@ import {
 } from 'src/engine/core-modules/auth/auth.exception';
 import { DomainManagerService } from 'src/engine/core-modules/domain-manager/services/domain-manager.service';
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
-import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
 import { FileService } from 'src/engine/core-modules/file/services/file.service';
 import { OnboardingStatus } from 'src/engine/core-modules/onboarding/enums/onboarding-status.enum';
@@ -83,7 +81,6 @@ export class UserResolver {
     private readonly userWorkspaceRepository: Repository<UserWorkspace>,
     private readonly userRoleService: UserRoleService,
     private readonly permissionsService: PermissionsService,
-    private readonly featureFlagService: FeatureFlagService,
   ) {}
 
   @Query(() => User)
@@ -103,38 +100,31 @@ export class UserResolver {
       new AuthException('User not found', AuthExceptionCode.USER_NOT_FOUND),
     );
 
-    const permissionsEnabled = await this.featureFlagService.isFeatureEnabled(
+    const currentUserWorkspace = user.workspaces.find(
-      FeatureFlagKey.IsPermissionsEnabled,
+      (userWorkspace) => userWorkspace.workspace.id === workspace.id,
-      workspace.id,
     );
 
-    if (permissionsEnabled === true) {
+    if (!currentUserWorkspace) {
-      const currentUserWorkspace = user.workspaces.find(
+      throw new Error('Current user workspace not found');
-        (userWorkspace) => userWorkspace.workspace.id === workspace.id,
-      );
-
-      if (!currentUserWorkspace) {
-        throw new Error('Current user workspace not found');
-      }
-      const { settingsPermissions, objectRecordsPermissions } =
-        await this.permissionsService.getUserWorkspacePermissions({
-          userWorkspaceId: currentUserWorkspace.id,
-          workspaceId: workspace.id,
-        });
-
-      const grantedSettingsPermissions: SettingPermissionType[] = (
-        Object.keys(settingsPermissions) as SettingPermissionType[]
-      ).filter((feature) => settingsPermissions[feature] === true);
-
-      const grantedObjectRecordsPermissions = (
-        Object.keys(objectRecordsPermissions) as PermissionsOnAllObjectRecords[]
-      ).filter((permission) => objectRecordsPermissions[permission] === true);
-
-      currentUserWorkspace.settingsPermissions = grantedSettingsPermissions;
-      currentUserWorkspace.objectRecordsPermissions =
-        grantedObjectRecordsPermissions;
-      user.currentUserWorkspace = currentUserWorkspace;
     }
+    const { settingsPermissions, objectRecordsPermissions } =
+      await this.permissionsService.getUserWorkspacePermissions({
+        userWorkspaceId: currentUserWorkspace.id,
+        workspaceId: workspace.id,
+      });
+
+    const grantedSettingsPermissions: SettingPermissionType[] = (
+      Object.keys(settingsPermissions) as SettingPermissionType[]
+    ).filter((feature) => settingsPermissions[feature] === true);
+
+    const grantedObjectRecordsPermissions = (
+      Object.keys(objectRecordsPermissions) as PermissionsOnAllObjectRecords[]
+    ).filter((permission) => objectRecordsPermissions[permission] === true);
+
+    currentUserWorkspace.settingsPermissions = grantedSettingsPermissions;
+    currentUserWorkspace.objectRecordsPermissions =
+      grantedObjectRecordsPermissions;
+    user.currentUserWorkspace = currentUserWorkspace;
 
     return {
       ...user,
@@ -202,37 +192,31 @@ export class UserResolver {
 
     const workspaceMembers: WorkspaceMember[] = [];
 
-    const permissionsEnabled = await this.featureFlagService.isFeatureEnabled(
-      FeatureFlagKey.IsPermissionsEnabled,
-      workspace.id,
-    );
-
     let userWorkspacesByUserId = new Map<string, UserWorkspace>();
     let rolesByUserWorkspaces = new Map<string, RoleDTO[]>();
 
