[field-level permissions] Upsert fieldPermission + use fieldPermission to compute permissions (#13050)

In this PR - introduction of fieldPermission entity - addition of upsertFieldPermission in role resolver - computing of permissions taking fieldPermission into account. In order to limit what is stored in Redis we only store fields restrictions. For instance for objectMetadata with id XXX with a restriction on field with id YYY we store: `"XXX":{"canRead":true,"canUpdate":false,"canSoftDelete":false,"canDestroy":false,"restrictedFields":{"YYY":{"canRead":false,"canUpdate":null}}}` --------- Co-authored-by: Charles Bochet <charlesBochet@users.noreply.github.com>
2025-07-09 10:47:59 +02:00
parent 6ba6860e1c
commit 1cb60f943e
49 changed files with 1343 additions and 47 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/object-permission/object-permission.module.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/object-permission/object-permission.module.ts
@ -1,7 +1,10 @@
 import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';

+import { FieldMetadataEntity } from 'src/engine/metadata-modules/field-metadata/field-metadata.entity';
 import { ObjectMetadataEntity } from 'src/engine/metadata-modules/object-metadata/object-metadata.entity';
+import { FieldPermissionEntity } from 'src/engine/metadata-modules/object-permission/field-permission/field-permission.entity';
+import { FieldPermissionService } from 'src/engine/metadata-modules/object-permission/field-permission/field-permission.service';
 import { ObjectPermissionEntity } from 'src/engine/metadata-modules/object-permission/object-permission.entity';
 import { ObjectPermissionService } from 'src/engine/metadata-modules/object-permission/object-permission.service';
 import { RoleEntity } from 'src/engine/metadata-modules/role/role.entity';
@ -11,13 +14,19 @@ import { WorkspaceCacheStorageModule } from 'src/engine/workspace-cache-storage/
@Module({
  imports: [
    TypeOrmModule.forFeature(
-      [ObjectPermissionEntity, RoleEntity, ObjectMetadataEntity],
+      [
+        ObjectPermissionEntity,
+        RoleEntity,
+        ObjectMetadataEntity,
+        FieldPermissionEntity,
+        FieldMetadataEntity,
+      ],
      'core',
    ),
    WorkspaceCacheStorageModule,
    WorkspacePermissionsCacheModule,
  ],
-  providers: [ObjectPermissionService],
-  exports: [ObjectPermissionService],
+  providers: [ObjectPermissionService, FieldPermissionService],
+  exports: [ObjectPermissionService, FieldPermissionService],
 })
 export class ObjectPermissionModule {}