admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Remove raw queries and restrict its usage (#12360)

Browse Source 
Closes https://github.com/twentyhq/core-team-issues/issues/748

In the frame of the work on permissions we

- remove all raw queries possible to use repositories instead
- forbid usage workspaceDataSource.executeRawQueries()
- restrict usage of workspaceDataSource.query() to force developers to
pass on shouldBypassPermissionChecks to use it.

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
This commit is contained in:
Marie
2025-06-02 10:53:51 +02:00
committed by GitHub
parent 1ef7b7a474
commit 9706f0df13
49 changed files with 495 additions and 754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
packages/twenty-server/src/engine/workspace-datasource/workspace-datasource.service.ts
View File

@ -4,6 +4,10 @@ import { DataSource, EntityManager } from 'typeorm';
import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
import {
PermissionsException,
PermissionsExceptionCode,
} from 'src/engine/metadata-modules/permissions/permissions.exception';
@Injectable()
export class WorkspaceDataSourceService {
@ -99,24 +103,16 @@ export class WorkspaceDataSourceService {
}
public async executeRawQuery(
query: string,
_query: string,
// eslint-disable-next-line @typescript-eslint/no-explicit-any
parameters: any[] = [],
workspaceId: string,
transactionManager?: EntityManager,
_parameters: any[] = [],
_workspaceId: string,
_transactionManager?: EntityManager,
// eslint-disable-next-line @typescript-eslint/no-explicit-any
): Promise<any> {
try {
if (transactionManager) {
return await transactionManager.query(query, parameters);
}
const dataSource = await this.connectToMainDataSource();
return await dataSource.query(query, parameters);
} catch (error) {
throw new Error(
`Error executing raw query for workspace ${workspaceId}: ${error.message}`,
);
}
throw new PermissionsException(
'Method not allowed as permissions are not handled at datasource level.',
PermissionsExceptionCode.METHOD_NOT_ALLOWED,
);
}
}