admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Add permissions check layer in entityManager (#11818)

Browse Source 
First and main step of
https://github.com/twentyhq/core-team-issues/issues/747

We are implementing a permission check layer in our custom
WorkspaceEntityManager by overriding all the db-executing methods (this
PR only overrides some as a POC, the rest will be done in the next PR).
Our custom repositories call entity managers under the hood to interact
with the db so this solves the repositories case too.
This is still behind the feature flag IsPermissionsV2Enabled.

In the next PR
- finish overriding all the methods required in WorkspaceEntityManager
- add tests
This commit is contained in:
Marie
2025-05-05 16:06:54 +02:00
committed by GitHub
parent 5f8040af5d
commit a9e73c6340
62 changed files with 1194 additions and 933 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
packages/twenty-server/src/engine/metadata-modules/field-metadata/services/field-metadata-related-records.service.ts
View File

@ -1,6 +1,6 @@
import { Injectable } from '@nestjs/common';
import { EntityManager, In } from 'typeorm';
import { In } from 'typeorm';
import {
FieldMetadataComplexOption,
@ -28,7 +28,6 @@ export class FieldMetadataRelatedRecordsService {
public async updateRelatedViewGroups(
oldFieldMetadata: FieldMetadataEntity,
newFieldMetadata: FieldMetadataEntity,
transactionManager?: EntityManager,
): Promise<void> {
if (
!isSelectFieldMetadataType(newFieldMetadata.type) ||
@ -67,7 +66,7 @@ export class FieldMetadataRelatedRecordsService {
}),
);
await viewGroupRepository.insert(viewGroupsToCreate, transactionManager);
await viewGroupRepository.insert(viewGroupsToCreate);
for (const { old: oldOption, new: newOption } of updated) {
const existingViewGroup = view.viewGroups.find(
@ -83,25 +82,20 @@ export class FieldMetadataRelatedRecordsService {
await viewGroupRepository.update(
{ id: existingViewGroup.id },
{ fieldValue: newOption.value },
transactionManager,
);
}
const valuesToDelete = deleted.map((option) => option.value);
await viewGroupRepository.delete(
{
fieldMetadataId: newFieldMetadata.id,
fieldValue: In(valuesToDelete),
},
transactionManager,
);
await viewGroupRepository.delete({
fieldMetadataId: newFieldMetadata.id,
fieldValue: In(valuesToDelete),
});
await this.syncNoValueViewGroup(
newFieldMetadata,
view,
viewGroupRepository,
transactionManager,
);
}
}
@ -110,7 +104,6 @@ export class FieldMetadataRelatedRecordsService {
fieldMetadata: FieldMetadataEntity,
view: ViewWorkspaceEntity,
viewGroupRepository: WorkspaceRepository<ViewGroupWorkspaceEntity>,
transactionManager?: EntityManager,
): Promise<void> {
const noValueGroup = view.viewGroups.find(
(group) => group.fieldValue === '',
@ -126,12 +119,9 @@ export class FieldMetadataRelatedRecordsService {
viewId: view.id,
});
await viewGroupRepository.insert(newGroup, transactionManager);
await viewGroupRepository.insert(newGroup);
} else if (!fieldMetadata.isNullable && noValueGroup) {
await viewGroupRepository.delete(
{ id: noValueGroup.id },
transactionManager,
);
await viewGroupRepository.delete({ id: noValueGroup.id });
}
}

3
packages/twenty-server/src/engine/metadata-modules/remote-server/remote-server.service.ts
View File

@ -26,6 +26,7 @@ import {
validateStringAgainstInjections,
} from 'src/engine/metadata-modules/remote-server/utils/validate-remote-server-input.utils';
import { validateRemoteServerType } from 'src/engine/metadata-modules/remote-server/utils/validate-remote-server-type.util';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';
import { WorkspaceDataSourceService } from 'src/engine/workspace-datasource/workspace-datasource.service';
@Injectable()
@ -79,7 +80,7 @@ export class RemoteServerService<T extends RemoteServerType> {
}
return this.metadataDataSource.transaction(
async (entityManager: EntityManager) => {
async (entityManager: WorkspaceEntityManager) => {
const createdRemoteServer = entityManager.create(
RemoteServerEntity,
remoteServerToCreate,