-    if (permissionsEnabled === true) {
+    const userWorkspaces = await this.userWorkspaceRepository.find({
-      const userWorkspaces = await this.userWorkspaceRepository.find({
+      where: {
-        where: {
+        userId: In(workspaceMemberEntities.map((entity) => entity.userId)),
-          userId: In(workspaceMemberEntities.map((entity) => entity.userId)),
+        workspaceId: workspace.id,
-          workspaceId: workspace.id,
+      },
-        },
+    });
-      });
 
-      userWorkspacesByUserId = new Map(
+    userWorkspacesByUserId = new Map(
-        userWorkspaces.map((userWorkspace) => [
+      userWorkspaces.map((userWorkspace) => [
-          userWorkspace.userId,
+        userWorkspace.userId,
-          userWorkspace,
+        userWorkspace,
-        ]),
+      ]),
-      );
+    );
 
-      rolesByUserWorkspaces =
+    rolesByUserWorkspaces = await this.userRoleService.getRolesByUserWorkspaces(
-        await this.userRoleService.getRolesByUserWorkspaces({
+      {
-          userWorkspaceIds: userWorkspaces.map(
+        userWorkspaceIds: userWorkspaces.map(
-            (userWorkspace) => userWorkspace.id,
+          (userWorkspace) => userWorkspace.id,
-          ),
+        ),
-          workspaceId: workspace.id,
+        workspaceId: workspace.id,
-        });
+      },
-    }
+    );
 
     for (const workspaceMemberEntity of workspaceMemberEntities) {
       if (workspaceMemberEntity.avatarUrl) {
@@ -246,39 +230,37 @@ export class UserResolver {
 
       const workspaceMember = workspaceMemberEntity as WorkspaceMember;
 
-      if (permissionsEnabled === true) {
+      const userWorkspace = userWorkspacesByUserId.get(
-        const userWorkspace = userWorkspacesByUserId.get(
+        workspaceMemberEntity.userId,
-          workspaceMemberEntity.userId,
+      );
-        );
 
-        if (!userWorkspace) {
+      if (!userWorkspace) {
-          throw new Error('User workspace not found');
+        throw new Error('User workspace not found');
-        }
-
-        workspaceMember.userWorkspaceId = userWorkspace.id;
-
-        const workspaceMemberRoles = (
-          rolesByUserWorkspaces.get(userWorkspace.id) ?? []
-        ).map((roleEntity) => {
-          return {
-            id: roleEntity.id,
-            label: roleEntity.label,
-            canUpdateAllSettings: roleEntity.canUpdateAllSettings,
-            description: roleEntity.description,
-            icon: roleEntity.icon,
-            isEditable: roleEntity.isEditable,
-            userWorkspaceRoles: roleEntity.userWorkspaceRoles,
-            canReadAllObjectRecords: roleEntity.canReadAllObjectRecords,
-            canUpdateAllObjectRecords: roleEntity.canUpdateAllObjectRecords,
-            canSoftDeleteAllObjectRecords:
-              roleEntity.canSoftDeleteAllObjectRecords,
-            canDestroyAllObjectRecords: roleEntity.canDestroyAllObjectRecords,
-          };
-        });
-
-        workspaceMember.roles = workspaceMemberRoles;
       }
 
+      workspaceMember.userWorkspaceId = userWorkspace.id;
+
+      const workspaceMemberRoles = (
+        rolesByUserWorkspaces.get(userWorkspace.id) ?? []
+      ).map((roleEntity) => {
+        return {
+          id: roleEntity.id,
+          label: roleEntity.label,
+          canUpdateAllSettings: roleEntity.canUpdateAllSettings,
+          description: roleEntity.description,
+          icon: roleEntity.icon,
+          isEditable: roleEntity.isEditable,
+          userWorkspaceRoles: roleEntity.userWorkspaceRoles,
+          canReadAllObjectRecords: roleEntity.canReadAllObjectRecords,
+          canUpdateAllObjectRecords: roleEntity.canUpdateAllObjectRecords,
+          canSoftDeleteAllObjectRecords:
+            roleEntity.canSoftDeleteAllObjectRecords,
+          canDestroyAllObjectRecords: roleEntity.canDestroyAllObjectRecords,
+        };
+      });
+
+      workspaceMember.roles = workspaceMemberRoles;
+
       workspaceMembers.push(workspaceMember);
     }
 

packages/twenty-server/src/engine/core-modules/workspace/services/workspace.service.ts

