cdc4badec3
Closes https://github.com/twentyhq/core-team-issues/issues/868 We should not allow to grant any writing permission (update, soft delete, delete) on an object or at role-level without the reading permission at the same level. This has been implemented in the front-end at role level, and is yet to be done at object level (@Weiko)
40 lines
908 B
TypeScript
40 lines
908 B
TypeScript
import gql from 'graphql-tag';
|
|
|
|
export const createRoleOperation = ({
|
|
label,
|
|
description,
|
|
canUpdateAllSettings,
|
|
canReadAllObjectRecords,
|
|
canDestroyAllObjectRecords,
|
|
canUpdateAllObjectRecords,
|
|
canSoftDeleteAllObjectRecords,
|
|
}: {
|
|
label: string;
|
|
description: string;
|
|
canUpdateAllSettings: boolean;
|
|
canReadAllObjectRecords: boolean;
|
|
canDestroyAllObjectRecords: boolean;
|
|
canUpdateAllObjectRecords: boolean;
|
|
canSoftDeleteAllObjectRecords: boolean;
|
|
}) => ({
|
|
query: gql`
|
|
mutation CreateOneRole($createRoleInput: CreateRoleInput!) {
|
|
createOneRole(createRoleInput: $createRoleInput) {
|
|
id
|
|
label
|
|
}
|
|
}
|
|
`,
|
|
variables: {
|
|
createRoleInput: {
|
|
label,
|
|
description,
|
|
canUpdateAllSettings,
|
|
canReadAllObjectRecords,
|
|
canUpdateAllObjectRecords,
|
|
canSoftDeleteAllObjectRecords,
|
|
canDestroyAllObjectRecords,
|
|
},
|
|
},
|
|
});
|