admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
47a03e39071f59dd047ff1ce37cebbcc54bc9c21
twenty/packages/twenty-server/test/integration/graphql/utils/create-custom-role-with-object-permissions.util.ts
Marie 264861e020 [permissions V2] Add integration tests on relations and objectRecord permissions (#12450) 
In this PR

1. adding tests on relations and nested relations to make sure that if
any permission is missing, the query fails
2. adding tests on objectRecord permissions to make sure that
permissions granted or restricted by objectPermissions take precedence
on the role's allObjectRecords permissions
2025-06-10 16:38:38 +02:00

132 lines
3.8 KiB
TypeScript
Raw Blame History

import gql from 'graphql-tag';
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
import { makeMetadataAPIRequest } from 'test/integration/metadata/suites/utils/make-metadata-api-request.util';
export const createCustomRoleWithObjectPermissions = async (options: {
label: string;
canReadPerson?: boolean;
canReadCompany?: boolean;
canReadOpportunities?: boolean;
hasAllObjectRecordsReadPermission?: boolean;
}) => {
const createRoleOperation = {
query: gql`
mutation CreateOneRole {
createOneRole(createRoleInput: {
label: "${options.label}"
description: "Test role for permission testing"
canUpdateAllSettings: ${options.hasAllObjectRecordsReadPermission ?? true}
canReadAllObjectRecords: ${options.hasAllObjectRecordsReadPermission ?? true}
canUpdateAllObjectRecords: ${options.hasAllObjectRecordsReadPermission ?? true}
canSoftDeleteAllObjectRecords: ${options.hasAllObjectRecordsReadPermission ?? true}
canDestroyAllObjectRecords: ${options.hasAllObjectRecordsReadPermission ?? true}
}) {
id
label
}
}
`,
};
const response = await makeGraphqlAPIRequest(createRoleOperation);
const roleId = response.body.data.createOneRole.id;
// Get object metadata IDs for Person and Company
const getObjectMetadataOperation = {
query: gql`
query {
objects(paging: { first: 1000 }) {
edges {
node {
id
nameSingular
}
}
}
}
`,
};
const objectMetadataResponse = await makeMetadataAPIRequest(
getObjectMetadataOperation,
);
const objects = objectMetadataResponse.body.data.objects.edges;
const personObjectId = objects.find(
(obj: any) => obj.node.nameSingular === 'person',
)?.node.id;
const companyObjectId = objects.find(
(obj: any) => obj.node.nameSingular === 'company',
)?.node.id;
const opportunityObjectId = objects.find(
(obj: any) => obj.node.nameSingular === 'opportunity',
)?.node.id;
// Create object permissions based on the options
const objectPermissions = [];
if (options.canReadPerson !== undefined) {
objectPermissions.push({
objectMetadataId: personObjectId,
canReadObjectRecords: options.canReadPerson,
canUpdateObjectRecords: false,
canSoftDeleteObjectRecords: false,
canDestroyObjectRecords: false,
});
}
if (options.canReadCompany !== undefined) {
objectPermissions.push({
objectMetadataId: companyObjectId,
canReadObjectRecords: options.canReadCompany,
canUpdateObjectRecords: false,
canSoftDeleteObjectRecords: false,
canDestroyObjectRecords: false,
});
}
if (options.canReadOpportunities !== undefined) {
objectPermissions.push({
objectMetadataId: opportunityObjectId,
canReadObjectRecords: options.canReadOpportunities,
canUpdateObjectRecords: false,
canSoftDeleteObjectRecords: false,
canDestroyObjectRecords: false,
});
}
if (objectPermissions.length > 0) {
const upsertObjectPermissionsOperation = {
query: gql`
mutation UpsertObjectPermissions(
$roleId: String!
$objectPermissions: [ObjectPermissionInput!]!
) {
upsertObjectPermissions(
upsertObjectPermissionsInput: {
roleId: $roleId
objectPermissions: $objectPermissions
}
) {
objectMetadataId
canReadObjectRecords
}
}
`,
variables: {
roleId,
objectPermissions,
},
};
await makeGraphqlAPIRequest(upsertObjectPermissionsOperation);
}
return {
roleId,
personObjectId,
companyObjectId,
opportunityObjectId,
};
};
Reference in New Issue View Git Blame Copy Permalink