[permissions] fix workflows + remove shouldBypassPermissionChecks for system objects (#12559)
In this PR 1. fix workflow step creation by adding forgotten `shouldBypassPermissionChecks` in WorkflowVersionStepWorkspaceService 2. clarify the rule for twentyORMGlobalManager: do not add unnecessary `shouldBypassPermissionChecks` for system objects (there are no object-records permission checks on system objects, they are dealt with at resolver level)
This commit is contained in:
Marie
@ -188,6 +188,7 @@ export class CleanNotFoundFilesCommand extends ActiveOrSuspendedWorkspacesMigrat
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace<PersonWorkspaceEntity>(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace<PersonWorkspaceEntity>(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
'person',
|
'person',
|
||||||
|
{ shouldBypassPermissionChecks: true },
|
||||||
);
|
);
|
||||||
const people = await personRepository.find({
|
const people = await personRepository.find({
|
||||||
where: {
|
where: {
|
||||||
|
|||||||
@ -73,6 +73,7 @@ export class DeduplicateIndexedFieldsCommand extends ActiveOrSuspendedWorkspaces
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
'company',
|
'company',
|
||||||
|
{ shouldBypassPermissionChecks: true },
|
||||||
);
|
);
|
||||||
|
|
||||||
const duplicates = await companyRepository
|
const duplicates = await companyRepository
|
||||||
@ -121,6 +122,7 @@ export class DeduplicateIndexedFieldsCommand extends ActiveOrSuspendedWorkspaces
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
'person',
|
'person',
|
||||||
|
{ shouldBypassPermissionChecks: true },
|
||||||
);
|
);
|
||||||
|
|
||||||
const duplicates = await personRepository
|
const duplicates = await personRepository
|
||||||
|
|||||||
@ -76,9 +76,6 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace<ApiKeyWorkspaceEntity>(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace<ApiKeyWorkspaceEntity>(
|
||||||
workspace.id,
|
workspace.id,
|
||||||
'apiKey',
|
'apiKey',
|
||||||
{
|
|
||||||
shouldBypassPermissionChecks: true,
|
|
||||||
},
|
|
||||||
);
|
);
|
||||||
|
|
||||||
apiKey = await apiKeyRepository.findOne({
|
apiKey = await apiKeyRepository.findOne({
|
||||||
|
|||||||
@ -94,9 +94,6 @@ export class UserWorkspaceService extends TypeOrmQueryService<UserWorkspace> {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
'workspaceMember',
|
'workspaceMember',
|
||||||
{
|
|
||||||
shouldBypassPermissionChecks: true,
|
|
||||||
},
|
|
||||||
);
|
);
|
||||||
|
|
||||||
const userWorkspace = await this.userWorkspaceRepository.findOneOrFail({
|
const userWorkspace = await this.userWorkspaceRepository.findOneOrFail({
|
||||||
|
|||||||
@ -103,9 +103,6 @@ export class UserService extends TypeOrmQueryService<User> {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
'workspaceMember',
|
'workspaceMember',
|
||||||
{
|
|
||||||
shouldBypassPermissionChecks: true,
|
|
||||||
},
|
|
||||||
);
|
);
|
||||||
|
|
||||||
const workspaceMembers = await workspaceMemberRepository.find();
|
const workspaceMembers = await workspaceMemberRepository.find();
|
||||||
|
|||||||
@ -35,9 +35,6 @@ export class BlocklistRepository {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
BlocklistWorkspaceEntity,
|
BlocklistWorkspaceEntity,
|
||||||
{
|
|
||||||
shouldBypassPermissionChecks: true,
|
|
||||||
},
|
|
||||||
);
|
);
|
||||||
|
|
||||||
return blockListRepository.find({
|
return blockListRepository.find({
|
||||||
|
|||||||
@ -61,9 +61,6 @@ export class CreateCompanyAndContactService {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
WorkspaceMemberWorkspaceEntity,
|
WorkspaceMemberWorkspaceEntity,
|
||||||
{
|
|
||||||
shouldBypassPermissionChecks: true,
|
|
||||||
},
|
|
||||||
);
|
);
|
||||||
|
|
||||||
const workspaceMembers = await workspaceMemberRepository.find();
|
const workspaceMembers = await workspaceMemberRepository.find();
|
||||||
|
|||||||
@ -77,6 +77,7 @@ export class WorkflowVersionStepWorkspaceService {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkflowVersionWorkspaceEntity>(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkflowVersionWorkspaceEntity>(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
'workflowVersion',
|
'workflowVersion',
|
||||||
|
{ shouldBypassPermissionChecks: true },
|
||||||
);
|
);
|
||||||
|
|
||||||
const workflowVersion = await workflowVersionRepository.findOne({
|
const workflowVersion = await workflowVersionRepository.findOne({
|
||||||
@ -594,6 +595,7 @@ export class WorkflowVersionStepWorkspaceService {
|
|||||||
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
||||||
workspaceId,
|
workspaceId,
|
||||||
field.settings.objectName,
|
field.settings.objectName,
|
||||||
|
{ shouldBypassPermissionChecks: true },
|
||||||
);
|
);
|
||||||
|
|
||||||
const record = await repository.findOne({
|
const record = await repository.findOne({
|
||||||
|
|||||||
Reference in New Issue
Block a user