[permissions] Remove raw queries and restrict its usage (#12360)

Closes https://github.com/twentyhq/core-team-issues/issues/748 In the frame of the work on permissions we - remove all raw queries possible to use repositories instead - forbid usage workspaceDataSource.executeRawQueries() - restrict usage of workspaceDataSource.query() to force developers to pass on shouldBypassPermissionChecks to use it. --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2025-06-02 10:53:51 +02:00
parent 1ef7b7a474
commit 9706f0df13
49 changed files with 495 additions and 754 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/remote-server/remote-server.service.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/remote-server/remote-server.service.ts
@ -271,6 +271,7 @@ export class RemoteServerService<T extends RemoteServerType> {
    const [parameters, rawQuery] =
      buildUpdateRemoteServerRawQuery(remoteServerToUpdate);

+    // TO DO: executeRawQuery is deprecated and will throw
    const updateResult = await this.workspaceDataSourceService.executeRawQuery(
      rawQuery,
      parameters,
--- a/packages/twenty-server/src/engine/metadata-modules/remote-server/remote-table/utils/fetch-table-columns.util.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/remote-server/remote-table/utils/fetch-table-columns.util.ts
@ -8,6 +8,7 @@ export const fetchTableColumns = async (
 ): Promise<PostgresTableSchemaColumn[]> => {
  const schemaName = workspaceDataSourceService.getSchemaName(workspaceId);

+  // TODO: executeRawQuery is deprecated and will throw
  const res = await workspaceDataSourceService.executeRawQuery(
    `SELECT column_name, data_type, udt_name
        FROM information_schema.columns
--- a/packages/twenty-server/src/engine/metadata-modules/remote-server/remote-table/utils/get-remote-table-local-name.util.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/remote-server/remote-table/utils/get-remote-table-local-name.util.ts
@ -1,11 +1,11 @@
 import { singular } from 'pluralize';
 import { DataSource } from 'typeorm';

-import { camelCase } from 'src/utils/camel-case';
 import {
  RemoteTableException,
  RemoteTableExceptionCode,
 } from 'src/engine/metadata-modules/remote-server/remote-table/remote-table.exception';
+import { camelCase } from 'src/utils/camel-case';

 const MAX_SUFFIX = 10;

@ -19,6 +19,7 @@ const isNameAvailable = async (
  workspaceSchemaName: string,
  workspaceDataSource: DataSource,
 ) => {
+  // TO DO workspaceDataSource.query method is not allowed, this will throw
  const numberOfTablesWithSameName = +(
    await workspaceDataSource.query(
      `SELECT count(table_name) FROM information_schema.tables WHERE table_name LIKE '${tableName}' AND table_schema IN ('core', 'metadata', '${workspaceSchemaName}')`,