[permissions V2] Custom role deletion (#11187)

Closes https://github.com/twentyhq/core-team-issues/issues/616
2025-03-26 15:08:48 +01:00
parent 16cb768c5c
commit 7af90eb4c4
9 changed files with 365 additions and 100 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.resolver.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.resolver.ts
@ -123,10 +123,6 @@ export class RoleResolver {
    @Args('updateRoleInput') updateRoleInput: UpdateRoleInput,
  ): Promise<RoleDTO> {
    await this.validatePermissionsV2EnabledOrThrow(workspace);
-    await this.validateRoleIsEditableOrThrow({
-      roleId: updateRoleInput.id,
-      workspaceId: workspace.id,
-    });

    return this.roleService.updateRole({
      input: updateRoleInput,
@ -134,6 +130,16 @@ export class RoleResolver {
    });
  }

+  @Mutation(() => String)
+  async deleteOneRole(
+    @AuthWorkspace() workspace: Workspace,
+    @Args('roleId') roleId: string,
+  ): Promise<string> {
+    await this.validatePermissionsV2EnabledOrThrow(workspace);
+
+    return this.roleService.deleteRole(roleId, workspace.id);
+  }
+
  @Mutation(() => ObjectPermissionDTO)
  async upsertOneObjectPermission(
    @AuthWorkspace() workspace: Workspace,
@ -141,10 +147,6 @@ export class RoleResolver {
    upsertObjectPermissionInput: UpsertObjectPermissionInput,
  ) {
    await this.validatePermissionsV2EnabledOrThrow(workspace);
-    await this.validateRoleIsEditableOrThrow({
-      roleId: upsertObjectPermissionInput.roleId,
-      workspaceId: workspace.id,
-    });

    return this.objectPermissionService.upsertObjectPermission({
      workspaceId: workspace.id,
@ -159,10 +161,6 @@ export class RoleResolver {
    upsertSettingPermissionInput: UpsertSettingPermissionInput,
  ) {
    await this.validatePermissionsV2EnabledOrThrow(workspace);
-    await this.validateRoleIsEditableOrThrow({
-      roleId: upsertSettingPermissionInput.roleId,
-      workspaceId: workspace.id,
-    });

    return this.settingPermissionService.upsertSettingPermission({
      workspaceId: workspace.id,
@ -195,21 +193,4 @@ export class RoleResolver {
      );
    }
  }
-
-  private async validateRoleIsEditableOrThrow({
-    roleId,
-    workspaceId,
-  }: {
-    roleId: string;
-    workspaceId: string;
-  }) {
-    const role = await this.roleService.getRoleById(roleId, workspaceId);
-
-    if (!role?.isEditable) {
-      throw new PermissionsException(
-        PermissionsExceptionMessage.ROLE_NOT_EDITABLE,
-        PermissionsExceptionCode.ROLE_NOT_EDITABLE,
-      );
-    }
-  }
 }