[permissions] Enforce object-records permission checks in resolvers (#10304)
Closes https://github.com/twentyhq/core-team-issues/issues/393 - enforcing object-records permission checks in resolvers for now. we will move the logic to a lower level asap - add integration tests that will still be useful when we have moved the logic - introduce guest seeded role to test limited permissions on object-records
This commit is contained in:
@ -0,0 +1,7 @@
|
||||
export const STANDARD_OBJECT_RECORDS_UNDER_OBJECT_RECORDS_PERMISSIONS = [
|
||||
'person',
|
||||
'company',
|
||||
'opportunity',
|
||||
'note',
|
||||
'task',
|
||||
];
|
||||
@ -1,6 +1,6 @@
|
||||
export * from './FieldForTotalCountAggregateOperation';
|
||||
export * from './PermissionsOnAllObjectRecords';
|
||||
export * from './SettingsFeatures';
|
||||
export * from './StandardObjectRecordsUnderObjectRecordsPermissions';
|
||||
export * from './TwentyCompaniesBaseUrl';
|
||||
export * from './TwentyIconsBaseUrl';
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
export * from './fieldMetadata';
|
||||
export * from './image';
|
||||
export * from './permissions';
|
||||
export * from './strings';
|
||||
export * from './validation';
|
||||
export * from './validation';
|
||||
|
||||
1
packages/twenty-shared/src/utils/permissions/index.ts
Normal file
1
packages/twenty-shared/src/utils/permissions/index.ts
Normal file
@ -0,0 +1 @@
|
||||
export * from './isObjectRecordUnderObjectRecordsPermissions';
|
||||
@ -0,0 +1,16 @@
|
||||
import { STANDARD_OBJECT_RECORDS_UNDER_OBJECT_RECORDS_PERMISSIONS } from 'src/constants';
|
||||
|
||||
export const isObjectRecordUnderObjectRecordsPermissions = ({
|
||||
isCustom,
|
||||
nameSingular,
|
||||
}: {
|
||||
isCustom: boolean;
|
||||
nameSingular: string;
|
||||
}) => {
|
||||
return (
|
||||
isCustom ||
|
||||
STANDARD_OBJECT_RECORDS_UNDER_OBJECT_RECORDS_PERMISSIONS.includes(
|
||||
nameSingular,
|
||||
)
|
||||
);
|
||||
};
|
||||
Reference in New Issue
Block a user