@@ -15,7 +15,6 @@ import { CustomDomainService } from 'src/engine/core-modules/domain-manager/serv
 import { DomainManagerService } from 'src/engine/core-modules/domain-manager/services/domain-manager.service';
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { ExceptionHandlerService } from 'src/engine/core-modules/exception-handler/exception-handler.service';
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
 import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import {
   FileWorkspaceFolderDeletionJob,
@@ -154,26 +153,19 @@ export class WorkspaceService extends TypeOrmQueryService<Workspace> {
 
     workspaceValidator.assertIsDefinedOrThrow(workspace);
 
-    const permissionsEnabled = await this.featureFlagService.isFeatureEnabled(
+    await this.validateSecurityPermissions({
-      FeatureFlagKey.IsPermissionsEnabled,
+      payload,
-      workspace.id,
+      userWorkspaceId,
-    );
+      workspaceId: workspace.id,
+      apiKey,
+    });
 
-    if (permissionsEnabled) {
+    await this.validateWorkspacePermissions({
-      await this.validateSecurityPermissions({
+      payload,
-        payload,
+      userWorkspaceId,
-        userWorkspaceId,
+      workspaceId: workspace.id,
-        workspaceId: workspace.id,
+      apiKey,
-        apiKey,
+    });
-      });
-
-      await this.validateWorkspacePermissions({
-        payload,
-        userWorkspaceId,
-        workspaceId: workspace.id,
-        apiKey,
-      });
-    }
 
     if (payload.subdomain && workspace.subdomain !== payload.subdomain) {
       await this.validateSubdomainUpdate(payload.subdomain);

packages/twenty-server/src/engine/core-modules/workspace/workspace.entity.ts

@@ -1,6 +1,7 @@
 import { Field, ObjectType, registerEnumType } from '@nestjs/graphql';
 
 import { IDField } from '@ptc-org/nestjs-query-graphql';
+import { WorkspaceActivationStatus } from 'twenty-shared/workspace';
 import {
   Column,
   CreateDateColumn,
@@ -11,7 +12,6 @@ import {
   Relation,
   UpdateDateColumn,
 } from 'typeorm';
-import { WorkspaceActivationStatus } from 'twenty-shared/workspace';
 
 import { UUIDScalarType } from 'src/engine/api/graphql/workspace-schema-builder/graphql-types/scalars';
 import { AppToken } from 'src/engine/core-modules/app-token/app-token.entity';

packages/twenty-server/src/engine/guards/settings-permissions.guard.ts

@@ -9,8 +9,6 @@ import { GqlExecutionContext } from '@nestjs/graphql';
 
 import { isDefined } from 'twenty-shared/utils';
 
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
-import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
 import {
   PermissionsException,
@@ -24,24 +22,11 @@ export const SettingsPermissionsGuard = (
 ): Type<CanActivate> => {
   @Injectable()
   class SettingsPermissionsMixin implements CanActivate {
-    constructor(
+    constructor(private readonly permissionsService: PermissionsService) {}
-      private readonly featureFlagService: FeatureFlagService,
-      private readonly permissionsService: PermissionsService,
-    ) {}
 
     async canActivate(context: ExecutionContext): Promise<boolean> {
       const ctx = GqlExecutionContext.create(context);
       const workspaceId = ctx.getContext().req.workspace.id;
-
-      const permissionsEnabled = await this.featureFlagService.isFeatureEnabled(
-        FeatureFlagKey.IsPermissionsEnabled,
-        workspaceId,
-      );
-
-      if (!permissionsEnabled) {
-        return true;
-      }
-
       const userWorkspaceId = ctx.getContext().req.userWorkspaceId;
 
       const hasPermission =

packages/twenty-server/src/engine/workspace-manager/workspace-manager.service.ts

@@ -1,6 +1,7 @@
 import { Injectable, Logger } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 
+import { WorkspaceActivationStatus } from 'twenty-shared/workspace';
 import { Repository } from 'typeorm';
 
 import { DEV_SEED_USER_WORKSPACE_IDS } from 'src/database/typeorm-seeds/core/user-workspaces';
@@ -8,7 +9,6 @@ import {
   SEED_ACME_WORKSPACE_ID,
   SEED_APPLE_WORKSPACE_ID,
 } from 'src/database/typeorm-seeds/core/workspaces';
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
 import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
@@ -315,21 +315,16 @@ export class WorkspaceManagerService {
       roleId: adminRole.id,
     });
 
