admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions V2] Custom role deletion (#11187)

Browse Source 
Closes https://github.com/twentyhq/core-team-issues/issues/616
This commit is contained in:
Marie
2025-03-26 15:08:48 +01:00
committed by GitHub
parent 16cb768c5c
commit 7af90eb4c4
9 changed files with 365 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
View File

@ -1,4 +1,5 @@
import request from 'supertest';
import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
import { createListingCustomObject } from 'test/integration/metadata/suites/object-metadata/utils/create-test-object-metadata.util';
@ -316,51 +317,72 @@ describe('roles permissions', () => {
await assertPermissionDeniedForMemberWithMemberRole({ query });
});
// TODO - to uncomment after deleteOneRole has been implemented
// it('should create a role when user has permission to create a role (admin role)', async () => {
// const query = {
// query: `
// mutation CreateOneRole {
// createOneRole(createRoleInput: {label: "Test role"}) {
// id
// }
// }
// `,
// };
it('should create a role when user has permission to create a role (admin role)', async () => {
// Act and assert
const query = {
query: `
mutation CreateOneRole {
createOneRole(createRoleInput: {label: "Test role"}) {
id
}
}
`,
};
// await client
// .post('/graphql')
// .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
// .send(query)
// .expect(200)
// .expect((res) => {
// expect(res.body.data).toBeDefined();
// expect(res.body.errors).toBeUndefined();
// });
// });
const result = await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(query)
.expect(200)
.expect((res) => {
expect(res.body.data).toBeDefined();
expect(res.body.errors).toBeUndefined();
});
const createdRoleId = result.body.data.createOneRole.id;
// Clean
const deleteOneRoleQuery = deleteOneRoleOperationFactory(createdRoleId);
await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(deleteOneRoleQuery);
});
});
describe('updateRole', () => {
// let createdEditableRoleId: string;
let createdEditableRoleId: string;
beforeAll(async () => {
// TODO - to uncomment after deleteOneRole has been implemented
// const query = {
// query: `
// mutation CreateOneRole {
// createOneRole(createRoleInput: {label: "Test role 2"}) {
// id
// }
// }
// `,
// };
// await client
// .post('/graphql')
// .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
// .send(query)
// .then((res) => {
// createdEditableRoleId = res.body.data.createOneRole.id;
// });
const query = {
query: `
mutation CreateOneRole {
createOneRole(createRoleInput: {label: "Test role 2"}) {
id
}
}
`,
};
await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(query)
.then((res) => {
createdEditableRoleId = res.body.data.createOneRole.id;
});
});
afterAll(async () => {
const deleteOneRoleQuery = deleteOneRoleOperationFactory(
createdEditableRoleId,
);
await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(deleteOneRoleQuery);
});
describe('updateRole', () => {
@ -368,7 +390,7 @@ describe('roles permissions', () => {
const query = {
query: `
mutation UpdateOneRole {
updateOneRole(updateRoleInput: {id: "test-role-id", update: {label: "new-role-label"}}) {
updateOneRole(updateRoleInput: {id: "${createdEditableRoleId}", update: {label: "new role label (1)"}}) {
id
}
}
@ -382,7 +404,7 @@ describe('roles permissions', () => {
const query = {
query: `
mutation UpdateOneRole {
updateOneRole(updateRoleInput: {id: "${adminRoleId}", update: {label: "new-role-label"}}) {
updateOneRole(updateRoleInput: {id: "${adminRoleId}", update: {label: "new role label (2)"}}) {
id
}
}
@ -405,6 +427,33 @@ describe('roles permissions', () => {
);
});
});
it('should update a role when user has permission to update a role (admin role)', async () => {
const query = {
query: `
mutation UpdateOneRole {
updateOneRole(updateRoleInput: {id: "${createdEditableRoleId}", update: {label: "new role label (3)"}}) {
id
label
}
}
`,
};
await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(query)
.expect(200)
.expect((res) => {
expect(res.body.data).toBeDefined();
expect(res.body.errors).toBeUndefined();
expect(res.body.data.updateOneRole.id).toBe(createdEditableRoleId);
expect(res.body.data.updateOneRole.label).toBe(
'new role label (3)',
);
});
});
});
describe('upsertObjectPermission', () => {
@ -431,6 +480,8 @@ describe('roles permissions', () => {
mutation UpsertObjectPermissions {
upsertOneObjectPermission(upsertObjectPermissionInput: {objectMetadataId: "${objectMetadataId}", roleId: "${roleId}", canUpdateObjectRecords: true}) {
id
roleId
canUpdateObjectRecords
}
}
`;
@ -471,25 +522,30 @@ describe('roles permissions', () => {
});
});
// TODO - to uncomment after deleteOneRole has been implemented
// it('should upsert a setting permission when user has permission to create a setting permission', async () => {
// const query = {
// query: upsertObjectPermissionMutation({
// objectMetadataId: listingObjectId,
// roleId: createdEditableRoleId,
// }),
// };
it('should upsert an object permission when user has permission', async () => {
const query = {
query: upsertObjectPermissionMutation({
objectMetadataId: listingObjectId,
roleId: createdEditableRoleId,
}),
};
// await client
// .post('/graphql')
// .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
// .send(query)
// .expect(200)
// .expect((res) => {
// expect(res.body.data).toBeDefined();
// expect(res.body.errors).toBeUndefined();
// });
// });
await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(query)
.expect(200)
.expect((res) => {
expect(res.body.data).toBeDefined();
expect(res.body.errors).toBeUndefined();
expect(res.body.data.upsertOneObjectPermission.roleId).toBe(
createdEditableRoleId,
);
expect(
res.body.data.upsertOneObjectPermission.canUpdateObjectRecords,
).toBe(true);
});
});
});
describe('upsertSettingPermission', () => {
@ -499,8 +555,11 @@ describe('roles permissions', () => {
roleId: string;
}) => `
mutation UpsertSettingPermissions {
upsertOneSettingPermission(upsertSettingPermissionInput: {roleId: "${roleId}", setting: ${SettingPermissionType.DATA_MODEL}}) {
upsertOneSettingPermission(upsertSettingPermissionInput: {roleId: "${roleId}", setting: ${SettingPermissionType.DATA_MODEL}, canUpdateSetting: true}) {
id
roleId
setting
canUpdateSetting
}
}
`;
@ -538,6 +597,33 @@ describe('roles permissions', () => {
);
});
});
it('should upsert a setting permission when user has permission', async () => {
const query = {
query: upsertSettingPermissionMutation({
roleId: createdEditableRoleId,
}),
};
await client
.post('/graphql')
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
.send(query)
.expect(200)
.expect((res) => {
expect(res.body.data).toBeDefined();
expect(res.body.errors).toBeUndefined();
expect(res.body.data.upsertOneSettingPermission.roleId).toBe(
createdEditableRoleId,
);
expect(
res.body.data.upsertOneSettingPermission.canUpdateSetting,
).toBe(true);
expect(res.body.data.upsertOneSettingPermission.setting).toBe(
SettingPermissionType.DATA_MODEL,
);
});
});
});
});
});

7
packages/twenty-server/test/integration/graphql/utils/delete-one-role-operation-factory.util.ts Normal file
View File

@ -0,0 +1,7 @@
export const deleteOneRoleOperationFactory = (roleId: string) => ({
query: `
mutation DeleteOneRole {
deleteOneRole(roleId: "${roleId}")
}
`,
});