mukeshs/twenty_crm
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[permissions] Fix rest api (#12608)

Browse Source 
We need to use twentyORMManager and not twentyORMGlobalManager in rest
api base handler, because we don't want to bypass permissions using
`shouldBypassPermissions` parameter (which we would have to do to use
twentyORMGlobalManager).

ScopedWorkspaceContextFactory was not adapted to rest api requests which
form differs from graphql request.
This commit is contained in:
Marie
2025-06-16 10:42:55 +02:00
committed by GitHub
parent a05c659e03
commit 929586e4a9
4 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/twenty-server/src/engine/api/rest/core/interfaces/rest-api-base.handler.ts
View File

@ -33,7 +33,7 @@ import { getObjectMetadataMapItemByNameSingular } from 'src/engine/metadata-modu
import { WorkspacePermissionsCacheService } from 'src/engine/metadata-modules/workspace-permissions-cache/workspace-permissions-cache.service';
import { WorkspaceSelectQueryBuilder } from 'src/engine/twenty-orm/repository/workspace-select-query-builder';
import { WorkspaceRepository } from 'src/engine/twenty-orm/repository/workspace.repository';
import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
import { TwentyORMManager } from 'src/engine/twenty-orm/twenty-orm.manager';
import { formatResult as formatGetManyData } from 'src/engine/twenty-orm/utils/format-result.util';
export interface PageInfo {
@ -72,7 +72,7 @@ export abstract class RestApiBaseHandler {
@Inject()
protected readonly coreQueryBuilderFactory: CoreQueryBuilderFactory;
@Inject()
protected readonly twentyORMGlobalManager: TwentyORMGlobalManager;
protected readonly twentyORMManager: TwentyORMManager;
@Inject()
protected readonly getVariablesFactory: GetVariablesFactory;
@Inject()
@ -105,11 +105,7 @@ export abstract class RestApiBaseHandler {
throw new BadRequestException('Workspace not found');
}
const workspaceDataSource =
await this.twentyORMGlobalManager.getDataSourceForWorkspace({
workspaceId: workspace.id,
shouldFailIfMetadataNotFound: false,
});
const workspaceDataSource = await this.twentyORMManager.getDatasource();
const objectMetadataNameSingular =
objectMetadata.objectMetadataMapItem.nameSingular;