[permissions] Add permissions check layer in entityManager (#11818)

First and main step of https://github.com/twentyhq/core-team-issues/issues/747 We are implementing a permission check layer in our custom WorkspaceEntityManager by overriding all the db-executing methods (this PR only overrides some as a POC, the rest will be done in the next PR). Our custom repositories call entity managers under the hood to interact with the db so this solves the repositories case too. This is still behind the feature flag IsPermissionsV2Enabled. In the next PR - finish overriding all the methods required in WorkspaceEntityManager - add tests
2025-05-05 16:06:54 +02:00
parent 5f8040af5d
commit a9e73c6340
62 changed files with 1194 additions and 933 deletions
--- a/packages/twenty-server/src/modules/messaging/message-cleaner/services/messaging-message-cleaner.service.ts
+++ b/packages/twenty-server/src/modules/messaging/message-cleaner/services/messaging-message-cleaner.service.ts
@ -1,7 +1,8 @@
 import { Injectable } from '@nestjs/common';

-import { EntityManager, IsNull } from 'typeorm';
+import { IsNull } from 'typeorm';

+import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';
 import { TwentyORMManager } from 'src/engine/twenty-orm/twenty-orm.manager';
 import { MessageThreadWorkspaceEntity } from 'src/modules/messaging/common/standard-objects/message-thread.workspace-entity';
 import { MessageWorkspaceEntity } from 'src/modules/messaging/common/standard-objects/message.workspace-entity';
@ -24,75 +25,77 @@ export class MessagingMessageCleanerService {

    const workspaceDataSource = await this.twentyORMManager.getDatasource();

-    await workspaceDataSource.transaction(async (transactionManager) => {
-      await deleteUsingPagination(
-        workspaceId,
-        500,
-        async (
-          limit: number,
-          offset: number,
-          workspaceId: string,
-          transactionManager: EntityManager,
-        ) => {
-          const nonAssociatedMessages = await messageRepository.find(
-            {
-              where: {
-                messageChannelMessageAssociations: {
-                  id: IsNull(),
+    await workspaceDataSource.transaction(
+      async (transactionManager: WorkspaceEntityManager) => {
+        await deleteUsingPagination(
+          workspaceId,
+          500,
+          async (
+            limit: number,
+            offset: number,
+            _workspaceId: string,
+            transactionManager: WorkspaceEntityManager,
+          ) => {
+            const nonAssociatedMessages = await messageRepository.find(
+              {
+                where: {
+                  messageChannelMessageAssociations: {
+                    id: IsNull(),
+                  },
                },
+                take: limit,
+                skip: offset,
+                relations: ['messageChannelMessageAssociations'],
              },
-              take: limit,
-              skip: offset,
-              relations: ['messageChannelMessageAssociations'],
-            },
-            transactionManager,
-          );
+              transactionManager,
+            );

-          return nonAssociatedMessages.map(({ id }) => id);
-        },
-        async (
-          ids: string[],
-          workspaceId: string,
-          transactionManager?: EntityManager,
-        ) => {
-          await messageRepository.delete(ids, transactionManager);
-        },
-        transactionManager,
-      );
+            return nonAssociatedMessages.map(({ id }) => id);
+          },
+          async (
+            ids: string[],
+            workspaceId: string,
+            transactionManager?: WorkspaceEntityManager,
+          ) => {
+            await messageRepository.delete(ids, transactionManager);
+          },
+          transactionManager,
+        );

-      await deleteUsingPagination(
-        workspaceId,
-        500,
-        async (
-          limit: number,
-          offset: number,
-          workspaceId: string,
-          transactionManager?: EntityManager,
-        ) => {
-          const orphanThreads = await messageThreadRepository.find(
-            {
-              where: {
-                messages: {
-                  id: IsNull(),
+        await deleteUsingPagination(
+          workspaceId,
+          500,
+          async (
+            limit: number,
+            offset: number,
+            _workspaceId: string,
+            transactionManager?: WorkspaceEntityManager,
+          ) => {
+            const orphanThreads = await messageThreadRepository.find(
+              {
+                where: {
+                  messages: {
+                    id: IsNull(),
+                  },
                },
+                take: limit,
+                skip: offset,
              },
-              take: limit,
-              skip: offset,
-            },
-            transactionManager,
-          );
+              transactionManager,
+            );

-          return orphanThreads.map(({ id }) => id);
-        },
-        async (
-          ids: string[],
-          workspaceId: string,
-          transactionManager?: EntityManager,
-        ) => {
-          await messageThreadRepository.delete(ids, transactionManager);
-        },
-        transactionManager,
-      );
-    });
+            return orphanThreads.map(({ id }) => id);
+          },
+          async (
+            ids: string[],
+            _workspaceId: string,
+            transactionManager?: WorkspaceEntityManager,
+          ) => {
+            await messageThreadRepository.delete(ids, transactionManager);
+          },
+          transactionManager,
+        );
+      },
+    );
  }
 }
--- a/packages/twenty-server/src/modules/messaging/message-cleaner/utils/delete-using-pagination.util.ts
+++ b/packages/twenty-server/src/modules/messaging/message-cleaner/utils/delete-using-pagination.util.ts
@ -1,4 +1,4 @@
-import { EntityManager } from 'typeorm';
+import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';

