From aa6fd90424c1e260236d60fb2527de36d6b6201a Mon Sep 17 00:00:00 2001
From: Marie <51697796+ijreilly@users.noreply.github.com>
Date: Tue, 18 Mar 2025 10:45:31 +0100
Subject: [PATCH] Create objectPermissions and settingsPermissions tables
 (#10962)

Closes https://github.com/twentyhq/core-team-issues/issues/594
---
 ...42232505943-generatePermissionsV2Tables.ts | 39 +++++++++++
 .../object-metadata/object-metadata.entity.ts |  8 +++
 .../object-permissions.entity.ts              | 64 +++++++++++++++++++
 .../metadata-modules/role/role.entity.ts      | 15 +++++
 .../settings-permissions.entity.ts            | 45 +++++++++++++
 5 files changed, 171 insertions(+)
 create mode 100644 packages/twenty-server/src/database/typeorm/metadata/migrations/1742232505943-generatePermissionsV2Tables.ts
 create mode 100644 packages/twenty-server/src/engine/metadata-modules/object-permissions/object-permissions.entity.ts
 create mode 100644 packages/twenty-server/src/engine/metadata-modules/settings-permissions/settings-permissions.entity.ts

diff --git a/packages/twenty-server/src/database/typeorm/metadata/migrations/1742232505943-generatePermissionsV2Tables.ts b/packages/twenty-server/src/database/typeorm/metadata/migrations/1742232505943-generatePermissionsV2Tables.ts
new file mode 100644
index 000000000..ce050fa10
--- /dev/null
+++ b/packages/twenty-server/src/database/typeorm/metadata/migrations/1742232505943-generatePermissionsV2Tables.ts
@@ -0,0 +1,39 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class GeneratePermissionsV2Tables1742232505943
+  implements MigrationInterface
+{
+  name = 'GeneratePermissionsV2Tables1742232505943';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE TABLE "metadata"."objectPermissions" ("id" uuid NOT NULL DEFAULT uuid_generate_v4(), "roleId" uuid NOT NULL, "objectMetadataId" uuid NOT NULL, "canReadObjectRecords" boolean, "canUpdateObjectRecords" boolean, "canSoftDeleteObjectRecords" boolean, "canDestroyObjectRecords" boolean, "workspaceId" uuid NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT "IndexOnObjectPermissionsUnique" UNIQUE ("objectMetadataId", "roleId"), CONSTRAINT "PK_ea2c5c9a2dfa3d674da8b1350cd" PRIMARY KEY ("id"))`,
+    );
+    await queryRunner.query(
+      `CREATE TABLE "metadata"."settingsPermissions" ("id" uuid NOT NULL DEFAULT uuid_generate_v4(), "roleId" uuid NOT NULL, "setting" character varying NOT NULL, "canUpdateSetting" boolean, "workspaceId" uuid NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), CONSTRAINT "IndexOnSettingsPermissionsUnique" UNIQUE ("setting", "roleId"), CONSTRAINT "PK_44f120f1e527e62efa3fec8a846" PRIMARY KEY ("id"))`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" ADD CONSTRAINT "FK_770297c03e386df4c9fa4986ee1" FOREIGN KEY ("roleId") REFERENCES "metadata"."role"("id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" ADD CONSTRAINT "FK_ddad09b4fdf32c88283ae815074" FOREIGN KEY ("objectMetadataId") REFERENCES "metadata"."objectMetadata"("id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."settingsPermissions" ADD CONSTRAINT "FK_712bf97e56c4040026dd887ed4a" FOREIGN KEY ("roleId") REFERENCES "metadata"."role"("id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."settingsPermissions" DROP CONSTRAINT "FK_712bf97e56c4040026dd887ed4a"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" DROP CONSTRAINT "FK_ddad09b4fdf32c88283ae815074"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "metadata"."objectPermissions" DROP CONSTRAINT "FK_770297c03e386df4c9fa4986ee1"`,
+    );
+    await queryRunner.query(`DROP TABLE "metadata"."settingsPermissions"`);
+    await queryRunner.query(`DROP TABLE "metadata"."objectPermissions"`);
+  }
+}
diff --git a/packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.entity.ts b/packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.entity.ts
index f55990b96..1b660c0e1 100644
--- a/packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.entity.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/object-metadata/object-metadata.entity.ts
@@ -16,6 +16,7 @@ import { WorkspaceEntityDuplicateCriteria } from 'src/engine/api/graphql/workspa
 import { DataSourceEntity } from 'src/engine/metadata-modules/data-source/data-source.entity';
 import { FieldMetadataEntity } from 'src/engine/metadata-modules/field-metadata/field-metadata.entity';
 import { IndexMetadataEntity } from 'src/engine/metadata-modules/index-metadata/index-metadata.entity';
+import { ObjectPermissionsEntity } from 'src/engine/metadata-modules/object-permissions/object-permissions.entity';
 import { RelationMetadataEntity } from 'src/engine/metadata-modules/relation-metadata/relation-metadata.entity';
 
 @Entity('objectMetadata')
@@ -135,4 +136,11 @@ export class ObjectMetadataEntity implements ObjectMetadataInterface {
 
