Forbid upsert of objectPermissions on system objects (#12382)

Closes https://github.com/twentyhq/core-team-issues/issues/865
2025-06-02 17:03:37 +02:00
parent e13d83b660
commit dc205370df
14 changed files with 358 additions and 125 deletions
--- a/packages/twenty-server/src/modules/workflow/common/query-hooks/workflow-query-hook.module.ts
+++ b/packages/twenty-server/src/modules/workflow/common/query-hooks/workflow-query-hook.module.ts
@ -4,6 +4,7 @@ import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';

 import { RecordPositionModule } from 'src/engine/core-modules/record-position/record-position.module';
 import { ObjectMetadataEntity } from 'src/engine/metadata-modules/object-metadata/object-metadata.entity';
+import { ObjectMetadataModule } from 'src/engine/metadata-modules/object-metadata/object-metadata.module';
 import { ServerlessFunctionModule } from 'src/engine/metadata-modules/serverless-function/serverless-function.module';
 import { WorkspaceCacheStorageModule } from 'src/engine/workspace-cache-storage/workspace-cache-storage.module';
 import { WorkflowCreateManyPostQueryHook } from 'src/modules/workflow/common/query-hooks/workflow-create-many.post-query.hook';
@ -35,6 +36,7 @@ import { WorkflowVersionValidationWorkspaceService } from 'src/modules/workflow/
    ServerlessFunctionModule,
    RecordPositionModule,
    WorkspaceCacheStorageModule,
+    ObjectMetadataModule,
  ],
  providers: [
    WorkflowCreateOnePreQueryHook,
--- a/packages/twenty-server/src/modules/workflow/common/workspace-services/workflow-common.workspace-service.ts
+++ b/packages/twenty-server/src/modules/workflow/common/workspace-services/workflow-common.workspace-service.ts
@ -11,6 +11,7 @@ import {
  WorkflowCommonException,
  WorkflowCommonExceptionCode,
 } from 'src/modules/workflow/common/exceptions/workflow-common.exception';
+import { WorkflowAutomatedTriggerWorkspaceEntity } from 'src/modules/workflow/common/standard-objects/workflow-automated-trigger.workspace-entity';
 import { WorkflowRunWorkspaceEntity } from 'src/modules/workflow/common/standard-objects/workflow-run.workspace-entity';
 import { WorkflowVersionWorkspaceEntity } from 'src/modules/workflow/common/standard-objects/workflow-version.workspace-entity';
 import { WorkflowActionType } from 'src/modules/workflow/workflow-executor/workflow-actions/types/workflow-action.type';
@ -18,7 +19,6 @@ import {
  WorkflowTriggerException,
  WorkflowTriggerExceptionCode,
 } from 'src/modules/workflow/workflow-trigger/exceptions/workflow-trigger.exception';
-import { WorkflowAutomatedTriggerWorkspaceEntity } from 'src/modules/workflow/common/standard-objects/workflow-automated-trigger.workspace-entity';

 export type ObjectMetadataInfo = {
  objectMetadataItemWithFieldsMaps: ObjectMetadataItemWithFieldMaps;
@ -81,29 +81,11 @@ export class WorkflowCommonWorkspaceService {
  async getObjectMetadataMaps(
    workspaceId: string,
  ): Promise<ObjectMetadataMaps> {
-    const currentCacheVersion =
-      await this.workspaceCacheStorageService.getMetadataVersion(workspaceId);
-
-    if (currentCacheVersion === undefined) {
-      throw new WorkflowCommonException(
-        'Failed to read: Metadata cache version not found',
-        WorkflowCommonExceptionCode.INVALID_CACHE_VERSION,
-      );
-    }
-
    const objectMetadataMaps =
-      await this.workspaceCacheStorageService.getObjectMetadataMaps(
+      await this.workspaceCacheStorageService.getObjectMetadataMapsOrThrow(
        workspaceId,
-        currentCacheVersion,
      );

-    if (!objectMetadataMaps) {
-      throw new WorkflowCommonException(
-        'Failed to read: Object metadata collection not found',
-        WorkflowCommonExceptionCode.OBJECT_METADATA_NOT_FOUND,
-      );
-    }
-
    return objectMetadataMaps;
  }