admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Add SettingsPermissionGuard on data model and roles features (#10063)

Browse Source 
Adding SettingsPermissionsGuard to execute permission check. 

The guard is added directly in resolver, either at resolver level (ex:
roles) or resolver-endpoint level (ex: metadata). this can be challenged
!
This commit is contained in:
Marie
2025-02-07 16:48:04 +01:00
committed by GitHub
parent 859e7c94f9
commit a24e411384
11 changed files with 144 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.module.ts
View File

@ -7,9 +7,12 @@ import {
PagingStrategies,
} from '@ptc-org/nestjs-query-graphql';
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
import { SettingsFeatures } from 'twenty-shared';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { FeatureFlag } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
import { FeatureFlagModule } from 'src/engine/core-modules/feature-flag/feature-flag.module';
import { SettingsPermissionsGuard } from 'src/engine/guards/settings-permissions.guard';
import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
import { DataSourceModule } from 'src/engine/metadata-modules/data-source/data-source.module';
import { FieldMetadataEntity } from 'src/engine/metadata-modules/field-metadata/field-metadata.entity';
@ -20,6 +23,8 @@ import { ObjectMetadataResolver } from 'src/engine/metadata-modules/object-metad
import { ObjectMetadataMigrationService } from 'src/engine/metadata-modules/object-metadata/services/object-metadata-migration.service';
import { ObjectMetadataRelatedRecordsService } from 'src/engine/metadata-modules/object-metadata/services/object-metadata-related-records.service';
import { ObjectMetadataRelationService } from 'src/engine/metadata-modules/object-metadata/services/object-metadata-relation.service';
import { PermissionsModule } from 'src/engine/metadata-modules/permissions/permissions.module';
import { PermissionsGraphqlApiExceptionFilter } from 'src/engine/metadata-modules/permissions/utils/permissions-graphql-api-exception.filter';
import { RelationMetadataEntity } from 'src/engine/metadata-modules/relation-metadata/relation-metadata.entity';
import { RemoteTableRelationsModule } from 'src/engine/metadata-modules/remote-server/remote-table/remote-table-relations/remote-table-relations.module';
import { SearchModule } from 'src/engine/metadata-modules/search/search.module';
@ -51,6 +56,8 @@ import { UpdateObjectPayload } from './dtos/update-object.input';
RemoteTableRelationsModule,
SearchModule,
IndexMetadataModule,
FeatureFlagModule,
PermissionsModule,
],
services: [
ObjectMetadataService,
@ -71,11 +78,13 @@ import { UpdateObjectPayload } from './dtos/update-object.input';
},
create: {
many: { disabled: true },
guards: [SettingsPermissionsGuard(SettingsFeatures.DATA_MODEL)],
},
update: { disabled: true },
delete: { disabled: true },
guards: [WorkspaceAuthGuard],
interceptors: [ObjectMetadataGraphqlApiExceptionInterceptor],
filters: [PermissionsGraphqlApiExceptionFilter],
},
],
}),