   @UpdateDateColumn({ type: 'timestamptz' })
   updatedAt: Date;
+
+  @OneToMany(
+    () => ObjectPermissionsEntity,
+    (objectPermissions: ObjectPermissionsEntity) =>
+      objectPermissions.objectMetadata,
+  )
+  objectPermissions: Relation<ObjectPermissionsEntity[]>;
 }
diff --git a/packages/twenty-server/src/engine/metadata-modules/object-permissions/object-permissions.entity.ts b/packages/twenty-server/src/engine/metadata-modules/object-permissions/object-permissions.entity.ts
new file mode 100644
index 000000000..f5771a58d
--- /dev/null
+++ b/packages/twenty-server/src/engine/metadata-modules/object-permissions/object-permissions.entity.ts
@@ -0,0 +1,64 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  Relation,
+  Unique,
+  UpdateDateColumn,
+} from 'typeorm';
+
+import { ObjectMetadataEntity } from 'src/engine/metadata-modules/object-metadata/object-metadata.entity';
+import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
+
+@Entity('objectPermissions')
+@Unique('IndexOnObjectPermissionsUnique', ['objectMetadataId', 'roleId'])
+export class ObjectPermissionsEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ nullable: false, type: 'uuid' })
+  roleId: string;
+
+  @ManyToOne(() => RoleEntity, (role) => role.objectPermissions, {
+    onDelete: 'CASCADE',
+  })
+  @JoinColumn({ name: 'roleId' })
+  role: Relation<RoleEntity>;
+
+  @Column({ nullable: false, type: 'uuid' })
+  objectMetadataId: string;
+
+  @ManyToOne(
+    () => ObjectMetadataEntity,
+    (objectMetadata) => objectMetadata.objectPermissions,
+    {
+      onDelete: 'CASCADE',
+    },
+  )
+  @JoinColumn({ name: 'objectMetadataId' })
+  objectMetadata: Relation<ObjectMetadataEntity>;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canReadObjectRecords?: boolean;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canUpdateObjectRecords?: boolean;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canSoftDeleteObjectRecords?: boolean;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canDestroyObjectRecords?: boolean;
+
+  @Column({ nullable: false, type: 'uuid' })
+  workspaceId: string;
+
+  @CreateDateColumn({ type: 'timestamptz' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ type: 'timestamptz' })
+  updatedAt: Date;
+}
diff --git a/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts b/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts
index 9cc6d1eca..5b7fa4cc0 100644
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.entity.ts
@@ -8,7 +8,9 @@ import {
   UpdateDateColumn,
 } from 'typeorm';
 
+import { ObjectPermissionsEntity } from 'src/engine/metadata-modules/object-permissions/object-permissions.entity';
 import { UserWorkspaceRoleEntity } from 'src/engine/metadata-modules/role/user-workspace-role.entity';
+import { SettingsPermissionsEntity } from 'src/engine/metadata-modules/settings-permissions/settings-permissions.entity';
 
 @Entity('role')
 export class RoleEntity {
@@ -56,4 +58,17 @@ export class RoleEntity {
     (userWorkspaceRole: UserWorkspaceRoleEntity) => userWorkspaceRole.role,
   )
   userWorkspaceRoles: Relation<UserWorkspaceRoleEntity[]>;
+
+  @OneToMany(
+    () => ObjectPermissionsEntity,
+    (objectPermissions: ObjectPermissionsEntity) => objectPermissions.role,
+  )
+  objectPermissions: Relation<ObjectPermissionsEntity[]>;
+
+  @OneToMany(
+    () => SettingsPermissionsEntity,
+    (settingsPermissions: SettingsPermissionsEntity) =>
+      settingsPermissions.role,
+  )
+  settingsPermissions: Relation<SettingsPermissionsEntity[]>;
 }
diff --git a/packages/twenty-server/src/engine/metadata-modules/settings-permissions/settings-permissions.entity.ts b/packages/twenty-server/src/engine/metadata-modules/settings-permissions/settings-permissions.entity.ts
new file mode 100644
index 000000000..bc4af1916
--- /dev/null
+++ b/packages/twenty-server/src/engine/metadata-modules/settings-permissions/settings-permissions.entity.ts
@@ -0,0 +1,45 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  JoinColumn,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  Relation,
+  Unique,
+  UpdateDateColumn,
+} from 'typeorm';
+
+import { SettingsPermissions } from 'src/engine/metadata-modules/permissions/constants/settings-permissions.constants';
+import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
+
+@Entity('settingsPermissions')
+@Unique('IndexOnSettingsPermissionsUnique', ['setting', 'roleId'])
+export class SettingsPermissionsEntity {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ nullable: false, type: 'uuid' })
+  roleId: string;
+
+  @ManyToOne(() => RoleEntity, (role) => role.settingsPermissions, {
+    onDelete: 'CASCADE',
+  })
+  @JoinColumn({ name: 'roleId' })
+  role: Relation<RoleEntity>;
+
+  @Column({ nullable: false, type: 'varchar' })
+  setting: SettingsPermissions;
+
+  @Column({ nullable: true, type: 'boolean' })
+  canUpdateSetting?: boolean;
+
+  @Column({ nullable: false, type: 'uuid' })
+  workspaceId: string;
+
+  @CreateDateColumn({ type: 'timestamptz' })
+  createdAt: Date;
+
+  @UpdateDateColumn({ type: 'timestamptz' })
+  updatedAt: Date;
+}