Create objectPermissions and settingsPermissions tables (#10962)

Closes https://github.com/twentyhq/core-team-issues/issues/594
2025-03-18 10:45:31 +01:00
parent ecf24eb518
commit aa6fd90424
5 changed files with 171 additions and 0 deletions
--- a/packages/twenty-server/src/database/typeorm/metadata/migrations/1742232505943-generatePermissionsV2Tables.ts
+++ b/packages/twenty-server/src/database/typeorm/metadata/migrations/1742232505943-generatePermissionsV2Tables.ts
@ -0,0 +1,39 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class GeneratePermissionsV2Tables1742232505943
+  implements MigrationInterface
+{
+  name = 'GeneratePermissionsV2Tables1742232505943';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE TABLE "metadata"."objectPermissions" ("id" uuid NOT NULL DEFAULT uuid_generate_v4(), "roleId" uuid NOT NULL, "objectMetadataId" uuid NOT NULL, "canReadObjectRecords" boolean, "canUpdateObjectRecords" boolean, "canSoftDeleteObjectRecords" boolean, "canDestroyObjectRecords" boolean, "workspaceId" uuid NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT "IndexOnObjectPermissionsUnique" UNIQUE ("objectMetadataId", "roleId"), CONSTRAINT "PK_ea2c5c9a2dfa3d674da8b1350cd" PRIMARY KEY ("id"))`,
+    );
+    await queryRunner.query(
+      `CREATE TABLE "metadata"."settingsPermissions" ("id" uuid NOT NULL DEFAULT uuid_generate_v4(), "roleId" uuid NOT NULL, "setting" character varying NOT NULL, "canUpdateSetting" boolean, "workspaceId" uuid NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT "IndexOnSettingsPermissionsUnique" UNIQUE ("setting", "roleId"), CONSTRAINT "PK_44f120f1e527e62efa3fec8a846" PRIMARY KEY ("id"))`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" ADD CONSTRAINT "FK_770297c03e386df4c9fa4986ee1" FOREIGN KEY ("roleId") REFERENCES "metadata"."role"("id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" ADD CONSTRAINT "FK_ddad09b4fdf32c88283ae815074" FOREIGN KEY ("objectMetadataId") REFERENCES "metadata"."objectMetadata"("id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."settingsPermissions" ADD CONSTRAINT "FK_712bf97e56c4040026dd887ed4a" FOREIGN KEY ("roleId") REFERENCES "metadata"."role"("id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."settingsPermissions" DROP CONSTRAINT "FK_712bf97e56c4040026dd887ed4a"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" DROP CONSTRAINT "FK_ddad09b4fdf32c88283ae815074"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" DROP CONSTRAINT "FK_770297c03e386df4c9fa4986ee1"`,
+    );
+    await queryRunner.query(`DROP TABLE "metadata"."settingsPermissions"`);
+    await queryRunner.query(`DROP TABLE "metadata"."objectPermissions"`);
+  }
+}
--- a/packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.entity.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.entity.ts
@ -16,6 +16,7 @@ import { WorkspaceEntityDuplicateCriteria } from 'src/engine/api/graphql/workspa
 import { DataSourceEntity } from 'src/engine/metadata-modules/data-source/data-source.entity';
 import { FieldMetadataEntity } from 'src/engine/metadata-modules/field-metadata/field-metadata.entity';
 import { IndexMetadataEntity } from 'src/engine/metadata-modules/index-metadata/index-metadata.entity';
+import { ObjectPermissionsEntity } from 'src/engine/metadata-modules/object-permissions/object-permissions.entity';
 import { RelationMetadataEntity } from 'src/engine/metadata-modules/relation-metadata/relation-metadata.entity';

@Entity('objectMetadata')
@ -135,4 +136,11 @@ export class ObjectMetadataEntity implements ObjectMetadataInterface {

