[permissions] Add permission gates on workspaceMember (#10447)

- Adding permission gates on workspaceMember to only allow user with admin permissions OR users attempting to update or delete themself to perform write operations on workspaceMember object - Reverting some changes to treat workflow objects as regular metadata objects (any user can interact with them) - (fix) Block updates on soft deleted records
2025-02-24 16:59:28 +01:00
parent 970aa4c5a1
commit e4f06a7c97
20 changed files with 655 additions and 37 deletions
--- a/packages/twenty-server/test/integration/graphql/utils/make-graphql-api-request-with-member-role.util.ts
+++ b/packages/twenty-server/test/integration/graphql/utils/make-graphql-api-request-with-member-role.util.ts
@ -0,0 +1,21 @@
+import { ASTNode, print } from 'graphql';
+import request from 'supertest';
+
+type GraphqlOperation = {
+  query: ASTNode;
+  variables?: Record<string, unknown>;
+};
+
+export const makeGraphqlAPIRequestWithMemberRole = (
+  graphqlOperation: GraphqlOperation,
+) => {
+  const client = request(`http://localhost:${APP_PORT}`);
+
+  return client
+    .post('/graphql')
+    .set('Authorization', `Bearer ${MEMBER_ACCESS_TOKEN}`)
+    .send({
+      query: print(graphqlOperation.query),
+      variables: graphqlOperation.variables || {},
+    });
+};