[permissions] Add object records permissions to role entity (#10255)

Closes https://github.com/twentyhq/core-team-issues/issues/388 - Add object records-related permissions to role entity - Add it to queriable `currentUserWorkspace` (used in FE)
2025-02-17 18:32:39 +01:00
parent 5b4cb4bd2c
commit cb3bd1353a
22 changed files with 255 additions and 60 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/user-role/user-role.service.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/user-role/user-role.service.ts
@ -60,7 +60,10 @@ export class UserRoleService {
      );
    }

-    const roles = await this.getRolesByUserWorkspaces([userWorkspace.id]);
+    const roles = await this.getRolesByUserWorkspaces({
+      userWorkspaceIds: [userWorkspace.id],
+      workspaceId,
+    });

    const currentRole = roles.get(userWorkspace.id)?.[0];

@ -88,8 +91,10 @@ export class UserRoleService {
    workspaceId: string;
  }): Promise<void> {
    await this.validatesUserWorkspaceIsNotLastAdminIfUnassigningAdminRoleOrThrow(
-      userWorkspaceId,
-      workspaceId,
+      {
+        userWorkspaceId,
+        workspaceId,
+      },
    );

    await this.userWorkspaceRoleRepository.delete({
@ -98,9 +103,13 @@ export class UserRoleService {
    });
  }

-  public async getRolesByUserWorkspaces(
-    userWorkspaceIds: string[],
-  ): Promise<Map<string, RoleDTO[]>> {
+  public async getRolesByUserWorkspaces({
+    userWorkspaceIds,
+    workspaceId,
+  }: {
+    userWorkspaceIds: string[];
+    workspaceId: string;
+  }): Promise<Map<string, RoleDTO[]>> {
    if (!userWorkspaceIds.length) {
      return new Map();
    }
@ -108,6 +117,7 @@ export class UserRoleService {
    const allUserWorkspaceRoles = await this.userWorkspaceRoleRepository.find({
      where: {
        userWorkspaceId: In(userWorkspaceIds),
+        workspaceId,
      },
      relations: {
        role: true,
@ -176,11 +186,17 @@ export class UserRoleService {
    return workspaceMembers;
  }

-  private async validatesUserWorkspaceIsNotLastAdminIfUnassigningAdminRoleOrThrow(
-    userWorkspaceId: string,
-    workspaceId: string,
-  ): Promise<void> {
-    const roles = await this.getRolesByUserWorkspaces([userWorkspaceId]);
+  private async validatesUserWorkspaceIsNotLastAdminIfUnassigningAdminRoleOrThrow({
+    userWorkspaceId,
+    workspaceId,
+  }: {
+    userWorkspaceId: string;
+    workspaceId: string;
+  }): Promise<void> {
+    const roles = await this.getRolesByUserWorkspaces({
+      userWorkspaceIds: [userWorkspaceId],
+      workspaceId,
+    });

    const currentRoles = roles.get(userWorkspaceId);