  @UpdateDateColumn({ type: 'timestamptz' })
  updatedAt: Date;
+
+  @OneToMany(
+    () => ObjectPermissionsEntity,
+    (objectPermissions: ObjectPermissionsEntity) =>
+      objectPermissions.objectMetadata,
+  )
+  objectPermissions: Relation<ObjectPermissionsEntity[]>;
 }
--- a/packages/twenty-server/src/engine/metadata-modules/object-permissions/object-permissions.entity.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/object-permissions/object-permissions.entity.ts
@ -0,0 +1,64 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  Relation,
+  Unique,
+  UpdateDateColumn,
+} from 'typeorm';
+
+import { ObjectMetadataEntity } from 'src/engine/metadata-modules/object-metadata/object-metadata.entity';
+import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
+
+@Entity('objectPermissions')
+@Unique('IndexOnObjectPermissionsUnique', ['objectMetadataId', 'roleId'])
+export class ObjectPermissionsEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ nullable: false, type: 'uuid' })
+  roleId: string;
+
+  @ManyToOne(() => RoleEntity, (role) => role.objectPermissions, {
+    onDelete: 'CASCADE',
+  })
+  @JoinColumn({ name: 'roleId' })
+  role: Relation<RoleEntity>;
+
+  @Column({ nullable: false, type: 'uuid' })
+  objectMetadataId: string;
+
+  @ManyToOne(
+    () => ObjectMetadataEntity,
+    (objectMetadata) => objectMetadata.objectPermissions,
+    {
+      onDelete: 'CASCADE',
+    },
+  )
+  @JoinColumn({ name: 'objectMetadataId' })
+  objectMetadata: Relation<ObjectMetadataEntity>;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canReadObjectRecords?: boolean;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canUpdateObjectRecords?: boolean;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canSoftDeleteObjectRecords?: boolean;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canDestroyObjectRecords?: boolean;
+
+  @Column({ nullable: false, type: 'uuid' })
+  workspaceId: string;
+
+  @CreateDateColumn({ type: 'timestamptz' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ type: 'timestamptz' })
+  updatedAt: Date;
+}
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts
@ -8,7 +8,9 @@ import {
  UpdateDateColumn,
 } from 'typeorm';

+import { ObjectPermissionsEntity } from 'src/engine/metadata-modules/object-permissions/object-permissions.entity';
 import { UserWorkspaceRoleEntity } from 'src/engine/metadata-modules/role/user-workspace-role.entity';
+import { SettingsPermissionsEntity } from 'src/engine/metadata-modules/settings-permissions/settings-permissions.entity';

@Entity('role')
 export class RoleEntity {
@ -56,4 +58,17 @@ export class RoleEntity {
    (userWorkspaceRole: UserWorkspaceRoleEntity) => userWorkspaceRole.role,
  )
  userWorkspaceRoles: Relation<UserWorkspaceRoleEntity[]>;
+
+  @OneToMany(
+    () => ObjectPermissionsEntity,
+    (objectPermissions: ObjectPermissionsEntity) => objectPermissions.role,
+  )
+  objectPermissions: Relation<ObjectPermissionsEntity[]>;
+
+  @OneToMany(
+    () => SettingsPermissionsEntity,
+    (settingsPermissions: SettingsPermissionsEntity) =>
+      settingsPermissions.role,
+  )
+  settingsPermissions: Relation<SettingsPermissionsEntity[]>;
 }
--- a/packages/twenty-server/src/engine/metadata-modules/settings-permissions/settings-permissions.entity.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/settings-permissions/settings-permissions.entity.ts
@ -0,0 +1,45 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  Relation,
+  Unique,
+  UpdateDateColumn,
+} from 'typeorm';
+
+import { SettingsPermissions } from 'src/engine/metadata-modules/permissions/constants/settings-permissions.constants';
+import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
+
+@Entity('settingsPermissions')
+@Unique('IndexOnSettingsPermissionsUnique', ['setting', 'roleId'])
+export class SettingsPermissionsEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ nullable: false, type: 'uuid' })
+  roleId: string;
+
+  @ManyToOne(() => RoleEntity, (role) => role.settingsPermissions, {
+    onDelete: 'CASCADE',
+  })
+  @JoinColumn({ name: 'roleId' })
+  role: Relation<RoleEntity>;
+
+  @Column({ nullable: false, type: 'varchar' })
+  setting: SettingsPermissions;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canUpdateSetting?: boolean;
+
+  @Column({ nullable: false, type: 'uuid' })
+  workspaceId: string;
+
+  @CreateDateColumn({ type: 'timestamptz' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ type: 'timestamptz' })
+  updatedAt: Date;
+}