 export const deleteUsingPagination = async (
  workspaceId: string,
@ -7,14 +7,14 @@ export const deleteUsingPagination = async (
    limit: number,
    offset: number,
    workspaceId: string,
-    transactionManager?: EntityManager,
+    transactionManager?: WorkspaceEntityManager,
  ) => Promise<string[]>,
  deleter: (
    ids: string[],
    workspaceId: string,
-    transactionManager?: EntityManager,
+    transactionManager?: WorkspaceEntityManager,
  ) => Promise<void>,
-  transactionManager?: EntityManager,
+  transactionManager?: WorkspaceEntityManager,
 ) => {
  let hasMoreData = true;

--- a/packages/twenty-server/src/modules/messaging/message-import-manager/services/messaging-message.service.ts
+++ b/packages/twenty-server/src/modules/messaging/message-import-manager/services/messaging-message.service.ts
@ -1,8 +1,8 @@
 import { Injectable } from '@nestjs/common';

-import { EntityManager } from 'typeorm';
 import { v4 } from 'uuid';

+import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';
 import { TwentyORMManager } from 'src/engine/twenty-orm/twenty-orm.manager';
 import { MessageChannelMessageAssociationWorkspaceEntity } from 'src/modules/messaging/common/standard-objects/message-channel-message-association.workspace-entity';
 import { MessageThreadWorkspaceEntity } from 'src/modules/messaging/common/standard-objects/message-thread.workspace-entity';
@ -16,7 +16,7 @@ export class MessagingMessageService {
  public async saveMessagesWithinTransaction(
    messages: MessageWithParticipants[],
    messageChannelId: string,
-    transactionManager: EntityManager,
+    transactionManager: WorkspaceEntityManager,
  ): Promise<{
    createdMessages: Partial<MessageWorkspaceEntity>[];
    messageExternalIdsAndIdsMap: Map<string, string>;
--- a/packages/twenty-server/src/modules/messaging/message-import-manager/services/messaging-save-messages-and-enqueue-contact-creation.service.ts
+++ b/packages/twenty-server/src/modules/messaging/message-import-manager/services/messaging-save-messages-and-enqueue-contact-creation.service.ts
@ -1,7 +1,7 @@
 import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';

-import { EntityManager, Repository } from 'typeorm';
+import { Repository } from 'typeorm';

 import { DatabaseEventAction } from 'src/engine/api/graphql/graphql-query-runner/enums/database-event-action';
 import { InjectMessageQueue } from 'src/engine/core-modules/message-queue/decorators/message-queue.decorator';
@ -9,6 +9,7 @@ import { MessageQueue } from 'src/engine/core-modules/message-queue/message-queu
 import { MessageQueueService } from 'src/engine/core-modules/message-queue/services/message-queue.service';
 import { FieldActorSource } from 'src/engine/metadata-modules/field-metadata/composite-types/actor.composite-type';
 import { ObjectMetadataEntity } from 'src/engine/metadata-modules/object-metadata/object-metadata.entity';
+import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';
 import { TwentyORMManager } from 'src/engine/twenty-orm/twenty-orm.manager';
 import { WorkspaceEventEmitter } from 'src/engine/workspace-event-emitter/workspace-event-emitter';
 import { ConnectedAccountWorkspaceEntity } from 'src/modules/connected-account/standard-objects/connected-account.workspace-entity';
@ -55,7 +56,7 @@ export class MessagingSaveMessagesAndEnqueueContactCreationService {

    const createdMessagesWithParticipants =
      await workspaceDataSource?.transaction(
-        async (transactionManager: EntityManager) => {
+        async (transactionManager: WorkspaceEntityManager) => {
          const { messageExternalIdsAndIdsMap, createdMessages } =
            await this.messageService.saveMessagesWithinTransaction(
              messagesToSave,
--- a/packages/twenty-server/src/modules/messaging/message-participant-manager/services/messaging-message-participant.service.ts
+++ b/packages/twenty-server/src/modules/messaging/message-participant-manager/services/messaging-message-participant.service.ts
@ -1,7 +1,6 @@
 import { Injectable } from '@nestjs/common';

-import { EntityManager } from 'typeorm';
-
+import { WorkspaceEntityManager } from 'src/engine/twenty-orm/entity-manager/workspace-entity-manager';
 import { TwentyORMManager } from 'src/engine/twenty-orm/twenty-orm.manager';
 import { MatchParticipantService } from 'src/modules/match-participant/match-participant.service';
 import { MessageParticipantWorkspaceEntity } from 'src/modules/messaging/common/standard-objects/message-participant.workspace-entity';
@ -16,7 +15,7 @@ export class MessagingMessageParticipantService {

  public async saveMessageParticipants(
    participants: ParticipantWithMessageId[],
-    transactionManager?: EntityManager,
+    transactionManager?: WorkspaceEntityManager,
  ): Promise<void> {
    const messageParticipantRepository =
      await this.twentyORMManager.getRepository<MessageParticipantWorkspaceEntity>(