[permissions] Remove raw queries and restrict its usage (#12360)

Closes https://github.com/twentyhq/core-team-issues/issues/748

In the frame of the work on permissions we

- remove all raw queries possible to use repositories instead
- forbid usage workspaceDataSource.executeRawQueries()
- restrict usage of workspaceDataSource.query() to force developers to
pass on shouldBypassPermissionChecks to use it.

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

packages/twenty-server/src/modules/timeline/jobs/timeline-job.module.ts

@@ -1,17 +1,12 @@
 import { Module } from '@nestjs/common';
 
 import { AuditModule } from 'src/engine/core-modules/audit/audit.module';
-import { ObjectMetadataRepositoryModule } from 'src/engine/object-metadata-repository/object-metadata-repository.module';
+import { TwentyORMModule } from 'src/engine/twenty-orm/twenty-orm.module';
 import { UpsertTimelineActivityFromInternalEvent } from 'src/modules/timeline/jobs/upsert-timeline-activity-from-internal-event.job';
 import { TimelineActivityModule } from 'src/modules/timeline/timeline-activity.module';
-import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';
 
 @Module({
-  imports: [
-    ObjectMetadataRepositoryModule.forFeature([WorkspaceMemberWorkspaceEntity]),
-    TimelineActivityModule,
-    AuditModule,
-  ],
+  imports: [TimelineActivityModule, AuditModule, TwentyORMModule],
   providers: [UpsertTimelineActivityFromInternalEvent],
 })
 export class TimelineJobModule {}

packages/twenty-server/src/modules/timeline/jobs/upsert-timeline-activity-from-internal-event.job.ts

@@ -2,18 +2,16 @@ import { ObjectRecordNonDestructiveEvent } from 'src/engine/core-modules/event-e
 import { Process } from 'src/engine/core-modules/message-queue/decorators/process.decorator';
 import { Processor } from 'src/engine/core-modules/message-queue/decorators/processor.decorator';
 import { MessageQueue } from 'src/engine/core-modules/message-queue/message-queue.constants';
-import { InjectObjectMetadataRepository } from 'src/engine/object-metadata-repository/object-metadata-repository.decorator';
+import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
 import { WorkspaceEventBatch } from 'src/engine/workspace-event-emitter/types/workspace-event.type';
 import { TimelineActivityService } from 'src/modules/timeline/services/timeline-activity.service';
-import { WorkspaceMemberRepository } from 'src/modules/workspace-member/repositories/workspace-member.repository';
 import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';
 
 @Processor(MessageQueue.entityEventsToDbQueue)
 export class UpsertTimelineActivityFromInternalEvent {
   constructor(
-    @InjectObjectMetadataRepository(WorkspaceMemberWorkspaceEntity)
-    private readonly workspaceMemberService: WorkspaceMemberRepository,
     private readonly timelineActivityService: TimelineActivityService,
+    private readonly twentyORMGlobalManager: TwentyORMGlobalManager,
   ) {}
 
   @Process(UpsertTimelineActivityFromInternalEvent.name)
@@ -22,9 +20,18 @@ export class UpsertTimelineActivityFromInternalEvent {
   ): Promise<void> {
     for (const eventData of workspaceEventBatch.events) {
       if (eventData.userId) {
-        const workspaceMember = await this.workspaceMemberService.getByIdOrFail(
-          eventData.userId,
-          workspaceEventBatch.workspaceId,
+        const workspaceMemberRepository =
+          await this.twentyORMGlobalManager.getRepositoryForWorkspace(
+            workspaceEventBatch.workspaceId,
+            WorkspaceMemberWorkspaceEntity,
+            {
+              shouldBypassPermissionChecks: true,
+            },
+          );
+        const workspaceMember = await workspaceMemberRepository.findOneByOrFail(
+          {
+            userId: eventData.userId,
+          },
         );
 
         eventData.workspaceMemberId = workspaceMember.id;