admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Add SettingsPermissionGuard on data model and roles features (#10063)

Browse Source 
Adding SettingsPermissionsGuard to execute permission check. 

The guard is added directly in resolver, either at resolver level (ex:
roles) or resolver-endpoint level (ex: metadata). this can be challenged
!
This commit is contained in:
Marie
2025-02-07 16:48:04 +01:00
committed by GitHub
parent 859e7c94f9
commit a24e411384
11 changed files with 144 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/twenty-server/src/engine/metadata-modules/field-metadata/field-metadata.resolver.ts
View File

@ -1,6 +1,7 @@
import {
BadRequestException,
UnauthorizedException,
UseFilters,
UseGuards,
} from '@nestjs/common';
import {
@ -12,7 +13,7 @@ import {
Resolver,
} from '@nestjs/graphql';
import { FieldMetadataType } from 'twenty-shared';
import { FieldMetadataType, SettingsFeatures } from 'twenty-shared';
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
@ -20,6 +21,7 @@ import { I18nContext } from 'src/engine/core-modules/i18n/types/i18n-context.typ
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { IDataloaders } from 'src/engine/dataloaders/dataloader.interface';
import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
import { SettingsPermissionsGuard } from 'src/engine/guards/settings-permissions.guard';
import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
import { CreateOneFieldMetadataInput } from 'src/engine/metadata-modules/field-metadata/dtos/create-field.input';
import { DeleteOneFieldInput } from 'src/engine/metadata-modules/field-metadata/dtos/delete-field.input';
@ -34,10 +36,12 @@ import {
} from 'src/engine/metadata-modules/field-metadata/field-metadata.exception';
import { FieldMetadataService } from 'src/engine/metadata-modules/field-metadata/field-metadata.service';
import { fieldMetadataGraphqlApiExceptionHandler } from 'src/engine/metadata-modules/field-metadata/utils/field-metadata-graphql-api-exception-handler.util';
import { PermissionsGraphqlApiExceptionFilter } from 'src/engine/metadata-modules/permissions/utils/permissions-graphql-api-exception.filter';
import { isRelationFieldMetadataType } from 'src/engine/utils/is-relation-field-metadata-type.util';
@UseGuards(WorkspaceAuthGuard)
@Resolver(() => FieldMetadataDTO)
@UseFilters(PermissionsGraphqlApiExceptionFilter)
export class FieldMetadataResolver {
constructor(
private readonly fieldMetadataService: FieldMetadataService,
@ -68,6 +72,7 @@ export class FieldMetadataResolver {
);
}
@UseGuards(SettingsPermissionsGuard(SettingsFeatures.DATA_MODEL))
@Mutation(() => FieldMetadataDTO)
async createOneField(
@Args('input') input: CreateOneFieldMetadataInput,
@ -83,6 +88,7 @@ export class FieldMetadataResolver {
}
}
@UseGuards(SettingsPermissionsGuard(SettingsFeatures.DATA_MODEL))
@Mutation(() => FieldMetadataDTO)
async updateOneField(
@Args('input') input: UpdateOneFieldMetadataInput,
@ -98,6 +104,7 @@ export class FieldMetadataResolver {
}
}
@UseGuards(SettingsPermissionsGuard(SettingsFeatures.DATA_MODEL))
@Mutation(() => FieldMetadataDTO)
async deleteOneField(
@Args('input') input: DeleteOneFieldInput,