4257f30f12
In this PR we are handling permissions when using twentyORMGlobalManager, and handling permissions for rest api and api key
50 lines
1.8 KiB
TypeScript
50 lines
1.8 KiB
TypeScript
import { WorkspaceQueryHookInstance } from 'src/engine/api/graphql/workspace-query-runner/workspace-query-hook/interfaces/workspace-query-hook.interface';
|
|
import { DeleteOneResolverArgs } from 'src/engine/api/graphql/workspace-resolver-builder/interfaces/workspace-resolvers-builder.interface';
|
|
|
|
import {
|
|
GraphqlQueryRunnerException,
|
|
GraphqlQueryRunnerExceptionCode,
|
|
} from 'src/engine/api/graphql/graphql-query-runner/errors/graphql-query-runner.exception';
|
|
import { WorkspaceQueryHook } from 'src/engine/api/graphql/workspace-query-runner/workspace-query-hook/decorators/workspace-query-hook.decorator';
|
|
import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
|
|
import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
|
|
@WorkspaceQueryHook(`view.deleteOne`)
|
|
export class ViewDeleteOnePreQueryHook implements WorkspaceQueryHookInstance {
|
|
constructor(
|
|
private readonly twentyORMGlobalManager: TwentyORMGlobalManager,
|
|
) {}
|
|
|
|
async execute(
|
|
authContext: AuthContext,
|
|
_objectName: string,
|
|
payload: DeleteOneResolverArgs,
|
|
): Promise<DeleteOneResolverArgs> {
|
|
const targettedViewId = payload.id;
|
|
const viewRepository =
|
|
await this.twentyORMGlobalManager.getRepositoryForWorkspace(
|
|
authContext.workspace.id,
|
|
'view',
|
|
);
|
|
|
|
const view = await viewRepository.findOne({
|
|
where: { id: targettedViewId },
|
|
});
|
|
|
|
if (!view) {
|
|
throw new GraphqlQueryRunnerException(
|
|
'View not found',
|
|
GraphqlQueryRunnerExceptionCode.INVALID_QUERY_INPUT,
|
|
);
|
|
}
|
|
|
|
if (view.key === 'INDEX') {
|
|
throw new GraphqlQueryRunnerException(
|
|
'Cannot delete INDEX view',
|
|
GraphqlQueryRunnerExceptionCode.INVALID_QUERY_INPUT,
|
|
);
|
|
}
|
|
|
|
return payload;
|
|
}
|
|
}
|