[permissions] Fix rest api (#12608)

We need to use twentyORMManager and not twentyORMGlobalManager in rest
api base handler, because we don't want to bypass permissions using
`shouldBypassPermissions` parameter (which we would have to do to use
twentyORMGlobalManager).

ScopedWorkspaceContextFactory was not adapted to rest api requests which
form differs from graphql request.

packages/twenty-server/src/engine/twenty-orm/factories/scoped-workspace-context.factory.ts

@@ -19,7 +19,9 @@ export class ScopedWorkspaceContextFactory {
       // @ts-expect-error legacy noImplicitAny
       this.request?.['req']?.['workspaceId'] ||
       // @ts-expect-error legacy noImplicitAny
-      this.request?.['params']?.['workspaceId'];
+      this.request?.['params']?.['workspaceId'] ||
+      // @ts-expect-error legacy noImplicitAny
+      this.request?.['workspace']?.['id']; // rest api
     const workspaceMetadataVersion: number | undefined =
       // @ts-expect-error legacy noImplicitAny
       this.request?.['req']?.['workspaceMetadataVersion'];
@@ -27,10 +29,16 @@ export class ScopedWorkspaceContextFactory {
     return {
       workspaceId: workspaceId ?? null,
       workspaceMetadataVersion: workspaceMetadataVersion ?? null,
-      // @ts-expect-error legacy noImplicitAny
-      userWorkspaceId: this.request?.['req']?.['userWorkspaceId'] ?? null,
-      // @ts-expect-error legacy noImplicitAny
-      isExecutedByApiKey: !!this.request?.['req']?.['apiKey'],
+      userWorkspaceId:
+        // @ts-expect-error legacy noImplicitAny
+        this.request?.['req']?.['userWorkspaceId'] ??
+        // @ts-expect-error legacy noImplicitAny
+        this.request?.['userWorkspaceId'] ?? // rest api
+        null,
+      isExecutedByApiKey: !!(
+        // @ts-expect-error legacy noImplicitAny
+        (this.request?.['req']?.['apiKey'] || this.request?.['apiKey'])
+      ),
     };
   }
 }