[permissions] Fix rest api (#12608)

We need to use twentyORMManager and not twentyORMGlobalManager in rest api base handler, because we don't want to bypass permissions using `shouldBypassPermissions` parameter (which we would have to do to use twentyORMGlobalManager). ScopedWorkspaceContextFactory was not adapted to rest api requests which form differs from graphql request.
2025-06-16 10:42:55 +02:00
parent a05c659e03
commit 929586e4a9
4 changed files with 21 additions and 17 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/workspace-permissions-cache/workspace-permissions-cache.service.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/workspace-permissions-cache/workspace-permissions-cache.service.ts
@ -222,11 +222,11 @@ export class WorkspacePermissionsCacheService {
      return;
    }

-    const userWorkspaceRoleMap = await this.getUserWorkspaceRoleMapFromCache({
-      workspaceId,
-    });
+    const { data: userWorkspaceRoleMap } =
+      await this.getUserWorkspaceRoleMapFromCache({
+        workspaceId,
+      });

-    // @ts-expect-error legacy noImplicitAny
    return userWorkspaceRoleMap[userWorkspaceId];
  }