Adapt rest api to field permissions (#13314)

Closes https://github.com/twentyhq/core-team-issues/issues/1217 We should only query and return the fields that are readable when using the rest api. This is behind a feature flag.
2025-07-22 10:46:43 +02:00
parent f95573ab4c
commit c8753ae59e
81 changed files with 847 additions and 47 deletions
--- a/packages/twenty-server/src/engine/metadata-modules/workspace-permissions-cache/workspace-permissions-cache.service.ts
+++ b/packages/twenty-server/src/engine/metadata-modules/workspace-permissions-cache/workspace-permissions-cache.service.ts
@ -4,6 +4,7 @@ import { InjectRepository } from '@nestjs/typeorm';
 import {
  ObjectRecordsPermissions,
  ObjectRecordsPermissionsByRoleId,
+  RestrictedFields,
 } from 'twenty-shared/types';
 import { isDefined } from 'twenty-shared/utils';
 import { In, Repository } from 'typeorm';
@ -203,10 +204,7 @@ export class WorkspacePermissionsCacheService {
        let canUpdate = role.canUpdateAllObjectRecords;
        let canSoftDelete = role.canSoftDeleteAllObjectRecords;
        let canDestroy = role.canDestroyAllObjectRecords;
-        const restrictedFields: Record<
-          string,
-          { canRead?: boolean | null; canUpdate?: boolean | null }
-        > = {};
+        const restrictedFields: RestrictedFields = {};

        if (
          standardId &&