-    await this.roleService.createMemberRole({
+    const memberRole = await this.roleService.createMemberRole({
       workspaceId,
     });
 
-    // Temporary - after permissions are rolled-out we will set member role as the default role
     await this.workspaceRepository.update(workspaceId, {
-      defaultRoleId: adminRole.id,
+      defaultRoleId: memberRole.id,
     });
   }
 
   private async initPermissionsDev(workspaceId: string) {
-    await this.featureFlagService.enableFeatureFlags(
-      [FeatureFlagKey.IsPermissionsEnabled],
-      workspaceId,
-    );
     const adminRole = await this.roleService.createAdminRole({
       workspaceId,
     });
@@ -369,6 +364,7 @@ export class WorkspaceManagerService {
 
     await this.workspaceRepository.update(workspaceId, {
       defaultRoleId: memberRole.id,
+      activationStatus: WorkspaceActivationStatus.ACTIVE,
     });
 
     if (memberUserWorkspaceId) {

packages/twenty-server/src/modules/workspace-member/query-hooks/workspace-member-pre-query-hook.service.ts

@@ -2,7 +2,6 @@ import { Injectable } from '@nestjs/common';
 
 import { isDefined } from 'twenty-shared/utils';
 
-import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
 import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
 import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
 import {
@@ -33,16 +32,6 @@ export class WorkspaceMemberPreQueryHookService {
     workspaceId: string;
     apiKey?: ApiKeyWorkspaceEntity | null;
   }) {
-    const featureFlagsMap =
-      await this.featureFlagService.getWorkspaceFeatureFlagsMap(workspaceId);
-
-    const isPermissionsEnabled =
-      featureFlagsMap[FeatureFlagKey.IsPermissionsEnabled];
-
-    if (!isPermissionsEnabled) {
-      return;
-    }
-
     if (isDefined(apiKey)) {
       return;
     }

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-many-object-records-permissions.integration-spec.ts

@@ -4,33 +4,11 @@ import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.
 import { createManyOperationFactory } from 'test/integration/graphql/utils/create-many-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 describe('createManyObjectRecordsPermissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = createManyOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/create-one-object-records-permissions.integration-spec.ts

@@ -4,33 +4,11 @@ import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.
 import { createOneOperationFactory } from 'test/integration/graphql/utils/create-one-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 describe('createOneObjectRecordsPermissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = createOneOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-many-object-records-permissions.integration-spec.ts

@@ -5,33 +5,11 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat
 import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delete-many-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 describe('deleteManyObjectRecordsPermissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = deleteManyOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/delete-one-object-records-permissions.integration-spec.ts

@@ -5,9 +5,7 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create
 import { deleteOneOperationFactory } from 'test/integration/graphql/utils/delete-one-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
@@ -15,15 +13,7 @@ describe('deleteOneObjectRecordsPermissions', () => {
   const personId = randomUUID();
 
   beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
+    const createOnePersonRecordOperation = createOneOperationFactory({
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-
-    const createGraphqlOperation = createOneOperationFactory({
       objectMetadataSingularName: 'person',
       gqlFields: PERSON_GQL_FIELDS,
       data: {
@@ -31,17 +21,7 @@ describe('deleteOneObjectRecordsPermissions', () => {
       },
     });
 
-    await makeGraphqlAPIRequest(createGraphqlOperation);
+    await makeGraphqlAPIRequest(createOnePersonRecordOperation);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
   });
 
   it('should throw a permission error when user does not have permission (guest role)', async () => {

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-many-object-records-permissions.integration-spec.ts

