[permissions] Remove raw queries and restrict its usage (#12360)

Closes https://github.com/twentyhq/core-team-issues/issues/748 In the frame of the work on permissions we - remove all raw queries possible to use repositories instead - forbid usage workspaceDataSource.executeRawQueries() - restrict usage of workspaceDataSource.query() to force developers to pass on shouldBypassPermissionChecks to use it. --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2025-06-02 10:53:51 +02:00
parent 1ef7b7a474
commit 9706f0df13
49 changed files with 495 additions and 754 deletions
--- a/packages/twenty-server/src/engine/twenty-orm/entity-manager/workspace-entity-manager.ts
+++ b/packages/twenty-server/src/engine/twenty-orm/entity-manager/workspace-entity-manager.ts
@ -406,15 +406,6 @@ export class WorkspaceEntityManager extends EntityManager {
    return this.connection.getMetadata(entity.constructor).name;
  }

-  // Forbidden methods
-
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  override query<T = any>(_query: string, _parameters?: any[]): Promise<T> {
-    throw new Error('Method not allowed.');
-  }
-
-  // Not in use methods - duplicated from TypeORM's EntityManager to use our createQueryBuilder
-
  override find<Entity extends ObjectLiteral>(
    entityClass: EntityTarget<Entity>,
    options?: FindManyOptions<Entity>,
@ -1098,4 +1089,14 @@ export class WorkspaceEntityManager extends EntityManager {

    return super.decrement(target, criteria, propertyPath, value);
  }
+
+  // Forbidden methods
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  override query<T = any>(_query: string, _parameters?: any[]): Promise<T> {
+    throw new PermissionsException(
+      'Method not allowed.',
+      PermissionsExceptionCode.RAW_SQL_NOT_ALLOWED,
+    );
+  }
 }