[permissions] Enforce object-records permission checks in resolvers (#10304)

Closes https://github.com/twentyhq/core-team-issues/issues/393

- enforcing object-records permission checks in resolvers for now. we
will move the logic to a lower level asap
- add integration tests that will still be useful when we have moved the
logic
- introduce guest seeded role to test limited permissions on
object-records

packages/twenty-server/test/integration/graphql/utils/restore-one-operation-factory.util.ts

@@ -0,0 +1,25 @@
+import gql from 'graphql-tag';
+import { capitalize } from 'twenty-shared';
+
+type RestoreOneOperationFactoryParams = {
+  objectMetadataSingularName: string;
+  gqlFields: string;
+  recordId: string;
+};
+
+export const restoreOneOperationFactory = ({
+  objectMetadataSingularName,
+  gqlFields,
+  recordId,
+}: RestoreOneOperationFactoryParams) => ({
+  query: gql`
+    mutation Restore${capitalize(objectMetadataSingularName)}($${objectMetadataSingularName}Id: ID!) {
+      restore${capitalize(objectMetadataSingularName)}(id: $${objectMetadataSingularName}Id) {
+        ${gqlFields}
+      }
+    }
+  `,
+  variables: {
+    [`${objectMetadataSingularName}Id`]: recordId,
+  },
+});