[permissions] Writing permission does not go without reading permission (#12573)

Closes https://github.com/twentyhq/core-team-issues/issues/868 We should not allow to grant any writing permission (update, soft delete, delete) on an object or at role-level without the reading permission at the same level. This has been implemented in the front-end at role level, and is yet to be done at object level (@Weiko)
2025-06-16 12:04:38 +02:00
parent bee1717d37
commit cdc4badec3
11 changed files with 1009 additions and 30 deletions
--- a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
+++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
@ -477,7 +477,7 @@ describe('roles permissions', () => {
        roleId: string;
      }) => `
      mutation UpsertObjectPermissions {
-          upsertObjectPermissions(upsertObjectPermissionsInput: { roleId: "${roleId}", objectPermissions: [{objectMetadataId: "${objectMetadataId}", canUpdateObjectRecords: true}]}) {
+          upsertObjectPermissions(upsertObjectPermissionsInput: { roleId: "${roleId}", objectPermissions: [{objectMetadataId: "${objectMetadataId}", canUpdateObjectRecords: true, canReadObjectRecords: true}]}) {
              objectMetadataId
              canUpdateObjectRecords
          }