@@ -5,33 +5,11 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat
 import { destroyManyOperationFactory } from 'test/integration/graphql/utils/destroy-many-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 describe('destroyManyObjectRecordsPermissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = destroyManyOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/destroy-one-object-records-permissions.integration-spec.ts

@@ -5,9 +5,7 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create
 import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
@@ -15,14 +13,6 @@ describe('destroyOneObjectRecordsPermissions', () => {
   const personId = randomUUID();
 
   beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-
     const createGraphqlOperation = createOneOperationFactory({
       objectMetadataSingularName: 'person',
       gqlFields: PERSON_GQL_FIELDS,
@@ -34,16 +24,6 @@ describe('destroyOneObjectRecordsPermissions', () => {
     await makeGraphqlAPIRequest(createGraphqlOperation);
   });
 
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const personId = randomUUID();
     const graphqlOperation = destroyOneOperationFactory({

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-many-object-records-permissions.integration-spec.ts

@@ -6,9 +6,7 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
 import { restoreManyOperationFactory } from 'test/integration/graphql/utils/restore-many-operation-factory.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
@@ -17,14 +15,6 @@ describe('restoreManyObjectRecordsPermissions', () => {
   const personId2 = randomUUID();
 
   beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-
     // Create people
     const createGraphqlOperation = createManyOperationFactory({
       objectMetadataSingularName: 'person',
@@ -57,16 +47,6 @@ describe('restoreManyObjectRecordsPermissions', () => {
     await makeGraphqlAPIRequest(deleteGraphqlOperation);
   });
 
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = restoreManyOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/restore-one-object-records-permissions.integration-spec.ts

@@ -6,9 +6,7 @@ import { deleteOneOperationFactory } from 'test/integration/graphql/utils/delete
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
 import { restoreOneOperationFactory } from 'test/integration/graphql/utils/restore-one-operation-factory.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
@@ -16,14 +14,6 @@ describe('restoreOneObjectRecordsPermissions', () => {
   const personId = randomUUID();
 
   beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-
     // Create a person
     const createGraphqlOperation = createOneOperationFactory({
       objectMetadataSingularName: 'person',
@@ -45,16 +35,6 @@ describe('restoreOneObjectRecordsPermissions', () => {
     await makeGraphqlAPIRequest(deleteGraphqlOperation);
   });
 
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = restoreOneOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-many-object-records-permissions.integration-spec.ts

@@ -4,10 +4,8 @@ import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.
 import { createManyOperationFactory } from 'test/integration/graphql/utils/create-many-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 import { updateManyOperationFactory } from 'test/integration/graphql/utils/update-many-operation-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
@@ -16,14 +14,6 @@ describe('updateManyObjectRecordsPermissions', () => {
   const personId2 = randomUUID();
 
   beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-
     const createGraphqlOperation = createManyOperationFactory({
       objectMetadataSingularName: 'person',
       objectMetadataPluralName: 'people',
@@ -41,16 +31,6 @@ describe('updateManyObjectRecordsPermissions', () => {
     await makeGraphqlAPIRequest(createGraphqlOperation);
   });
 
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const graphqlOperation = updateManyOperationFactory({
       objectMetadataSingularName: 'person',

packages/twenty-server/test/integration/graphql/suites/object-records-permissions/update-one-object-records-permissions.integration-spec.ts

@@ -4,10 +4,8 @@ import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.
 import { createOneOperationFactory } from 'test/integration/graphql/utils/create-one-operation-factory.util';
 import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
@@ -15,14 +13,6 @@ describe('updateOneObjectRecordsPermissions', () => {
   const personId = randomUUID();
 
   beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-
     const createPersonOperation = createOneOperationFactory({
       objectMetadataSingularName: 'person',
       gqlFields: PERSON_GQL_FIELDS,
@@ -35,16 +25,6 @@ describe('updateOneObjectRecordsPermissions', () => {
     await makeGraphqlAPIRequest(createPersonOperation);
   });
 
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission (guest role)', async () => {
     const personId = randomUUID();
     const graphqlOperation = updateOneOperationFactory({

packages/twenty-server/test/integration/graphql/suites/settings-permissions/api-key-webhooks.integration-spec.ts

