admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Add permissions check layer in entityManager (#11818)

Browse Source 
First and main step of
https://github.com/twentyhq/core-team-issues/issues/747

We are implementing a permission check layer in our custom
WorkspaceEntityManager by overriding all the db-executing methods (this
PR only overrides some as a POC, the rest will be done in the next PR).
Our custom repositories call entity managers under the hood to interact
with the db so this solves the repositories case too.
This is still behind the feature flag IsPermissionsV2Enabled.

In the next PR
- finish overriding all the methods required in WorkspaceEntityManager
- add tests
This commit is contained in:
Marie
2025-05-05 16:06:54 +02:00
committed by GitHub
parent 5f8040af5d
commit a9e73c6340
62 changed files with 1194 additions and 933 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
packages/twenty-server/src/engine/twenty-orm/datasource/workspace.datasource.ts
View File

@ -5,12 +5,14 @@ import {
EntityTarget,
ObjectLiteral,
QueryRunner,
ReplicationMode,
} from 'typeorm';
import { FeatureFlagMap } from 'src/engine/core-modules/feature-flag/interfaces/feature-flag-map.interface';
import { WorkspaceInternalContext } from 'src/engine/twenty-orm/interfaces/workspace-internal-context.interface';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/entity.manager';
import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';
import { WorkspaceQueryRunner } from 'src/engine/twenty-orm/query-runner/workspace-query-runner';
import { WorkspaceRepository } from 'src/engine/twenty-orm/repository/workspace.repository';
export class WorkspaceDataSource extends DataSource {
@ -31,10 +33,10 @@ export class WorkspaceDataSource extends DataSource {
) {
super(options);
this.internalContext = internalContext;
// Recreate manager after internalContext has been initialized
this.manager = this.createEntityManager();
this.featureFlagMap = featureFlagMap;
this.featureFlagMapVersion = featureFlagMapVersion;
// Recreate manager after internalContext has been initialized
this.manager = this.createEntityManager();
this.rolesPermissionsVersion = rolesPermissionsVersion;
this.permissionsPerRoleId = permissionsPerRoleId;
}
@ -65,6 +67,17 @@ export class WorkspaceDataSource extends DataSource {
return new WorkspaceEntityManager(this.internalContext, this, queryRunner);
}
override createQueryRunner(
mode = 'master' as ReplicationMode,
): WorkspaceQueryRunner {
const queryRunner = this.driver.createQueryRunner(mode);
const manager = this.createEntityManager(queryRunner);
Object.assign(queryRunner, { manager: manager });
return queryRunner as any as WorkspaceQueryRunner;
}
setRolesPermissionsVersion(rolesPermissionsVersion: string) {
this.rolesPermissionsVersion = rolesPermissionsVersion;
}