[permissions] Remove raw queries and restrict its usage (#12360)

Closes https://github.com/twentyhq/core-team-issues/issues/748 In the frame of the work on permissions we - remove all raw queries possible to use repositories instead - forbid usage workspaceDataSource.executeRawQueries() - restrict usage of workspaceDataSource.query() to force developers to pass on shouldBypassPermissionChecks to use it. --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2025-06-02 10:53:51 +02:00
parent 1ef7b7a474
commit 9706f0df13
49 changed files with 495 additions and 754 deletions
--- a/packages/twenty-server/src/modules/workspace-member/repositories/workspace-member.repository.ts
+++ b/packages/twenty-server/src/modules/workspace-member/repositories/workspace-member.repository.ts
@ -1,64 +0,0 @@
-import { Injectable, NotFoundException } from '@nestjs/common';
-
-import { WorkspaceDataSourceService } from 'src/engine/workspace-datasource/workspace-datasource.service';
-import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';
-
-@Injectable()
-export class WorkspaceMemberRepository {
-  constructor(
-    private readonly workspaceDataSourceService: WorkspaceDataSourceService,
-  ) {}
-
-  public async find(workspaceMemberId: string, workspaceId: string) {
-    const dataSourceSchema =
-      this.workspaceDataSourceService.getSchemaName(workspaceId);
-
-    const workspaceMembers =
-      await this.workspaceDataSourceService.executeRawQuery(
-        `SELECT * FROM ${dataSourceSchema}."workspaceMember" WHERE "id" = $1`,
-        [workspaceMemberId],
-        workspaceId,
-      );
-
-    return workspaceMembers?.[0];
-  }
-
-  public async getByIdOrFail(
-    userId: string,
-    workspaceId: string,
-  ): Promise<WorkspaceMemberWorkspaceEntity> {
-    const dataSourceSchema =
-      this.workspaceDataSourceService.getSchemaName(workspaceId);
-
-    const workspaceMembers =
-      await this.workspaceDataSourceService.executeRawQuery(
-        `SELECT * FROM ${dataSourceSchema}."workspaceMember" WHERE "userId" = $1`,
-        [userId],
-        workspaceId,
-      );
-
-    if (!workspaceMembers || workspaceMembers.length === 0) {
-      throw new NotFoundException(
-        `No workspace member found for user ${userId} in workspace ${workspaceId}`,
-      );
-    }
-
-    return workspaceMembers[0];
-  }
-
-  public async getAllByWorkspaceId(
-    workspaceId: string,
-  ): Promise<WorkspaceMemberWorkspaceEntity[]> {
-    const dataSourceSchema =
-      this.workspaceDataSourceService.getSchemaName(workspaceId);
-
-    const workspaceMembers =
-      await this.workspaceDataSourceService.executeRawQuery(
-        `SELECT * FROM ${dataSourceSchema}."workspaceMember"`,
-        [],
-        workspaceId,
-      );
-
-    return workspaceMembers;
-  }
-}