Implement updateRole (#10009)

In this PR, we are implementing the updateRole endpoint with the following rules 1. A user can only update a member's role if they have the permission (= the admin role) 2. Admin role can't be unassigned if there are no other admin in the workspace 3. (For now) as members can only have one role for now, when they are assigned a new role, they are first unassigned the other role (if any) 4. (For now) removing a member's admin role = leaving the member with no role = calling updateRole with a null roleId
2025-02-05 18:02:14 +01:00
parent ef1b492e2f
commit e3182a145d
15 changed files with 303 additions and 64 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.module.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.module.ts
@ -2,12 +2,13 @@ import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';

 import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
+import { UserWorkspaceModule } from 'src/engine/core-modules/user-workspace/user-workspace.module';
 import { PermissionsModule } from 'src/engine/metadata-modules/permissions/permissions.module';
 import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
 import { RoleResolver } from 'src/engine/metadata-modules/role/role.resolver';
 import { RoleService } from 'src/engine/metadata-modules/role/role.service';
 import { UserWorkspaceRoleEntity } from 'src/engine/metadata-modules/role/user-workspace-role.entity';
-import { UserRoleModule } from 'src/engine/metadata-modules/userRole/userRole.module';
+import { UserRoleModule } from 'src/engine/metadata-modules/user-role/user-role.module';

@Module({
  imports: [
@ -15,6 +16,7 @@ import { UserRoleModule } from 'src/engine/metadata-modules/userRole/userRole.mo
    TypeOrmModule.forFeature([UserWorkspace], 'core'),
    UserRoleModule,
    PermissionsModule,
+    UserWorkspaceModule,
  ],
  providers: [RoleService, RoleResolver],
  exports: [RoleService],
--- a/packages/twenty-server/src/engine/metadata-modules/role/role.resolver.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/role/role.resolver.ts
@ -1,7 +1,15 @@
-import { Parent, Query, ResolveField, Resolver } from '@nestjs/graphql';
+import {
+  Args,
+  Mutation,
+  Parent,
+  Query,
+  ResolveField,
+  Resolver,
+} from '@nestjs/graphql';

-import { SettingsFeatures } from 'twenty-shared';
+import { isDefined, SettingsFeatures } from 'twenty-shared';

+import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
 import { WorkspaceMember } from 'src/engine/core-modules/user/dtos/workspace-member.dto';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUserWorkspaceId } from 'src/engine/decorators/auth/auth-user-workspace-id.decorator';
@ -10,7 +18,7 @@ import { PermissionsService } from 'src/engine/metadata-modules/permissions/perm
 import { permissionsGraphqlApiExceptionHandler } from 'src/engine/metadata-modules/permissions/utils/permissions-graphql-api-exception-handler';
 import { RoleDTO } from 'src/engine/metadata-modules/role/dtos/role.dto';
 import { RoleService } from 'src/engine/metadata-modules/role/role.service';
-import { UserRoleService } from 'src/engine/metadata-modules/userRole/userRole.service';
+import { UserRoleService } from 'src/engine/metadata-modules/user-role/user-role.service';
 import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';

@Resolver(() => RoleDTO)
@ -19,6 +27,7 @@ export class RoleResolver {
    private readonly userRoleService: UserRoleService,
    private readonly permissionsService: PermissionsService,
    private readonly roleService: RoleService,
+    private readonly userWorkspaceService: UserWorkspaceService,
  ) {}

  @Query(() => [RoleDTO])
@ -52,6 +61,57 @@ export class RoleResolver {
    }
  }

+  @Mutation(() => WorkspaceMember)
+  async updateWorkspaceMemberRole(
+    @AuthUserWorkspaceId() currentUserWorkspaceId: string,
+    @AuthWorkspace() workspace: Workspace,
+    @Args('workspaceMemberId') workspaceMemberId: string,
+    @Args('roleId', { type: () => String, nullable: true })
+    roleId: string | null,
+  ): Promise<WorkspaceMember> {
+    await this.permissionsService.validateUserHasWorkspaceSettingPermissionOrThrow(
+      {
+        userWorkspaceId: currentUserWorkspaceId,
+        setting: SettingsFeatures.ROLES,
+      },
+    );
+
+    const workspaceMember =
+      await this.userWorkspaceService.getWorkspaceMemberOrThrow({
+        workspaceMemberId,
+        workspaceId: workspace.id,
+      });
+
+    const userWorkspace =
+      await this.userWorkspaceService.getUserWorkspaceForUserOrThrow({
+        userId: workspaceMember.userId,
+        workspaceId: workspace.id,
+      });
+
+    if (!isDefined(roleId)) {
+      await this.userRoleService.unassignAllRolesFromUserWorkspace({
+        userWorkspaceId: userWorkspace.id,
+        workspaceId: workspace.id,
+      });
+    } else {
+      await this.userRoleService.assignRoleToUserWorkspace({
+        userWorkspaceId: userWorkspace.id,
+        workspaceId: workspace.id,
+        roleId,
+      });
+    }
+
+    const roles = await this.userRoleService.getRolesForUserWorkspace(
+      userWorkspace.id,
+    );
+
+    return {
+      ...workspaceMember,
+      userWorkspaceId: userWorkspace.id,
+      roles,
+    } as WorkspaceMember;
+  }
+
  @ResolveField('workspaceMembers', () => [WorkspaceMember])
  async getWorkspaceMembersAssignedToRole(
    @Parent() role: RoleDTO,