[permissions] Remove raw queries and restrict its usage (#12360)

Closes https://github.com/twentyhq/core-team-issues/issues/748 In the frame of the work on permissions we - remove all raw queries possible to use repositories instead - forbid usage workspaceDataSource.executeRawQueries() - restrict usage of workspaceDataSource.query() to force developers to pass on shouldBypassPermissionChecks to use it. --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2025-06-02 10:53:51 +02:00
parent 1ef7b7a474
commit 9706f0df13
49 changed files with 495 additions and 754 deletions
--- a/packages/twenty-server/src/engine/object-metadata-repository/metadata-to-repository.mapping.ts
+++ b/packages/twenty-server/src/engine/object-metadata-repository/metadata-to-repository.mapping.ts
@ -1,9 +1,7 @@
 import { BlocklistRepository } from 'src/modules/blocklist/repositories/blocklist.repository';
 import { TimelineActivityRepository } from 'src/modules/timeline/repositiories/timeline-activity.repository';
-import { WorkspaceMemberRepository } from 'src/modules/workspace-member/repositories/workspace-member.repository';

 export const metadataToRepositoryMapping = {
  BlocklistWorkspaceEntity: BlocklistRepository,
  TimelineActivityWorkspaceEntity: TimelineActivityRepository,
-  WorkspaceMemberWorkspaceEntity: WorkspaceMemberRepository,
 };
--- a/packages/twenty-server/src/engine/object-metadata-repository/object-metadata-repository.module.ts
+++ b/packages/twenty-server/src/engine/object-metadata-repository/object-metadata-repository.module.ts
@ -3,8 +3,9 @@ import { DynamicModule, Global, Module, Provider } from '@nestjs/common';
 import { capitalize } from 'twenty-shared/utils';

 import { metadataToRepositoryMapping } from 'src/engine/object-metadata-repository/metadata-to-repository.mapping';
+import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
+import { TwentyORMModule } from 'src/engine/twenty-orm/twenty-orm.module';
 import { WorkspaceDataSourceModule } from 'src/engine/workspace-datasource/workspace-datasource.module';
-import { WorkspaceDataSourceService } from 'src/engine/workspace-datasource/workspace-datasource.service';
 import { convertClassNameToObjectMetadataName } from 'src/engine/workspace-manager/workspace-sync-metadata/utils/convert-class-to-object-metadata-name.util';

@Global()
@ -25,18 +26,16 @@ export class ObjectMetadataRepositoryModule {
        provide: `${capitalize(
          convertClassNameToObjectMetadataName(objectMetadata.name),
        )}Repository`,
-        useFactory: (
-          workspaceDataSourceService: WorkspaceDataSourceService,
-        ) => {
-          return new repositoryClass(workspaceDataSourceService);
+        useFactory: (twentyORMGlobalManager: TwentyORMGlobalManager) => {
+          return new repositoryClass(twentyORMGlobalManager);
        },
-        inject: [WorkspaceDataSourceService],
+        inject: [TwentyORMGlobalManager],
      };
    });

    return {
      module: ObjectMetadataRepositoryModule,
-      imports: [WorkspaceDataSourceModule],
+      imports: [WorkspaceDataSourceModule, TwentyORMModule],
      providers: [...providers],
      exports: providers,
    };