[permissions] Enforce object-records permission checks in resolvers (#10304)

Closes https://github.com/twentyhq/core-team-issues/issues/393 - enforcing object-records permission checks in resolvers for now. we will move the logic to a lower level asap - add integration tests that will still be useful when we have moved the logic - introduce guest seeded role to test limited permissions on object-records
2025-02-19 11:21:03 +01:00
parent 33178fa8b2
commit 861face2a8
48 changed files with 1372 additions and 144 deletions
--- a/packages/twenty-server/test/integration/graphql/utils/restore-many-operation-factory.util.ts
+++ b/packages/twenty-server/test/integration/graphql/utils/restore-many-operation-factory.util.ts
@ -0,0 +1,27 @@
+import gql from 'graphql-tag';
+import { capitalize } from 'twenty-shared';
+
+type RestoreManyOperationFactoryParams = {
+  objectMetadataSingularName: string;
+  objectMetadataPluralName: string;
+  gqlFields: string;
+  filter: object;
+};
+
+export const restoreManyOperationFactory = ({
+  objectMetadataSingularName,
+  objectMetadataPluralName,
+  gqlFields,
+  filter,
+}: RestoreManyOperationFactoryParams) => ({
+  query: gql`
+    mutation Restore${capitalize(objectMetadataPluralName)}($filter: ${capitalize(objectMetadataSingularName)}FilterInput!) {
+      restore${capitalize(objectMetadataPluralName)}(filter: $filter) {
+        ${gqlFields}
+      }
+    }
+  `,
+  variables: {
+    filter,
+  },
+});