admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Writing permission does not go without reading permission (#12573)

Browse Source 
Closes https://github.com/twentyhq/core-team-issues/issues/868

We should not allow to grant any writing permission (update, soft
delete, delete) on an object or at role-level without the reading
permission at the same level.

This has been implemented in the front-end at role level, and is yet to
be done at object level (@Weiko)
This commit is contained in:
Marie
2025-06-16 12:04:38 +02:00
committed by GitHub
parent bee1717d37
commit cdc4badec3
11 changed files with 1009 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/twenty-server/src/engine/twenty-orm/entity-manager/workspace-entity-manager.ts
View File

@ -965,7 +965,7 @@ export class WorkspaceEntityManager extends EntityManager {
.execute();
}
override findByIds<Entity extends ObjectLiteral>(
override async findByIds<Entity extends ObjectLiteral>(
entityClass: EntityTarget<Entity>,
ids: string[],
permissionOptions?: PermissionOptions,
@ -1033,7 +1033,10 @@ export class WorkspaceEntityManager extends EntityManager {
permissionOptions?: PermissionOptions,
): Promise<T>;
override save<Entity extends ObjectLiteral, T extends DeepPartial<Entity>>(
override async save<
Entity extends ObjectLiteral,
T extends DeepPartial<Entity>,
>(
targetOrEntity: EntityTarget<Entity> | Entity | Entity[],
entityOrMaybeOptions:
| T
@ -1117,7 +1120,7 @@ export class WorkspaceEntityManager extends EntityManager {
permissionOptions?: PermissionOptions,
): Promise<Entity[]>;
override remove<Entity extends ObjectLiteral>(
override async remove<Entity extends ObjectLiteral>(
targetOrEntity: EntityTarget<Entity> | Entity[] | Entity,
entityOrMaybeOptions: Entity | Entity[] | RemoveOptions,
maybeOptionsOrMaybePermissionOptions?: RemoveOptions | PermissionOptions,
@ -1279,7 +1282,10 @@ export class WorkspaceEntityManager extends EntityManager {
permissionOptions?: PermissionOptions,
): Promise<T>;
override recover<Entity extends ObjectLiteral, T extends DeepPartial<Entity>>(
override async recover<
Entity extends ObjectLiteral,
T extends DeepPartial<Entity>,
>(
targetOrEntityOrEntities: EntityTarget<Entity> | Entity | Entity[],
entityOrEntitiesOrMaybeOptions: T | T[] | SaveOptions,
maybeOptionsOrMaybePermissionOptions?: SaveOptions | PermissionOptions,