@@ -1,33 +1,11 @@
 import request from 'supertest';
-import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 const client = request(`http://localhost:${APP_PORT}`);
 
 describe('api key and webhooks permissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
   describe('generateApiKeyToken', () => {
     it('should throw a permission error when user does not have permission (member role)', async () => {
       const queryData = {

packages/twenty-server/test/integration/graphql/suites/settings-permissions/data-model.integration-spec.ts

@@ -1,5 +1,3 @@
-import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 import { createCustomTextFieldMetadata } from 'test/integration/metadata/suites/field-metadata/utils/create-custom-text-field-metadata.util';
 import { createOneFieldMetadataFactory } from 'test/integration/metadata/suites/field-metadata/utils/create-one-field-metadata-factory.util';
 import { deleteOneFieldMetadataItemFactory } from 'test/integration/metadata/suites/field-metadata/utils/delete-one-field-metadata-factory.util';
@@ -12,29 +10,12 @@ import { updateOneObjectMetadataItemFactory } from 'test/integration/metadata/su
 import { makeMetadataAPIRequestWithMemberRole } from 'test/integration/metadata/suites/utils/make-metadata-api-request-with-member-role.util';
 import { FieldMetadataType } from 'twenty-shared/types';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 describe('datamodel permissions', () => {
-  beforeAll(async () => {
+  beforeAll(async () => {});
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
 
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
   describe('fieldMetadata', () => {
     let listingObjectId = '';
     let testFieldId = '';

packages/twenty-server/test/integration/graphql/suites/settings-permissions/security.integration-spec.ts

@@ -32,14 +32,6 @@ describe('Security permissions', () => {
     const response = await makeGraphqlAPIRequest({ query });
 
     originalWorkspaceState = response.body.data.currentWorkspace;
-
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
   });
 
   afterAll(async () => {

packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace-invitation.integration-spec.ts

@@ -1,34 +1,11 @@
 import request from 'supertest';
-import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
 
 const client = request(`http://localhost:${APP_PORT}`);
 
 describe('workspace invitation permissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should throw a permission error when user does not have permission to send invitation', async () => {
     const queryData = {
       query: `

packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace-members.integration-spec.ts

@@ -3,10 +3,8 @@ import { deleteOneOperationFactory } from 'test/integration/graphql/utils/delete
 import { makeGraphqlAPIRequestWithMemberRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util';
 import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
 import { restoreOneOperationFactory } from 'test/integration/graphql/utils/restore-one-operation-factory.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { DEV_SEED_WORKSPACE_MEMBER_IDS } from 'src/database/typeorm-seeds/workspace/workspace-members';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
@@ -19,25 +17,6 @@ const WORKSPACE_MEMBER_GQL_FIELDS = `
 `;
 
 describe('workspace members permissions', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
   describe('updateOne', () => {
     it('should allow update when user is updating themself (member role)', async () => {
       const graphqlOperation = updateOneOperationFactory({

packages/twenty-server/test/integration/graphql/suites/settings-permissions/workspace.integration-spec.ts

@@ -33,14 +33,6 @@ describe('workspace permissions', () => {
     const response = await makeGraphqlAPIRequest({ query });
 
     originalWorkspaceState = response.body.data.currentWorkspace;
-
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
   });
 
   afterAll(async () => {

packages/twenty-server/test/integration/graphql/suites/user.integration-spec.ts

@@ -1,33 +1,10 @@
 import request from 'supertest';
-import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
-import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
 
-import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
 import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
 
 const client = request(`http://localhost:${APP_PORT}`);
 
 describe('deleteUser', () => {
-  beforeAll(async () => {
-    const enablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      true,
-    );
-
-    await makeGraphqlAPIRequest(enablePermissionsQuery);
-  });
-
-  afterAll(async () => {
-    const disablePermissionsQuery = updateFeatureFlagFactory(
-      SEED_APPLE_WORKSPACE_ID,
-      'IsPermissionsEnabled',
-      false,
-    );
-
-    await makeGraphqlAPIRequest(disablePermissionsQuery);
-  });
-
   it('should not allow to delete user if they are the unique admin of a workspace', async () => {
     const query = {
       query: `