[permissions V2] Throw when objectPermissions not found in datasource (#12325)

I encountered a bug where I was missing permissions while calling searchResolver because the repository from `twentyORMManager.getRepository` was missing permissions itself. The repository was returned from the cached repositories map using a repository key feature the roleId, the rolesVersion and featureFlagMapVersion. I was not able to reproduce but this error should not go unnoticed: we always expect to find objectPermissions for every roleId in the datasource now. I was not able to understand what happened for now but I think throwing the error will help keeping an eye on it
2025-05-27 17:01:11 +02:00
parent 7cacccf0b8
commit 97cc1b3cbb
3 changed files with 27 additions and 2 deletions
--- a/packages/twenty-server/src/engine/twenty-orm/entity-manager/workspace-entity-manager.ts
+++ b/packages/twenty-server/src/engine/twenty-orm/entity-manager/workspace-entity-manager.ts
@ -1,4 +1,5 @@
 import { ObjectRecordsPermissions } from 'twenty-shared/types';
+import { isDefined } from 'twenty-shared/utils';
 import {
  EntityManager,
  EntityTarget,
@ -16,6 +17,10 @@ import { FeatureFlagMap } from 'src/engine/core-modules/feature-flag/interfaces/
 import { WorkspaceInternalContext } from 'src/engine/twenty-orm/interfaces/workspace-internal-context.interface';

 import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
+import {
+  PermissionsException,
+  PermissionsExceptionCode,
+} from 'src/engine/metadata-modules/permissions/permissions.exception';
 import { WorkspaceDataSource } from 'src/engine/twenty-orm/datasource/workspace.datasource';
 import {
  OperationType,
@ -68,11 +73,28 @@ export class WorkspaceEntityManager extends EntityManager {

    let objectPermissions = {};

+    const featureFlagMap = this.getFeatureFlagMap();
+
+    const isPermissionsV2Enabled =
+      featureFlagMap[FeatureFlagKey.IsPermissionsV2Enabled];
+
    if (permissionOptions?.roleId) {
      const objectPermissionsByRoleId = dataSource.permissionsPerRoleId;

-      objectPermissions =
-        objectPermissionsByRoleId?.[permissionOptions?.roleId] ?? {};
+      if (!isDefined(objectPermissionsByRoleId?.[permissionOptions.roleId])) {
+        if (isPermissionsV2Enabled) {
+          throw new PermissionsException(
+            `No permissions found for role in datasource (missing ${
+              !isDefined(objectPermissionsByRoleId)
+                ? 'objectPermissionsByRoleId object'
+                : `roleId in objectPermissionsByRoleId object (${permissionOptions.roleId})`
+            })`,
+            PermissionsExceptionCode.NO_PERMISSIONS_FOUND_IN_DATASOURCE,
+          );
+        }
+      } else {
+        objectPermissions = objectPermissionsByRoleId[permissionOptions.roleId];
+      }
    }

    const newRepository = new WorkspaceRepository<Entity>(